User Manager/PPP Example: Difference between revisions

From MikroTik Wiki
Jump to navigation Jump to search
No edit summary
(One intermediate revision by the same user not shown)
Line 1: Line 1:
== Introduction ==
== Introduction ==


User Manager might be used as remote authentication, authorization and accounting server for PPP clients
User Manager might be used as remote authentication, authorization and accounting server for PPP clients.
Note, only PAP and CHAP authentication methods supported by User Manager now. Let us consider configuration steps for PPP and User Manager routers.
 
Since 2.9.35 protocols PAP,CHAP, MS-CHAPv1 and MS-CHAPv2 supported by User Manager.
 
Let us consider configuration steps for PPP and User Manager routers.


== PPP configuration ==  
== PPP configuration ==  
Line 10: Line 13:
=== PPP server configuration ===
=== PPP server configuration ===


* First, add PPPoE server to the local interface, remember that User Manager server only supports PAP and CHAP authentication methods:
* First, add PPPoE server to the local interface, :
   / interface pppoe-server server add interface=ether1 service-name=MikroTik one-session-per-host=yes disabled=no authentication=chap,pap
   / interface pppoe-server server add interface=ether1 service-name=MikroTik one-session-per-host=yes disabled=no


* Specify to use User Manager for PPPoE clients:
* Specify to use User Manager for PPPoE clients:
Line 31: Line 34:
* Add PPPoE client to the interface
* Add PPPoE client to the interface


   / interface pppoe-client add interface=ether1 user=MikroTik password=MikroTik service-name=MikroTik allow=pap,chap disabled=no
   / interface pppoe-client add interface=ether1 user=MikroTik password=MikroTik service-name=MikroTik disabled=no


== User Manager configuration ==
== User Manager configuration ==

Revision as of 10:15, 7 November 2006

Introduction

User Manager might be used as remote authentication, authorization and accounting server for PPP clients.

Since 2.9.35 protocols PAP,CHAP, MS-CHAPv1 and MS-CHAPv2 supported by User Manager.

Let us consider configuration steps for PPP and User Manager routers.

PPP configuration

We consider PPPoE server <-> PPPoE client configuration example, when PPPoE server uses remote User Manager database for PPPoE clients authentication, authorization and accounting. Both PPPoE server and PPPoE client are MikroTik routers, any other PPPoE client might be used instead.

PPP server configuration

  • First, add PPPoE server to the local interface, :
 / interface pppoe-server server add interface=ether1 service-name=MikroTik one-session-per-host=yes disabled=no
  • Specify to use User Manager for PPPoE clients:
 / ppp aaa set use-radius=yes
  • Set IP address of the PPPoE server, IP address might not be assigned to the interface of PPPoE server. Moreover static IP address or DHCP are not recommended to use on the same interfaces as PPPoE server for security reasons.
 / ppp set default local-address=192.168.0.1
  • Add radius client to consult User Manager for PPP service.
 / radius add service=ppp address=y.y.y.y secret=123456

'secret' is equal to User Manager router secret. 'y.y.y.y' is the User Manager router address.

  • Note, first local PPP database is consulted, then User Manager database.

PPP client configuration

  • Add PPPoE client to the interface
 / interface pppoe-client add interface=ether1 user=MikroTik password=MikroTik service-name=MikroTik disabled=no

User Manager configuration

/ tool user-manager customer add login="MikroTik" password="qwerty" permissions=owner
  • Add PPP server information to router list,
 / tool user-manager router add subscriber=MikroTik ip-address=x.x.x.x shared-secret=123456

'x.x.x.x' is the address of the PPPoE-server router, 'shared-secret' should match on both User Manager and PPPoE-server routers.

  • Add PPPoE client information,
 / tool user-manager user add username=demo password=demo subscriber=MikroTik ip-address=192.168.0.2
  • Let us verify, that PPPoE client is connected and using User Manager for authentication, authorization and accounting. First we monitor if PPPoE client is connected, then we verify that User Manager used. First command is executed on PPPoE client router, second on PPPoE server:
 / interface pppoe-client monitor pppoe-out1
       status: "connected"
       uptime: 12h2m29s
    idle-time: 12h2m17s
 service-name: "MikroTik"
      ac-name: "MikroTik"
       ac-mac: 00:0C:42:05:54:8F
          mtu: 1480
          mru: 1480
 / ppp active> print
 Flags: R - radius
  #   NAME         SERVICE CALLER-ID         ADDRESS         UPTIME   ENCODING
  0 R MikroTik     pppoe   00:0C:42:05:54:6E 192.168.0.2     12h1m48s