IPv6 and Mikrotik, how best to deploy right now?


#22

How would you block the ipv6 address for an account that is delinquent? Right now we are using address lists. Sonar needs to know that ipv6 address to block it.


#23

With interface lists - IPv6 firewall rules can be set up to match the interface lists for delinquency. This is what we do, and in that case Sonar does not need to know what IPv6 prefix the customer has. When the customer goes delinquent, the CoA packet disconnects their PPPoE session, and when they reconnect, they have the RADIUS attribute specified to add them to the delinquent interface list, and the firewall rules take effect.


#24

we added the attribute “Mikrotik-Delegated-IPv6-Prefix += (“ipv6pool”)” and it gets an ipv6 and made a 2nd one with out that attribute. when we make the change, lets say to change from active to inactive. It is not triggering the coa on account status change. but when we manually drop the pppoe sessions and it comes back fine.

The issues is when the coa is trigger at this point.


#25

I think adding the customer to the interface list is a better way of making them delinquent rather than changing their prefix. The old prefix may hang around on their router or other equipment and cause connectivity issues after a prefix change.

Regarding CoA, under Network->RADIUS Server you can choose under which conditions CoA is sent:


#26

im checking with admin to see iff the test router is setup for coa


#27

yea our coa is working… but it might be the test router i am using might not be setup with it :slight_smile:


#28

One other thing that I forgot - there is no RADIUS attribute to add the customer’s PPPoE interface to an interface list, but there is that option in the PPP Profile. So what you should do is duplicate your PPP Profile and name it something like “delinquent-profile”, configure delinquent-profile with the interface list setting, and then set the “Mikrotik-Group” attribute to “delinquent-profile”.