Ok,
I am answering this before anyone else does... And no I am not crazy
or at least I dont think so,but I do think I am getting to old for this
STUFF!!
Seems that you dont need to create CAs for the Radius server unless you
want the added security and that mikrotik will do PEAP fine with Freeradius
So here are the things that tripped me up
Ensure that your fire wall will accept freeradius via udp ports 1812-1813
Also, unless your stacking vlans for different users do not use the vlan
tag option in the datapath config for your capsman config
I am now using the vlan tag with the mikrotik attribute for the users
which is very cool.
What makes this totally awesome is that we have 38 caps on a campus and
we now only need one single SSID and depending on which cabin the user
is staying in get assigned
a certain login based on location, membership.
For example user A stays in cabin 12 and is a staff member so that
member will get assigned vlan12 with ip 192.168.12.x where X determines
member type IE Staff,Admin,Maint,guest or child network. Since x number
of people can stay in cabins only 2 to 4 are what they call house
parents or Staff and the rest are children
Very cool control point for consolidation
On 12/7/2016 4:33 PM, Dave wrote:
Ok,
Not sure whether or not I will find the genius here that will tell me
if I need a CA-cert for using Freeradius and mikrotik when
doing WPA-EAP on the cap?
Forgive me if this needs to go to another forum but I have looked
everywhere to see if I need to load up certs.
The issue I have is when the client replies to the nas(mikrotik) and
all seems to go ok except no IP from the dhcp server that sits
on that bridge for the cap.
So I am guessing from everything I have read that mikrotik(nas) is
looking for a cert to complete the transfer or do I just have a misconfig
on the radius config.
So one of the questions I have is when configuring a user for the
radius do I also need to tell it to use dhcp or assign it an ip or
once the user
authenticates should the user get its ip from the dhcp server that
sits on that bridge the cap is on?
Thanks
Dave
--
--
