Community discussions

MikroTik App
 
HPLearner
just joined
Topic Author
Posts: 18
Joined: Mon Sep 14, 2020 11:52 am

30 and more identical registrations with the same MAC address. Despite the userman setting: shared users=1

Wed Feb 01, 2023 2:31 pm

Hello,
I use the WiFi Hotspot and Userman under RouterOS V6.45.9 plus DHCP-Server. All are in one device the RB1100AHx2. I created 4 SSID for our campsite. Guests use 2 and are unlocked via hotspots and password. This works without any problems.

The employees access the Internet via the 2 remaining SSIDs. Without the Hotspot - the Userman is used to unlock the MAC address.

Now the problem... In the LOG of the Userman, the same MAC addresses appear up to 30 times in a row and the note "Authorization success". The "shared users = 1" (inside userman). Why?
The internet works without any problems.
Userman-1.jpg
In the access points, under Radius I marked only "wireless" and changed the timeout from 300ms to 1000ms. Without success... Please can you give me a tip.

Thanks and regards
You do not have the required permissions to view the files attached to this post.
 
User avatar
bpwl
Forum Guru
Forum Guru
Posts: 2978
Joined: Mon Apr 08, 2019 1:16 am

Re: 30 and more identical registrations with the same MAC address. Despite the userman setting: shared users=1

Wed Feb 01, 2023 8:56 pm

Well I see no conflict with "shared users = 1". It looks like the same one user (in this case MAC address) is used for one MAC address authorisation.

The frequent authorisation is something else. Need to find the root cause. At least every wifi disconnect/connect will normally send an authentication request to RADIUS (User Manager).
Client flapping between 2.4GHz and 5 GHz radio will send many requests. The authorization has no time-span for the authentication/authorisation part. It can happen 100's of times in one second.
Only the RADIUS accounting part would keep track of the time the autorisation is in use, and could detect multiple uses of the same user.

The timeout is the allowed time for a RADIUS server to respond. The AP may retry if no timely response, but also the client may retry. The LOG says success, but the RADIUS answer may not have reached its destination. If no success in Internet access the client will move to another SSID/AP/channel. There are some double requests/answers here (300ms = 3 in one second), but 5 seconds is very long for a wifi connection, that's probably another association attempt.
 
HPLearner
just joined
Topic Author
Posts: 18
Joined: Mon Sep 14, 2020 11:52 am

Re: 30 and more identical registrations with the same MAC address. Despite the userman setting: shared users=1

Wed Feb 01, 2023 10:10 pm

Many thanks for your response!
Can I ask more questions please?

1. On the AP I have now marked "dhcp" in addition to "wireless" and set the timeout to "150ms".
Does it make sense? Especially "dhcp"? Because I think the IP address will be assigned automatically after authorization without dhcp marked.

2. What could be causing the high frequency? I only set "Authorization" on the Radius server. I didn't use accounting. Could this be the reason?

Greetings
 
User avatar
bpwl
Forum Guru
Forum Guru
Posts: 2978
Joined: Mon Apr 08, 2019 1:16 am

Re: 30 and more identical registrations with the same MAC address. Despite the userman setting: shared users=1

Thu Feb 02, 2023 1:54 am

I have limited experience here.
No idea how DHCP and RADIUS would work, unless it is based on MAC address authentication, to give a specific IP address. (I only use username/password for wireless access, with a classic DHCP request when needed (lease timeout))
On a larger network (multiple bridge hops, PtmP wifi links, non Mikrotik RADIUS server), I had to rise the timeout to 600ms (from 300ms) to avoid some authentication/accounting fails.

That rapid succession in the log? Don't know for sure, but I can imagine if the response is not reaching the AP or client (path, encryption, certificate, not-acknowledged accounting .... whatever reason) the request would be repeated 3 times (every 300ms) before the client migrates to the other radio or AP, and restarts the 3 times repeated request.

Does the client actually connect and get authorization?
 
HPLearner
just joined
Topic Author
Posts: 18
Joined: Mon Sep 14, 2020 11:52 am

Re: 30 and more identical registrations with the same MAC address. Despite the userman setting: shared users=1

Thu Feb 02, 2023 1:30 pm

Hello bpwl,
thank you for your tips!
Do you know who makes the Userman software or is it an in-house development by Mikrotik? I use RouterOS 6.45.9 with the associated Userman(ager).
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26291
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: 30 and more identical registrations with the same MAC address. Despite the userman setting: shared users=1

Thu Feb 02, 2023 2:02 pm

It is made by MikroTik
 
User avatar
bpwl
Forum Guru
Forum Guru
Posts: 2978
Joined: Mon Apr 08, 2019 1:16 am

Re: 30 and more identical registrations with the same MAC address. Despite the userman setting: shared users=1

Thu Feb 02, 2023 5:07 pm

I use RouterOS 6.45.9 with the associated Userman(ager).
AFAIK RouterOS 6, has Usermanger 4 (no EAP support for wifi). Separate HTTP/HTTPS management interface.
ROS 7 has Usermanager 5 , with RADIUS support for wifi. Here the Userman setting is done in Winbox or Webfig.

Who is online

Users browsing this forum: No registered users and 3 guests