Difference between revisions of "User Manager/Wireless Example"

From MikroTik Wiki
Jump to: navigation, search
(User Manager configuration)
(User Manager configuration)
 
Line 32: Line 32:
 
* Add Access Point router information to [[User Manager/Routers | router]] list,  
 
* Add Access Point router information to [[User Manager/Routers | router]] list,  
  
  / tool user-manager router add subscriber=MikroTik ip-address=x.x.x.x shared-secret=123456
+
In version 3:
 +
  / tool user-manager router add '''subscriber'''=MikroTik ip-address=x.x.x.x shared-secret=123456
 +
 
 +
In version 4:
 +
/ tool user-manager router add '''customer'''=MikroTik ip-address=x.x.x.x shared-secret=123456
  
 
'x.x.x.x' is the address of the Access Point router, 'shared-secret' must match on both User Manager and Access Point routers.
 
'x.x.x.x' is the address of the Access Point router, 'shared-secret' must match on both User Manager and Access Point routers.
Line 38: Line 42:
 
* Add wireless client information, client MAC-address that is allowed to establish connection to the Access Point,
 
* Add wireless client information, client MAC-address that is allowed to establish connection to the Access Point,
  
  / tool user-manager user add subscriber=MikroTik username="00:01:29:27:81:95"
+
In version 3:
 +
  / tool user-manager user add '''subscriber'''=MikroTik username="00:01:29:27:81:95"
 +
 
 +
In version 4:
 +
/ tool user-manager user add '''customer'''=MikroTik username="00:01:29:27:81:95"

Latest revision as of 12:52, 24 February 2010

Introduction

We consider the scenario for wireless network, when only clients from User Manager database are able to establish communications with 'Access Point' router. To make this setup, you must have running Access Point. Let us consider configuration steps for Access Point and User Manager routers.

Access Point configuration

  • Set Access Point to use User Manager for wireless client authentication,
 / interface wireless security-profiles set default radius-mac-authentication=yes
  • Add radius client to consult User Manager for wireless service.
/ radius add service=wireless address=y.y.y.y secret=123456

'secret' is equal to User Manager router secret. 'y.y.y.y' is the User Manager router address.

  • Note, first local router database is consulted, then User Manager database. Wireless client will be unable to connect to Access Point, if Access Points router does not contain any entry in the 'interface wireless access-list' for the particular configuration and User Manager server will not have any information about user's data.
  • Make sure you do not have any entry in the 'interface wireless access-list', remove all hosts from 'access-list' to ensure wireless client MAC authentication only via User Manager,
 / interface wireless access-list remove [find]

User Manager configuration

  • Create User Manager subscriber (root customer). Note that when using a version 3.0 or newer, a subscriber called 'admin' is created automatically - you can skip the following stage and change 'MikroTik' to 'admin' in subsequent steps;
/ tool user-manager customer add login="MikroTik" password="qwerty" permissions=owner
  • Add Access Point router information to router list,

In version 3:

/ tool user-manager router add subscriber=MikroTik ip-address=x.x.x.x shared-secret=123456

In version 4:

/ tool user-manager router add customer=MikroTik ip-address=x.x.x.x shared-secret=123456

'x.x.x.x' is the address of the Access Point router, 'shared-secret' must match on both User Manager and Access Point routers.

  • Add wireless client information, client MAC-address that is allowed to establish connection to the Access Point,

In version 3:

/ tool user-manager user add subscriber=MikroTik username="00:01:29:27:81:95"

In version 4:

/ tool user-manager user add customer=MikroTik username="00:01:29:27:81:95"