Does the PPPOE concentrator have an IP on the same block as the clients? Is the address block for the clients routed to the PPPOE concentrator?
On 12/27/2013 02:17 PM, Mark Stephenson wrote: > Well, I thought that would fix it. We did have NAT running and the radio > became accessible via the IP address just like we need it to. Then I > tried other IPs and later I tried the same IP again and the radio can't > communicate at all out of the Mikrotik. The PPPOE connection seems fine. > The issue is that the radio can't browse and the IP is not visible. Any > thoughts? > > Thanks, > Mark > > ------ Original Message ------ > From: "Sam Tetherow" <[email protected]> > To: "Mark Stephenson" <[email protected]>; "WISPA General > List" <[email protected]> > Sent: 12/27/2013 12:34:36 PM > Subject: Re: [WISPA] Mikrotik PPPOE with External Radius -- Routing > Issue >> Did you enable natting as mentioned in Step 1 on that guide (if you >> did, >> disabled it). >> >> On 12/27/2013 11:23 AM, Mark Stephenson wrote: >>> We are setting up PPPOE using Mikrotik routers at our towers. We have >>> an >>> external radius and the plan is to have username/password >>> authentication, radius assigned IPs, and PPP protocol from Ubiquiti >>> client equipment to the Mikrotik router at each tower. We setup these >>> parameters in the radius server to do this: >>> >>> radcheck table: >>> Cleartext-Password password >>> >>> radreply table: >>> Framed-IP-Address desired ip address >>> Framed-IP-Netmask desired net mask >>> MS-Primary-DNS-Server desired ip of the dns >>> MS-Secondary-DNS-Server desired ip of the second dns >>> Mikrotik-Rate-Limit rate limit like 1M/1M >>> >>> The Mikrotik router (currently version 5.21 RB750UP) has the PPPOE >>> service running and radius authentication to our external radius >>> server. >>> We used http://wiki.mikrotik.com/wiki/Pppoe_with_external_radius as a >>> starting point, but it assumes dynamically assigned IPs from a local >>> pool not IPs assigned from the radius server. >>> >>> We set up our Ubiquiti client equipment as routed with PPPOE and >>> entered >>> the PPPOE username and the password. The Ubiquiti client equipment >>> connects to a Ubiquiti access point that is bridged and then to a >>> Mikrotik router at the tower. The tower then connects to backhaul >>> radios >>> to get back to our main tower and our core router. >>> >>> The good news is that this mostly works! The Ubiquiti client connects >>> wirelessly to the access point and via PPPOE to the Mikrotik. It gets >>> the IP address and the DNS set in radius. I know that because it >>> shows >>> in the Ubiquiti user interface and I see it in the Mikrotik logs. And >>> the Mikrotik does the rate limiting beautifully. We can also browse >>> the >>> web through the connection. From a client user perspective it all >>> works. >>> But there is one big catch that we are missing. >>> >>> All outbound connections are using the IP of the Mikrotik router >>> instead >>> of the assigned IP address. So the Ubiquiti client equipment has the >>> right IP but the connection is using network address translation >>> through >>> the router. We need the assigned IP to be accessible through the >>> Mikrotik router so it shows as the IP address of the Ubiquiti client >>> connection and so we can login to the Ubiquiti client radio from our >>> network. Now the Ubiquiti client radio is hidden behind the Mikrotik >>> router. What needs to be changed on the router or the radius to fix >>> this? >>> >>> Thanks, >>> Mark >>> >>> _______________________________________________ >>> Wireless mailing list >>> [email protected] >>> http://lists.wispa.org/mailman/listinfo/wireless >> _______________________________________________ >> Wireless mailing list >> [email protected] >> http://lists.wispa.org/mailman/listinfo/wireless > _______________________________________________ > Wireless mailing list > [email protected] > http://lists.wispa.org/mailman/listinfo/wireless _______________________________________________ Wireless mailing list [email protected] http://lists.wispa.org/mailman/listinfo/wireless
