Community discussions

MikroTik App
 
nbctcp
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 77
Joined: Tue Sep 16, 2014 7:32 pm

dot1x dynamic vlan

Wed May 25, 2022 4:28 am

2022-05-25 06_26_30-EVE _ Topology - Opera.png
INFO:
-above labs using latest eve-ng with latest ROS 7.2.3

GOALS:
I want pc1 got vlan10 when admin login. vlan20 for pc2

PROBLEMS:
when I login on pc1 and pc2 those pc didn't get ip address from dhcp server. what miss on my steps
tq
admin@PC1] > /interface/dot1x/client/print
Flags: I - inactive, X - disabled
0   interface=ether1 eap-methods=eap-mschapv2 identity="user1"
     password="user1" anon-identity="" certificate=none
     status="authenticating"
[admin@PC2] > /interface/dot1x/client/print
Flags: I - inactive, X - disabled
0   interface=ether1 eap-methods=eap-mschapv2 identity="user2"
     password="user2" anon-identity="" certificate=none
     status="authenticating"

STEPS
SVR1
/interface vlan
add interface=ether2 name=V10 vlan-id=10
add interface=ether2 name=V20 vlan-id=20
/ip pool
add name=poolV10 ranges=10.0.10.101-10.0.10.200
add name=poolV20 ranges=10.0.20.101-10.0.20.200
/ip dhcp-server
add address-pool=poolV10 interface=V10 name=serverV10
add address-pool=poolV20 interface=V20 name=serverV20
/user-manager user
add attributes=Tunnel-Medium-Type:6,Tunnel-Private-Group-ID:10,Tunnel-Type:13 \
    name=user1 password=user1
add attributes=Tunnel-Medium-Type:6,Tunnel-Private-Group-ID:20,Tunnel-Type:13 \
    name=user2 password=user2
/ip address
add address=192.168.88.41/24 interface=ether1 network=192.168.88.0
add address=10.0.0.1/24 interface=ether2 network=10.0.0.0
add address=10.0.10.1/24 interface=V10 network=10.0.10.0
add address=10.0.20.1/24 interface=V20 network=10.0.20.0
/ip dhcp-server network
add address=10.0.10.0/24 dns-server=192.168.88.1 gateway=10.0.10.1 netmask=24
add address=10.0.20.0/24 dns-server=192.168.88.1 gateway=10.0.20.1 netmask=24
/ip dns
set servers=192.168.88.1
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
/ip route
add dst-address=0.0.0.0/0 gateway=192.168.88.1
add disabled=no dst-address=10.0.0.0/16 gateway=10.0.0.2 routing-table=main \
    suppress-hw-offload=no
/system clock
set time-zone-autodetect=no time-zone-name=Asia/Jakarta
/system identity
set name=SVR1
/system logging
add topics=radius
/system ntp client
set enabled=yes
/system ntp client servers
add address=pool.ntp.org
/user-manager
set enabled=yes
/user-manager router
add address=10.0.0.2 name=AUTHENTICATOR shared-secret=12345

AUTHENTICATOR
/interface bridge
add ingress-filtering=no name=bridge1 vlan-filtering=yes
/interface vlan
add interface=bridge1 name=V10 vlan-id=10
add interface=bridge1 name=V20 vlan-id=20
/interface bridge port
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
/interface bridge vlan
add bridge=bridge1 tagged=ether1 vlan-ids=10
add bridge=bridge1 tagged=ether1 vlan-ids=20
/interface dot1x server
add accounting=no interface=ether3
add accounting=no interface=ether4
/ip address
add address=10.0.0.2/24 interface=bridge1 network=10.0.0.0
add address=192.168.88.42/24 interface=ether2 network=192.168.88.0
/ip dns
set servers=192.168.88.1
/ip route
add dst-address=0.0.0.0/0 gateway=10.0.0.1
/radius
add address=10.0.0.1 secret=12345 service=dot1x
/system clock
set time-zone-autodetect=no time-zone-name=Asia/Jakarta
/system identity
set name=Authenticator
/system logging
add topics=radius
add topics=dot1x
/system ntp client
set enabled=yes
/system ntp client servers
add address=pool.ntp.org

PC1
/interface dot1x client
add eap-methods=eap-mschapv2 identity=user1 interface=ether1 password=user1
/ip dhcp-client
add interface=ether1
/system identity
set name=PC1

PC2
/interface dot1x client
add eap-methods=eap-mschapv2 identity=user2 interface=ether1 password=user2
/ip dhcp-client
add interface=ether1
/system identity
set name=PC2

DEBUG LOG AUTHENTICATOR radius, dot1x
may/25 06:42:53 radius,debug received reply for 82:22f1
may/25 06:42:53 dot1x,packet s ether3 tx EAPOL-Packet EAP-Request id:2 method:MSCHAPV2(26)
may/25 06:42:53 dot1x,packet s ether3 rx EAPOL-Packet EAP-Response id:2 method:MSCHAPV2(26)
may/25 06:42:53 radius,debug new request 82:22f2 code=Access-Request service=dot1x called-id=50-00-00-04-00-02
may/25 06:42:53 radius,debug sending 82:22f2 to 10.0.0.1:1812
may/25 06:42:53 radius,debug,packet sending Access-Request with id 249 to 10.0.0.1:1812
may/25 06:42:53 radius,debug,packet     Signature = 0xb98ea94160e882785654addec6873f46
may/25 06:42:53 radius,debug,packet     Framed-MTU = 1400
may/25 06:42:53 radius,debug,packet     NAS-Port-Type = 15
may/25 06:42:53 radius,debug,packet     Called-Station-Id = "50-00-00-04-00-02"
may/25 06:42:53 radius,debug,packet     Calling-Station-Id = "50-00-00-01-00-00"
may/25 06:42:53 radius,debug,packet     Service-Type = 2
may/25 06:42:53 radius,debug,packet     EAP-Message = 0x020200061a03
may/25 06:42:53 radius,debug,packet     Message-Authenticator = 0x6d8d0de46e982115b78ec3f5d41d41fc
may/25 06:42:53 radius,debug,packet     User-Name = "user1"
may/25 06:42:53 radius,debug,packet     Acct-Session-Id = "fc064086"
may/25 06:42:53 radius,debug,packet     NAS-Port-Id = "ether3"
may/25 06:42:53 radius,debug,packet     State = 0x7edfed630f108562d87429009452bc1e
may/25 06:42:53 radius,debug,packet     Unknown-Attribute(type=102) = 0x00
may/25 06:42:53 radius,debug,packet     NAS-Identifier = "Authenticator"
may/25 06:42:53 radius,debug,packet     NAS-IP-Address = 10.0.0.2
may/25 06:42:53 radius,debug,packet received Access-Accept with id 249 from 10.0.0.1:1812
may/25 06:42:53 radius,debug,packet     Signature = 0x5a98b463773e9bb9b0025312a2416a99
may/25 06:42:53 radius,debug,packet     EAP-Message = 0x03020004
may/25 06:42:53 radius,debug,packet     MS-MPPE-Recv-Key = 0xf2435e9e738c1b6b3951df775fcf7382
may/25 06:42:53 radius,debug,packet       b0577a061a634b446d3740c380c6f540
may/25 06:42:53 radius,debug,packet       e0bc
may/25 06:42:53 radius,debug,packet     MS-MPPE-Send-Key = 0xfb712bf85e6e5d68783d7a17101704e5
may/25 06:42:53 radius,debug,packet       bcba77ba9998d02f1a402226419fb70c
may/25 06:42:53 radius,debug,packet       d083
may/25 06:42:53 radius,debug,packet     Tunnel-Medium-Type = 6
may/25 06:42:53 radius,debug,packet     Tunnel-Private-Group-ID = "10"
may/25 06:42:53 radius,debug,packet     Tunnel-Type = 13
may/25 06:42:53 radius,debug,packet     Message-Authenticator = 0x6c7b4306afdde7fde1ac1eeecbae6c74
may/25 06:42:53 radius,debug received reply for 82:22f2
may/25 06:42:53 dot1x,debug s ether3 "user1" add to vlan 10
may/25 06:42:53 dot1x,packet s ether3 tx EAPOL-Packet EAP-Request id:0 method:IDENTITY
may/25 06:42:58 dot1x,packet s ether4 rx EAPOL-Start
may/25 06:42:58 dot1x,packet s ether4 tx EAPOL-Packet EAP-Request id:0 method:IDENTITY
may/25 06:42:58 dot1x,packet s ether4 rx EAPOL-Packet EAP-Response id:0 method:IDENTITY
may/25 06:42:58 radius,debug new request 82:22f5 code=Access-Request service=dot1x called-id=50-00-00-04-00-03
may/25 06:42:58 radius,debug sending 82:22f5 to 10.0.0.1:1812
may/25 06:42:58 radius,debug,packet sending Access-Request with id 250 to 10.0.0.1:1812
may/25 06:42:58 radius,debug,packet     Signature = 0x87f7e90612dac087481bce841965fedd
may/25 06:42:58 radius,debug,packet     Framed-MTU = 1400
may/25 06:42:58 radius,debug,packet     NAS-Port-Type = 15
may/25 06:42:58 radius,debug,packet     Called-Station-Id = "50-00-00-04-00-03"
may/25 06:42:58 radius,debug,packet     Calling-Station-Id = "50-00-00-02-00-00"
may/25 06:42:58 radius,debug,packet     Service-Type = 2
may/25 06:42:58 radius,debug,packet     EAP-Message = 0x0200000a017573657232
may/25 06:42:58 radius,debug,packet     Message-Authenticator = 0x36b227b5ca60d1d785385e1c60fece04
may/25 06:42:58 radius,debug,packet     User-Name = "user2"
may/25 06:42:58 radius,debug,packet     Acct-Session-Id = "fd064086"
may/25 06:42:58 radius,debug,packet     NAS-Port-Id = "ether4"
may/25 06:42:58 radius,debug,packet     Unknown-Attribute(type=102) = 0x00
may/25 06:42:58 radius,debug,packet     NAS-Identifier = "Authenticator"
may/25 06:42:58 radius,debug,packet     NAS-IP-Address = 10.0.0.2
may/25 06:42:58 radius,debug,packet received Access-Challenge with id 250 from 10.0.0.1:1812
may/25 06:42:58 radius,debug,packet     Signature = 0x83e6299b468ca583c2a3215618876ea5
may/25 06:42:58 radius,debug,packet     EAP-Message = 0x0101001b1a0101001610104b0d307b39
may/25 06:42:58 radius,debug,packet       f2454d949c29e821a75a20
may/25 06:42:58 radius,debug,packet     State = 0x8ef04c26af54a73cbe02560e36b44a03
may/25 06:42:58 radius,debug,packet     Message-Authenticator = 0xce5e0c9cad3f650050520ebf11a6a694
may/25 06:42:58 radius,debug received reply for 82:22f5
may/25 06:42:58 dot1x,packet s ether4 tx EAPOL-Packet EAP-Request id:1 method:MSCHAPV2(26)
may/25 06:42:58 dot1x,packet s ether4 rx EAPOL-Packet EAP-Response id:1 method:MSCHAPV2(26)
may/25 06:42:58 radius,debug new request 82:22f6 code=Access-Request service=dot1x called-id=50-00-00-04-00-03
may/25 06:42:58 radius,debug sending 82:22f6 to 10.0.0.1:1812
may/25 06:42:58 radius,debug,packet sending Access-Request with id 251 to 10.0.0.1:1812
may/25 06:42:58 radius,debug,packet     Signature = 0xb69dad565ecfd19bf05383e7f9c9b69f
may/25 06:42:58 radius,debug,packet     Framed-MTU = 1400
may/25 06:42:58 radius,debug,packet     NAS-Port-Type = 15
may/25 06:42:58 radius,debug,packet     Called-Station-Id = "50-00-00-04-00-03"
may/25 06:42:58 radius,debug,packet     Calling-Station-Id = "50-00-00-02-00-00"
may/25 06:42:58 radius,debug,packet     Service-Type = 2
may/25 06:42:58 radius,debug,packet     EAP-Message = 0x020100401a0201003b31cdd6f0c1b372
may/25 06:42:58 radius,debug,packet       e73abf818688f14eb63b000000000000
may/25 06:42:58 radius,debug,packet       000046f14dc44f9c06622f51519172ce
may/25 06:42:58 radius,debug,packet       79731652176b491e7d83007573657232
may/25 06:42:58 radius,debug,packet     Message-Authenticator = 0x0c4ac2facbbbdc6ca8e491e73bb939fd
may/25 06:42:58 radius,debug,packet     User-Name = "user2"
may/25 06:42:58 radius,debug,packet     Acct-Session-Id = "fd064086"
may/25 06:42:58 radius,debug,packet     NAS-Port-Id = "ether4"
may/25 06:42:58 radius,debug,packet     State = 0x8ef04c26af54a73cbe02560e36b44a03
may/25 06:42:58 radius,debug,packet     Unknown-Attribute(type=102) = 0x00
may/25 06:42:58 radius,debug,packet     NAS-Identifier = "Authenticator"
may/25 06:42:58 radius,debug,packet     NAS-IP-Address = 10.0.0.2
may/25 06:42:58 radius,debug,packet received Access-Challenge with id 251 from 10.0.0.1:1812
may/25 06:42:58 radius,debug,packet     Signature = 0x28efac4381906a9641f55186ab6c5c29
may/25 06:42:58 radius,debug,packet     EAP-Message = 0x010200331a0301002e533d3530443044
may/25 06:42:58 radius,debug,packet       30353641364543364431414537303043
may/25 06:42:58 radius,debug,packet       30444232393439423142313430444431
may/25 06:42:58 radius,debug,packet       443741
may/25 06:42:58 radius,debug,packet     State = 0x8ef04c26af54a73cbe02560e36b44a03
may/25 06:42:58 radius,debug,packet     Message-Authenticator = 0x291ef95107255f2ea938a14a3e84212e
may/25 06:42:58 radius,debug received reply for 82:22f6
may/25 06:42:58 dot1x,packet s ether4 tx EAPOL-Packet EAP-Request id:2 method:MSCHAPV2(26)
may/25 06:42:58 dot1x,packet s ether4 rx EAPOL-Packet EAP-Response id:2 method:MSCHAPV2(26)
may/25 06:42:58 radius,debug new request 82:22f7 code=Access-Request service=dot1x called-id=50-00-00-04-00-03
may/25 06:42:58 radius,debug sending 82:22f7 to 10.0.0.1:1812
may/25 06:42:58 radius,debug,packet sending Access-Request with id 252 to 10.0.0.1:1812
may/25 06:42:58 radius,debug,packet     Signature = 0x49c12eec949681d2c3cc40db3fcb2945
may/25 06:42:58 radius,debug,packet     Framed-MTU = 1400
may/25 06:42:58 radius,debug,packet     NAS-Port-Type = 15
may/25 06:42:58 radius,debug,packet     Called-Station-Id = "50-00-00-04-00-03"
may/25 06:42:58 radius,debug,packet     Calling-Station-Id = "50-00-00-02-00-00"
may/25 06:42:58 radius,debug,packet     Service-Type = 2
may/25 06:42:58 radius,debug,packet     EAP-Message = 0x020200061a03
may/25 06:42:58 radius,debug,packet     Message-Authenticator = 0x8d29b2242867eb6270f25f4d4e477281
may/25 06:42:58 radius,debug,packet     User-Name = "user2"
may/25 06:42:58 radius,debug,packet     Acct-Session-Id = "fd064086"
may/25 06:42:58 radius,debug,packet     NAS-Port-Id = "ether4"
may/25 06:42:58 radius,debug,packet     State = 0x8ef04c26af54a73cbe02560e36b44a03
may/25 06:42:58 radius,debug,packet     Unknown-Attribute(type=102) = 0x00
may/25 06:42:58 radius,debug,packet     NAS-Identifier = "Authenticator"
may/25 06:42:58 radius,debug,packet     NAS-IP-Address = 10.0.0.2
may/25 06:42:58 radius,debug,packet received Access-Accept with id 252 from 10.0.0.1:1812
may/25 06:42:58 radius,debug,packet     Signature = 0xcc3c1f67958536a2133937957fbbdfe8
may/25 06:42:58 radius,debug,packet     EAP-Message = 0x03020004
may/25 06:42:58 radius,debug,packet     MS-MPPE-Recv-Key = 0x97d4b567ea3e326741019f2f90f921d8
may/25 06:42:58 radius,debug,packet       ba534cc4d905e922ec04fdcef47f8e6c
may/25 06:42:58 radius,debug,packet       81ec
may/25 06:42:58 radius,debug,packet     MS-MPPE-Send-Key = 0xe2c0029673df07bfcfad180b300d8484
may/25 06:42:58 radius,debug,packet       fdaff823f46524e2491033bff7f66cda
may/25 06:42:58 radius,debug,packet       e770
may/25 06:42:58 radius,debug,packet     Tunnel-Medium-Type = 6
may/25 06:42:58 radius,debug,packet     Tunnel-Private-Group-ID = "20"
may/25 06:42:58 radius,debug,packet     Tunnel-Type = 13
may/25 06:42:58 radius,debug,packet     Message-Authenticator = 0xbf2ac80a0c9e52756b516872dfafc9a1
may/25 06:42:58 radius,debug received reply for 82:22f7
may/25 06:42:58 dot1x,debug s ether4 "user2" add to vlan 20
may/25 06:42:58 dot1x,packet s ether4 tx EAPOL-Packet EAP-Request id:0 method:IDENTITY
You do not have the required permissions to view the files attached to this post.

Who is online

Users browsing this forum: Egate, RobertsN, TheCat12 and 97 guests