If only there were an easy identifier to tie the router mac to the SM. I see the router MAC in the auth attempt just fine, and I know what VLAN it’s on, but not which SM. DSL has a VPI/VCI pair which we use to tie to the customer so any attempts from that vpi/vci I know is coming from customer XYZ.
> On Jan 7, 2016, at 8:53 AM, Ken Hohhof <af...@kwisp.com> wrote: > > A far more likely scenario is customer buys new router, puts his WiFi > password in as the PPPoE password, it doesn't work so he gives up, and router > tries the wrong password every 10 seconds for a couple days until he gets > around to calling you. Lots of log entries. > > I guess you could cover Netgear routers by creating a login for "guest" and > redirecting to a page that says call this number for help with your PPPoE > setup. Why Netgear sets it to "guest" instead of blank, I don't know. > > > -----Original Message----- From: Simon Westlake > Sent: Thursday, January 07, 2016 9:13 AM > To: af@afmug.com > Subject: Re: [AFMUG] RADIUS > > You think so? You're saying you think that a user that enters an invalid > username and password should still get access to the network? I guess if > you're giving the credentials to end users, it might make sense, so it's > clear to them that they entered it incorrectly. If you're putting it > into your radios exclusively though, it seems like you might not want to > give a user any access at all if they're just trying random passwords. > > On 1/7/2016 7:05 AM, Dennis Burgess wrote: >> Typically the pppoe server is at the tower, so it has a local pool to hand >> out, if the customer needs a static, that would be assigned via PPPOE as >> well as a framed route if they need a specific block. For MT there are a >> number of radius attributes, but the simplest is address-group, If all pppoe >> servers are configured the same, giving a address group lobs them into >> anything such as filters, firewall, redirection etc. the last though is ip >> pool, so that you can give them a redirected pool and not use a public IP if >> they are not auth. Big thing, they should always auth, just get redirected >> if not valid. :) >> >> >> Dennis Burgess, CTO, Link Technologies, Inc. >> den...@linktechs.net – 314-735-0270 x103 – www.linktechs.net >> >> -----Original Message----- >> From: Af [mailto:af-boun...@afmug.com] On Behalf Of Simon Westlake >> Sent: Wednesday, January 6, 2016 8:50 PM >> To: af@afmug.com >> Subject: [AFMUG] RADIUS >> >> For those of you using RADIUS to manage your customers (whether via PPPoE, >> or something else), how are you doing it? Are you using pools, static >> addresses or a mixture? Are you using groups to control access/redirect to >> delinquency pages etc or other methods? What kind of attributes are you >> using? What is/are your NAS? I'm guessing mostly Mikrotik in this group! >> >> I'm working on a bunch of RADIUS stuff right now, and trying to build it to >> be as flexible as possible.. any input any of you can give on how you use >> RADIUS on your network would be very much appreciated! >> >> -- >> Simon Westlake >> Skype: Simon_Sonar >> Email: simon@sonar.software >> Phone: (702) 447-1247 >> --------------------------- >> Sonar Software Inc >> The next generation of ISP billing and OSS https://sonar.software >> > > -- > Simon Westlake > Skype: Simon_Sonar > Email: simon@sonar.software > Phone: (702) 447-1247 > --------------------------- > Sonar Software Inc > The next generation of ISP billing and OSS > https://sonar.software > >
