I manage a wireless ISP using Canopy subscribers, but Mikrotik as all my routers at towers. Network is broken up into 18 parts using OSPF with 2 fiber points using BGP. Currently Canopy SM’s register to a tower via an authentication code that only installers know. This is controlled by each access point. Subscribers then get an IP over DHCP. Works well enough until an employee decides to install free internet at a friends house or a former employee took off with some hardware. To change the authentication key means changing it manually several thousand times which is no longer an option. Too many customers.
My company has given me $0 budget for any type of real monitoring software or authentication software so I have to work with what I have, which is nearly nothing. I’m using Zabbix for basic monitoring of customers and Dude for infrastructure monitornig.
I need a way to control who’s on my network though. I’ve thought about using the Mikrotiks to either block everyone through firewall unless added to an accept list or maybe using PPPOE or User Manager. I played around a bit with freeradius but the interface is clunky at best. The other half of my dilema is I need something that these guys can’t screw up so I really don’t like the idea of letting my support staff log into these routers at all. And I just don’t have the time to be the only one doing all of this.
I think I’m just venting, but wondering if anyone has any ideas I haven’t thought of.