37. Mikrotik 1 Router with 2 Radius Servers




Here is a script:

/interface ethernet
set [ find default-name=ether1 ] name=ether1-LWAN
set [ find default-name=ether2 ] name=ether2-RRadius
set [ find default-name=ether3 ] name=ether3-LAN1
set [ find default-name=ether4 ] name=ether4-LAN2

/ip hotspot
add disabled=no idle-timeout=none interface=ether3-LAN1 name=server1

/ip hotspot profile
set [ find default=yes ] radius-default-domain=Local-Loop split-user-domain=\
    yes use-radius=yes
add html-directory=CCMT-Hotsport name=CCMT radius-default-domain=\
    Remote-Radius split-user-domain=yes use-radius=yes

/ip hotspot
add disabled=no idle-timeout=none interface=ether4-LAN2 name=server2 profile=\
    CCMT

/ip hotspot user profile
set [ find default=yes ] shared-users=unlimited
/tool user-manager customer
set admin access=\
    own-routers,own-users,own-profiles,own-limits,config-payment-gw

/tool user-manager profile
add name=U-10M name-for-users="" override-shared-users=unlimited owner=admin \
    price=0 starts-at=logon validity=0s
add name=U-5M name-for-users="" override-shared-users=unlimited owner=admin \
    price=0 starts-at=logon validity=0s
add name=U-3M name-for-users="" override-shared-users=unlimited owner=admin \
    price=0 starts-at=logon validity=0s

/tool user-manager profile limitation
add address-list="" download-limit=5242880B group-name="" ip-pool="" name=\
    Pro-5M owner=admin transfer-limit=0B upload-limit=5242880B uptime-limit=\
    0s
add address-list="" download-limit=3145728B group-name="" ip-pool="" name=\
    Pro-3M owner=admin transfer-limit=0B upload-limit=3145728B uptime-limit=\
    0s
add address-list="" download-limit=10485760B group-name="" ip-pool="" name=\
    Pro-10M owner=admin transfer-limit=0B upload-limit=10485760B \
    uptime-limit=0s

/ip address
add address=192.168.96.2/24 interface=ether3-LAN1 network=192.168.96.0
add address=192.168.92.3/24 interface=ether2-RRadius network=192.168.92.0
add address=192.168.95.2/24 interface=ether4-LAN2 network=192.168.95.0

/ip firewall filter
add action=passthrough chain=unused-hs-chain comment=\
    "place hotspot rules here" disabled=yes

/ip service
set www port=808

/radius
add address=127.0.0.1 comment=Local-Loop domain=Local-Loop secret=12345 \
    service=login,hotspot
add address=192.168.96.2 comment="Local-IP Address" disabled=yes domain=\
    Local-IP secret=12345 service=login,hotspot
add address=192.168.92.2 comment="Remote Server" domain=Remote-Radius secret=\
    12345 service=login,hotspot

/radius incoming
set accept=yes

/tool user-manager database
set db-path=user-manager

/tool user-manager profile profile-limitation
add from-time=0s limitation=Pro-10M profile=U-10M till-time=23h59m59s \
    weekdays=sunday,monday,tuesday,wednesday,thursday,friday,saturday
add from-time=0s limitation=Pro-5M profile=U-5M till-time=23h59m59s weekdays=\
    sunday,monday,tuesday,wednesday,thursday,friday,saturday
add from-time=0s limitation=Pro-3M profile=U-3M till-time=23h59m59s weekdays=\
    sunday,monday,tuesday,wednesday,thursday,friday,saturday

/tool user-manager router
add coa-port=3799 customer=admin disabled=no ip-address=127.0.0.1 log=\
    auth-fail name=Local-Radius shared-secret=12345 use-coa=no
add coa-port=3799 customer=admin disabled=yes ip-address=192.168.96.2 log=\
    auth-fail name=Local-IP shared-secret=12345 use-coa=no

/tool user-manager user
add customer=admin disabled=no password=zxc shared-users=2 username=zxc \
    wireless-enc-algo=none wireless-enc-key="" wireless-psk=""
add customer=admin disabled=no password=asd shared-users=3 username=asd \
    wireless-enc-algo=none wireless-enc-key="" wireless-psk=""
add customer=admin disabled=no password=qwe shared-users=3 username=qwe \
    wireless-enc-algo=none wireless-enc-key="" wireless-psk=""

Previous
Next Post »

2 comments

Write comments
Saad Jaad
AUTHOR
April 21, 2018 at 7:22 AM delete

need your help with configuration for server Domain 2016 which is in te same network with mikrotik the windows server can't find all the computers and kaspersky server too ca't connect with every thing

Reply
avatar
Alex Hales
AUTHOR
March 22, 2019 at 12:32 PM delete

The software also allows you to test a disaster recovery failover-think of it as your data center's own fire escape plan. minecraft server hosting

Reply
avatar