1.รู้จัก MIKROTIK

2.ผลิตภัณฑ์ MIKROTIK และรู้ว่าอุปกรณ์ทำอะไรได้บ้าง

3.แนะนำอุปกรณ์ MIKROTIK ROUTERBOARD

4.MIKROTIK ROUTERBOARD ที่นิยมใช้ในปัจจุบัน

5.การตั้งค่าระบบ HOTSPOT อุปกรณ์ MIKROTIK ROUTERBOARD

5.1.การกำหนดหมายเลข IP ADDRESS ให้กับลูกข่าย

5.2.โปรแกรมจัดการตั้งค่าระบบ MIKROTIK ROUTER

5.3.การ RESET เครื่อง MIKROTIK ROUTER OS ใหม่

5.4.การเชื่อมต่ออินเตอร์เน็ตกับ MIKROTIK ROUTERBOARD

5.5.การสร้างเลขหมาย IP ADDRESS ให้กับลูกข่ายอินเตอร์เน็ต

5.6.การตั้งค่าระบบ HOTSPOT SERVER

5.7.การเปลี่ยน PORT WWW SERVICE

5.8.การตั้งค่า RADIUS ระหว่างเว็บจัดการ MIKROTIK USER MANAGER

5.9.จัดการตั้งค่าผู้ใช้งาน ผ่านระบบเว็บ MIKROTIK USER MANAGER

5.10.การปริ้นบัตรคูปองเพื่อนำไปจำหน่าย

6.การตั้งชื่อให้ ROUTERBOARD

7.การซิงค์เวลามาตรฐานให้ MIKROTIK เพื่อเปรียบเทียบเวลามาตรฐาน

8.การกำหนด PASSWORD ของอุปกรณ์ MIKROTIK

9.การสร้าง DHCP SERVER ให้กับ CLIENT

10.การจำกัด BANDWIDTH ด้วย USER PROFILE

11.สร้าง USER เพื่อทำการทดสอบ PROFILE ที่สร้างไว้

12.การตั้งค่า PORT FORWARDING

13.การตั้งค่า BY PASS ให้กับอุปกรณ์ต่างๆ

14.การตั้งค่า BY PASS WEBSITE

15.การจำกัด BIT TORRENT,PEER 2 PEER อื่นๆ

16.วิธีการเก็บ LOG FILE ตาม พระราชบัญญัติคอมพิวเตอร์ 2560

17.WEB PROXY

18.NETINSTALL สำหรับ UPGRADE ROUTER OS

19.UPGRADE / DOWNGRADE ROUTER OS ผ่านโปรแกรม WINBOX

20.การ LOAD BALANCE INTERNET PPC แบบ STATIC 2 WAN

21.การ LOAD BALANCE INTERNET PPC แบบ PPPOE 2 WAN

22.การ RESET CONFIG ON BOARD กรณีที่ลืม PASSWORD

23.การจัดการ BANDWITCH (QOS) ความเร็วอินเตอร์เน็ตแบบง่าย

24.การ REBOOT / SHUTDOWN MIKROTIK ให้ถูกต้อง

25.วิธีการทำ AUTO LOGIN เมื่อมีการเชื่อมต่อ HOTSPOT โดยไม่ต้อง LOGIN WIFI ใหม่

26.วิธีการตั้งค่า PORT FORWARD CCTV

27.วิธีการป้องกันการถูกโจมตี HACKER เจาะระบบ ROUTER OS

28.วิธีการตรวจสอบ LICENSE MIKROTIK ROUTERBOARD

39.การตั้งค่า DNS ให้กับ ROUTER OS

30.การตั้งค่า MULTI HOTSPOT ให้ออกหน้า LOGIN ต่างกันได้

31.การ BY PASS อุปกรณ์กล้อง วงจรปิด, INTERNET TV

32.การตั้งค่า WIRELESS ใน RB941-2nD hAP LITE

33.การตั้งค่าระบบ PPPOE SERVER

34.POLICY ROUTE แยกอินเตอร์เน็ต เกม หรือ APPLICATION SOFTWARE

35.การตั้งค่า L7-PROTOCOL FILTER

36.การแก้ไขปัญหาเมื่อไม่สามารถเข้าใช้งาน MIKROTIK USERMAN ได้

37.การตั้งค่า PPPOE CLIENT แจ้งระบบชำระเงิน (PAYMENT REMINDER BILLING)

38.การตั้งค่า CAPsMAN อุปกรณ์ MIKROTIK ROUTER

39.การตั้งค่า SCHEDULER CLEAR LOG MIKROTIK USERMAN

40.การสร้าง VIRTUAL AP แยก SSID WIFI ใน MIKROTIK WIRELESS

41.การสร้างหน้า LOGIN HOTSPOT MIKROTIK อย่างง่ายด้วยตัวเอง

42.การ BACKUP RESTORE ข้อมูลใน USER MANAGER(USERMAN)

43.การตั้งค่า DYNAMIC DNS บน MIKROTIK โดยใช้ DYNU.COM

44.การตั้งค่า LINE NOTIFY แจ้งเตือน ให้กับอุปกรณ์ MIKROTIK

45.การใช้งาน THE DUDE โปรแกรมที่ใช้สำหรับ MONITERING

46.วิธีตั้งค่า VPN การเชื่อมต่อระหว่าง SITE เบื้องต้น

47.การตั้งค่า VPN CLIENT TO SITE

48.วิธีตั้งค่า VPN เชื่อมต่อด้วยมือถือ รูปแบบ L2TP+IPsec

49.วิธีตั้งค่า Mikrotik OpenVPN

50.การตั้งค่า VLAN บน Mikrotik Router OS เชื่อมต่อ Switch OS

51.การตั้งค่า VLAN บน Mikrotik Router OS เชื่อมต่อ Router OS

52.การตั้งค่า Hotspot HTTPS SSL Certificate

53.การตั้งค่า Mikrotik เชื่อมต่อ NAS Synology ให้ออก Cloud DNS ใช้งานได้

54.การตั้งค่าเก็บ LOG Mikrotik บน NAS Synology

55.การตั้งค่าการใช้งาน Graphing บนอุปกรณ์ Mikrotik

56.ตั้งค่าการสำรองข้อมูลอัตโนมัติและส่งไฟล์เข้าอีเมล

57.ตัวอย่างการตั้งค่า Mark Routing แยกการใช้งาน ISP(Internet service provider)

User manager (UM) is a management system that can be used in various setups. UM can be used for HotSpot, PPP, DHCP, Wireless and RouterOS users. User Manager is a RADIUS server application. The first UM test package was introduced in RouterOS version 4. User manager package is supported on all RouterOS architectures including x86 and Cloud Host Router.

Note: SMIPS based devices without additional memory do not have enough free space for UM package.

Getting started

MikroTik User Manager can be downloaded from the MikroTik web site download section. In there find the system and software version that you need this package for and download Extra packages archive for it. In this archive, you will find the User Manager package. To install the package simply upload it on the device and reboot the unit.

A default Customer with login admin and empty password is created when the User Manager package is installed for the first time.

[admin@MikroTik] /tool user-manager customer set admin password=adminpassword

After that, you can use print command to see what you have added.

[admin@MikroTik] /tool user-manager customer> print Flags: X - disabled 0 login="admin" password="adminpassword" backup-allowed=yes currency="USD"

   time-zone=-00:00 permissions=owner signup-allowed=no paypal-allowed=no
   paypal-secure-response=no paypal-accept-pending=no

Quick start

• User Manager and HotSpot
• User Manager and PPP servers
• User Manager and DHCP
• User Manager and Wireless
• User Manager and RouterOS user

Concepts explained

Customers

Sub-menu:

[admin@MikroTik] /tool user-manager customer> print Flags: X - disabled 0 login="admin" password="adminpassword" backup-allowed=yes currency="USD"

   time-zone=-00:00 permissions=owner signup-allowed=no paypal-allowed=no
   paypal-secure-response=no paypal-accept-pending=no

Customers use a web interface to manage users, credits, routers, etc. Each customer can have a zero or more sub-customers and exactly one parent-customer with the same or weaker permission level than its parent.

Subscriber is a customer with owner permissions who's a parent is himself. Subscribers can be thought as domain - each subscriber sees everything that happens with his sub-customers, credits, users, routers, sessions, etc., but has no access to other subscriber's data. All data objects (users, routers, credits, logs) belong to one specific subscriber and can, therefore, belong to many sub-customers of the owner subscriber. To separate users among customers of one subscriber, user prefix is used.

Property Description access (config-payment-gw | own-profiles | own-users | parent-payment-gw | parent-routers | own-limits | own-routers | parent-limits | parent-profiles | parent-users; Default: ) Configureable parameters

• config-payment-gw
• own-limits
• own-profiles
• own-routers
• own-users
• parent-limits
• parent-payment-gw
• parent-profiles
• parent-routers
• parent-users backup-allowed (yes | no; Default: yes) Allow to manage backups. city (string; Default: )Informational company (string; Default: )Informational copy-from (string; Default: ) Copy data from a specific customer. country (string; Default: ) Informational currency (string; Default: ) Used for payments and money-related data representation on the web page. date-format (string; Default: ) Used on web pages for data representation. Only allowed formats (listed in the drop-down) can be used. When the value doesn't match any of allowed (it's possible to enter any value from console) formats, default is used. disabled (yes | no; Default: no) Allow to disable/enable customer. email (string; Default: ) Email address. Used to send emails (for ex., sign up information) to users. parent (string; Default: ) Customers parent. password (string; Default: ) paypal-accept-pending= (yes | no; Default: no) When true, payments with status "Pending" are accepted as valid. This may be used for multi-currency payments where manual approvals must be made. paypal-allowed= (yes | no; Default: no) Whether is allowed. paypal-business-id (string; Default: no) Business ID of the PayPal account where the money will be sent. paypal-secure-response (yes | no; Default: no) Whether to use HTTPS (when true) or HTTP (when false) to receive payment feedback from PayPal. An additional security mechanism is used to check the validity of this feedback information so using HTTP is not mandatory. permissions (full | owner | read-only | read-write; Default: owner) Customer account permissions. public-host (string; Default: ) IP address or DNS name specifying the public address of this User Manager router. Payment gateways use this address to send transaction status response. This field has sense only if users access the User Manager site through local IP address (for, example, http://192.168.0.250/user) and another address is used for public access (for example, http://userman.mt.lv/user). public-id (string; Default: ) It's an ID used to identify customer because Login names are allowed to be equal and for security reasons, they are kept in secret. signup-allowed= (yes | no; Default: no) When checked, this customer allows users to use sign-up. time-zone (string; Default: ) Specific for each customer. By default equals to 00:00. Session and credit info is stored as GMT regardless of ROS time zone on the User Manager router. This value specifies the way data is displayed on the User Manager web pages. user-prefix (string; Default: ) Used to separate users between customers of one subscriber. login (string; Default: )

A WEB interface provides the same options as CLI. Usually, people choose to use "User managers" WEB interface, because it is more transparent and comfortable to manage.

Customer section in the WEB inteface

Users

Sub-menu:

[admin@MikroTik] /tool user-manager customer> print Flags: X - disabled 0 login="admin" password="adminpassword" backup-allowed=yes currency="USD"

   time-zone=-00:00 permissions=owner signup-allowed=no paypal-allowed=no
   paypal-secure-response=no paypal-accept-pending=no

Users are people who use services provided by customers and each user can have time, traffic and speed limitations. Customers can create, modify and delete users but the owner is the subscriber who is also the owner of these customers. To separate users among customers of one subscriber, user prefix is used.

Property Description caller-id (string; Default: ) caller-id-bind-on-first-use (yes | no; Default: no) copy-from (string; Default: ) Copy parameters from specific user. disabled (yes | no; Default: no) Whether user is disabled. email (string; Default: ) Email. Used to send notifications to User (for ex., sign-up email). first-name (string; Default: )Informational ip-address (string; Default: 0.0.0.0.) If not blank, User will get this IP address on successful authorization. last-name (string; Default: )Informational location (string; Default: )Informational password (string; Default: ) phone (string; Default: )Informational random-password (yes | no; Default: no) Randomly generates password for a user. reg-key (string; Default: ) registration-date (string; Default: ) shared-users (number | unlimited; Default: unlimited) username (string; Default: ) wireless-enc-algo (40bit-wep | 104bit-wep | aes-ccm | none | tkip; Default: ) wireless-enc-key (string; Default: ) wireless-psk (string; Default: ) customer (string; Default: ) User account owner.

Profile

Sub-menu:

[admin@MikroTik] /tool user-manager customer> print Flags: X - disabled 0 login="admin" password="adminpassword" backup-allowed=yes currency="USD"

   time-zone=-00:00 permissions=owner signup-allowed=no paypal-allowed=no
   paypal-secure-response=no paypal-accept-pending=no

Profiles can be assigned to users manually or allocated by the user when they make a successful payment.

If the Profile property 'Starts' is set to 'At first Logon', the Profile assigned to a user is inactive until that user logs on to the system (e.g. via a Hotspot). When the user starts a new session, that User's 'start time' is fixed and accordingly the 'end time' is calculated. The 'end time' cannot then be changed, no matter if the session remains active until the 'end time' or the session closes sooner.

If the user has several profiles, the next inactive profile is then started (it's activated as the 'actual profile') when the previous actual profile reaches it's 'end time'. If there are no more inactive profiles to start, the user is forced to log off.

If there is already one active profile when a user logs on, this profile is used instead of starting the next one (if one is available).

If the user logs off before the profile's 'end time', the next inactive profile is started only when the user logs on again after the 'end time' of the earlier profile.

Only one profile (for the same user) can be active at a time.

The last profile of a user can be removed by customer only if it is inactive.

Property Description copy-from (string; Default: ) Copy data from specific customer. name-for-users (string; Default: ) Descriptive name for the Profile that is displayed to the end user when they login to their user page. override-shared-users= (off | unlimited; Default: off) price (string; Default: ) How much it will cost for the user. If left blank, there is no payment required. starts-at (logon | now; Default: logon) When time limitation starts. validity (string; Default: ) Defines the period of time the Profile is valid for. (Note: NOT the same as the online time that could be set in Limitations). name (string; Default: ) owner (string; Default: ) The 'Owner' of the Profile (usually 'admin').

Validity If the 'Starts' value is set to 'At first logon', then the Validity value starts counting. E.g. If Validity is set to 1d, then 1 day after the first logon, regardless if the user has used all their online time or not, the profile will become invalid and they will be unable to log on again unless a new profile is available in their list of valid profiles.

Note: If the 'Starts' value is set to 'At first logon', then the Validity value starts counting. E.g. If Validity is set to 1d, then 1 day after the first logon, regardless if the user has used all their online time or not, the profile will become invalid and they will be unable to log on again unless a new profile is available in their list of valid profiles.

Limitation

Sub-menu:

[admin@MikroTik] /tool user-manager history> print Flags: U - undoable, R - redoable, F - failed ACTION SUB-CHANGES TIME U UMS customer test1 added may/22/2019 13:26:07 U UMS Profile test added may/22/2019 13:25:57 U multiple objects removed may/22/2019 12:02:37 U UMS customer customer1 added may/22/2019 12:00:29 U UMS user user1 added may/22/2019 12:00:17 U UMS Profile testprofile added may/22/2019 11:47:06 U multiple objects removed 2 may/22/2019 11:14:53 U UMS user kkol added may/22/2019 10:53:57 U UMS user testtest added may/22/2019 10:45:53 U UMS Profile testu added may/22/2019 10:33:31 U UMS customer test added may/22/2019 10:09:35

0

In this subsection, you can configure upload/download limitations including bursts.

Property Description address-list (string; Default: ) Copy data from a specific Customer. copy-from (string; Default: ) Copy data from a specific Profile. download-limit (number; Default: ) Speciffy a download limit. group-name (string; Default: ) ip-pool (ip-prefix; Default: 0.0.0.0) rate-limit-... (number; Default: ) Various rate limits:

• rate-limit-burst-rx
• rate-limit-burst-time-tx
• rate-limit-burst-treshold-tx
• rate-limit-min-rx
• rate-limit-priority
• rate-limit-tx
• rate-limit-burst-time-rx
• rate-limit-burst-treshold-rx
• rate-limit-burst-tx
• rate-limit-min-tx
• rate-limit-rx transfer-limit (number; Default: ) upload-limit (number; Default: ) uptime-limit (number; Default: ) name (string; Default: ) Used to identify a Profile limitations. owner (string; Default: ) Profile limitations owner.

Profile limitations

Sub-menu:

[admin@MikroTik] /tool user-manager history> print Flags: U - undoable, R - redoable, F - failed ACTION SUB-CHANGES TIME U UMS customer test1 added may/22/2019 13:26:07 U UMS Profile test added may/22/2019 13:25:57 U multiple objects removed may/22/2019 12:02:37 U UMS customer customer1 added may/22/2019 12:00:29 U UMS user user1 added may/22/2019 12:00:17 U UMS Profile testprofile added may/22/2019 11:47:06 U multiple objects removed 2 may/22/2019 11:14:53 U UMS user kkol added may/22/2019 10:53:57 U UMS user testtest added may/22/2019 10:45:53 U UMS Profile testu added may/22/2019 10:33:31 U UMS customer test added may/22/2019 10:09:35

1

In this subsection, you can configure various limitations, for example, time range and weekdays when limitations are active.

Property Description copy-from (string; Default: ) Copy data from specific profile-limitations. from-time (number; Default: ) till-time (number; Default: ) weekdays (friday | monday | saturday | sunday | thursday | tuesday | wednesday; Default: all) Specific day or days when profile-limitations are active. limitation (string; Default: ) profile (string; Default: ) Profile to which assign limitations.

Routers

Sub-menu:

[admin@MikroTik] /tool user-manager history> print Flags: U - undoable, R - redoable, F - failed ACTION SUB-CHANGES TIME U UMS customer test1 added may/22/2019 13:26:07 U UMS Profile test added may/22/2019 13:25:57 U multiple objects removed may/22/2019 12:02:37 U UMS customer customer1 added may/22/2019 12:00:29 U UMS user user1 added may/22/2019 12:00:17 U UMS Profile testprofile added may/22/2019 11:47:06 U multiple objects removed 2 may/22/2019 11:14:53 U UMS user kkol added may/22/2019 10:53:57 U UMS user testtest added may/22/2019 10:45:53 U UMS Profile testu added may/22/2019 10:33:31 U UMS customer test added may/22/2019 10:09:35

2

This submenu allows for adding routers.

Property Description copy-from (string; Default: ) Copy data from specific router. log (acct-fail | acct-ok | auth-fail | auth-ok; Default: auth-fail) To allow logging entries. name (string; Default: ) Used to identify a router. shared-secret (string; Default: ) use-coa (yes | no; Default: no) customer (string; Default: ) Customer to a which router will be assigned. ip-address (string; Default: ) Router IP address.

History

Sub-menu:

[admin@MikroTik] /tool user-manager history> print Flags: U - undoable, R - redoable, F - failed ACTION SUB-CHANGES TIME U UMS customer test1 added may/22/2019 13:26:07 U UMS Profile test added may/22/2019 13:25:57 U multiple objects removed may/22/2019 12:02:37 U UMS customer customer1 added may/22/2019 12:00:29 U UMS user user1 added may/22/2019 12:00:17 U UMS Profile testprofile added may/22/2019 11:47:06 U multiple objects removed 2 may/22/2019 11:14:53 U UMS user kkol added may/22/2019 10:53:57 U UMS user testtest added may/22/2019 10:45:53 U UMS Profile testu added may/22/2019 10:33:31 U UMS customer test added may/22/2019 10:09:35

3

This subsection allows overviewing any changes confirmed in UM database. Some of them can be reverted back.

[admin@MikroTik] /tool user-manager history> print Flags: U - undoable, R - redoable, F - failed ACTION SUB-CHANGES TIME U UMS customer test1 added may/22/2019 13:26:07 U UMS Profile test added may/22/2019 13:25:57 U multiple objects removed may/22/2019 12:02:37 U UMS customer customer1 added may/22/2019 12:00:29 U UMS user user1 added may/22/2019 12:00:17 U UMS Profile testprofile added may/22/2019 11:47:06 U multiple objects removed 2 may/22/2019 11:14:53 U UMS user kkol added may/22/2019 10:53:57 U UMS user testtest added may/22/2019 10:45:53 U UMS Profile testu added may/22/2019 10:33:31 U UMS customer test added may/22/2019 10:09:35

Log

Sub-menu:

[admin@MikroTik] /tool user-manager history> print Flags: U - undoable, R - redoable, F - failed ACTION SUB-CHANGES TIME U UMS customer test1 added may/22/2019 13:26:07 U UMS Profile test added may/22/2019 13:25:57 U multiple objects removed may/22/2019 12:02:37 U UMS customer customer1 added may/22/2019 12:00:29 U UMS user user1 added may/22/2019 12:00:17 U UMS Profile testprofile added may/22/2019 11:47:06 U multiple objects removed 2 may/22/2019 11:14:53 U UMS user kkol added may/22/2019 10:53:57 U UMS user testtest added may/22/2019 10:45:53 U UMS Profile testu added may/22/2019 10:33:31 U UMS customer test added may/22/2019 10:09:35

4

Logs are written when Authorization (auth) or Accounting (acct) requests from routers are received.

[admin@MikroTik] > tool user-manager log print 0 customer=admin user-orig="Client1" nas-port=15728780 nas-port-type=ethernet nas-port-id="bridge-to-clients" calling-station-id="01:23:45:67:E1:BB" host-ip=172.16.16.1 status=authorization-failure time=may/23/2019 06:34:59 description="no valid profile found for user <Client1>"

Send User Manager related logging entries to the different device:

/system logging add topics=manager,account action=remote /system logging action set remote target=remote remote=192.168.88.1:514

Session

Sub-menu:

[admin@MikroTik] /tool user-manager history> print Flags: U - undoable, R - redoable, F - failed ACTION SUB-CHANGES TIME U UMS customer test1 added may/22/2019 13:26:07 U UMS Profile test added may/22/2019 13:25:57 U multiple objects removed may/22/2019 12:02:37 U UMS customer customer1 added may/22/2019 12:00:29 U UMS user user1 added may/22/2019 12:00:17 U UMS Profile testprofile added may/22/2019 11:47:06 U multiple objects removed 2 may/22/2019 11:14:53 U UMS user kkol added may/22/2019 10:53:57 U UMS user testtest added may/22/2019 10:45:53 U UMS Profile testu added may/22/2019 10:33:31 U UMS customer test added may/22/2019 10:09:35

5

A session refers to a period when a user is using customer's services. It has nothing to do with User Manager web-page sessions. Flags: A - active

[admin@MikroTik] > tool user-manager session print 1 A customer=admin user="test" nas-port=15728795 nas-port-type=ethernet nas-port-id="bridge-to-clients"

 calling-station-id="01:23:45:67:E1:BB" acct-session-id="81d0009b" user-ip=172.16.16.253 host-ip=172.16.16.1 
 status=start,interim from-time=may/23/2019 08:55:43 till-time=may/23/2019 09:25:43 uptime=30m download=38 upload=4533

Web Interface

To access User managers Web interface type IP address and /Userman at the end of it, for example, http://192.168.88.1/userman

Default login is admin with empty password

Note: Since RouterOS 4.1, User-manager web interface is unreachable with an HTTP 404 when attempting to navigate to http://inside_ip/userman from behind a Hotspot interface where inside_ip is a non-NAT'd IP address on the router. Two workarounds: change the 'www' service port from 80 to something other than 80 or 8080, such as port 81. Then use http://inside_ip:81/userman, or use an IP address hotspot users are NAT'd to (http://outside_ip/userman) instead.

Configuration Examples

We will configure PPPoE with the RADIUS server authentication on the following setup:

Setup where the PPPoE server uses a remote User Manager database for PPPoE client authentication, authorization and accounting. Both PPPoE server and PPPoE client are MikroTik routers, any other PPPoE client might be used instead.

On the client's (R1) router we configure PPPoE-client:

[admin@R1] > /interface pppoe-client add add-default-route=yes disabled=no interface=ether2 name=Client1 password=test user=test

Add RADIUS client to consult User Manager for PPP service

[admin@MikroTik] /tool user-manager history> print Flags: U - undoable, R - redoable, F - failed ACTION SUB-CHANGES TIME U UMS customer test1 added may/22/2019 13:26:07 U UMS Profile test added may/22/2019 13:25:57 U multiple objects removed may/22/2019 12:02:37 U UMS customer customer1 added may/22/2019 12:00:29 U UMS user user1 added may/22/2019 12:00:17 U UMS Profile testprofile added may/22/2019 11:47:06 U multiple objects removed 2 may/22/2019 11:14:53 U UMS user kkol added may/22/2019 10:53:57 U UMS user testtest added may/22/2019 10:45:53 U UMS Profile testu added may/22/2019 10:33:31 U UMS customer test added may/22/2019 10:09:35

6 is equal to User Manager router secret.

[admin@MikroTik] /tool user-manager history> print Flags: U - undoable, R - redoable, F - failed ACTION SUB-CHANGES TIME U UMS customer test1 added may/22/2019 13:26:07 U UMS Profile test added may/22/2019 13:25:57 U multiple objects removed may/22/2019 12:02:37 U UMS customer customer1 added may/22/2019 12:00:29 U UMS user user1 added may/22/2019 12:00:17 U UMS Profile testprofile added may/22/2019 11:47:06 U multiple objects removed 2 may/22/2019 11:14:53 U UMS user kkol added may/22/2019 10:53:57 U UMS user testtest added may/22/2019 10:45:53 U UMS Profile testu added may/22/2019 10:33:31 U UMS customer test added may/22/2019 10:09:35

7 is the User Manager router address.

[admin@R2] > /radius add address=192.168.79.24 secret=12345 service=ppp

There are 2 ways how to assign IP address for the PPPoE-client:

• Create a pool from which assign IP addresses dynamically in the RADIUS client
• Configure IP address manually in the RADIUS server

Dynamically assign IP addresses

[admin@R2] > /ip pool add name=pool1 ranges=192.168.79.30-192.168.79.50

Create a new one or update the default ppp profile:

[admin@R2] > /ppp profile set [find name=default] remote-address=pool1 local-address=192.168.79.1

Enable user authentication via RADIUS. If entry in local secret database is not found, then client will be authenticated via RADIUS

[admin@MikroTik] /tool user-manager customer> print Flags: X - disabled 0 login="admin" password="adminpassword" backup-allowed=yes currency="USD"

   time-zone=-00:00 permissions=owner signup-allowed=no paypal-allowed=no
   paypal-secure-response=no paypal-accept-pending=no

On the RADIUS server (User Manager, R3):

Create your own or use by default already created Customer:

[admin@MikroTik] /tool user-manager customer> print Flags: X - disabled 0 login="admin" password="adminpassword" backup-allowed=yes currency="USD"

   time-zone=-00:00 permissions=owner signup-allowed=no paypal-allowed=no
   paypal-secure-response=no paypal-accept-pending=no

Create a profile which you will asing to user. can consist only a

[admin@MikroTik] /tool user-manager history> print Flags: U - undoable, R - redoable, F - failed ACTION SUB-CHANGES TIME U UMS customer test1 added may/22/2019 13:26:07 U UMS Profile test added may/22/2019 13:25:57 U multiple objects removed may/22/2019 12:02:37 U UMS customer customer1 added may/22/2019 12:00:29 U UMS user user1 added may/22/2019 12:00:17 U UMS Profile testprofile added may/22/2019 11:47:06 U multiple objects removed 2 may/22/2019 11:14:53 U UMS user kkol added may/22/2019 10:53:57 U UMS user testtest added may/22/2019 10:45:53 U UMS Profile testu added may/22/2019 10:33:31 U UMS customer test added may/22/2019 10:09:35

8 ( can be updated later)

[admin@MikroTik] /tool user-manager customer> print Flags: X - disabled 0 login="admin" password="adminpassword" backup-allowed=yes currency="USD"

   time-zone=-00:00 permissions=owner signup-allowed=no paypal-allowed=no
   paypal-secure-response=no paypal-accept-pending=no

Configure User Manager (RADIUS server) communication with RADIUS client 192.168.79.1 is the IP address of the PPPoE-server router,

[admin@MikroTik] /tool user-manager history> print Flags: U - undoable, R - redoable, F - failed ACTION SUB-CHANGES TIME U UMS customer test1 added may/22/2019 13:26:07 U UMS Profile test added may/22/2019 13:25:57 U multiple objects removed may/22/2019 12:02:37 U UMS customer customer1 added may/22/2019 12:00:29 U UMS user user1 added may/22/2019 12:00:17 U UMS Profile testprofile added may/22/2019 11:47:06 U multiple objects removed 2 may/22/2019 11:14:53 U UMS user kkol added may/22/2019 10:53:57 U UMS user testtest added may/22/2019 10:45:53 U UMS Profile testu added may/22/2019 10:33:31 U UMS customer test added may/22/2019 10:09:35

9 should match on both User Manager and PPPoE-server routers

[admin@MikroTik] /tool user-manager customer> print Flags: X - disabled 0 login="admin" password="adminpassword" backup-allowed=yes currency="USD"

   time-zone=-00:00 permissions=owner signup-allowed=no paypal-allowed=no
   paypal-secure-response=no paypal-accept-pending=no

Add a user which will authenificate through the RADIUS server. Previously mentioned static IP address should be configured in this sub-section under

[admin@MikroTik] > tool user-manager log print 0 customer=admin user-orig="Client1" nas-port=15728780 nas-port-type=ethernet nas-port-id="bridge-to-clients" calling-station-id="01:23:45:67:E1:BB" host-ip=172.16.16.1 status=authorization-failure time=may/23/2019 06:34:59 description="no valid profile found for user <Client1>"

0 parameter.