In this case, the Mikrotik has an IP in the same range as the radios but the gateway for all these IPs is external and inside a Time Warner owned business class modem.
Mark ------ Original Message ------ From: "Sam Tetherow" <tethe...@shwisp.net> To: "Mark Stephenson" <m...@countryconnections.net>; "WISPA General List" <wireless@wispa.org> Sent: 12/27/2013 4:05:02 PM Subject: Re: [WISPA] Mikrotik PPPOE with External Radius -- Routing Issue >Does the PPPOE concentrator have an IP on the same block as the >clients? Is the address block for the clients routed to the PPPOE >concentrator? > >On 12/27/2013 02:17 PM, Mark Stephenson wrote: >> Well, I thought that would fix it. We did have NAT running and the >>radio >> became accessible via the IP address just like we need it to. Then I >> tried other IPs and later I tried the same IP again and the radio >>can't >> communicate at all out of the Mikrotik. The PPPOE connection seems >>fine. >> The issue is that the radio can't browse and the IP is not visible. >>Any >> thoughts? >> >> Thanks, >> Mark >> >> ------ Original Message ------ >> From: "Sam Tetherow" <tethe...@shwisp.net> >> To: "Mark Stephenson" <m...@countryconnections.net>; "WISPA General >> List" <wireless@wispa.org> >> Sent: 12/27/2013 12:34:36 PM >> Subject: Re: [WISPA] Mikrotik PPPOE with External Radius -- Routing >> Issue >>> Did you enable natting as mentioned in Step 1 on that guide (if you >>> did, >>> disabled it). >>> >>> On 12/27/2013 11:23 AM, Mark Stephenson wrote: >>>> We are setting up PPPOE using Mikrotik routers at our towers. We >>>>have >>>> an >>>> external radius and the plan is to have username/password >>>> authentication, radius assigned IPs, and PPP protocol from >>>>Ubiquiti >>>> client equipment to the Mikrotik router at each tower. We setup >>>>these >>>> parameters in the radius server to do this: >>>> >>>> radcheck table: >>>> Cleartext-Password password >>>> >>>> radreply table: >>>> Framed-IP-Address desired ip address >>>> Framed-IP-Netmask desired net mask >>>> MS-Primary-DNS-Server desired ip of the dns >>>> MS-Secondary-DNS-Server desired ip of the second dns >>>> Mikrotik-Rate-Limit rate limit like 1M/1M >>>> >>>> The Mikrotik router (currently version 5.21 RB750UP) has the >>>>PPPOE >>>> service running and radius authentication to our external radius >>>> server. >>>> We used http://wiki.mikrotik.com/wiki/Pppoe_with_external_radius >>>>as a >>>> starting point, but it assumes dynamically assigned IPs from a >>>>local >>>> pool not IPs assigned from the radius server. >>>> >>>> We set up our Ubiquiti client equipment as routed with PPPOE and >>>> entered >>>> the PPPOE username and the password. The Ubiquiti client >>>>equipment >>>> connects to a Ubiquiti access point that is bridged and then to a >>>> Mikrotik router at the tower. The tower then connects to backhaul >>>> radios >>>> to get back to our main tower and our core router. >>>> >>>> The good news is that this mostly works! The Ubiquiti client >>>>connects >>>> wirelessly to the access point and via PPPOE to the Mikrotik. It >>>>gets >>>> the IP address and the DNS set in radius. I know that because it >>>> shows >>>> in the Ubiquiti user interface and I see it in the Mikrotik logs. >>>>And >>>> the Mikrotik does the rate limiting beautifully. We can also >>>>browse >>>> the >>>> web through the connection. From a client user perspective it all >>>> works. >>>> But there is one big catch that we are missing. >>>> >>>> All outbound connections are using the IP of the Mikrotik router >>>> instead >>>> of the assigned IP address. So the Ubiquiti client equipment has >>>>the >>>> right IP but the connection is using network address translation >>>> through >>>> the router. We need the assigned IP to be accessible through the >>>> Mikrotik router so it shows as the IP address of the Ubiquiti >>>>client >>>> connection and so we can login to the Ubiquiti client radio from >>>>our >>>> network. Now the Ubiquiti client radio is hidden behind the >>>>Mikrotik >>>> router. What needs to be changed on the router or the radius to >>>>fix >>>> this? >>>> >>>> Thanks, >>>> Mark >>>> >>>> _______________________________________________ >>>> Wireless mailing list >>>> Wireless@wispa.org >>>> http://lists.wispa.org/mailman/listinfo/wireless >>> _______________________________________________ >>> Wireless mailing list >>> Wireless@wispa.org >>> http://lists.wispa.org/mailman/listinfo/wireless >> _______________________________________________ >> Wireless mailing list >> Wireless@wispa.org >> http://lists.wispa.org/mailman/listinfo/wireless > >_______________________________________________ >Wireless mailing list >Wireless@wispa.org >http://lists.wispa.org/mailman/listinfo/wireless _______________________________________________ Wireless mailing list Wireless@wispa.org http://lists.wispa.org/mailman/listinfo/wireless
