HW INFO:
-Mikrotik RB951 as DHCP and User Manager Radius Server
-Ruckus Switch ICX7150
-E410
-Android phone
GOALS:
- phone get dynamic vlan from 1 SSID. vlan assigned from Radius server in Mikrotik User Manager
PROBLEMS:
- phone can’t get ip from Mikrotik DHCP server
BUT IF I POINT AP TO FREERADIUS, phone will get correct vlan ip
ERROR MSG:
WIFI-4-CLIENT-DISCONNECTED Client [20-34-fb-d1-7b-30] disconnected from WLAN [NGTRAIN] after [2] secs txbytes [362] rxbytes [1329] avgtx [0] maxtx [0] mintx [0] avgrx [0] maxrx [0] minrx [0] reason [IEEE 802.1X authentication failed (The radius query is timed out)]
Please see attached diagram and configuration
I also test this but no luck
# interface vlan 1
# no ip dhcp request-option-all
# int vlan 100
# ip dhcp request-option-all
# sh route
DESTINATION MASK GATEWAY FLAGS METRIC INTERFACE
0.0.0.0 0.0.0.0 10.0.100.1 UG 0 VLAN100
10.0.100.0 255.255.255.0 0.0.0.0 U 0 VLAN100
169.254.0.0 255.255.0.0 0.0.0.0 U 0 VLAN1
192.168.0.0 255.255.255.0 0.0.0.0 U 0 VLAN1
USERMAN-CAMBIUM DHCP PROBLEM.pdf (272.9 KB)
tech.zip (415.9 KB)
tq
UPDATE1
When I using NTRadPing to test respond from FreeRadius and Mikrotik User Manager.
I found extra line from Mikrotik that causing user can’t get ip
Here the difference
FreeRadius
Mikrotik
As you can see from Mikrotik has “Message-Authenticator”
I don’t know how to get rid of that in Mikrotik side
Let me find out
UPDATE:
STATUS: SOLVED
DIAGRAM
RB951
WAN IP 192.168.1.x
LAN IP 192.168.88.1
VLAN100 (int ether5) IP 10.0.100.1
My AP should point to radius server with ip its native vlan100 ip 10.0.100.1 instead of RB951 LAN ip 192.168.88.1