User Manager/Wireless Example: Difference between revisions

From MikroTik Wiki
Jump to navigation Jump to search
SergejsB (talk | contribs)
No edit summary
SergejsB (talk | contribs)
mNo edit summary
Line 17: Line 17:


* Note, first local router database is consulted, then User Manager database. Wireless client will be unable to connect to Access Point, if Access Points router does not contain any entry in the 'interface wireless access-list' for the particular configuration and User Manager server will not have any information about user's data.
* Note, first local router database is consulted, then User Manager database. Wireless client will be unable to connect to Access Point, if Access Points router does not contain any entry in the 'interface wireless access-list' for the particular configuration and User Manager server will not have any information about user's data.
* Make sure you do not have any entry in the 'interface wireless access-list', remove all hosts from 'access-list' to ensure wireless client MAC authentication only via User Manager,
/ interface wireless access-list remove [find]


== User Manager configuration ==
== User Manager configuration ==

Revision as of 17:04, 23 October 2006

Introduction

We consider the scenario for wireless network, when only clients from User Manager database are able to establish communications with 'Access Point' router. To make this setup, you should have running Access Point'. Let's consider configuration steps for Access Point and User Manager routers.

Access Point configuration

  • Set Access Point to use User Manager for wireless client authentication,
 / interface wireless security-profiles set default radius-mac-authentication=yes
  • Add radius client to consult User Manager for wireless service.
/ radius add service=wireless address=y.y.y.y secret=123456

'secret' is equal to User Manager router secret. 'y.y.y.y' is the User Manager router address.

  • Note, first local router database is consulted, then User Manager database. Wireless client will be unable to connect to Access Point, if Access Points router does not contain any entry in the 'interface wireless access-list' for the particular configuration and User Manager server will not have any information about user's data.
  • Make sure you do not have any entry in the 'interface wireless access-list', remove all hosts from 'access-list' to ensure wireless client MAC authentication only via User Manager,

/ interface wireless access-list remove [find]

User Manager configuration

/ tool user-manager customer add login="MikroTik" password="qwerty" permissions=owner
  • Add Access Point router information to router list,
/ tool user-manager router add subscriber=MikroTik ip-address=x.x.x.x shared-secret=123456

'x.x.x.x' is the address of the Access Point router, 'shared-secret' should match on both User Manager and Access Point routers.

  • Add wireless client information, client MAC-address that is allowed to establish connection to the Access Point,
/ tool user-manager user add add subscriber=MikroTik username="00:01:29:27:81:95"