RADIUSdesk

Trace: activity_monitor rb751 theme

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
user_guide:mikrotik:rb751 [2017/02/01 12:01] – [Remove wlan1 from bridge-local] adminuser_guide:mikrotik:rb751 [2022/05/09 12:22] (current) – [Converting an Unknown client] admin
Line 5: Line 5:
 With this scenario we assume you have: With this scenario we assume you have:
   * A recent installation of RADIUSdesk which includes Dynamic RADIUS Clients support.    * A recent installation of RADIUSdesk which includes Dynamic RADIUS Clients support. 
-    * We will use our **Radiusdesk Hosted** server which has an IP Address of **178.32.59.137** in this document. +    * We will use our **cloud.radiusdesk.com** demo server which has an IP Address of **164.160.89.129** in this document. 
-    * Our **Radiusdesk Hosted** server has a site wide RADIUS shared secret of **RDhostedXYZ2525**.+    * Our  **cloud.radiusdesk.com** demo server has a site wide RADIUS shared secret of **testing123**.
   * A new (or reset to defaults) Mikrotik RouterBOARD 751U which you will set up from scratch.   * A new (or reset to defaults) Mikrotik RouterBOARD 751U which you will set up from scratch.
   * You want to run a Captive portal on the Mikrotik's WiFi interface.   * You want to run a Captive portal on the Mikrotik's WiFi interface.
Line 15: Line 15:
   * If you connect with a machine which has DHCP enabled; you will get a 192.168.88.x IP Address while the RouterBOARD 751U can be reached through 192.168.88.1.   * If you connect with a machine which has DHCP enabled; you will get a 192.168.88.x IP Address while the RouterBOARD 751U can be reached through 192.168.88.1.
   * The default username is **admin** with **no password**.   * The default username is **admin** with **no password**.
 +  * Newer versions of ROS insist you set a password. If you never had password on the device specify the old password as blank text and specify the new value and confirm it to set the password on the device.
  
 ===== Our approach ===== ===== Our approach =====
 We will take the following configuration approach. This approach very common on the 751U. We will take the following configuration approach. This approach very common on the 751U.
-  * Ethernet port 1 (Marked PoE) will be used to connect the 751U to the Internet. (Typically a DSL router's Ethernet port)+  * Ethernet port 1 (Marked PoE) will be used to connect the 751U to the Internet. (Typically a LTE router's Ethernet port)
   * Ethernet port 1 will be configured to be a **DCHP Client**.   * Ethernet port 1 will be configured to be a **DCHP Client**.
   * Ethernet ports 2-5 will be used as a Ethernet switch which runs a DHCP Server and NAT traffic between Ethernet port 1 and Ethernet ports 2-5.   * Ethernet ports 2-5 will be used as a Ethernet switch which runs a DHCP Server and NAT traffic between Ethernet port 1 and Ethernet ports 2-5.
Line 45: Line 46:
  
 ===== Set the Mikrotik's identity ===== ===== Set the Mikrotik's identity =====
-  * We will use a fictional convention and assume that this Mikrotik is the first one deployed in the city of Pretoria, Gauteng province, South Africa. +  * We will use a geographic naming convention and assume that this Mikrotik is the first one deployed in the city of Johannesburg, Gauteng province, South Africa. 
-  * The systems identity will thus be **za-gp-pta-001**.+  * The systems identity will thus be **za-gp-jhb-001**.
   * Connect to the Mikrotik's web interface and select **System** -> **Identity**.   * Connect to the Mikrotik's web interface and select **System** -> **Identity**.
-  * Specify the Identiry as **za-gp-pta-001** and click **Apply** +  * Specify the Identity as **za-gp-jhb-001** and click **Apply** 
  
 ===== Confirm Ethernet-1's status ===== ===== Confirm Ethernet-1's status =====
   * Connect to the Mikrotik's web interface and select **IP** -> **DHCP Client**.   * Connect to the Mikrotik's web interface and select **IP** -> **DHCP Client**.
   * The **ether1-gateway** interface should be listed along with it's DHCP supplied IP Address.   * The **ether1-gateway** interface should be listed along with it's DHCP supplied IP Address.
-{{ :user_guide:mikrotik:ethernet1-dhcp.jpg |}}+{{:user_guide:mikrotik:dhcp_client.png|}}
   * If this is not listed or the interface does not have an IP Address assigned to it; ensure that it is fixed before continuing.   * If this is not listed or the interface does not have an IP Address assigned to it; ensure that it is fixed before continuing.
  
Line 59: Line 60:
   * Connect to the Mikrotik's web interface and select **Bridge**.   * Connect to the Mikrotik's web interface and select **Bridge**.
   * Select the **Ports** sub-tab to see the list of ports and to which bridge they are assigned.   * Select the **Ports** sub-tab to see the list of ports and to which bridge they are assigned.
-  * By default **wlan1** and **ether2-master-local** will be members of the bridge named **bridge**. +  * By default **ether2-master**, **wlan1**, **ether3**, **ether4** and **ether5** will be members of the bridge named **bridge**. 
-  * Remove **wlan1** from the list of ports (thus being a member of the bridge named **bridge**. +  * Remove **wlan1** from the list of ports
-{{ :user_guide:mikrotik:bridge-local.jpg |}}+{{:user_guide:mikrotik:bridge.png|}} 
 +  To remove the interface click on the **-** button. The **D** button will simply disable it
 +{{:user_guide:mikrotik:bridge-no-wlan.png|}}
  
 ===== Add a RADIUS server ===== ===== Add a RADIUS server =====
Line 68: Line 71:
   * Click the **Add new** button to add a RADIUS server.   * Click the **Add new** button to add a RADIUS server.
     * Select the **Hotspot** service.     * Select the **Hotspot** service.
-    * Specify the IP Address of the RADIUSdesk server running FreeRADIUS. +    * Specify the IP Address of the RADIUSdesk server running FreeRADIUS. (We use 164.160.89.129) 
-    * Specify the shared secret. +    * Specify the shared secret. (We use testing123) 
-    * Since we have a VPS, we increase the timeout to 5000ms.+    * Since our server is somewhere out on the Internet, we increase the timeout to 5000ms.
     * Leave **Accounting Backup** unchecked.     * Leave **Accounting Backup** unchecked.
-{{:user_guide:mikrotik:mt-radius.jpg}}+{{:user_guide:mikrotik:radius.png}}
   * Next we will set-up the hotspot   * Next we will set-up the hotspot
  
Line 108: Line 111:
  
 ==== Modify the created Server Profile ==== ==== Modify the created Server Profile ====
 +<WRAP center round alert 100%>
 +Be sure to do the following steps. Failing to do this will not allow the hotspot to use the RADIUS server.
 +</WRAP>
 +
   * We need to tel the **hsprof1** Server Profile to make sure it use RADIUS.   * We need to tel the **hsprof1** Server Profile to make sure it use RADIUS.
   * Connect to the Mikrotik's web interface and select **IP** -> **Hotspot**.   * Connect to the Mikrotik's web interface and select **IP** -> **Hotspot**.
Line 125: Line 132:
 ===== Our situation ===== ===== Our situation =====
  
-  * With our setup in this document, we make use of a VPS server that runs RADIUSdesk somewhere in the cloud. +  * The setup described here makes use of a VPS server that runs RADIUSdesk somewhere in the cloud. (We use cloud.radiusdesk.com) 
-  * Since the Mikrotik NAS devices will be behind NAT firewall we will make use of FreeRADIUS that is patched with the rlm_raw patch to allow Dynamic Clients+  * RADIUSdesk makes it super easy to add a RADIUS client to the FreeRADIUS server. 
-  * Patching the FreeRADIUS server with the rlm_raw patch is in the installation instructions of FreeRADIUS+  * Simply take care of the following items when you are pointing RADIUS client to the RADIUSdesk server: 
-  * Alternatively you can simply run the VM images since this already incorporates this patch.+    * Public IP Address of the RADIUSdesk server. 
 +    * Ensure the site wide shared secret is correct. (Check this with the person who configured the RADIUSdesk server) 
 +    * Ensure there is a unique identifier the RADIUS client can identify itself with to the server. (We did this by setting the **Identity** of the Mikrotik router.) 
 +  * After you took care of that simply reboot the Mikrotik router while it has an active Internet connection. 
 +  * It should then be reported under the **Unknown Clients** list of the **RADIUS -> RADIUS Clients** applet. 
 +  * The **Unknown Clients** tab is closed by default. To launch it, click the **Unknown Clients** button in the **RADIUS Clients**  applet. (Last button on the right of the toolbar) 
 + 
 +{{ :user_guide:mikrotik:unknown_clients.png?nolink |}} 
 + 
 +===== Converting An Unknown Client  ===== 
 +  * After the Mikrotik appeared under the **Unknown clients** tab we can convert it to a known client. 
 +  * Select the unknown client you want to convert and click on the  **Attach** button. 
 +  * This will bring up a window where you can select the owner (if there are sub-providers belonging to the user who logged in) 
 +  * Next you can give it a name: 
 +{{ :user_guide:mikrotik:dynamic_clients_attach_basic.png?nolink |}} 
 +  * The **Monitor** and **Maps** sub-tabs you can leave as default. 
 +  * The **Enhancements** tab has some handy enhancements. You are also advised to leave the defaults. 
 +{{ :user_guide:mikrotik:dynamic_clients_attach_enhancements.png?nolink |}} 
 +  * Finally select some realms who you want to allow to use this RADIUS Client. If the list is empty, click on the **Make available to sub-providers** checkbox to give a list of realms belonging to sub-providers. 
 +{{ :user_guide:mikrotik:dynamic_clients_attach_realms.png?nolink |}} 
 +  * After you click the **Next** button this item will be moved to the list of known Dynamic Radius ClientsAs you can see this item indicates that it never contacted the RADIUSdesk server. 
 +{{ :user_guide:mikrotik:radius_client.png |}} 
 +  * Simply reboot the Mikrotik to confirm that contact is now established: 
 +{{ :user_guide:mikrotik:radius_client_online.png |}} 
 +  * This brings us to the end of this section
  
-===== Our actions ===== 
-  * We will add a NAS device of **Connection type** -> **Dynamic client**. 
-<WRAP center round tip 60%> 
-If the **Connection type** -> **Dynamic client** is not available form the list, confirm it is activated in the //<webroot>/cake2/rd_cake/Config/RadusDesk.php// file. 
-</WRAP> 
-  * The value of NAS-Identifier (on the Mikrotik => System -> Identification) will be crucial when adding a new NAS device. This value will have to be defined in <wrap em>three places</wrap>, where each place should contain the value of the Mikrotik system identifier. (**za-gp-pta-001** in our case) 
-    * The **Dynamic AVP detail** sub-tab in the add wizard will specify 
-      * Attribute = NAS Identifier 
-      * Value = za-gp-pta-001 
-    * The **NAS** sub-tab in the add wizard will specify 
-      * Name = za-gp-pta-001 
-    * After the NAS device has been added; you need to edit the NAS device. Select the **NAS** -> **Optional info** sub tab and make sure the value of **NAS Identifier** is specified as **za-gp-pta-001**. 
-  * Log into the RADIUSdesk webtop as either an Access Provider or the root user. 
-  * Select **Menu** -> **NAS Devices** -> **NAS Devices** to open the **NAS Devices** applet. 
-  * An optional start screen may ask you to specify the owner of this NAS device. 
-  * Select **Next** to continue. 
-  * Select the **Dynamic client** connection type. 
-  * Select **Next** to continue. 
-  * Specify the **Attribute** and **NAS-Identifier** and the **Value** as **za-gp-pta-001** in the **Dynamic AVP Detail** sub-tab 
-  * Specify the **Name** as **za-gp-pta-001** and specify a secret in the **NAS** sub-tab. 
-  * Specify the realms who will be able to use this NAS device in the **Realms** sub-tab. 
-  * Select **Next** to complete the action.   
-  * Once the NAS device has been added; edit it and select the **NAS** -> **Optional info** sub tab. 
-    * Specify the **NAS-Identifier** as **za-gp-pta-001**. 
-    * Also select the type as **Mikrotik** 
-  * Save the changes. 
-  * Wait at least ten minutes to allow **FreeRADIUS** to go thorough an auto restart cycle in order to activate the changes. 
-  * Alternatively you can (only as root user) go **Menu** -> **Tools** -> **Logfile Viewer** and **Stop**; **Start** in the Logfile viewer applet's toolbar. 
  
 -------------- --------------
Line 174: Line 177:
 ====== What next ====== ====== What next ======
 Although your system is up and running now you may want to do the following advanced configurations Although your system is up and running now you may want to do the following advanced configurations
-  * Incorporate a heartbeat system to sent heartbeats from the Mikrotik to the RADIUSdesk server for monitor purposes. 
   * Introduce central managed Dynamic Login Pages for Mikrotik.   * Introduce central managed Dynamic Login Pages for Mikrotik.
- 
 The Advanced setup page will cover these topics. The Advanced setup page will cover these topics.
Last modified: 2017/02/01 12:01