Community discussions

MikroTik App
User avatar
Topic Author
Posts: 26
Joined: Fri Jan 01, 2021 4:20 am

Can I use caller-id to assign multiple devices to a single user?

Wed Mar 15, 2023 12:34 pm

I'm attempting to move out of DHCP to RADIUS for address assignment. wired, wireless, virtual, and VLANs. So I'm piecing up the components, rules, what can I do and what can't I.

There are hosts in the network that are multihomed with same network adapter, i.e, same MAC address.

There are users in the network with several devices, that themselves may be multihomed as well, but instead of belonging a MAC address (mac-auth) the belong to a user. I'd like to mix that up with plain MAC auth + WPA2+ Enterprise, since I imagine the ability to send the physical address as a password won't be available if WPA2E is used as well. In other words, combine RADIUS MAC Authentication with WPAx Enterprise in a single network. That isn't as important thought, there's always IKEv2 on a simple RADIUS MAC auth-based captive portal to fulfill that fantasy of mine, I guess.

First I'd like to know if it's possible assigning through RADIUS using any trick necessary if need be but without diverting too much from standards, to authenticate multiple devices with fixed addressing per single set of credentials. Is it? Oh… and getting the users (via proxy RADIUS) from an existing RADIUS server (NPS) if possible—though I already though on a few workarounds it would be better to have it properly integrated.

I know the Users facility has proxy function built-in, I'm not sure if it is the actual proxy RADIUS implementation or not but it achieves the same thing; augments users from elsewhere with attributes set on it. I have not found an specific mention of the same thing for User Manager but I haven't found mention of the opposite either. Users isn't as featured as User Manager.

Can multiple users be supported in any of these scenarios? I'd really appreciate if you could tell me your experience in this, if you've done it. I've high hopes since Mikrotik has its own RADIUS attributes dictionary. I'll see what can I get done in my firewall's built-in FreeRADIUS server in the meantime. :)

Here's an example of what I mean by a multi-homed device with a single physical address — just in case I'm calling it differently, and how I think could maybe be translated from DHCP into RADIUS:



just joined
Posts: 17
Joined: Sat Nov 12, 2016 7:08 am

Re: Can I use caller-id to assign multiple devices to a single user?

Fri Mar 17, 2023 9:38 am

I'm sorry my english is bad, so I can't got the picture of what you want to achieve.

Since you mention freeradius, I'm sure you can do lot of things about it.
You can play with rlm_rest of freeradius to easyly dump every variable freeradius got for each request and play with it.


Who is online

Users browsing this forum: No registered users and 2 guests