User Manager/4/PPP Setup

From MikroTik Wiki
Jump to: navigation, search

Introduction

Now Advanced MiKroTiK User Manager can be used as a Remote Authentication Dial In User Service (RADIUS) is a networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA) for MiKroTiK PPP Servers.

Protocol Supported: PAP, CHAP, MS-CHAPv1 and MS-CHAPv2.

PPPoE Server Configurations

  • First, add the PPPoE server to the local interface: PPP -> PPPoE Servers

Pppoeserver.jpg

 / interface pppoe-server server add interface=ether1 service-name=pppoe one-session-per-host=yes disabled=no


  • Specify the use of User Manager for PPPoE clients: PPP -> Secrets -> PPP Authenciation & Accounting

Pppoeradius.jpg

 / ppp aaa set use-radius=yes


  • Set IP address of the PPPoE server, IP address might not be assigned to the interface of PPPoE server. Moreover static IP address or DHCP should not be used on the same interfaces as the PPPoE server for security reasons: PPP -> Profiles -> default

Ipserver.jpg

 / ppp profile set default local-address=10.0.0.1


  • Add radius client to consult User Manager for PPP service: Radius

Radius12.jpg

 / radius add service=ppp address=127.0.0.1 secret=123456


  • Configure radius client to accept Disconnect request from UM: Radius -> Incoming

Radiusdc.jpg

 / radius incoming set accept=yes port=1700

'secret' is equal to User Manager router secret.

'127.0.0.1' is the User Manager router address.

  • Note, first the local PPP database is consulted, then the User Manager database.

User Manager Configurations

where "Router_IP_address" must be replaced with IP address of your router.

Use username: admin and keep password blank to login.


  • Add PPP server information to router list: USERMANAGER -> Routers

Umroute.jpg

/ tool user-manager router add coa-port=1700 comment="" customer=admin disabled=no ip-address=127.0.0.1 log=auth-fail name=Mikrotik shared-secret=123456

'127.0.0.1' is the address of the PPPoE-server router. 'shared-secret' should match on both User Manager and PPPoE-server routers.

  • Add Profile Limitation: USERMANAGER -> Profiles -> Limitations

For example I'll make a Unlimited data transfer package of 64Kbps for One Year Validity:

Uptime:52w1d

Rate:64K/64K

Burst Rate: 128K/128K

Burst Threshold: 48K/48K

Burst Time: 30/30

Priority: 1

Minimum rate: 32K/32K

Profiless.jpg

  • Add PPPoE client information:

Userreg.jpg

/ tool user-manager user customer=admin name=demo password=demo ip-address=10.0.0.2 shared-users=1