Community discussions

MikroTik App
  4. l雷竞技
  5. Beginner Basics

MikTik RB751 behind T-Com Speedport 504v

Locked
Cartman
Member Candidate
Member Candidate
Topic Author
Posts: 104
加入: Wed Jul 23, 2008 6:14 pm

MikTik RB751 behind T-Com Speedport 504v

Mon Jun 25, 2012 1:50 pm

Hello world !!!

I am trying to set up a hotspot network with the above mentioned config.
In our network we have a lot of MTs running without problems, so I blame
the Speedport.
We have
Code:Select all 
mysql> select id, nasname, shortname, type, ports,secret,community, description from nas where id=84;; +----+---------------+---------------+-------+-------+-----------+-----------+---------------+ | id | nasname | shortname | type | ports | secret | community | description | +----+---------------+---------------+-------+-------+-----------+-----------+---------------+ | 84 | 217.xxx.yy.zz| 217.xxx.yy.zz| other | NULL | *******| NULL | RADIUS Client | +----+---------------+---------------+-------+-------+-----------+-----------+---------------+ 1 row in set (0.00 sec)
but
Code:Select all 
Error: Ignoring request to authentication address * port 11812 from unknown client 217.xxx.yy.zz port 39753
So, it´s not really an "unknown" client, because it´s in the nas table. The port is OK, we use 11812 - 14, even changins to default does not change a thing.
clients.conf is empty, everything is processed by MySQL and works with other constellations.

Assumption :
I think the firewall of the speedport might be the problem. The device drops pings and requests to the WAN address, so it´s invisible from the internet.
Best of it all, the "holy" T-Com people have disabled the firewall configuration of the router, so it cannot be edited.

Is there a way to get this to work, or do we need some new device for the Speedport ?
Maybe it´s more a FreeRadius question, but the people here are a bit smarter, when it comes to helping people.

TIA
Top
Feklar
Forum Guru
Forum Guru
Posts: 1724
加入: Tue Dec 01, 2009 11:46 pm

Re: MikTik RB751 behind T-Com Speedport 504v

Mon Jun 25, 2012 10:38 pm

如果请求一个半径nd showing up in the logs, then the firewall on your speedport is not the issue. It would either be a Radius setting on the MikroTik or within FreeRadius that is causing it.
Top
Cartman
Member Candidate
Member Candidate
Topic Author
Posts: 104
加入: Wed Jul 23, 2008 6:14 pm

Re: MikTik RB751 behind T-Com Speedport 504v

Tue Jun 26, 2012 12:41 am

I do not think it´s a freeradius or miktik problem. because it works in a different environment.
Behind the speedport the miktik get an IP by DHCP (192.168.2.xxx). In my lab it has a global
static IP. IMHO it´s something like a port or protocol problem, but I do not know which one it could be.
Tested with a Speedport 700v with firewall turned off, but no change. Internet says the SP has some probs with GRE and VPN. Maybe there are some more problems affecting the communication between MT and FR.
Still do not know why the client is unknown, when it´s listed in NAS.

Thanks for any hints.
Top
Cartman
Member Candidate
Member Candidate
Topic Author
Posts: 104
加入: Wed Jul 23, 2008 6:14 pm

Re: MikTik RB751 behind T-Com Speedport 504v

Tue Jun 26, 2012 9:34 am

Another thing is, that there are no DB requests, when I try to log in.
A normal login gives
Code:Select all 
SELECT nasname FROM nas WHERE nasname = '213.xxx.yyy.zzz' SELECT shortname FROM nas WHERE nasname = '213.xxx.yyy.zzz' SELECT secret FROM nas WHERE nasname = '213.xxx.yyy.zzz' SELECT type FROM nas WHERE nasname = '213.xxx.yyy.zzz'
Behind the speedport nothing happens.
Top
Cartman
Member Candidate
Member Candidate
Topic Author
Posts: 104
加入: Wed Jul 23, 2008 6:14 pm

Re: MikTik RB751 behind T-Com Speedport 504v

Tue Jun 26, 2012 1:53 pm

去t it.
The problem was caused by the IP address renge indynamic-clients
Set it to 0.0.0.0/0 and everything worked.
Seems not like the best solution, but it does what I want.

Now I just need to know, how to mark this as SOLVED
Top
Locked

Who is online

Users browsing this forum: No registered users and 4 guests
  4. l雷竞技
  5. Beginner Basics