Hello group,
It has been a long time since I have posted, but I’m still alive. 
I am trying to implement hotspot on the ethernet of customer cpe’s, with userman running on a central cloudcore. Here is my config in the client:
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa2-psk eap-methods=“” management-protection=
allowed mode=dynamic-keys name=most-secure supplicant-identity=“”
wpa2-pre-shared-key=123456789
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce
country=“” disabled=no frequency=auto hw-protection-mode=
rts-cts radio-name=“CPE” security-profile=most-secure ssid=
company.com wmm-support=enabled wps-mode=disabled
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
add html-directory=flash/hotspot name=test-radius use-radius=yes
/ip hotspot
add idle-timeout=none interface=ether1 name=server1 profile=test-radius
/ip pool
add name=dhcp_pool1 ranges=192.168.1.2-192.168.1.254
/ip dhcp-server
add add-arp=yes address-pool=dhcp_pool1 disabled=no interface=ether1
lease-time=3d name=dhcp1
/ip address
add address=192.168.1.1/24 interface=ether1 network=192.168.1.0
/ip dhcp-client
add default-route-distance=0 dhcp-options=hostname,clientid disabled=no
interface=wlan1
/ip dhcp-server network
add address=192.168.1.0/24 dns-server=192.168.1.1
gateway=192.168.1.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.1.1 name=cpe.company.com
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment=
“place hotspot rules here” disabled=yes
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment=
“place hotspot rules here” disabled=yes
add action=masquerade chain=srcnat out-interface=all-wireless src-address=
192.168.1.0/24
/ip hotspot ip-binding
add mac-address=68:55:51:03:FF:FF to-address=192.168.1.2
/radius
add address=10.0.0.1 disabled=no secret=12345 service=login,hotspot
/radius incoming
set accept=yes
/system identity
set name=cpe
The CPE gets a routed public IP from the AP it is associated to, the AP is connected to the cloudcore server with userman running. Here is its config:
model = CCR1016-12G
serial number = ********
/ip hotspot profile
add name=hsprof1 use-radius=yes
/tool user-manager customer
set admin access=
own-routers,own-users,own-profiles,own-limits,config-payment-gw password=
123456789
add access=“own-routers,own-users,own-profiles,own-limits,config-payment-gw,pa
rent-routers,parent-users,parent-profiles,parent-limits,parent-payment-gw”
backup-allowed=yes disabled=no login=accounting parent=admin password=
123456789 paypal-accept-pending=no paypal-allowed=no
paypal-secure-response=no permissions=full signup-allowed=yes time-zone=
-00:00
/tool user-manager profile
add name=residential-bronze name-for-users=“” override-shared-users=off
owner=admin price=0 starts-at=logon validity=4w2d
/tool user-manager profile limitation
add address-list=“” download-limit=0B group-name=“” ip-pool=“” name=1m1m
owner=admin rate-limit-min-rx=1048576B rate-limit-min-tx=1048576B
rate-limit-rx=1048576B rate-limit-tx=1048576B transfer-limit=0B
upload-limit=0B uptime-limit=0s
/radius
add address=127.0.0.1 secret=12345 service=login,hotspot
/radius incoming
set accept=yes
/tool user-manager database
set db-path=web-proxy1
/tool user-manager profile profile-limitation
add from-time=0s limitation=1m1m profile=residential-bronze till-time=
23h59m59s weekdays=
sunday,monday,tuesday,wednesday,thursday,friday,saturday
/tool user-manager router
add coa-port=3799 customer= disabled=no ip-address=127.0.0.1 log=
auth-ok,auth-fail,acct-ok,acct-fail name=cloudcore shared-secret=12345
use-coa=yes
/tool user-manager user
add customer=admin disabled=no first-name=Test last-name=User password=
12345 shared-users=1 username=dummy wireless-enc-algo=none
wireless-enc-key=“” wireless-psk=“”
So the CPE ethernet is the hotspot interface, the customers private IP is natted behind the public that wlan1 gets from the AP. I cannot get the cpe to get auth from the radius in the cloudcore. The cpe log shows login failed: Radius server not responding. The cloudcore log shows nothing at all, yet I can ping the cloudcore from the cpe, and get out to the internet by disabling the hotspot on the cpe. I know I’m getting old, but what am I missing here? Appreciate any help!
Tommy