Perhaps one of you can give me a few tips on where to look to solve my problem - thank you in advance
I have installed two Mikrotik Cloud Hosted Routers (7.13) in GNS3 for testing purposes and also configured 802.1x
- 1 switch host as Radius server
- 2 computer users with MAC address stored in Radius (attributes: Tunnel-Medium-Type 6, Tunnel-Type 13, Tunnel-Private-Group_ID 100 or 200
- additionally one DHCP range per VLAN (VLAN100 / VLAN200)
- 1 switch host as authenticator
- Port e3 and e4 for connecting the computers
What works:
- Port e3 and e4 receive the correct VLAN depending on which computer user logs on
- and DHCP is also correctly distributed to the logged-in computer user according to the VLAN
Problem:
- it seems that the computer user is only authenticated and authorized once
- if you attach another computer that is not stored in Radius as a computer user, it still receives an IP through DHCP and also the VLAN from the area of the computer user that was on the port before it
- an adjustment to one of the two computer user accounts, e.g. changing the VLAN to be assigned, is not passed on, even if the computer user is rebooted
- the only solution for both problems seems to be to switch off both switches
since the port e3 / e4 somehow fixes the VLAN after the first successful authentication / authorization of the respective computer user
Questions now:
(1) Is there a setting somewhere that can be set so that the Radius server regularly checks the computer user attached to port e3 / e4 and would thus detect if something changes?
(2) Is there a possibility that if the computer user r is disconnected from port e3 or e4 the ports automatically change back to un-authorized
(3) Is there a setting that automatically requires Radius to re-authenticate and authoirize the computer user when it is rebooted, so that changes (e.g. new VLAN 200 instead of VLAN100) are also detected?