Hello MikroTik experts,

Why do I want DHCP RADIUS authentication?
I want to control what users are offered public IPs on my network, thus I want to authenticate all those that are given Public IPs. All of those that are not found in the RADIUS database will be given private IPs to do accounting/create a new account with the captive portal which I have implemented. This differs from standard static leases, since it does not mean that a person will always get the same IP and it will be easier to manage, since this means that if a user is absent for a long period of time off of the network, they are not taking up address space. In this scenario, spoofing is still possible, but has been deemed unlikely and is not a concern in our network.

How am I going to implement this with MikrtoTik?
I am going to create two DHCP pools. The first will have RADIUS authentication and will hand out public addresses and the second will not have authentication and will hand out public IP addresses. The first will have the second in it's "Next server" field, so that if the user is not authenticated, they will receive a private IP address.

What do I want from you?
How do I set up DHCP RADIUS with MAC authentication? The documentation on the website is quite poor and I would like an example configuration. I would also like the reassurance, (if possible) that the aforementioned configuration is possible and that I am not wasting my time.

Thank you for your time,
Sean Aubin

Hello
its a simple DHCP configuration with radius authentication.my radius server in this scenario is a UserManager and i create a user with mac address as username in this format --:--:--:--:--:-- and no password.

Good Luck

One problem I see is the way you are planing to use the "next pool" - DHCP server simply uses the next pool of it runs out of address' in the first pool.

that's right.although we can use many subnet for one ip pool.
next pool is very useful when you have many subnet of public ips and you want to assign this subnets for your clients.

Thank you for the excellent replies.

I understand now why having one pool point to the next will not solve my problem. Both pools will end up using Radius Authentication, since they are both associated to the same server.

Instead, I will assign single pool with a public address range with static leases and a second range of private IP addresses to get the functionality I desire.

I'll let you know the results.

Edited because I found out that is is forbidden to have two DHCP servers on the same interface.

I mis-understood the functionality of IP pools. It's not possible to have a pool dedicated to static leases. It's also not possible to have two servers listening on the same interface.

Consequently, I'm a little bit stumped as how I can achieve my desired functionality. Should I start a new thread to address this problem?

If you have enough address spaces for static leases, you can set a static lease in radius for say the real world addresses, and let the private addresses come dynamically from the pool - we do this using pppoe, but should work the same on DHCP

I did consider that, but when I was talking to Radius Manager support, they suggested strongly not using the RADIUS pools and static leases since they're quite buggy. I'm assuming you haven't had any problems and I do appreciate the suggestion and will consider it if I run out of addresses.

Thank you for sharing your experience.

Can I use both DHCP and RADIUS server on the same RouterBoard?