Community discussions

MikroTik App
 
User avatar
Ultanium
newbie
Topic Author
Posts: 29
Joined: Fri May 28, 2004 7:57 pm
Location: Houston, Texas
Contact:

Hotspot CPE with external radius server issue

Wed Sep 26, 2018 5:44 pm

Hello group,
It has been a *long* time since I have posted, but I'm still alive. :-) I am trying to implement hotspot on the ethernet of customer cpe's, with userman running on a central cloudcore. Here is my config in the client:
#
#
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa2-psk eap-methods="" management-protection=\
allowed mode=dynamic-keys name=most-secure supplicant-identity="" \
wpa2-pre-shared-key=123456789
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce \
country="" disabled=no frequency=auto hw-protection-mode=\
rts-cts radio-name="CPE" security-profile=most-secure ssid=\
company.com wmm-support=enabled wps-mode=disabled
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
add html-directory=flash/hotspot name=test-radius use-radius=yes
/ip hotspot
add idle-timeout=none interface=ether1 name=server1 profile=test-radius
/ip pool
add name=dhcp_pool1 ranges=192.168.1.2-192.168.1.254
/ip dhcp-server
add add-arp=yes address-pool=dhcp_pool1 disabled=no interface=ether1 \
lease-time=3d name=dhcp1
/ip address
add address=192.168.1.1/24 interface=ether1 network=192.168.1.0
/ip dhcp-client
add default-route-distance=0 dhcp-options=hostname,clientid disabled=no \
interface=wlan1
/ip dhcp-server network
add address=192.168.1.0/24 dns-server=192.168.1.1 \
gateway=192.168.1.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.1.1 name=cpe.company.com
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat out-interface=all-wireless src-address=\
192.168.1.0/24
/ip hotspot ip-binding
add mac-address=68:55:51:03:FF:FF to-address=192.168.1.2
/radius
add address=10.0.0.1 disabled=no secret=12345 service=login,hotspot
/radius incoming
set accept=yes
/system identity
set name=cpe

The CPE gets a routed public IP from the AP it is associated to, the AP is connected to the cloudcore server with userman running. Here is its config:
# model = CCR1016-12G
# serial number = ********
/ip hotspot profile
add name=hsprof1 use-radius=yes
/tool user-manager customer
set admin access=\
own-routers,own-users,own-profiles,own-limits,config-payment-gw password=\
123456789
add access="own-routers,own-users,own-profiles,own-limits,config-payment-gw,pa\
rent-routers,parent-users,parent-profiles,parent-limits,parent-payment-gw" \
backup-allowed=yes disabled=no login=accounting parent=admin password=\
123456789 paypal-accept-pending=no paypal-allowed=no \
paypal-secure-response=no permissions=full signup-allowed=yes time-zone=\
-00:00
/tool user-manager profile
add name=residential-bronze name-for-users="" override-shared-users=off \
owner=admin price=0 starts-at=logon validity=4w2d
/tool user-manager profile limitation
add address-list="" download-limit=0B group-name="" ip-pool="" name=1m1m \
owner=admin rate-limit-min-rx=1048576B rate-limit-min-tx=1048576B \
rate-limit-rx=1048576B rate-limit-tx=1048576B transfer-limit=0B \
upload-limit=0B uptime-limit=0s
/radius
add address=127.0.0.1 secret=12345 service=login,hotspot
/radius incoming
set accept=yes
/tool user-manager database
set db-path=web-proxy1
/tool user-manager profile profile-limitation
add from-time=0s limitation=1m1m profile=residential-bronze till-time=\
23h59m59s weekdays=\
sunday,monday,tuesday,wednesday,thursday,friday,saturday
/tool user-manager router
add coa-port=3799 customer= disabled=no ip-address=127.0.0.1 log=\
auth-ok,auth-fail,acct-ok,acct-fail name=cloudcore shared-secret=12345 \
use-coa=yes
/tool user-manager user
add customer=admin disabled=no first-name=Test last-name=User password=\
12345 shared-users=1 username=dummy wireless-enc-algo=none \
wireless-enc-key="" wireless-psk=""

So the CPE ethernet is the hotspot interface, the customers private IP is natted behind the public that wlan1 gets from the AP. I cannot get the cpe to get auth from the radius in the cloudcore. The cpe log shows login failed: Radius server not responding. The cloudcore log shows nothing at all, yet I can ping the cloudcore from the cpe, and get out to the internet by disabling the hotspot on the cpe. I know I'm getting old, but what am I missing here? Appreciate any help!

Tommy
 
User avatar
Ultanium
newbie
Topic Author
Posts: 29
Joined: Fri May 28, 2004 7:57 pm
Location: Houston, Texas
Contact:

Re: Hotspot CPE with external radius server issue

Fri Sep 28, 2018 5:44 pm

Anyone???
 
User avatar
Ultanium
newbie
Topic Author
Posts: 29
Joined: Fri May 28, 2004 7:57 pm
Location: Houston, Texas
Contact:

Re: Hotspot CPE with external radius server issue

Fri Nov 02, 2018 10:00 pm

Should I post this in another subgroup?

Tj

Who is online

Users browsing this forum: No registered users and 7 guests