Community discussions

MikroTik App
 
mip
Member Candidate
Member Candidate
Topic Author
Posts: 124
Joined: Fri Jun 04, 2004 8:19 pm
Location: Ráckeve
Contact:

mac filter with radius, little help pplz

Thu Jun 30, 2005 11:37 pm

I plan to aut. my wireless client with a radius server an ap. Now we have real long access-lists, and addig user is a bit difficult.
The question is right now isa not a how..., but a what:
So can I get a label each associated wireless clients as I have them now witth simple acces-list and labeling?
I I understood I can centralize my dhcp with dhcp relay, but I wish to centralize my mac filter as well.

Thanks for answers.
Last edited by mip on Sat Jul 02, 2005 1:02 am, edited 1 time in total.
 
User avatar
surfnet
Member Candidate
Member Candidate
Posts: 277
Joined: Wed Sep 01, 2004 6:38 pm

Fri Jul 01, 2005 4:50 am

do you have RADIUS server?
 
sten
Forum Veteran
Forum Veteran
Posts: 923
Joined: Tue Jun 01, 2004 12:10 pm

Re: mac filter with radius, little hel pplz

Fri Jul 01, 2005 11:10 am

Wireless MAC RADIUS authentication. It wont create an maintain your access-list but it will make your AP consult RADIUS for every MAC that wants to authenticate, returning a permit/deny response.
 
mip
Member Candidate
Member Candidate
Topic Author
Posts: 124
Joined: Fri Jun 04, 2004 8:19 pm
Location: Ráckeve
Contact:

Sat Jul 02, 2005 1:02 am

Ok, I know that. The question is, that when one client is auth-ed by radius and the ap allows it to join, can I still use comments. Now, when I take a look at my reg table, I have the comments entered in access-list, so I do not have to look after mac address, just see mac and user real name. Thats what I need with radius. Is it a dream?
 
hitek146
Member Candidate
Member Candidate
Posts: 161
Joined: Sat Apr 02, 2005 11:41 am

Sat Jul 02, 2005 6:40 am

That is why you use your RADIUS server with a "front-end".... We use OptiGold.....

Hitek
 
sten
Forum Veteran
Forum Veteran
Posts: 923
Joined: Tue Jun 01, 2004 12:10 pm

Sat Jul 02, 2005 10:12 am

as i said, it wont maintain an access-list. afaik, you cant see comments because i havent found an attribute to send the comments.
 
hitek146
Member Candidate
Member Candidate
Posts: 161
Joined: Sat Apr 02, 2005 11:41 am

Sat Jul 02, 2005 1:30 pm

Maybe I'm not understanding your question, but are you asking if you can get your registration table to show the name of the user(as a comment or otherwise) along with the MAC address, so that the registration table reflects active MAC addresses and owner's names whether they were authenticated with the RADIUS server or locally?
 
mip
Member Candidate
Member Candidate
Topic Author
Posts: 124
Joined: Fri Jun 04, 2004 8:19 pm
Location: Ráckeve
Contact:

Sat Jul 02, 2005 2:26 pm

Maybe I'm not understanding your question, but are you asking if you can get your registration table to show the name of the user(as a comment or otherwise) along with the MAC address, so that the registration table reflects active MAC addresses and owner's names whether they were authenticated with the RADIUS server or locally?
That"s it. If radius works, I do nit need acces-list. The main thing is, that I have to see names (as comments) top of the mac adresses.

Sten: thank, you answered the question: no such attribute on radius. Or anyone else has found?
 
hitek146
Member Candidate
Member Candidate
Posts: 161
Joined: Sat Apr 02, 2005 11:41 am

Sun Jul 03, 2005 12:29 am

That's what I was wondering.... If RADIUS is working, then you should not be looking at your registration table any longer for information. This is what the front-end of the RADIUS server is for. It enables you to see logged in MAC addresses, names, IP addresses, and just about any other information you would want to see, right in front of your eyes....
 
mip
Member Candidate
Member Candidate
Topic Author
Posts: 124
Joined: Fri Jun 04, 2004 8:19 pm
Location: Ráckeve
Contact:

Sun Jul 03, 2005 1:51 pm

That's what I was wondering.... If RADIUS is working, then you should not be looking at your registration table any longer for information. This is what the front-end of the RADIUS server is for. It enables you to see logged in MAC addresses, names, IP addresses, and just about any other information you would want to see, right in front of your eyes....
So if I user RADIUS, acces-list is empty. If I want to check out who is online, can I see it on MT reg-tabel, or only on RADIUS admin pages, or where?
 
User avatar
surfnet
Member Candidate
Member Candidate
Posts: 277
Joined: Wed Sep 01, 2004 6:38 pm

Sun Jul 03, 2005 7:08 pm

SNMP will show you who is connected.
 
hitek146
Member Candidate
Member Candidate
Posts: 161
Joined: Sat Apr 02, 2005 11:41 am

Sun Jul 03, 2005 8:54 pm

RADIUS is just an authentication and accounting database, used to store information for easy retrieval by other devices on a network. It's main talent is to efficiently store information about network devices, and not necessarily to make it easy for you to see. While you can look directly at your RADIUS data through it's own interface(if you want to call it that, in some cases), that is not the preferred method of browsing the RADIUS server's database. A "front-end" is used for the database, as an easier-to-use interface that allows you to view the data in the database in a form that is easier digest. Which data that is stored is up to the administrator who sets up the network, but generally includes assigned data rate, current usage, current IP address, MAC address, protocol, username, password, routes, and many other things that can be found in the AAA section of the MT documentation. The "front-end" software takes this data and lays it out in a form that you can see more easily, and groups it with other data that may not be in the RADIUS server's database, such as customer billing and address information....

http://www.digitalpoint.com/products/isp/

Hitek

Who is online

Users browsing this forum: BartoszP, EnglishInfix, newtoptan and 21 guests