Hi everyone,
I am designing a network infrastructure using MikroTik (ROS v7.x) and I’m looking for the "Best Practice" to implement two specific requirements:
1. Redundancy for User Manager (HA): I want to deploy two User Manager instances. The second instance should act as a backup.
-
Is there a native way to synchronize the database between two User Manager instances in ROS v7?
-
In case the primary User Manager fails, how can I ensure the NAS (Network Access Server) seamlessly switches to the secondary one without dropping active sessions? Should I use VRRP for a Virtual IP or define multiple RADIUS servers in the
/user-manager/routerconfiguration?
2. Source Public IP Limiting (Anti-Abuse): I need a mechanism to restrict each user to a maximum of 3 concurrent Source Public IP addresses.
-
If a user attempts to connect from a 4th Public IP, the system should automatically drop/disconnect one of the existing active sessions (e.g., the oldest one) to allow the new one, or simply block the 4th IP.
-
Can this be handled directly within User Manager attributes (Session-Timeout) or do I need a custom script combined with
Firewall Filter/Raw?
Current Setup:
-
Hardware: Router OS x86
-
ROS Version: 7.x
-
Architecture: User Manager as Radius Server, multiple NAS devices.
Looking forward to your professional advice. Thanks! 