Hi Mark, as I said, I think you have routing issues (see point #2 in my email).
Probably you will see that your PPPoE IPs are not propagated in your core network. Just take a look at the neighboor router and you will see that the client's IP is not in the routing table. So that's why the clients are not surfing. Just to double check, go in some part of your network and do a traceroute to the customer's IP and you should see that the path is not going as expected. Question: what are you using in your core network? Ospf, iBGP? Regards Paolo > In this case, the Mikrotik has an IP in the same range as the radios but > the gateway for all these IPs is external and inside a Time Warner owned > business class modem. > > Mark > > ------ Original Message ------ > From: "Sam Tetherow" <tethe...@shwisp.net> > To: "Mark Stephenson" <m...@countryconnections.net>; "WISPA General > List" <wireless@wispa.org> > Sent: 12/27/2013 4:05:02 PM > Subject: Re: [WISPA] Mikrotik PPPOE with External Radius -- Routing > Issue >> Does the PPPOE concentrator have an IP on the same block as the >> clients? Is the address block for the clients routed to the PPPOE >> concentrator? >> >> On 12/27/2013 02:17 PM, Mark Stephenson wrote: >>> Well, I thought that would fix it. We did have NAT running and the >>> radio >>> became accessible via the IP address just like we need it to. Then I >>> tried other IPs and later I tried the same IP again and the radio >>> can't >>> communicate at all out of the Mikrotik. The PPPOE connection seems >>> fine. >>> The issue is that the radio can't browse and the IP is not visible. >>> Any >>> thoughts? >>> >>> Thanks, >>> Mark >>> >>> ------ Original Message ------ >>> From: "Sam Tetherow" <tethe...@shwisp.net> >>> To: "Mark Stephenson" <m...@countryconnections.net>; "WISPA General >>> List" <wireless@wispa.org> >>> Sent: 12/27/2013 12:34:36 PM >>> Subject: Re: [WISPA] Mikrotik PPPOE with External Radius -- Routing >>> Issue >>>> Did you enable natting as mentioned in Step 1 on that guide (if you >>>> did, >>>> disabled it). >>>> >>>> On 12/27/2013 11:23 AM, Mark Stephenson wrote: >>>>> We are setting up PPPOE using Mikrotik routers at our towers. We >>>>> have >>>>> an >>>>> external radius and the plan is to have username/password >>>>> authentication, radius assigned IPs, and PPP protocol from >>>>> Ubiquiti >>>>> client equipment to the Mikrotik router at each tower. We setup >>>>> these >>>>> parameters in the radius server to do this: >>>>> >>>>> radcheck table: >>>>> Cleartext-Password password >>>>> >>>>> radreply table: >>>>> Framed-IP-Address desired ip address >>>>> Framed-IP-Netmask desired net mask >>>>> MS-Primary-DNS-Server desired ip of the dns >>>>> MS-Secondary-DNS-Server desired ip of the second dns >>>>> Mikrotik-Rate-Limit rate limit like 1M/1M >>>>> >>>>> The Mikrotik router (currently version 5.21 RB750UP) has the >>>>> PPPOE >>>>> service running and radius authentication to our external radius >>>>> server. >>>>> We used http://wiki.mikrotik.com/wiki/Pppoe_with_external_radius >>>>> as a >>>>> starting point, but it assumes dynamically assigned IPs from a >>>>> local >>>>> pool not IPs assigned from the radius server. >>>>> >>>>> We set up our Ubiquiti client equipment as routed with PPPOE and >>>>> entered >>>>> the PPPOE username and the password. The Ubiquiti client >>>>> equipment >>>>> connects to a Ubiquiti access point that is bridged and then to a >>>>> Mikrotik router at the tower. The tower then connects to backhaul >>>>> radios >>>>> to get back to our main tower and our core router. >>>>> >>>>> The good news is that this mostly works! The Ubiquiti client >>>>> connects >>>>> wirelessly to the access point and via PPPOE to the Mikrotik. It >>>>> gets >>>>> the IP address and the DNS set in radius. I know that because it >>>>> shows >>>>> in the Ubiquiti user interface and I see it in the Mikrotik logs. >>>>> And >>>>> the Mikrotik does the rate limiting beautifully. We can also >>>>> browse >>>>> the >>>>> web through the connection. From a client user perspective it all >>>>> works. >>>>> But there is one big catch that we are missing. >>>>> >>>>> All outbound connections are using the IP of the Mikrotik router >>>>> instead >>>>> of the assigned IP address. So the Ubiquiti client equipment has >>>>> the >>>>> right IP but the connection is using network address translation >>>>> through >>>>> the router. We need the assigned IP to be accessible through the >>>>> Mikrotik router so it shows as the IP address of the Ubiquiti >>>>> client >>>>> connection and so we can login to the Ubiquiti client radio from >>>>> our >>>>> network. Now the Ubiquiti client radio is hidden behind the >>>>> Mikrotik >>>>> router. What needs to be changed on the router or the radius to >>>>> fix >>>>> this? >>>>> >>>>> Thanks, >>>>> Mark >>>>> >>>>> _______________________________________________ >>>>> Wireless mailing list >>>>> Wireless@wispa.org >>>>> http://lists.wispa.org/mailman/listinfo/wireless >>>> _______________________________________________ >>>> Wireless mailing list >>>> Wireless@wispa.org >>>> http://lists.wispa.org/mailman/listinfo/wireless >>> _______________________________________________ >>> Wireless mailing list >>> Wireless@wispa.org >>> http://lists.wispa.org/mailman/listinfo/wireless >> >> _______________________________________________ >> Wireless mailing list >> Wireless@wispa.org >> http://lists.wispa.org/mailman/listinfo/wireless > > _______________________________________________ > Wireless mailing list > Wireless@wispa.org > http://lists.wispa.org/mailman/listinfo/wireless > -- Ing. Paolo Di Francesco Level7 s.r.l. unipersonale Sede operativa: Largo Montalto, 5 - 90144 Palermo C.F. e P.IVA 05940050825 Fax : +39-091-8772072 assistenza: (+39) 091-8776432 web: http://www.level7.it _______________________________________________ Wireless mailing list Wireless@wispa.org http://lists.wispa.org/mailman/listinfo/wireless
