User Guide

Add A New Router

As you may already know, Access Manager works with Mikrotik Router(s) and uses freeradius to provision service plans that we create using "Access Manager - Admin Panel". As we've already completed our server setup in Installing Access Manager, Installing Freeradius Server and Integrating Access Manager with Freeradius. Final step is to configure RouterOS to act as a PPPoE Server/Hotspot Gateway and establish communication between RouterOS and our freeradius server installation.

Establish Communication

Establishing communication between Radius Server and RouterOS consists of two steps:

  1. Add RouterOS's IP in Admin Panel
  2. Add Radius server's IP in RouterOS

Add Router in Access Manager

With Access Manager, adding a new router in Freeradius is as easy as filling up a form. Though all of the fields are self explanatory, following table shows what they're for.

Field Allowed Values Description
Router Type Select from Dropdown List Select type of router you want to add, Only mikrotik supported as of now.
IP Address A Valid IP Address Enter IP Address of the router you're supposed to add. Make sure that the router is reachable from radius server.
DNS Name Valid local /global domain name DNS name set on the router hotspot.
Secret Password of your choice This secret will be shared between Radius Server and Mikrotik router.

Due to security and performance issues, freeradius reads all the clients (routers) at startup only, and saves them into memory. Therefor, every time you add a new router in Access Manager, you're required to restart freeradius server.

So, login to your Ubuntu Server and, issue following command.

user@host~$  sudo service freeradius restart

Add Radius Server in RouterOS

Login to your Mikrotik router, and refer to following commands to add a new radius server. Replace VARIABLES with actual values. And make sure the radius server's IP is reachable from router.

secret MUST MATCH with the secret used to add router in Access Manager.

[admin@router] > /radius add address=RADIUS_IP secret=SHARED_SECRET service=hotspot,ppp
[admin@router] > /radius incoming set accept=yes

Just make sure ports used by radius protocol (1812,1813 and 3799) are open between RouterOS and Freeradius. And you're done establishing communication between radius server and mikrotik router.

Setup RouterOS as PPPoE/Hotspot Gateway

Mikrotik wiki already provides detailed documentation on setting up RouterOS as Hotspot Gateway and PPPoE Server.

However these links do not describe how to enable radius authentication for Hotspot and PPPoE clients. Once you've setup Hotspot gateway, use following command to enable radius authentication for hotspot clients.

[admin@router] > /ip hotspot profile set user-radius=yes radius-accounting=yes numbers=hsprof1

And for PPPoE clients, use following.

[admin@router] > /ppp aaa set use-radius=yes accounting=yes

That's it, you've successfully setup a Mikrotik Router to act as a Hotspot/PPPoE gateway and is ready to authenticate against Access Manager. You may now want to create new bandwidth policy, create a new service plan or add a new subscriber account