Page 1 of 1

User Authentication

Posted: Wed Jan 08, 2025 5:28 pm
by diegoncho
Hi, Mikrotik forum. I want to implement a Mikrotik router that provides DHCP along with a switch (the brand doesn’t matter). The idea is that each user connecting to the switch must authenticate before gaining access to the network.

I understand there’s the Hotspot option, but I’m looking for something simpler for the person who will manage the network in the future.

I was considering using ARP Reply Only as a way to ensure that only the administrator can authorize which users have access to the network. Is this a good option?

Re: User Authentication

Posted: Fri Jan 10, 2025 10:45 am
by abbio90
if you work with ARP you can allow ARP from DHCP by activating the appropriate flag, and you work with DHCP server in only static. This allows only the Mac addresses that you manually enter in the lease to navigate.

Re: User Authentication

Posted: Sun Jan 12, 2025 1:25 am
by tdw
MAC-based mechanisms don't provide authentication as it is trival for anyone to spoof a MAC address and gain access.

Any authentication and authorisation setup will require ongoing management, if you already have a database of user credentials such as Windows / Azure AD it is possible to use those for both WiFi (WPA-Enterprise) and wired (802.1X) connections, or there are various cloud-based such as JumpCloud or Okta.

Re: User Authentication

Posted: Thu Jan 16, 2025 7:02 pm
by serafin
for the given problem 802,1x seems as the only viable solution. To configure it - you need to have radius server to feed MT with configuration details for clients. There is a few radius servers available, but you can start from FreeRADIUS (which is probably not the easiest one for configuration but definitely the most versatile).