MikroTik

Hi everyone;

Which dynamic vlan attributes for freeRadius are you using?

Thank you for your raply.

I couldn`t find correct usage , is there anyone who run and succed a dynamic vlan on the freeradius?

Usage "Mikrotik-Wireless-VLANID = 21"
Error message "Unknown attribute "Mikrotik-Wireless-VLANID" requires a hex string, not "21""

Usage " Mikrotik-Wireless-VLANID = 0X15"
Error "Invalid format in attribute name "Mikrotik-Wireless-VLANID""

i highly recommend to read through this topic: viewtopic.php?t=119494
also the last post here was a big help: viewtopic.php?t=51817#p263780
Also important: use a fairly recent version of freeradius, i had loads of troubles one time because i was using an old version

Thank you,

It`s working now after update to /usr/share/freeradius/dictionary.mikrotik

Not: You must update to /usr/share/freeradius/dictionary.mikrotik. take a look at https://wiki.mikrotik.com/wiki/Manual:R ... dictionary


Step By Step my configuration (Freeradius-Mysql -Mikrotik-DynamicVlan )

-----------------------------------------Freeradius------------------------------------
Eap.conf
eap {

tls {

- default_eap_type = md5
+ default_eap_type = tls


private_key_file = ${certdir}/certificate.key
certificate_file = ${certdir}/certificate.crt
ca_file = ${cadir}/ca_bundle.crt


- cipher_list = "DEFAULT"
+ cipher_list = "HIGH"


- ecdh_curve = "prime256v1"
+ ecdh_curve = "secp521r1"

cache {

+ name = "EAP-TLS"
+ persist_dir = "${logdir}/tlscache"

peap {

- use_tunneled_reply = no
+ use_tunneled_reply = yes
}
}
}
}


Radius.conf


- #$INCLUDE sql.conf
+ $INCLUDE sql.conf

Sql.conf

database = "mysql"

inner-tunnel

authorize {

- files
+ sql
}


/etc/raddb/sites-available/default

authorize {

- files
+ sql
}
accounting {
- files
+ sql
}

post-auth {

+ sql
}


---------------------------------------FreeRadius end------------------------------------------


-------------------------------------Mikrotik CapsMan -------------------------------------------

/interface bridge
add fast-forward=no name=bridge1

/interface vlan

add interface=sfp1 name=vlan20 vlan-id=20
add interface=bridge1 name=vlan30 vlan-id=30
add interface=bridge1 name=vlan40 vlan-id=40

/caps-man configuration
add country=turkey datapath.bridge=bridge1 datapath.vlan-mode=use-tag name=cfg1 security.authentication-types=wpa2-eap security.eap-methods=passthrough ssid=DynamicVlanTest caps-man interface
add configuration=cfg1 configuration.country=turkey disabled=no mac-address=00:00:00:00:00:00 master-interface=none name=cap1 radio-mac=00:00:00:00:00:00

/ip pool
add name=vlan30_pool ranges=10.0.30.2-10.0.30.255
add name=vlan40_pool ranges=10.0.40.2-10.0.40.254


/ip dhcp-server
add address-pool=vlan30_pool disabled=no interface=vlan30 name=vlan30
add address-pool=vlan40_pool disabled=no interface=vlan40 name=vlan40

/caps-man manager
set enabled=yes
/caps-man manager interface
set [ find default=yes ] forbid=yes
add disabled=no interface=bridge1
/caps-man provisioning
add action=create-dynamic-enabled master-configuration=cfg1

/interface bridge port
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3

/ip address
add address=10.0.30.1/24 interface=vlan30 network=10.0.30.0
add address=10.0.40.1/24 interface=vlan40 network=10.0.40.0

/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=vlan20

/ip dhcp-server network
add address=10.0.30.0/24 dns-server=37.202.48.10 gateway=10.0.30.1 netmask=24
add address=10.0.40.0/24 dns-server=37.202.48.10 gateway=10.0.40.1 netmask=24
add address=172.16.2.0/24 dns-server=37.202.48.10 gateway=172.16.2.1

/ip firewall nat
add action=masquerade chain=srcnat src-address=10.0.30.0/24
add action=masquerade chain=srcnat src-address=10.0.40.0/24

/ppp aaa
set use-radius=yes
/radius
add address=10.0.0.2 secret=1qazxsw2 service=wireless
/radius incoming
set accept=yes port=1700
---------------------------------------------------------------------------------------------------------------------------

----------------------------Mysql------------------------------------------------------------------------------------
INSERT INTO `radius`.`nas` (`id`, `nasname`, `shortname`, `type`, `ports`, `secret`, `server`, `community`, `description`) VALUES (NULL, '10.0.0.2', 'mikrotik', 'other', NULL, '1qazxsw2', NULL, NULL, '');
INSERT INTO `radius`.`radcheck` (`id`, `username`, `attribute`, `op`, `value`) VALUES (NULL, 'test_user', 'Cleartext-Password', ':=', '12345678');
UPDATE `radius`.`radreply` SET `username` = 'test_user' WHERE `radreply`.`id` = 7;INSERT INTO `radius`.`radreply` (`id`, `username`, `attribute`, `op`, `value`) VALUES (NULL, 'test_user ', 'Mikrotik_Wireless_VLANID', '=', '30');
INSERT INTO `radius`.`radreply` (`id`, `username`, `attribute`, `op`, `value`) VALUES (NULL, 'test_user', 'Mikrotik_Wireless_VLANIDtype', '=', '0');