Hi all

First and foremost we've had a good search through the forum and come across posts that have given us food for thought, but without knowing the best way to achieve what we want, it's difficult to know what to search for.

We're looking to deliver connections around a business estate to 6 individual businesses, from a shared 100/100 Mbps leased line. We want to give each business their own public IP, but have some way of managing their account. The businesses will be connected either via fibre or via wireless bridge.

We'd like to use a Mikrotik if possible to handle everything, as it's only for 6 users (initially). If this works then we'd like a system in place that can scale.

Proposal

• The leased line will terminate in our building onto a managed Cisco router.
  We'll have a block of public IPv4 IPs and would like to assign one to each of the 6 businesses.
  Each business will have their own router and will be given a username and password for their internet connection (if this is the best way to connect them).
  Once connected, each router will receive its assigned IP details.

Questions

• Is a Mikrotik the best device for doing this?
  What would be the best protocol for client connection, PPPoE?
  What is the best method for handling the accounts, MySQL?
  Would using RADIUS for authentication be the way forward?

If anyone knows of a post that covers what we're after then please let us know. If not and you have any suggestions as to the best way forward then thank you, any information will be greatly appreciated.

Bladerunner

There really isnt a best device. Mikrotik does well very well at a number of things.

If you are using DSL than you may be stuck with PPPOE and PPPOA however if you are delivering internet via fibre optics you can use other protocols and methods that are more efficient (we're talking about business clients not home users so its not necessary to use only the most commonly used protocols). There are many more methods such as direct connections in L2 switching using hardware or 802.1x authentication (gets rid of clients needing modems). It really depends on your method of internet delivery.

There really isnt a best method for handling accounts, it depends on how you want to structure and secure things and what platform you are using and what you want out of it.

There are multiple ways but radius is certainly one way. Take a look at examples done by other ISPs in handling accounts. RouterOS supports both internal radius server and external radius server.

It would help to give more info on what you are trying to achieve and what you want out from it such as future planning. There are many ways in doing this obviously but you need to decide on things like how you want to deliver internet, is it through POTS? Wireless? ethernet? fibre optics? HDMI? Lasers? (mikrotik doesnt support GPON at the moment but it may work), mechanical strings? sound? someone shouting?. Do you emphasize on bandwidth or latency or security? Every protocol has its strengths and weaknesses and compatibility.