User Manager/4/PPP Setup

From MikroTik Wiki
Jump to: navigation, search


Now Advanced MiKroTiK User Manager can be used as a Remote Authentication Dial In User Service (RADIUS) is a networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA) for MiKroTiK PPP Servers.

Protocol Supported: PAP, CHAP, MS-CHAPv1 and MS-CHAPv2.

PPPoE Server Configurations

  • First, add the PPPoE server to the local interface: PPP -> PPPoE Servers


 / interface pppoe-server server add interface=ether1 service-name=pppoe one-session-per-host=yes disabled=no

  • Specify the use of User Manager for PPPoE clients: PPP -> Secrets -> PPP Authenciation & Accounting


 / ppp aaa set use-radius=yes

  • Set IP address of the PPPoE server, IP address might not be assigned to the interface of PPPoE server. Moreover static IP address or DHCP should not be used on the same interfaces as the PPPoE server for security reasons: PPP -> Profiles -> default


 / ppp profile set default local-address=

  • Add radius client to consult User Manager for PPP service: Radius


 / radius add service=ppp address= secret=123456

  • Configure radius client to accept Disconnect request from UM: Radius -> Incoming


 / radius incoming set accept=yes port=1700

'secret' is equal to User Manager router secret.

'' is the User Manager router address.

  • Note, first the local PPP database is consulted, then the User Manager database.

User Manager Configurations

where "Router_IP_address" must be replaced with IP address of your router.

Use username: admin and keep password blank to login.

  • Add PPP server information to router list: USERMANAGER -> Routers


/ tool user-manager router add coa-port=1700 comment="" customer=admin disabled=no ip-address= log=auth-fail name=Mikrotik shared-secret=123456

'' is the address of the PPPoE-server router. 'shared-secret' should match on both User Manager and PPPoE-server routers.

  • Add Profile Limitation: USERMANAGER -> Profiles -> Limitations

For example I'll make a Unlimited data transfer package of 64Kbps for One Year Validity:



Burst Rate: 128K/128K

Burst Threshold: 48K/48K

Burst Time: 30/30

Priority: 1

Minimum rate: 32K/32K


  • Add PPPoE client information:


/ tool user-manager user customer=admin name=demo password=demo ip-address= shared-users=1