As you may already know, Access Manager works with Mikrotik Router(s) and uses freeradius to provision service plans that we create using "Access Manager - Admin Panel". As we've already completed our server setup in Installing Access Manager, Installing Freeradius Server and Integrating Access Manager with Freeradius. Final step is to configure RouterOS to act as a PPPoE Server/Hotspot Gateway and establish communication between RouterOS and our freeradius server installation.
Establishing communication between Radius Server and RouterOS consists of two steps:
With Access Manager, adding a new router in Freeradius is as easy as filling up a form. Though all of the fields are self explanatory, following table shows what they're for.
|Router Type||Select from Dropdown List||Select type of router you want to add, Only mikrotik supported as of now.|
|IP Address||A Valid IP Address||Enter IP Address of the router you're supposed to add. Make sure that the router is reachable from radius server.|
|DNS Name||Valid local /global domain name||DNS name set on the router hotspot.|
|Secret||Password of your choice||This secret will be shared between Radius Server and Mikrotik router.|
Due to security and performance issues, freeradius reads all the clients (routers) at startup only, and saves them into memory. Therefor, every time you add a new router in Access Manager, you're required to restart freeradius server.
So, login to your Ubuntu Server and, issue following command.
Login to your Mikrotik router, and refer to following commands to add a new radius server. Replace VARIABLES with actual values. And make sure the radius server's IP is reachable from router.
secret MUST MATCH with the secret used to add router in Access Manager.
Just make sure ports used by radius protocol (1812,1813 and 3799) are open between RouterOS and Freeradius. And you're done establishing communication between radius server and mikrotik router.
However these links do not describe how to enable radius authentication for Hotspot and PPPoE clients. Once you've setup Hotspot gateway, use following command to enable radius authentication for hotspot clients.
And for PPPoE clients, use following.
That's it, you've successfully setup a Mikrotik Router to act as a Hotspot/PPPoE gateway and is ready to authenticate against Access Manager. You may now want to create new bandwidth policy, create a new service plan or add a new subscriber account