Currently we have a bridge on the MikroTik at each tower, AP_bridge, which to which is connected all the simple bridge APs for that tower. ap1 ap2 ap3...
We try to configure the CPE at the customer location to be a simple brigde. Sometimes the customer doesn't have a router or their router's WAN port gets toasted and they refuse to get a replacement. Then we put the CPE in router mode. The DHCP server on the MikroTik assigns each leased IP to an address-list which sets the user's throughput. When the customer has a router, we have to assign the address-list on the static lease for the router. If we have the CPE in router mode, we assign the address-list on the static lease for the CPE. We usually just put the address-list on both the CPE and the router. Slows down our access to the bridged CPE's but things are consistent if we need to put a bridged CPE into router mode. The address-lists drive mangle rules to add packet marks for a PCQ based Queue Tree. The routers get their IPs from a pool of our ARIN assigned subnet at each tower. The IP pool is specified on the mikrotik's static lease for the router. The CPEs get their IPs from a pool of RFC 1918 address at each tower. The IP pool is specified on the mikrotik's static lease for the CPE. If the CPE is in router mode, it gets an IP from the public pool. Now that we are transitioning to a billing system which is supposed to be able to store the information we need to autoprovision, WispMon, we are trying to replicate the above setup with RADIUS replies to DHCP auth requests. It works when I manually enter the radcheck information for a CPE and router. radcheck: | 00:27:22:xx:xx:xx | Auth-Type | := | Accept | # CPE | 00:0B:6B:xx:xx:xx | Auth-Type | := | Accept | # router radusergroup: +-------------------+-----------------+----------+ | username | groupname | priority | +-------------------+-----------------+----------+ | 00:27:22:xx:xx:xx | 8MbDedicatedCPE | 1 | | 00:0B:6B:xx:xx:xx | 6MbCustomers | 1 | +-------------------+-----------------+----------+ radgroupreply holds: | 6MbCustomers | Session-Timeout | = | 3600 | | 6MbCustomers | Framed-Pool | = | CustPub | | 6MbCustomers | Mikrotik-Address-List | = | 6MbCustomers | | 8MbDedicatedCPE | Mikrotik-Address-List | = | 8MbDedicated | | 8MbDedicatedCPE | Framed-Pool | = | CPEPriv | | 8MbDedicatedCPE | Session-Timeout | = | 3900 | I want to put every CPE into the 8MbDedicated address-list so that we can speedtest the link to the customer's location more easily and uploading new firmware goes more quickly. Unfortunately there are a few non-optimal issues. 1) I have not been able to find a way to get accounting data from the MikroTik DHCP server's RADIUS integration. We haven't had it for our wireless users before, but it sure would be nice. It's proven very valuable to have for our dialup and DSL customers. This is disappointing, but I can deal. 2) I have not been able to find a way to list both the CPE and router MAC addresses in a WispMon service plan. WispMon seems to assume you will only ever care about the CPE's MAC address. This is a big problem. 3) The new CPE doen't have an entry in the RADIUS database until someone enters it in WispMon. The MikroTik refuses to let them on if they don't exist in RADIUS and don't have a static lease on the MikroTik once RADIUS is enabled in the DHCP server. I don't think this is a big problem. The tech's laptop is able to pull an IP and get online just fine because their laptops' MAC address is listed in RADIUS like a CPE. The tech can get a good link before enabling DHCP on the CPE. Once they have access from their laptop, they should be able to enter the CPE under the customer's plan in WispMon. I can probably make RADIUS allow all MAC addresses and put them in a walled garden address-list with a short session-timeout. Is anyone else doing things similarly? Do I need to step back and figure out a different way of doing things that only requires the CPE's MAC address be known to WispMon? If so, any suggestions? I designed this setup after going off to MikroTik training. At the time we had two MikroTik RB750Gs. We now have around 60 MikroTik routers. We don't have any MikroTik APs in the air. The wireless techs are comfortable with their UBNT gear. We've had issues with rate-limiting on the UBNT CPEs. With throttling on the UBNT CPE, the customers tend to notice more packet-loss issues when they get to the thoughput limits. The MikroTik's PCQ throttling seems to be a bit smoother. The old in-house written billing system was a pretty decent recurring billing system. It just had no business knowledge of an ISP. It was implemented before I came on-board. So we just manually configured everything on the routers and servers. That just doesn't scale. -- Scott Lambert KC5MLE Unix SysAdmin [email protected] _______________________________________________ Mikrotik mailing list [email protected] http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
