This post explains how to troubleshoot communication between the router (Mikrotik example) and Radius.
To configure the Mikrotik router and Radius authentication, we should change the settings in the Mikrotik Radius section.
Choose services, that have to be authenticated by Radius (PPP, DHCP, login, etc.).
Enter IP address = Splynx IP address, reachable from Mikrotik.
Secret = this value is located at Splynx → Router → Edit → Radius secret.
We cannot use more than one Radius server per Service
Enable on Secrets → PPP Authentication & Accounting features “Use Radius (yes), Accounting (yes)”.
Set Profile – default or default-encrypted, set Local address (it’s IP of Mikrotik router for establishing PPP connections).
If we use IPoE authentication (DHCP), we should enable Radius communication on the DHCP server.
To enable Radius hotspot authentication, change the Hotspot configuration of Mikrotik under IP → Hotspot as shown below:
When we enable services for Radius authentication, we can move forward and configure the router in Splynx.
Splynx → Networking → Routers, here you can edit or change router settings. Important fields to fill are:
Splynx → Networking → IPv4 networks.
Add some network for dynamic assignment (pool) or permanent (static) usage.
When we have added routers and networks to Splynx, it’s the right time to add a customer and activate him.
Then, we need to create an Internet service for the customer with PPP details (or MAC in case of DHCP authentication), IP address, and other details.
If all these steps were made and still Mikrotik router shows Radius timeout in the log, then, we need to make quick troubleshooting.
First of all, check the file in Splynx logs called radius/short. It can be found in section Splynx → Administration → Logs → Files. If this file is empty, the Radius server should be set to debug mode.
Splynx Radius server consists of 2 daemons – splynx_radd and free radius. Both of them have different debugging and show different information. Let’s start with splynx_radd debugging:
To enable debug mode of Splynx, connect via SSH to the Splynx server and change the configuration file:
[debug] section enable should be changed to – “
To restart the Radius server, enter the command in SSH:
service splynx_radd restart
Now we can check the debug file, again it’s accessible from CLI of Linux Splynx server:
The best way to check the file is the command
tail -f /var/www/splynx/logs/radius/debug.log
If splynx_radd debug doesn’t show us anything, we can try to run free radius daemon in debug mode and see if any packets are received by the Radius server.
Run CLI commands :
service freeradius stop
and check the CLI console output.
If you don’t see any debug messages when a customer tries to connect to Mikrotik Router, it means that your router cannot send packets and connect to the Radius server at all. It means that you have to verify the networking, routing, and NAT settings of the network.
On Mikrotik Router there is also availability to run extended debug to see what exactly router is sending to Radius server:
We've implemented PPPoE Radius authentication on Cisco one of the most powerful BRASes ASR 9000, that runs the IOS XR op...
We'll tackle the configuration of the Huawei NE20 and Huawei NE40 router with the Radius server. We will be using Splynx...