ASK : setting freeradius dengan Mikrotik

Diskusi tentang Ubuntu Server baik webserver, database server, samba server dan service lainnya serta jaringan menggunakan Sistem Operasi Ubuntu.
User avatar
drain
Posts: 6
Joined: 21 Dec 2013, 23:09

ASK : setting freeradius dengan Mikrotik

Postby drain » 22 Mar 2014, 19:13

topologi :
Image

konfig
RB750

Code: Select all

interface /interface pr Flags: D - dynamic, X - disabled, R - running, S # NAME TYPE 0 R ;;; eth3 Hotspot ether 1 R ;;; eth2 LAN ether 2 R ;;; eth4 Proxy ether 3 R ;;; eth1 speedy1 ether 4 R ;;; eth5 speedy2 ether 5 R bridgelocal bridg 6 R pppoe-out1 pppoe 7 R pppoe-out2 pppoe 8 RS vlanHotspot vlan 9 RS vlanLAN vlan 10 RS vlanproxy vlan 11 RS vlanspeedy1 vlan 12 RS vlanspeedy2 vlan ip address /ip add pr Flags: X - disabled, I - invalid, D - dynamic # ADDRESS NETWORK INTERFACE 0 192.168.1.1/24 192.168.1.0 Hotspot 1 192.168.6.2/24 192.168.6.0 speedy1 2 192.168.7.2/24 192.168.7.0 speedy2 3 192.168.0.254/24 192.168.0.0 LAN 4 10.10.10.1/24 10.10.10.0 Proxy 5 192.168.2.1/24 192.168.2.0 bridgelocal route /ip rout pr Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit # DST-ADDRESS PREF-SRC GATEWAY DISTANCE 0 A S 0.0.0.0/0 pppoe-out1 1 1 A S 0.0.0.0/0 pppoe-out2 1 2 A S 0.0.0.0/0 pppoe-out1 1 pppoe-out2 3 S 0.0.0.0/0 pppoe-out2 2 4 A S 10.10.10.2/32 Proxy 1 5 A S 192.168.8.0/24 192.168.2.2 1 6 A S 192.168.9.0/24 192.168.2.2 1 7 A S 192.168.10.0/24 192.168.2.2 1 NAT /ip fi nat pr Flags: X - disabled, I - invalid, D - dynamic 0 X ;;; place hotspot rules here chain=unused-hs-chain action=passthrough to-addresses=0.0.0.0 1 ;;; masq modem 1 chain=srcnat action=masquerade out-interface=pppoe-out1 2 ;;; masq modem 2 chain=srcnat action=masquerade out-interface=pppoe-out2 3 ;;; Redirect-Proxy chain=dstnat action=dst-nat to-addresses=10.10.10.2 to-ports=3128 protocol=tcp src-address=192.168.0.0/24 dst-address-list=!local dst-port=80,8080,3128
RB433

Code: Select all

interface /inter pr Flags: D - dynamic, X - disabled, R - running, S - slave # NAME TYPE MTU L2MTU MAX-L2MTU 0 R bullet ether 1200 1524 1524 1 ether3 ether 1500 1524 1524 2 R local ether 1472 1524 1524 3 RS wlan1 wlan 1472 2290 4 RS wlan2 wlan 1472 2290 5 R bridge-local bridge 1500 1520 6 R bridge1 bridge 1500 2290 7 R bridge2 bridge 1500 2290 8 RS vlanbullet vlan 1500 1520 10 RS vlanhs1 vlan 1500 2286 11 RS vlanhs2 vlan 1500 2286 12 RS vlanlocal vlan 1500 1520 ip address /ip add pr Flags: X - disabled, I - invalid, D - dynamic # ADDRESS NETWORK INTERFACE 0 192.168.8.1/24 192.168.8.0 wlan1 1 192.168.9.1/24 192.168.9.0 wlan2 2 192.168.10.1/24 192.168.10.0 bullet 3 192.168.1.2/24 192.168.1.0 local 4 192.168.2.2/24 192.168.2.0 bridge-local route /ip route pr Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m B - blackhole, U - unreachable, P - prohibit # DST-ADDRESS PREF-SRC GATEWAY 0 A S 0.0.0.0/0 192.168.1.1 1 A S 10.10.10.0/24 192.168.2.1 2 A S 192.168.0.0/24 192.168.2.1 3 ADC 192.168.1.0/24 192.168.1.2 local 4 ADC 192.168.2.0/24 192.168.2.2 bridge-local 5 A S 192.168.6.0/24 192.168.2.1 6 A S 192.168.7.0/24 192.168.2.1 7 ADC 192.168.8.0/24 192.168.8.1 bridge1 8 ADC 192.168.9.0/24 192.168.9.1 bridge2 9 ADC 192.168.10.0/24 192.168.10.1 bullet nat /ip fi nat pr Flags: X - disabled, I - invalid, D - dynamic 0 X ;;; place hotspot rules here chain=unused-hs-chain action=passthrough 1 ;;; Redirect-Proxy chain=dstnat action=dst-nat to-addresses=10.10.10.2 to-ports=3128 protocol=tcp src-address-list=hostspot dst-address-list=!local dst-port=80,8080,3128
saya menggunakan freeradius+access manager untuk radius servernya
waktu saya tes menggunakan RB750 sebagai radius client sudah berjalan dengan baik
kemudian saya aplikasikan pada RB433
pada freeradius saya masukkan 192.168.8.1,192.168.9.1,192.168.10.1 untuk ip radius client
ternyata requestnya di tolak karena radius server membaca request berasal dari 192.168.1.2
kemudian setting saya rubah menjadi 192.168.1.2 untuk alamat radius client
user bisa log in dengan sukses,sudah bisa browsing,sudah muncul di hotspot active user
tapi jadi timbul masalah baru,access manager/freeradius tidak membaca bahwa user tersebut online
jadi bagaimana caranya supaya radius server membaca ip hotspot bukan ip interface yg mengarah ke RB750?

terima kasih sebelumnya...........
User avatar
sr_aja
Posts: 603
Joined: 10 Dec 2012, 11:21
Location: Jakarta

Re: ASK : setting freeradius dengan Mikrotik

Postby sr_aja » 23 Mar 2014, 17:54

kalau melihat topologi nya client melewati 2 router sblm sampai ke radius server
nah sifat dasar router adalah melakukan hide terhadap network di bawahnya.
pada layer network router akan merubah header request client menjadi headernya.
sehingga semua request seolah2 adalah miliknya.

apakah ts menggunakan metode secure nat di rbnya?
apakah radius server bisa mengenali segment Klein hotspot?
minimal ping ke IP segment Klien hotspot
jika bisa coba cek firewall disisi server radiusnya.. allow request Dr segment Klein hotspot
trus di rb443 nya ada bridge tuh.. bridge itu sm dgn trunk bukan?
User avatar
drain
Posts: 6
Joined: 21 Dec 2013, 23:09

Re: ASK : setting freeradius dengan Mikrotik

Postby drain » 03 Apr 2014, 11:58

maaf telat balas...udah solved kok
di radius server ip yg di masukkan tetap ip RB433 yg menuju ke RB750,trs accounting di aktifkan ternyata bisa berjalan normal dan lancar....
User avatar
amrih23
Posts: 5
Joined: 13 Nov 2013, 09:10
Location: jakarta
Contact:

Re: ASK : setting freeradius dengan Mikrotik

Postby amrih23 » 16 Oct 2014, 11:38

gan ane dibagi tutorial setting freeradius di ubuntu dong... kalau bisa sekalian penggabungan freeradius ubuntu server dengan hostspot mikrotik. hehe :)

Who is online

Users browsing this forum: No registered users and 18 guests