User Manager/Wireless Example

From MikroTik Wiki
Jump to: navigation, search

Introduction

We consider the scenario for wireless network, when only clients from User Manager database are able to establish communications with 'Access Point' router. To make this setup, you must have running Access Point. Let us consider configuration steps for Access Point and User Manager routers.

Access Point configuration

  • Set Access Point to use User Manager for wireless client authentication,
 / interface wireless security-profiles set default radius-mac-authentication=yes
  • Add radius client to consult User Manager for wireless service.
/ radius add service=wireless address=y.y.y.y secret=123456

'secret' is equal to User Manager router secret. 'y.y.y.y' is the User Manager router address.

  • Note, first local router database is consulted, then User Manager database. Wireless client will be unable to connect to Access Point, if Access Points router does not contain any entry in the 'interface wireless access-list' for the particular configuration and User Manager server will not have any information about user's data.
  • Make sure you do not have any entry in the 'interface wireless access-list', remove all hosts from 'access-list' to ensure wireless client MAC authentication only via User Manager,
 / interface wireless access-list remove [find]

User Manager configuration

  • Create User Manager subscriber (root customer). Note that when using a version 3.0 or newer, a subscriber called 'admin' is created automatically - you can skip the following stage and change 'MikroTik' to 'admin' in subsequent steps;
/ tool user-manager customer add login="MikroTik" password="qwerty" permissions=owner
  • Add Access Point router information to router list,

In version 3:

/ tool user-manager router add subscriber=MikroTik ip-address=x.x.x.x shared-secret=123456

In version 4:

/ tool user-manager router add customer=MikroTik ip-address=x.x.x.x shared-secret=123456

'x.x.x.x' is the address of the Access Point router, 'shared-secret' must match on both User Manager and Access Point routers.

  • Add wireless client information, client MAC-address that is allowed to establish connection to the Access Point,

In version 3:

/ tool user-manager user add subscriber=MikroTik username="00:01:29:27:81:95"

In version 4:

/ tool user-manager user add customer=MikroTik username="00:01:29:27:81:95"