Community discussions

MUM Europe 2020
 
timd93
just joined
Topic Author
Posts: 10
Joined: Sun Feb 22, 2015 7:18 pm

EAP, Radius and VLAN assignment based on user

Thu Apr 02, 2015 7:57 pm

I'm planning a new wireless setup in a building.
There needs to be just 1 SSID with WPA(2)-EAP, where a user logs in with a username and password.

A RADIUS server is used, which should give back the Attribute MIKROTIK_WIRELESS_VLANID = 20, this should put the user in VLAN 20 and he will get an address from the VLAN20-DHCP.

I understand that this does not work in RouterOS? When will it finally be implemented? If it takes another year I'll just have to buy Cisco instead of MikroTik.
Or does anyone have a solution to make this work?
 
baggar11
Frequent Visitor
Frequent Visitor
Posts: 59
Joined: Tue Oct 22, 2013 4:49 am

Re: EAP, Radius and VLAN assignment based on user

Thu Apr 02, 2015 8:05 pm

You may look into the PacketFence project. It supports what you are asking with MikroTik devices.
 
timd93
just joined
Topic Author
Posts: 10
Joined: Sun Feb 22, 2015 7:18 pm

Re: EAP, Radius and VLAN assignment based on user

Fri Apr 03, 2015 5:06 pm

You may look into the PacketFence project. It supports what you are asking with MikroTik devices.
Are you sure? If I look at the documentation of PacketFence, it says only MAC authentication is available for Mikrotik at the moment.
http://www.packetfence.org/downloads/Pa ... -4.7.0.pdf
 
baggar11
Frequent Visitor
Frequent Visitor
Posts: 59
Joined: Tue Oct 22, 2013 4:49 am

Re: EAP, Radius and VLAN assignment based on user

Fri Apr 03, 2015 6:53 pm

You may ask for support on the PacketFence forums. I don't have a MikroTik + PacketFence setup running yet, so I really can't help. But it believe it should be able to do what you want.
 
ditonet
Forum Veteran
Forum Veteran
Posts: 841
Joined: Mon Oct 19, 2009 12:52 am
Location: Europe/Poland/Konstancin-Jeziorna
Contact:

Re: EAP, Radius and VLAN assignment based on user

Sat Apr 04, 2015 2:03 am

@timd93
What wireless package do you use? AFAIK 'wireless-fp' package is necessary to use 'Mikrotik_Wireless_VLANID' and 'Mikrotik_Wireless_VLANIDtype' attributes.

HTH,
Grzegorz | MTCNA, MTCRE, MTCSE | konsultacje MikroTik Warszawa
It is a book about a Spanish guy called Manual. You should read it. - Dilbert
 
timd93
just joined
Topic Author
Posts: 10
Joined: Sun Feb 22, 2015 7:18 pm

Re: EAP, Radius and VLAN assignment based on user

Mon Apr 13, 2015 6:25 pm

I'm using a hAP Lite and there is only a wireless-cm2 package for that device.
Also, packetfence does not do what I want.
 
User avatar
chechito
Forum Guru
Forum Guru
Posts: 1749
Joined: Sun Aug 24, 2014 3:14 am
Location: Bogota Colombia
Contact:

Re: EAP, Radius and VLAN assignment based on user

Sun May 03, 2015 1:35 am

I have not tested on EAP wpa enterprise mode

I have tested WPA PSK with RADIUS mac authentication

Using freeradius for windows and can assign VID successfully on Ros 6.27 on rb951Ui. wireless-fp package

Just update attribute dictionary for mikrotik devices on freeradius.

users.conf like this for every user:

aa:aa:aa:aa:aa:aa User-Password == "aa:aa:aa:aa:aa:a"
Mikrotik_Wireless_VLANID = "47",
Mikrotik_Wireless_VLANIDtype = "0",

Who is online

Users browsing this forum: BartoszP and 42 guests