I don't run PPPoE, but I am guessing this is your problem. If it was straight routing I would say you need to turn proxy arp on for the MT. I don't know if that holds true for PPPoE or not. The issue is the CPEs are sending traffic to the MT, the MT is sending to it's default GW and the return traffic is coming back to the cable modem which is dumping it out the ethernet side, the MT just doesn't know that it needs to relay the traffic on since it looks like it is destine for that LAN segment instead of needing to pass through the MT to the clients.
On 12/27/2013 03:27 PM, Mark Stephenson wrote: > In this case, the Mikrotik has an IP in the same range as the radios but > the gateway for all these IPs is external and inside a Time Warner owned > business class modem. > > Mark > > ------ Original Message ------ > From: "Sam Tetherow" <tethe...@shwisp.net> > To: "Mark Stephenson" <m...@countryconnections.net>; "WISPA General > List" <wireless@wispa.org> > Sent: 12/27/2013 4:05:02 PM > Subject: Re: [WISPA] Mikrotik PPPOE with External Radius -- Routing > Issue >> Does the PPPOE concentrator have an IP on the same block as the >> clients? Is the address block for the clients routed to the PPPOE >> concentrator? >> >> On 12/27/2013 02:17 PM, Mark Stephenson wrote: >>> Well, I thought that would fix it. We did have NAT running and the >>> radio >>> became accessible via the IP address just like we need it to. Then I >>> tried other IPs and later I tried the same IP again and the radio >>> can't >>> communicate at all out of the Mikrotik. The PPPOE connection seems >>> fine. >>> The issue is that the radio can't browse and the IP is not visible. >>> Any >>> thoughts? >>> >>> Thanks, >>> Mark >>> >>> ------ Original Message ------ >>> From: "Sam Tetherow" <tethe...@shwisp.net> >>> To: "Mark Stephenson" <m...@countryconnections.net>; "WISPA General >>> List" <wireless@wispa.org> >>> Sent: 12/27/2013 12:34:36 PM >>> Subject: Re: [WISPA] Mikrotik PPPOE with External Radius -- Routing >>> Issue >>>> Did you enable natting as mentioned in Step 1 on that guide (if you >>>> did, >>>> disabled it). >>>> >>>> On 12/27/2013 11:23 AM, Mark Stephenson wrote: >>>>> We are setting up PPPOE using Mikrotik routers at our towers. We >>>>> have >>>>> an >>>>> external radius and the plan is to have username/password >>>>> authentication, radius assigned IPs, and PPP protocol from >>>>> Ubiquiti >>>>> client equipment to the Mikrotik router at each tower. We setup >>>>> these >>>>> parameters in the radius server to do this: >>>>> >>>>> radcheck table: >>>>> Cleartext-Password password >>>>> >>>>> radreply table: >>>>> Framed-IP-Address desired ip address >>>>> Framed-IP-Netmask desired net mask >>>>> MS-Primary-DNS-Server desired ip of the dns >>>>> MS-Secondary-DNS-Server desired ip of the second dns >>>>> Mikrotik-Rate-Limit rate limit like 1M/1M >>>>> >>>>> The Mikrotik router (currently version 5.21 RB750UP) has the >>>>> PPPOE >>>>> service running and radius authentication to our external radius >>>>> server. >>>>> We used http://wiki.mikrotik.com/wiki/Pppoe_with_external_radius >>>>> as a >>>>> starting point, but it assumes dynamically assigned IPs from a >>>>> local >>>>> pool not IPs assigned from the radius server. >>>>> >>>>> We set up our Ubiquiti client equipment as routed with PPPOE and >>>>> entered >>>>> the PPPOE username and the password. The Ubiquiti client >>>>> equipment >>>>> connects to a Ubiquiti access point that is bridged and then to a >>>>> Mikrotik router at the tower. The tower then connects to backhaul >>>>> radios >>>>> to get back to our main tower and our core router. >>>>> >>>>> The good news is that this mostly works! The Ubiquiti client >>>>> connects >>>>> wirelessly to the access point and via PPPOE to the Mikrotik. It >>>>> gets >>>>> the IP address and the DNS set in radius. I know that because it >>>>> shows >>>>> in the Ubiquiti user interface and I see it in the Mikrotik logs. >>>>> And >>>>> the Mikrotik does the rate limiting beautifully. We can also >>>>> browse >>>>> the >>>>> web through the connection. From a client user perspective it all >>>>> works. >>>>> But there is one big catch that we are missing. >>>>> >>>>> All outbound connections are using the IP of the Mikrotik router >>>>> instead >>>>> of the assigned IP address. So the Ubiquiti client equipment has >>>>> the >>>>> right IP but the connection is using network address translation >>>>> through >>>>> the router. We need the assigned IP to be accessible through the >>>>> Mikrotik router so it shows as the IP address of the Ubiquiti >>>>> client >>>>> connection and so we can login to the Ubiquiti client radio from >>>>> our >>>>> network. Now the Ubiquiti client radio is hidden behind the >>>>> Mikrotik >>>>> router. What needs to be changed on the router or the radius to >>>>> fix >>>>> this? >>>>> >>>>> Thanks, >>>>> Mark >>>>> >>>>> _______________________________________________ >>>>> Wireless mailing list >>>>> Wireless@wispa.org >>>>> http://lists.wispa.org/mailman/listinfo/wireless >>>> _______________________________________________ >>>> Wireless mailing list >>>> Wireless@wispa.org >>>> http://lists.wispa.org/mailman/listinfo/wireless >>> _______________________________________________ >>> Wireless mailing list >>> Wireless@wispa.org >>> http://lists.wispa.org/mailman/listinfo/wireless >> _______________________________________________ >> Wireless mailing list >> Wireless@wispa.org >> http://lists.wispa.org/mailman/listinfo/wireless > _______________________________________________ > Wireless mailing list > Wireless@wispa.org > http://lists.wispa.org/mailman/listinfo/wireless _______________________________________________ Wireless mailing list Wireless@wispa.org http://lists.wispa.org/mailman/listinfo/wireless
