I have a bunch of mixed Mikrotik hardware and I’ve recently implemented a Software Restriction Policy guide (whitelist).
Now management wants AD authentication integrated into our network infrastructure. I’ve read the AAA docs but have a couple of questions:
- If the AD goes down or VPN for remote sites goes down, does that lock out auth on the Mikrotiks? Can I use local accounts as a fallback?
- Is there a preferred approach to whitelisting the Winbox app?
- I’m worried the AD going down could lock out the Mikrotik, or VPNs going down could lock out remote sites. What’s the best way to implement this?
Thanks in advance!