I just want to ask 1 question. Can I do this with Mikrotik Routers? If I can, how can it be done?
I already use MT Router almost a year now and after first setup it runs smoothly without any problem.
Now, I want to expand my network to another location BUT using only one router to do the authentication. I don’t want to use third-party radius server because either they take part on my revenue or the charge great deal of $$$ to use their service. So I want to stick to MT router to maintain my authentication.
Description of attached layout:
R1-0 is my radius server. With User Manager installed at remote location more than any wireless or wired network can reach or at least it is not reasonable to lay cable 100s of KM.
R1-1, R1-2 and R2-3 each have their internet access but need to be authenticated by R1-0.
When client entered their username and password, they can user their hotspot internet to access the web.
Anyone can help me with this. How to achieve this. Explain it to me in plain english because I’m not a computer genius. Thank you in advance.
There are many ways to do this. I prefer to just use a simple l2tp tunnel. Then the radius client can be wherever you want, as long as it have internet (also nat’ed) it will make contact to your Radius server.
Will this configuration direct all traffic to tunnel server and use its internet access just like VPN?
Like this…
Can I simply install User Manager that act as radius server in one location and all other MT routers without User Manager installed and point to the central User Manager?
So, any of my client can roam between my other location and use their username and password to login. All sites will be set as hotspot and authentication will be done by central router located somewhere else linked via the internet. When authenticated they can browse the web using the terminal’s internet NOT via central router’s internet.
Example:
Terminal 1 (8mbps)
Terminal 2 (8mbps)
Central Router (2mbps)
User 1 connect to Terminal 1 and MT at Terminal 1 get authentication from Central Router.
When done, User 1 will use his/her 8mbps link to browse the web.
User 2 connect to Terminal 2 and MT at Terminal 2 get authentication from Central Router.
When done, User 2 will use his/her 8mbps link to browse the web.
User 1 and User 2 can also use their username and password at any terminal.
Its possible.
Hoping this is what you are asking for.
Set each router to serve as NAS connected to each terminal and configure it as a Radius client to the User Manager. You will need to create the each NAS radius client profile in your radius server (User Manager). Create the different service as you mentioned for each terminal on the radius server, making sure that all the NAS are also configured to accept request for the service you configure.
