Hi,

Sorry I'am new in here mikrotik device, and i want to ask, do mikrotik router can act as a radius server to other devices?
Here's the detail I want to asked, so my topologi is, starlink -> switch -> cambium access point, i want to add mikrotik router connected to switch then using user manager mikrotik to manage the radius server user, is it possible?
already try, all device is can communicate but when from access point request authenticate to mikrotik the response is only request time out,.

thank you for your help.

Yes, I can confirm it working as RADIUS server for authentication and interim accounting with UniFi and Aruba APs. You can also direct the APs to put individual users into their specified VLAN when Authentication succeeds. With Aruba, User Manager can also pass the user role to the APs and with it bandwidth limitation also works.

What not working is Change of Authentication (CoA) / Disconnect on UniFi APs because User Manager does not provide all required attributes and MikroTik has refused to add the missing ones . As a result, session time, download / upload volume limitations don't work because User Manager can not tell the APs to disconnect the user.

In System -> Logging you can add an entry for the "manager" topic to better diagnose the issues with your Cambium AP. You can also use the Packet Sniffer on the router (filter by UDP ports 1812, 1813) to monitor the RADIUS communication between the AP and the router.

i try to following step on internet, the connection between access point and mikrotik is reachable, but when cambium send the request to authenticate to mikrotik, it replay request time out.
i configure on radius service login, wireless, firewall to accept port 1812. did I missing any step on this?

thanks for your help.

If you add the new entry for topic=manager under System -> Logging, you'll see more details in the Log whenever the APs communicate with User Manager. Also you can temporarily start Tools -> Packet Sniffer (configured to filter ports 1812 and 1813) and check whether packets appear on the router interfaces when the APs are supposed to send the requests to User Manager. Packet Sniffer can also dump to file, and you can open the file in Wireshark to see all the protocol details from the packets, including what response is sent back by User Manager.

If nothing appears then maybe a firewall is blocking UDP packets between the devices and the router.

i configure on radius service login, wireless

No, on RouterOS you don't need to configure anything under the RADIUS menu, that part is for RouterOS acting as RADIUS client (NAS). For user Manager to act as RADIUS server for the APs you only need to change the settings within the User Manager menu only. You enable it under User Manager -> Settings -> Enabled, select a certificate if possible (you can use the one issued by Let's Encrypt, the router can request certificate from Let's Encrypt with /certificate/enable-ssl-certificate). Then in the Routers table add one entry for each of your access point, with their IP addresses and chosen shared secret (that you'll also enter on the APs). You can then create User/User Groups.

If Limitations are needed, then you must enable the Use Profiles checkbox under Settings, and create Profiles, Limitations, as well as the Profile Limitations and User Profiles associations.

Hi CGGXANNX,

do if i'am not mistaken, i just configure on the user manager, and add routers, the address is access point IP address and set shared secret, then add for the users right?
on the access point side i just add my mikrotik IP address as a host and set same secret radius and port..

once again thanks for the assist, and correct me if i'm wrong.