Syed Jahanzaib Personnel Blog to Share Knowledge !

August 9, 2011

194 Comments »

  1. Are you able to run Mikrotik as a PPPoE server for Windows 7 clientes?

    I am facing this difficulty:

    http://forum.mikrotik.com/viewtopic.php?f=2&t=53707

    Comment by Everton — August 11, 2011 @ 7:35 PM

    • Now a days, All of my client side testing is always done on Windows 7. I face no problem in connecting win7 with MT pppoe server.

      Comment by Pinochio / zaib — August 11, 2011 @ 9:38 PM

  2. thanks bhai……
    aur bhai mery khyal sy jo profile pppoe server ko assign ki hoti hai us mai local address aur address pool b assign karna parta hai warna UM mai create kia hova user connect nai hota…..
    Am i ri8?

    Comment by usmans — August 16, 2011 @ 10:00 AM

    • Yes in pppoe profile, in LOCAL ADDRESS , type your MT local ip.

      and in REMOTE ADDRESS, select the pool you have created in step 2 of this manual which is
      /ip pool add name=pppoe-users-pool ranges=172.16.0.1-172.16.0.254

      Also select dns address to 10.0.0.1 or whatever is your choice for dns server.

      Comment by Pinochio / zaib — August 16, 2011 @ 11:00 AM

  3. can you tell how can i get user status from radius server to Mikrotik server.
    I want to check whether user connected or not on Mikrotik so i can dc it from db.

    Comment by Prasad Shirkar — August 22, 2011 @ 7:46 PM

    • in RM, goto REPORTS / ONLINE USERS
      here you can see all connected users. You can also disconnect single/multiple users from this menu.

      Comment by Pinochio / zaib — August 23, 2011 @ 10:52 AM

  4. How to limit users not for total time 30days which users can spent for much longer time than 30days (everyday few hours) but 30days from accessing to hotspot?

    Comment by Useris — August 29, 2011 @ 4:04 PM

    • @Useris

      I am unable to understand your Pink English :)

      Please rephrase your question in simple english.

      Comment by Pinochio / zaib — August 29, 2011 @ 4:20 PM

  5. OK, i’ll try :) Sorry for my “Ping English” I just started :)
    If i understand correctly it’s possible to limit users by checked total amount of time in the internet. But is it possible to limit the internet usage time for one login? I mean after logining in user has only 2 hours for the internet usage not for total time. For ex. i generated user with 2hours of inet.usage. User logged in 16:00 but user did’nt used intet from 17:00 till 18:00 but login anyway will expire at 18:00. Now it’s more clear? :)

    Comment by Useris — August 30, 2011 @ 11:27 AM

    • Do you want to allow user 2 hours on daily basis for 1 month ?
      Means user John will be able to use internet for 2 hours daily for 1 month? is this you want ?

      Or you want that when user John login, his id must be expired in 2 hours from the first login ?

      Comment by Pinochio / zaib — August 30, 2011 @ 12:33 PM

      • Salam..bro my self hassam sohail ahmed admin of macnet my organization needs your help kindly contact me as soon as possible .. my email address is hassam_sohail@hotmail.com plz inbox me your contact number ..

        Comment by Hassam Sohail — August 11, 2012 @ 4:34 AM

  6. Or you want that when user John login, his id must be expired in 2 hours from the first login ? <- that right :)

    Comment by Useris — August 30, 2011 @ 5:26 PM

    • Unfortunately this is possible only in one way. If we set up-time to 2hrs only, this way his id will be expired in 2 hours after first login. id expires means his account will be disabled after 2 hours , he will not be able to use it next day. This is limitation of User Manager. The package you want can only be achieved via using 3rd party radius manager like DMASOFTLAB RADIUS MANAGER.

      Another workaround is that you car create a monthly package with 2 hours daily timing, but timings must be hard coded in profile limitation, like user can login to server from 12:00 pm -2:00 pm.

      Or try to post your query in mikrotik forum, maybe some one have other workaround for this.

      Comment by Pinochio / zaib — August 31, 2011 @ 1:21 PM

      • OK, thank you! :)

        Comment by Useris — August 31, 2011 @ 1:59 PM

      • About same problem with MK and userman. Id will not expire in 2 hours if user pressed log off (of course) and if your has disconect from hotspot SSID. When user login back after few minits/hours left time is go on from same time when user disconnected. So, seems like problem with recived disassoc on AP when user connects to other SSID or disconnects from hotspot SSID.
        My config: MK RB1100 as DHCP for hotspot, hotspot, radius,userman, VLANx. AP RB411 with 2 SSIDs on different VLANs, bridged WLAN with ETH. First VLANy is secured and DHCP on other router. Second VLANx on VAP without security and goes to RB1100 via trunked VLAN.
        So any idea how to make ID expired after 2h after first login? :) I know about 3rd party user manageres….

        Comment by Useris — September 26, 2011 @ 8:55 PM

  7. after showing the authentication page ….i give the miktoik username & password …but it show invalid username & password….how i will fix this problem

    Comment by Sazal Ahmed — September 21, 2011 @ 11:49 AM

    • Have you created user in ppp/secrets ? If yes, then there must be some typing mistakes in the id / passwd.

      or via UM ? If Yes, then please make sure you have correctly added the Radius Server MT and UM. (pointing to Localhost ip)

      Comment by Pinochio / zaib — September 21, 2011 @ 11:59 AM

  8. please also guide how to configure um with hotspot user

    Comment by muhammad ahmad — November 18, 2011 @ 11:49 AM

  9. how to prevent multiple logins from a same user id. I am using Tek Radius for authentication.

    Thanks In advance

    Comment by Ammar Shareef — November 19, 2011 @ 12:57 PM

  10. Salaam, I did loadbalancing of two dsl lines. the out ip is 10.10.10.1

    Can you please write me a script for pppoe server and billing system.

    Thanks

    Comment by nominet — November 24, 2011 @ 1:57 PM

    • What about the youtube link I sent to you, Did that worked for you ?

      Comment by Pinochio~:) — November 25, 2011 @ 10:43 AM

  11. Asslam-o-alaikum, brother!
    Please let me know complete setting Mikrotik 3.2 or 3.9 PPPoE Server with User Manager Pre Paid Billing System !

    PLz

    Comment by smn4allRana — December 6, 2011 @ 2:25 AM

    • Sorry no support for CRACKED version.
      If you are using it as a commercial entity, then its your ethical/legal responsibility to buy the product, specially if you are earning from it.

      Also license is not very expensive, Its really dirt cheap as compare to the features it offering.

      Go n buy license and install 5.8, Its really worth

      Comment by Pinochio~:) — December 7, 2011 @ 10:44 AM

      • Dear Syed Jahanzaib ji
        we are working on mikrotik Router OS with PPPOE server and we want to setup Radius server as suggested by you but we need url log of our all user based on their user id

        it possible in radius server or is there any other solution available in market

        Comment by Abhay Singh Sengar — July 29, 2014 @ 7:17 PM

  12. Salam Jahanzeb bhai,

    I have a question related to the article discussed here. I am using MT winbox 4.5 given to me by the company from where i bought my equipement. I followed one of your tutorial to create hotspot for user authentication and Alhadolillah i was able to do it successfully. Thanks for the tutorial. Now in the next phase i want to add functionality for billing. Since my system is pretty small right now, i am using 2 Dell Gx280 pcs. 1 is running windows server 2003 and is handling the ftp. the second one has centos and is handling cache. i want to add the billing / voucher system in my setting. Can you please suggest me a way to do it. i am not good at linux so please help me.

    Tas

    Comment by Tas — December 13, 2011 @ 6:01 PM

  13. Jahanzeb Bhai,

    one more thing. can i use MT user manager for my billing along with the current hotspot? if so then can you please help how can i acheive that.

    Tas

    Comment by Tas — December 13, 2011 @ 6:40 PM

    • Don’t Expect ready made copy paste scripts. Just read the article carefully. The procedure that I have described in this article already have support for vpn/pppoe/hotspot users.

      Something like

      /radius add accounting-backup=no accounting-port=1813 address=10.0.0.1 authentication-port=1812 called-id=”” disabled=no domain=”” realm=”” secret=1234 service=ppp,hotspot timeout=300ms

      Comment by Pinochio~:) — December 13, 2011 @ 7:20 PM

    • Yes you can do it.

      But Don’t go blindly for copy paste scripts. Just read the article carefully. The procedure that I have described in this article already have support for vpn/pppoe/hotspot users.

      Something like

      /radius add accounting-backup=no accounting-port=1813 address=10.0.0.1 authentication-port=1812 called-id=”” disabled=no domain=”” realm=”” secret=1234 service=ppp,hotspot timeout=300ms

      Comment by Pinochio~:) — December 13, 2011 @ 7:21 PM

  14. Dear Sir,

    1- What is the price of licensed Mikrotik.

    2- I am usning 3.30 version. I want am using usermanager and want to attach mac address with the login. Kindly tell me how can I do this.

    Thank you.

    Muhammad Fawad

    Comment by Muhammad Fawad — December 17, 2011 @ 12:58 PM

  15. 1# Mikrotik License Level number

    Level 4 ↓ Level 5 ↓ 6 (Unlimited) ↓
    $45 $95 $250

    Mikrotik License Details level and there features is available here.

    http://wiki.mikrotik.com/wiki/Manual:License#License_Levels

    2# You can Bind User’s MAC Address with his ID manually, OR you can choose an option “BIND ON FIRST USAGE’, which means that When users first Login , HIS MAC Address will be automatically bind with his user ID.
    But use the latest version of Mikrotik for this functionality, which means BUY the LICENSE :) , get LEGAL,

    Comment by Pinochio~:) — December 17, 2011 @ 1:21 PM

  16. Salam,
    Sir I am a daily reader of your blog. It is very useful for learners and students like me. I follow your article and successfully learnt how to implement PPPoE server using mikrotik 3.3. The problem I am facing is that MT is not installing User Manager. I downloaded the x86_3.3_packages.zip and uploaded in usermanager.npk to files section and then reboot the MT but It does not install usermanager.
    Kindly help me.

    Best regards.

    Comment by S.M.Saqib — January 15, 2012 @ 9:41 AM

    • Mikrotik 3.30 comes with user manager pre-installed by default, you don’t have to add it manually. Unless you have specifically unchecked it at the time of installation.

      There are few ways to add user manager.

      1) Re-Install Mirkotik “3.30” and make sure you Check / select usermanager at the time of installation.

      2) Download the 3.30 compatible usermanager in NPK package, upload it to FILES section and then simply reboot,
      (While rebooting check the mikrotik screen, you will see its installation or error , note it down , it will be useful for troubleshooting.

      Comment by Syed Jahanzaib / Pinochio~:) — January 15, 2012 @ 11:04 PM

  17. hi,
    this is rehmat ali gulwating, have to ask that
    i have mikrotik os level 5 install on dell precision 670 with 2 lan ports both r 1000mbps.
    i follow steps what u show top on this page.

    In this example Mikrotik have two lan cards.
    1) ether1 = ip 10.0.0.1 / LAN Interface hosting PPPoE Server
    2) ether2 = ip 192.168.5.2 / WAN interface connected with DSL / Fiber etc.

    with ether2 connected a tplink 4 wan load balancer ip with (192.168.5.1)
    tplink load balancer configure correctly it works without mikrotik means when it connected 2 pc(nods) directly

    pppoe clients connecting well but internet is not access-able .
    when i access ip 192.168.5.1 (tplink loadbalancer) from pppoe client side browser display tplink page
    means my pppoe clients are eligible to access my load balancer page but internet is not working

    i guess some thing is missing in dns or should i have to attack proxy server with mikrotik pppoe server if yes
    then please send me configuration to forward NAT request to proxy server .

    hope your reply will come soon as soon as possible,
    thanking you,

    Comment by rehmat ali gulwating — January 27, 2012 @ 6:47 AM

    • MAke sur eyou have added default gateway in route section of mikrotik, pointing to TPLINK ip.
      Also make sure you have create NAT rule to masquearade srcnat

      Comment by Syed Jahanzaib / Pinochio~:) — January 27, 2012 @ 12:22 PM

  18. one more thing when i check nslookup yahoo.com it shows yahoo server ips
    but when ping yahoo.com msg appears destination net unreachable reply from 10.0.0.1
    please consider these troubles and shoot them out from my network…………..thxxxxxxxxxxxxxx

    Comment by rehmat ali gulwating — January 27, 2012 @ 7:31 AM

    • If you are able to resolve domain name in nslookup, it means your DNS server is working fine.
      You need to add default GATEWAY on your mikrotik, and if clients are connecting via pppoe they will work fine, and if clients are securenat, then they must use dns/gw pointing to mikrotik.

      Comment by Syed Jahanzaib / Pinochio~:) — January 27, 2012 @ 11:03 AM

  19. thxzzz but please mention command to add defual gateway to mikrotik wan port

    Comment by rehmat ali gulwating — January 27, 2012 @ 9:55 PM

  20. Asalam-o-alecum
    sir i m using Mikrotik 3.20 PPPoe every thing is working fine but when i configure userman for log my client pc is connect and disconnect in 1 sec and show error check network protocol and when i see log is userman it show client ip ,host ip , authentication success etc … whats the problem ? plz help me
    2nd how can create profile in 3.20 userman ?

    Comment by khurram — January 28, 2012 @ 5:19 AM

    • This USUALLY means there is a problem obtaining an IP address. Check to make sure that in pppoe profile , you have both local and remote IP space being assigned (local means enter the ip of mikrotik). and in remote , select the pppoe ip pool.

      Also
      Goto PPP > PPPoE Server >
      in PPPoE Service, make sure you have selected *ONLY* “pap” in Authentication section.

      Comment by Syed Jahanzaib / Pinochio~:) — January 28, 2012 @ 11:23 AM

      • yes i check it local and remote ip both configure ok and pppeE server only pap Authentication .
        when i create profile > secret via winbox client pc connect everything is fine but no log show in userman >log
        how can add user in this profile in 3.20 userman ? bcoz 3.20 userman has no profile tab.

        Comment by khurram — January 28, 2012 @ 5:28 PM

      • I am sure you must be using Illegal/Cracked version of mikrotik.
        Buy the licensed version, and you will sleep better :)

        Comment by Syed Jahanzaib / Pinochio~:) — January 30, 2012 @ 10:52 AM

  21. hi,
    this is rehmat ali have to ask that, how i cache web sites in mikrotik without enabling proxy server means i use dns and dns working fine but i have little browsing issue so thats y i have to enable cache.

    Comment by rehmat ali gulwating — February 1, 2012 @ 12:15 PM

    • If you don’t wan to cache in mikrotik, add external proxy support like add squid with mikrotik, and route only http request to squid server.
      Without any kind of proxy, you cant cache web sites. You need proxy server at any end.

      Comment by Syed Jahanzaib / Pinochio~:) — February 1, 2012 @ 12:50 PM

  22. thxxxx, i configured proxy on microtik and cache works fine but my mikrotik os install on drive 80 gb sata1 and other sata2 is 1.5 Tera bytes i want to proxy to use sata 2 drive , is it possible please tell me if it is in any possibilities.thanks man

    Comment by rehmat ali gulwating — February 1, 2012 @ 1:29 PM

  23. means how i change drive in mikrotik for cache only i want to cache in 1.5 Tb and mikrotik is using 80 Gb …..

    Comment by rehmat ali gulwating — February 1, 2012 @ 1:34 PM

  24. hi,
    its done man, but i new issue is how i block downloads means which port i should have to block or any other guide ………..?

    Comment by rehmat ali gulwating — February 2, 2012 @ 5:51 PM

    • WHat exactly you meant by downloads, if you mean .exe .mp3 .zip , you can It’s better to use proxy serve for traffic filtering.
      If you want to block torrents or msn like apps, use ports.

      Comment by Syed Jahanzaib / Pinochio~:) — February 3, 2012 @ 6:55 PM

  25. thxxx 2 u its all done……..hey for billing radius manger 3.4 is best or any other free billing system is available just named it…………..thanks for ur guide u r doing good job in ur blog …………

    Comment by rehmat ali gulwating — February 4, 2012 @ 10:53 AM

  26. hi,
    1 another problem in internet all works fine except browsing, browsing is too slow no bandwidth issue i have 16 Mb pipe
    attached with load balance r, is any dns or web proxy problem , please tell me situations of slow browsing , mikrotik install on intel xeon processor 3.60 dual processor 4gb ECC Ram 80Gb & 1.5 Tb hard drive. i think system requirement is not a issue in my network some setting problems may be possible. guide me as soon as possible.

    Comment by rehmat ali gulwating — February 5, 2012 @ 7:00 PM

    • Slow browsing depends on many factor.
      General Causes are DNS resolving issue, Over subscription, WAN LInk Issues etc. Check them.

      Comment by Syed Jahanzaib / Pinochio~:) — February 5, 2012 @ 9:16 PM

      • if it is dns resolving issue then what i have to do ……..?

        Comment by rehmat ali gulwating — February 5, 2012 @ 10:59 PM

  27. i have 4 wan link (wan 1 =192.168.1.1)(wan 2=192.168.2.1)(wan 3=192.168.3.1)(wan 4=192.168.4.1) connected with 4 wan tplink loadbalancer (tplink balancer ip=192.168.5.1) (mikrotik wan ip=192.168.5.2 network=192.168.5.0 ethr=ptcl in) (mikrotik route = src=0.0.0.0/0 gateway=192.168.5.1 check gateway=ping) when ppp client ping 192.168.1.1 or any wan port ping is not responding request time out occur and some time it work well but on the same time when ping not responding i connect load balancer with single pc ping reply in 1ms and not breaking. is mikrotik is net recommended to connect load balancer or some configuration problem i have, please guide me as soon as possible i m thank full to you,

    Comment by rehmat ali gulwating — February 7, 2012 @ 11:17 PM

  28. Sir i have some odd kinda problem n its out of my sense….. i dont have user-manager option in my mikrotik 3.22.
    even i reinstall my server….. i need ur help !!!

    Comment by Shahan Ali — February 13, 2012 @ 10:11 AM

    • USERMAN version must be matched with the Mikrotik.

      Any how if all method fails, the easiest method is to re install Mikrotik and select all packages (Make sure User Manager is selected in selection area).

      Comment by Syed Jahanzaib / Pinochio~:) — February 13, 2012 @ 11:19 AM

      • brother i have reinstall n after even 3.3, still user-manager is missing in tool menu.
        im sure it was selected n installed during installation. i saw by my eyes without any error.
        still no luck :(

        Comment by Shahan Ali — February 15, 2012 @ 2:48 PM

  29. i have noticed one thing, in store > user manager1 > type- user manager> primary disk > active
    thats it !!!

    Comment by Shahan Ali — February 15, 2012 @ 7:02 PM

  30. my mikrotik version is 2.9.27 . Is it possible to use userman in this version

    Comment by sazalach — February 16, 2012 @ 12:47 PM

  31. sir salam

    plz tell me how can i manage (configure) user manager at hotspot server

    thank you

    Comment by noshad — February 21, 2012 @ 10:56 AM

  32. plz sir tell me in detail

    thanx

    Comment by noshad — February 26, 2012 @ 8:27 PM

  33. Dear Sir,

    One of my client is facing slow browsing issue for the website https://www.ubl.com.pk/BBClient/LoginUser.aspx . Please guide me.

    Thank you.

    Comment by Muhammad Fawad — February 27, 2012 @ 12:56 PM

  34. Can someone help me ? I am using mikrotik 2.9.7 and i want to disable browser login. I want people to browser without been asked to login

    Comment by Nana — March 14, 2012 @ 2:47 PM

  35. Hello sir,
    please i am facing serious issues concerning mikrotik user manager version 5.13. in the winbox, i dont see session time. How can get this done, and what is the best way to integrate user-manager and hiotspot in the same box. I am using rb750G with wireless.

    Thanks

    Comment by obinna — March 27, 2012 @ 1:16 PM

  36. Cuantos usurios puedo manejar con user manage y un RB 1100 en este sistema,
    como puedo poner prioridad a usuarios PIME que requieren siempre un minimo de ancho de banda

    Comment by carlos — March 29, 2012 @ 9:05 AM

  37. hello sir..
    i have problem with mt rb750 gl radius server is not responding how to ?

    Comment by rickyjoe — April 1, 2012 @ 4:13 PM

  38. I have a mikrotik with radius manager. I had a disgruntled employee remove some settings on the mikrotik prior to leaving our organization. So am unsure if the system is working as required for the basic setup. Would you be willing to assist me in verifying? I do not think the pppoe is applying the proper Ip pool range and queues…any input would be much appreciated!

    Comment by jon — May 11, 2012 @ 12:12 AM

  39. I have a RB1100 microtik v5.16, and am having a problem with the authentication. On checking the usermanager logs , I see the login attempts logged as ‘start stop’ meaning the queries are going through. Secret is okay and the password is fine.
    If i use a local secret all is well, thus problem must be with usermanager.
    Any suggestions?

    Comment by duncan ngenda (@duncanngenda) — May 18, 2012 @ 5:48 PM

  40. in wireless network which one is better pppoe or hotspot
    and should i use this with usermanager
    or usermanager can be only used in cable network

    Comment by Taher Ahmed Ghouri — May 19, 2012 @ 1:35 AM

    • In Wireless system Hotspot is best then PPoE and it can be managed by User-manager ( userman).
      wwww.smn4all.tk

      Comment by smn4all — May 19, 2012 @ 12:10 PM

    • Depends on the network scenario and number of users. I have number of bad experiences with the HOTSPOT at various cable.network setup. It requires extra security with wisely configured firewall otherwise it can become real headache when number of users exceed. However its very good in terms of advertising your network, and ease of use, You can use other devices like iphone, mobiles etc.

      I personally prefer PPPoE which is most secure and stable but people with other devices won’t be able to use it because usually other devices like mobile or ipad type don’t support dialing. Its a very long debate on which method is best, its all depend on the network scenario and also on your expertise.
      Try with Hotspot.

      Comment by Syed Jahanzaib / Pinochio~:) — May 20, 2012 @ 8:09 PM

  41. thank you very much

    Comment by Administrator — May 23, 2012 @ 2:31 AM

  42. hey would like help with configuring the rb750 v5.9 user-man

    Comment by ezyie — June 27, 2012 @ 8:16 PM

  43. sir i need this complete setup for vpn server plz help me

    Comment by zeeshan — July 4, 2012 @ 12:59 PM

  44. sir plz help me mujhay rb450g p vpn server config kerna hai 60users k liye .

    Comment by Zeeshan — July 7, 2012 @ 8:29 AM

  45. ipless matlab k server ki koi ip nahe hogi?

    Comment by Zeeshan — July 12, 2012 @ 12:03 PM

    • Yes Server LAN will not have any ip address assigned, PPPoE works on broadcast. when user will dial, it will connect on broadcast.

      Comment by Syed Jahanzaib / Pinochio~:) — July 12, 2012 @ 12:04 PM

  46. If anyone has a desire to help me … skype datotab555 help help

    Comment by davod — July 13, 2012 @ 3:52 AM

    • Hi bro
      I am also facing same problem.i have configured pppoe server and um on same rb,i have created policy and user.Bt id created in um doesnt login giving 691 error.authenticated failed radius timeout on rb log report.

      I have given 127.0.0.1 IP on router.But i am still facing this problem.
      can you help me out.

      Comment by sarang — September 24, 2012 @ 7:56 PM

  47. Hi sir,
    I have a RB750 and a RB450. I created ppp user and secret and able to loggon well thru pppoe dialer. But when I configure user manager I face problem. If I have IP 127.0.0.1 as the ROuter IP in UM I can loggon easily from the user created in UM but otherwise it give error of invalid username and password.
    I am giving the details which I have:
    1. Wan IP 172.172.12.5 and gateway 172.172.12.1 connected to ether1.
    2. LAN IP Pool 172.172.1.2-172.172.1.254 on figured on ether 3
    3. In PPPoE Local Address i have given 172.172.1.1 and the Remote address as pool1.

    Please help.Thanks.

    Comment by Anshuman — July 16, 2012 @ 6:52 AM

  48. brother i am not able to get this type of screen

    Comment by jaffar — July 16, 2012 @ 5:31 PM

  49. i am using 5.18 routeros of microtik

    Comment by jaffar — July 16, 2012 @ 5:32 PM

  50. Asalam O Alikum Jahanzaib Sir

    how r you,

    sir i was working on rb750, i just face this issue and I think the guys above were facing the same issue..

    i configured everything properly and UM and Radius server is connected as now my user authentication log is started on UM..

    i couldn`t loged in via UM user and in UM log i found this Description

    “Host IP: 127.0.0.1
    Status: Authorization failure
    Time: 07/16/2012 22:01:45
    Description: no valid profile found for user ”

    this is pppoe profile in print in Mik

    ” ppp profile print
    Flags: * – default
    0 * name=”default” remote-ipv6-prefix-pool=(unknown) use-ipv6=yes use-mpls=default use-compression=default use-vj-compression=default use-encryption=default only-one=default
    change-tcp-mss=default

    1 name=”pppoe-profile” local-address=192.168.50.1 remote-address=pppoe-users-pool remote-ipv6-prefix-pool=none use-ipv6=yes use-mpls=default use-compression=default
    use-vj-compression=default use-encryption=default only-one=default change-tcp-mss=default dns-server=192.168.50.1

    2 * name=”default-encryption” remote-ipv6-prefix-pool=none use-ipv6=yes use-mpls=default use-compression=default use-vj-compression=default use-encryption=yes only-one=default
    change-tcp-mss=yes ”

    what could be the possible issue..

    and ya.. one more thing… when i check pppoe profile section through winbox, both default & default-encryption profile are in blue color, is it normal??

    and the user i created in pppoe secret section, it is connecting and working fine sir..

    please assist me what is that thing i`m missing or configuring wrongly :((

    Jazaak`Allah Sir

    Comment by capri_hunk — July 16, 2012 @ 10:32 PM

  51. sir dhcp server nahe arha hai ppoe kerne k baad. aur user manager se jo users maine banaye hain woh dial nahe ho rahe. maine same router se pppoe aur user manager setup kya hai.
    aur user-man k andar routesr tab hai us mai kya kerna hai? router setup kese kerna hai?

    Comment by Zeeshan — July 17, 2012 @ 9:21 AM

  52. Salam .. How r u Today

    Bhai Jaab Main DHCP Client Main Worldcall Ko Add Kartaa Hoon To Radius Timed Out Ho Jata Hai . Main Radius MAin 10.1.1.1 Ki Range Use Kar Raha Hoon . Or Sab Ranges Use Ki Hain but Timed Out . Main Nain Worldcall Kaa Ip Static Bhii Deya Tab Bhii Radis Time Out Hoo Jata Hai . Ptcl And Link.Net PPPOE Client Par Sab Thik Hai .Bhai Main Mikrotik PPPOE+LoadBalacing [4 PTCL+2 Worldcall+2 Link.Net] Use Kar Raha Hoon. PPPOE Par Koee Problem Nai Hai.But Jab Main Billing System Add Kartaa Hoon. PTCL OR Link.Net Kai Sath Koee Problem Nai Sab Thik Hai . But Jaab Bhii Main Worldcall Add Kartaa Hoon Tab Radius Timed Out Hoo Jata Hay Bhai Any Tip Kai Main Worldcall Bhii Use Kar Loon Or Radius Time Out Naa Ho

    Comment by udasschand — July 19, 2012 @ 11:26 AM

  53. Salam .. How r u Today

    Bhai Jaab Main DHCP Client Main Worldcall Ko Add Kartaa Hoon To Radius Timed Out Ho Jata Hai . Main Radius MAin 10.1.1.1 Ki Range Use Kar Raha Hoon . Or Sab Ranges Use Ki Hain but Timed Out . Main Nain Worldcall Kaa Ip Static Bhii Deya Tab Bhii Radis Time Out Hoo Jata Hai . Ptcl And Link.Net PPPOE Client Par Sab Thik Hai .Bhai Main Mikrotik PPPOE+LoadBalacing [4 PTCL+2 Worldcall+2 Link.Net] Use Kar Raha Hoon. PPPOE Par Koee Problem Nai Hai.But Jab Main Billing System Add Kartaa Hoon. PTCL OR Link.Net Kai Sath Koee Problem Nai Sab Thik Hai . But Jaab Bhii Main Worldcall Add Kartaa Hoon Tab Radius Timed Out Hoo Jata Hay Bhai Any Tip Kai Main Worldcall Bhii Use Kar Loon Or Radius Time Out Naa Ho

    Thanks
    ALLAH HAFIZ

    Regard’s Abid Ali

    Comment by udasschand — July 19, 2012 @ 11:28 AM

    • i have configured pppoe server on rb 750.i have even installed um,created policy and user.bt after dailing from pppoe dialer i m getting error of 691,username password or the selected authentication protocol is not permitted on the remote access server.kindly tell me wht i have missed.pls help

      Comment by sarang — July 23, 2012 @ 5:49 PM

  54. salam, how can change errors for UserManager like “no valid profile found” to ” user, expired”
    user manger linked to hotspot., mikrotik 5.18.

    Comment by khaled — July 29, 2012 @ 3:15 PM

    • salam,i have mt rb 750 with version 5.4. i didnt understand what you said,”no valid profile found to user,expired”.user manager linked to hotspot,mikrotik 5.18. my rouer local ip 192.168.88.*** and wan ip is 111.125.***,***. user manager opens with ip 192.168.88.***/userman.profile,limitation,user created as per shown in the link.but when i dail user from pppoe client with the service name given i get the error username password or the selected authentication protocol is not permitted on the remote access server.
      i want my users to login through usermanager,i can manage the activities via usermanager.
      Is hotspot required,coz i have created a pppoe server.
      kindly help.i want to open the line urgently.

      Comment by sarang — July 30, 2012 @ 12:27 PM

      • i am using Hotspot , when the account of users expired after 30 d , this message appears “no valid profile found “. The point its how can change this message like “the account expired”

        Comment by khaled — July 31, 2012 @ 11:11 AM

      • I just want to change the error message in hotspot error message sent by UserManager. Like “no valid profile found” to “your account has expired” and so on. Not the interface language of UserManager.

        Comment by khaled — July 31, 2012 @ 11:24 AM

      • salam,thanks for your suggestion.user id created on usermanager cannot login.giving error of 691. where i am going wrong.which ip shall i give in um router.can you send me the setting to be changed.along with pppoe server and um on rb750.

        Comment by sarang — August 1, 2012 @ 10:48 AM

      • RB750 is no way different then other version or RB.
        There must be some mistake in configuration, Check with the Mikrotik RADIUS tab and UM Router Config. Check Logs, they will help you in diagnostic the problem.

        Comment by Syed Jahanzaib / Pinochio~:) — August 3, 2012 @ 7:33 AM

      • sorry man, i am using hotspot not PPpOE, but the idea you can open usermanger after the user connect on PPPOE

        Comment by khaled — August 1, 2012 @ 4:20 PM

  55. the ip of mikrotik like : http://192.168.0.1/userman. if web proxy is enabled the web usermanger not work because he use port 80

    Comment by khaled — August 1, 2012 @ 4:16 PM

    • You can change the web proxy port and redirect it to it using nat rule.

      Comment by Syed Jahanzaib / Pinochio~:) — August 3, 2012 @ 7:31 AM

      • salam,thankyou for the tip.webproxy i s not enable.i too also feel,there mst be some mistake in configuration.can you sugget where i am going wrong.
        pppoe with user manager.

        Comment by sarang — August 3, 2012 @ 9:58 AM

      • Salam .. bro i need your help its very very urgent kindly send me your contact number on my email address hassam_sohail@hotmail.com

        Comment by hassam sohail ahmed — August 11, 2012 @ 4:39 AM

  56. I’ hve tried to make it onn Mikroik 3.30 but I got a difierent GUI [annel in UserManger then you had describe on this page??? I can found Profile in GUI ?? plz help what version I have to use for bIlling

    Comment by kashif — August 18, 2012 @ 3:52 PM

  57. Jhanzaib Bahi !!!!!!!!

    I have done everthing just same as in this post, and users are connecting but one thing is disturbing me that their start time is shown Unknown, How to resolve it??

    Comment by kashif — September 7, 2012 @ 3:15 PM

    • Rebuild DB in user manager maintenance section. It will show you the right time. I hope you are using the licensed version above 5.x

      Comment by Syed Jahanzaib / Pinochio~:) — September 7, 2012 @ 3:17 PM

  58. Slm bro

    I need some help with the expiring / resetting of accounts at end of each month. At the moment in UM under Users, in the users Till time field it reads “10/21/2012 08:13:04″. I want the users account to reset end of each month. In the profile, I used 4w2d for validity.

    Comment by Nazeem Jansen — September 21, 2012 @ 1:25 PM

  59. i faced a problem, when adding more than one profile in user manger the ppoe client connect just for the first time !

    Comment by Bassel — October 10, 2012 @ 11:50 AM

  60. Very Nice..
    Thanx for Share nice information with very Easy steps.

    Q# Mr.Jahanzaib plz Guid me how to access userman with public i.p…?
    i am using PTCL modam. so let me know if userman required any port for forwarding ?

    Also define days calculator like 4w2d for a month. if i want to take 15 or 10 days days limitation so what should i do…

    Comment by ABBAS — October 18, 2012 @ 12:28 PM

  61. i cant connect user created with um. errors stats ” you have to change your network setting”

    Comment by Sanket Bijlani — November 1, 2012 @ 4:06 PM

  62. Mikrotik disappointed me in many cases and blessed me as well. I seriously need help in some regards to satisfy my requirement, Can you help me plz. i will be waiting for a positive response from your end soon……

    Comment by Muhammad Abrar — November 10, 2012 @ 8:22 AM

  63. it would be good if i can personally call you so i can better clarify my position. so plz let me know how to contact you personally. sky2serv@gmail.com

    Comment by Muhammad Abrar — November 10, 2012 @ 8:23 AM

  64. salam,
    am new to mikrotik and am still learning but i need your help to put password on my admin account. For now anybody can logon with username: “admin” without a password. i realy wish i could stop this.

    Comment by kay — November 15, 2012 @ 9:13 PM

    • open terminal and issue the following command to change the admin password.
      /password new-password=

      Comment by Syed Jahanzaib / Pinochio~:) — November 18, 2012 @ 3:44 PM

      • thanks very much. but am referring to a situation where some one is able to log on to my hotspot with just a user name admin( without a password), not the winbox but hotspot user account. will be very glad if u can help me.

        Comment by kay — November 30, 2012 @ 9:56 PM

      • You can change the default admin account for hotspot via IP/HOTSPOT menu.

        Comment by Syed Jahanzaib / Pinochio~:) — December 1, 2012 @ 8:42 AM

      • hi, thanks very much for u help. u are so kind. i actually reset my rb751u 2HnD, since then i have been able to reconfigure it and i have internet on the rb wireless via. my problem is that, when i connect my nanostation to it through cable, there is no internet access. can u help me please. even when i connect cable the mikrotik to my laptop i cant have internet access. the router board is set up as a hotspot.

        On Sat, Dec 1, 2012 at 3:42 AM, Syed Jahanzaib Personnel Blog to Share

        Comment by kofi kay — January 6, 2013 @ 1:50 AM

      • Can’t help you with the wireless devices as wifi is not my field.

        Comment by Syed Jahanzaib / Pinochio~:) — January 9, 2013 @ 8:44 AM

  65. Greetings Syed,

    Thank you for the great forum on using Mikrotik with Radius Manager it has been extremely helpful to say the least. I wanted to know if you are able to help me setup Mikrotik RB450G to be used with three (3) Ubiquiti Rocket M5 (5GHZ) AP/ Sector Antennas each connected to one port each on the RB450G and the WAN port of the router connecting back to Radius Manager using pptp for user authentication, billing,etc. I am currently using Radius Manager version 3.7 but just wanted a standard setup to follow as an outline to follow if I needed to duplicate the configuration again.

    The following is the setup as described for the RB450:

    Client = NanoM5(station) ——>> Base Station = RocketM5 air max sector (AP)———–>Mikrotik RB450G ——–>> DEDICATED/ DSL CIRCUIT.

    PORT 1/ PoE – WAN
    PORT 2 – UBIQUITI BASE STATION/ AP (separate private IP address)
    PORT 3 – UBIQUITI BASE STATION/ AP (separate private IP address)
    PORT 4 – UBIQUITI BASE STATION/ AP (separate private IP address)
    PORT 5 – SPARE PORT FOR EXPANSION (to connect a switch to add more Base Stations)

    Another thing is that I am not sure what would be best to use as in PPPoE or HOTSPOT. I would like to configure it for PPPOE to use with the Radius Manager but I am unsure as your opinion would be greatly appreciated. If you can please help me I would greatly appreciate it.

    Regards,

    Kirk

    Comment by Kirk Cahplin — November 25, 2012 @ 2:59 AM

    • Did you get an Answer to this Kirk? I have that exact setup as yours and would like to know.

      Comment by Mandla — March 13, 2013 @ 8:59 PM

  66. can i create usermanager on rb750g

    Comment by sarang — November 26, 2012 @ 11:43 AM

  67. Hi sir very interesting this pppoe server project .I would also want to set a pppoe server following your tutorial but my problem is that have a /22 public ip (just get connected to optic fiber and also use bgp4…) then I would like to assign publics ip to lan (but with wan and Lan on the same network) can you please point me how i can achieved it? Thanks in advance

    Comment by Marcel Fossua — November 27, 2012 @ 12:59 PM

    • You don’t have to use NAT rule in this case. Mikrotik without NAT rule works like a ROUTER.
      At mikrotik forum, there are lot of examples available on howto use live ip pool for local lan users via mikrotik.

      Comment by Syed Jahanzaib / Pinochio~:) — November 28, 2012 @ 10:43 AM

  68. Hi Jahanzaib sir Good day!. i have 2 mikrotik router 1st Rb450 with the bandwidth speed of (2Mb) & 2nd Rb2011 with the bandwidth of (500k) these 2 router is in different location. I want to forward the full bandwidth of 2 Mb to my 2nd router, What will be the setting in both router to make this scenario? Thank in advance

    Comment by Joeddymel Eslana — November 28, 2012 @ 11:05 AM

  69. ASSLAM O ALIKUM

    Dear Jahanzaib bahi. My user manager was work perfectly but when i made my lan to bridge with same ip for geting mac address of all those users who are on different APS whch are connected to 5ghz loops my redius is not working its says redius server is not responding. please tell me what should i do to resolve this issue ? coz i need my bridge i can’t leave bridge coz if i ll leave bridge then i ll not get ips from my other clients which are not directly connected to my mikrotik.

    Regards

    Comment by fizzi khan — December 10, 2012 @ 2:00 PM

    • Hello .. can you guide me how to create UM.i have RB 750G.
      which ip shall i give in UM and Mikrotik router

      Comment by sarang — December 10, 2012 @ 2:27 PM

      • RB750 have L4 license which allows only 20 concurrent user manager session. Do you know about it ?
        Its better to us PC base mikrotik for user manager.

        Comment by Syed Jahanzaib / Pinochio~:) — December 11, 2012 @ 3:20 PM

    • in user manager / radius properties, how you have define NAS/Radius IP? localhost or ip ?

      Comment by Syed Jahanzaib / Pinochio~:) — December 11, 2012 @ 3:22 PM

      • hello sir.
        i am aware rb750G supports on 20 concurrent customers,but still i would like to go for rb750g with um.
        can u guide abt NAS/raduis.i have tried giving 127.0.0.1 ip in um as wel as in radius ip

        do i have to disable pppoe server which i have created.
        to add to my further knowledege which is best rb to support 100 concurrent customers.

        Which version of mikrotik version is best.

        Comment by sarang — December 13, 2012 @ 10:49 AM

  70. i have problem my client`s in pppoe doesn`t get gateway and it`s doesnet work!! what can i do?

    Comment by Eset Derguti — December 18, 2012 @ 4:34 AM

    • There will be no gateway , the default gateway will be the mikrotik server ,its point to point link, you have to configure the proper NAT rule on mikrotik so pppoe connected users should be able to get through it.

      Comment by Syed Jahanzaib / Pinochio~:) — December 18, 2012 @ 9:19 AM

  71. hi..!
    i need scrept for microtik 4 WAN 1 LAN withe server PPPOE
    and my internet ISP

    Comment by Fawzi — December 28, 2012 @ 5:30 AM

  72. hi..!
    i need scrept for microtik 4 WAN 1 LAN withe server PPPOE
    and my internet ISP also PPPOE so pleaase help me i see your scrept about 4 wan but i must add static IP i cant.

    Comment by Fawzi — December 28, 2012 @ 5:33 AM

  73. Hi, Gud information to setup the PPoE server with RAIDUS. My question will be, Is the above config supports for both PPoE and Web authentication as well right?

    Comment by Vijay — January 22, 2013 @ 9:30 PM

    • User Manager is a Radius Server, It supports both HOTSPOT and PPPoE authentication. Just configure in HOTSPOT profile to use RADIUS. Thats it. Rest of configuration for USERMAN will be the same.

      Comment by Syed Jahanzaib / Pinochio~:) — January 23, 2013 @ 9:48 AM

      • I am planning to install Mikrotik Latest version 5.22 on ESXi with 2GB of RAM and planning to handle the live users capacity of 500. Do you suggest the builtin RAIDUS to handle 500 live users with above config? and also i am planning to configure webproxy cache if possible.

        Comment by Vijay — January 23, 2013 @ 10:17 AM

      • # First of all I will not recommend to use USER MANAGER to store Users for this number of users. User Manager is still in development phases and it do have few bugs and its not suitable for live production environment for 500 users. Its ok to use it in smaller network.

        # Add external proxy along with Mikrotik like SQUID to redirect all http traffic from mikrotik to proxy. You can use SQUID an mikrotik in Same physical machine using virtualizing technology with ESXI server. Mikrotik Builtin web proxy is not designed to handle heavy load. So its better if you use SQUID , there are other benefits also of using squid that i tcan be modified and its highly customizable to fit your requirements.

        Comment by Syed Jahanzaib / Pinochio~:) — January 23, 2013 @ 11:03 AM

  74. i understand based on yours posts, That the DMA RADIUS is the better one to go as external RADISU. But can please suggest me, If i go for that, Is it possible through the DMA creating the public IP addresses with the bandwidth control (which is from my WAN pool from service provider) for corporate users.

    Comment by Vijay — January 23, 2013 @ 11:28 AM

    • Yes its possible to use PUBLIC ip address. Just create public IP pool in Mikrotik/DMA and in user properties assign this pool or singel ip of your choice.
      Rest of work is done by Mikrotik if you have configured it properly already. No need to worry.

      Comment by Syed Jahanzaib / Pinochio~:) — January 23, 2013 @ 12:13 PM

  75. greetings,
    what about DNS for pppoe users? how do they get DNS?

    Comment by Sajan — March 9, 2013 @ 12:38 AM

    • They can get DNS from the DHCP OR you can configure dns entry in user pppoe profile.

      Comment by Syed Jahanzaib / Pinochio~:) — March 9, 2013 @ 7:00 PM

      • Thanks for reply. For DHCP to work with radius and UM i have to create user by their mac. And UM user profile does not have any room for DNS entry, only MT PPP profile has it. Thing is, i want to introduce limited internet (transfer limit) for the users who r downloading and using p2p 24/7. All the users r already connected to mt via cable. I want to give pppoe for the heavy downloader from the users. So, i’ve created one pppoe-in interface, added a pppoe server, configured radius and UM, created ip pool, created user profile and limitations with ip pool in UM, added users in UM. Added one rule in forward chain accepting the ip pool. Already masqueraded all addresses to wan interface.
        PPPoE users can connect, no problem with it, but no internet for them. For other users everything is ok. What is wrong?

        Comment by Sajan — March 9, 2013 @ 10:13 PM

  76. For DHCP to work with radius and UM i have to create user by their mac. And UM user profile does not have any room for DNS entry, only MT PPP profile has it. Thing is, i want to introduce limited internet (transfer limit) for the users who r downloading and using p2p 24/7. All the users r already connected to mt via cable. I want to give pppoe for the heavy downloader from the users. So, i’ve created one pppoe-in interface, added a pppoe server, configured radius and UM, created ip pool, created user profile and limitations with ip pool in UM, added users in UM. Added one rule in forward chain accepting the ip pool. Already masqueraded all addresses to wan interface.
    PPPoE users can connect, no problem with it, but no internet for them. For other users everything is ok. What is wrong?

    Comment by Sajan — March 16, 2013 @ 3:41 PM

  77. Asalam-o-alecum , jahanzaib bhai i have configure mikrotik 3.22 PPPoe server with (Wan =public ip) and (Lan = 10.10.10.1/24) ppp ip-pool (192.168.1.1)
    i need to online my webserver (Lan ip = 10.10.10.2 ) pppoe ip (192.168.1.10) what can i do for local webserver online when i access by public ip ?
    i have access my mikrotik webpage from external network by public ip , i also create port forwarding rule in Firewall but i can’t access my webserver outside the network . i have change my webserver port 81 please help me what can i do ?

    Comment by khurram — March 27, 2013 @ 9:27 PM

  78. Dear Sir,
    i have purchased 450 g mikrotik router and i upgrade to 5.25 and install ppoe conf as your defnition. when ppoe user connected to router pppoe user dynamic queue going to under simple static queue. but does not showing any traffic in tx rx and when we move ppoe dynamic queue above the simple static queue is working perfectly.but every time we moving it mannualy .pleasw give me the permanant solution

    Comment by saravanan — May 15, 2013 @ 10:40 PM

    • IF your are controlling users bandwidth via pppoe profile (dynamic queue) then why there is static queue ? why static queue is there for what ?

      Comment by Syed Jahanzaib / Pinochio~:) — May 16, 2013 @ 10:07 AM

      • First of all very very thanks to you for quick reply.Sir Actually its well working previously i am using this same config in mikrotik x86 5.20 .After exporting all conf from x86 to import 450 g 5.25 the problem was started. i am using static queue for some public ip customer and local ip customers without usermanager with priority based.

        Thanking you
        wifiworldcommunications
        saravanan

        Comment by saravanan — May 16, 2013 @ 4:01 PM

  79. when i create user in UM it cant login with PPPoE can u tell me what is the problem

    thanks

    riyaz

    Comment by shaikh riyaz — June 1, 2013 @ 8:28 PM

  80. I am using mikrotik and wondering that if you could help me – as per government push, we have to resolve each and every client ip and its not possible to allocate static ip pool to pppoe service but as you know in mikrotik if we use hotspot service, it resolve ip of client in bracket i.e Static IP [192.16.16.2] manner if user check their ip on web such as dnsstuff.com or so.

    it will be really helpfull if you could focus some light on this topic.

    Thanks

    Comment by KAm — June 6, 2013 @ 10:17 AM

  81. hi
    thanks alot for the info.

    On Mikrotik have configured two lan cards.
    1) ether1 = ip 172.16.0.1/ 16 – LAN Interface
    2) ether2 = ip 192.168.15.251/24 – WAN interface connected with internet
    im getting following error message during Mikrotik User manager Prepaid Billing System with Hotspot configuration on the user manager router ip address 172.16.0.1 or 127.0.0.1

    “operation failed: ip address is already used”

    What could be my problem?

    also my configs:
    # jan/02/1970 01:30:58 by RouterOS 6.0
    # software id = CM2E-LEB0
    #
    /ip hotspot profile
    add hotspot-address=172.16.0.1 login-by=http-chap name=hsprof1 nas-port-type=\
    ethernet use-radius=yes
    /ip hotspot user profile
    set [ find default=yes ] idle-timeout=none keepalive-timeout=2m \
    mac-cookie-timeout=3d
    /ip pool
    add name=hs-pool-1 ranges=172.16.100.1-172.16.255.254
    /ip dhcp-server
    add address-pool=hs-pool-1 disabled=no interface=ether1 lease-time=1h name=\
    dhcp1
    /ip hotspot
    add address-pool=hs-pool-1 addresses-per-mac=1 disabled=no interface=ether1 \
    name=hotspot1 profile=hsprof1
    /port
    set 0 name=serial0
    /tool user-manager customer
    add backup-allowed=yes disabled=no login=admin password=123456 \
    paypal-accept-pending=no paypal-allowed=no paypal-secure-response=no \
    permissions=owner signup-allowed=no time-zone=-00:00
    add backup-allowed=yes disabled=no login=MikroTik password=qwerty \
    paypal-accept-pending=no paypal-allowed=no paypal-secure-response=no \
    permissions=owner signup-allowed=no time-zone=-00:00
    add backup-allowed=no disabled=no login=test parent=admin password=test \
    paypal-accept-pending=no paypal-allowed=no paypal-secure-response=no \
    permissions=read-write signup-allowed=no time-zone=-00:00
    /tool user-manager profile
    add name=staff name-for-users=”” override-shared-users=1 owner=admin price=0 \
    starts-at=logon validity=0s
    add name=students name-for-users=”” override-shared-users=off owner=admin \
    price=0 starts-at=logon validity=0s
    /tool user-manager profile limitation
    add address-list=”” download-limit=0B group-name=”” ip-pool=”” name=\
    updownstaff rate-limit-min-rx=271360B rate-limit-min-tx=57344B \
    rate-limit-rx=271360B rate-limit-tx=57344B transfer-limit=0B \
    upload-limit=0B uptime-limit=0s
    /ip address
    add address=192.168.15.251/24 interface=ether2 network=192.168.15.0
    add address=172.16.0.1/16 interface=ether1 network=172.16.0.0
    /ip dhcp-server network
    add address=172.16.0.0/16 comment=”hotspot network” gateway=172.16.0.1
    /ip dns
    set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
    /ip firewall filter
    add action=passthrough chain=unused-hs-chain comment=\
    “place hotspot rules here” disabled=yes
    /ip firewall nat
    add action=passthrough chain=unused-hs-chain comment=\
    “place hotspot rules here” disabled=yes
    add action=masquerade chain=srcnat comment=”masquerade hotspot network” \
    src-address=172.16.0.0/16
    /ip hotspot user
    add name=admin password=admin
    /ip route
    add distance=1 gateway=192.168.15.254
    /radius
    add address=127.0.0.1 secret=123456 service=hotspot
    /radius incoming
    set accept=yes
    /tool user-manager router
    add coa-port=1700 customer=MikroTik disabled=no ip-address=127.0.0.1 log=\
    auth-fail name=router1 shared-secret=123456 use-coa=no
    add coa-port=1700 customer=MikroTik disabled=no ip-address=172.16.0.1 log=\
    auth-fail name=router2 shared-secret=123456 use-coa=no
    /tool user-manager user
    add customer=admin disabled=no name=admin password=admin shared-users=1 \
    wireless-enc-algo=none wireless-enc-key=”” wireless-psk=””
    add customer=admin disabled=no name=test password=test shared-users=1 \
    wireless-enc-algo=none wireless-enc-key=”” wireless-psk=””
    add customer=test disabled=no name=demo password=test shared-users=1 \
    wireless-enc-algo=none wireless-enc-key=”” wireless-psk=””
    add customer=test disabled=no name=test password=test shared-users=1 \
    wireless-enc-algo=none wireless-enc-key=”” wireless-psk=””
    add customer=MikroTik disabled=no name=MikroTik password=MikroTik \
    shared-users=1 wireless-enc-algo=none wireless-enc-key=”” wireless-psk=””

    Comment by michael chisina — June 17, 2013 @ 2:50 PM

    • This error appears when you add the ROUTER in user manager section. Make sure there is no duplication for the same ip entry. delete previous one if required.

      Comment by Syed Jahanzaib / Pinochio~:) — June 18, 2013 @ 10:09 AM

      • thanks. i did deleted the previous entries.

        Im failing to login to Hotspot page with using users from Usermanager.

        its showing the following error:

        “.RADIUS server is not responding”

        how do i fix it?

        thanks

        Comment by michael chisina — June 18, 2013 @ 11:13 AM

      • raidus is not respoinding occurs due to variety of reasons.
        IN Userman router section and in Mikrotik RADIUS section, use the SAME ip address, preferably local, Make sure you have entered the correct SECRET at both end. this is the most common cause.

        Comment by Syed Jahanzaib / Pinochio~:) — June 18, 2013 @ 11:15 AM

      • i have the same local ip address and password. if you may check the following configs file:

        # jan/02/1970 15:58:46 by RouterOS 6.0
        # software id = CM2E-LEB0
        #
        /ip hotspot profile
        add hotspot-address=172.16.0.1 login-by=http-chap name=hsprof1 nas-port-type=\
        ethernet use-radius=yes
        /ip hotspot user profile
        set [ find default=yes ] idle-timeout=none keepalive-timeout=2m \
        mac-cookie-timeout=3d
        /ip pool
        add name=hs-pool-1 ranges=172.16.100.1-172.16.255.254
        /ip dhcp-server
        add address-pool=hs-pool-1 disabled=no interface=ether1 lease-time=1h name=\
        dhcp1
        /ip hotspot
        add address-pool=hs-pool-1 addresses-per-mac=1 disabled=no interface=ether1 \
        name=hotspot1 profile=hsprof1
        /port
        set 0 name=serial0
        /tool user-manager customer
        add backup-allowed=yes disabled=no login=admin password=admin \
        paypal-accept-pending=no paypal-allowed=no paypal-secure-response=no \
        permissions=owner signup-allowed=no time-zone=-00:00
        add backup-allowed=yes disabled=no login=MikroTik password=qwerty \
        paypal-accept-pending=no paypal-allowed=no paypal-secure-response=no \
        permissions=owner signup-allowed=no time-zone=-00:00
        add backup-allowed=no disabled=no login=test parent=admin password=test \
        paypal-accept-pending=no paypal-allowed=no paypal-secure-response=no \
        permissions=read-write signup-allowed=no time-zone=-00:00
        /tool user-manager profile
        add name=staff name-for-users=”” override-shared-users=1 owner=admin price=0 \
        starts-at=logon validity=0s
        add name=students name-for-users=”” override-shared-users=off owner=admin \
        price=0 starts-at=logon validity=0s
        /tool user-manager profile limitation
        add address-list=”” download-limit=0B group-name=”” ip-pool=”” name=staff \
        rate-limit-min-rx=131072B rate-limit-min-tx=262144B rate-limit-rx=131072B \
        rate-limit-tx=262144B transfer-limit=0B upload-limit=0B uptime-limit=0s
        /ip address
        add address=192.168.15.251/24 interface=ether2 network=192.168.15.0
        add address=172.16.0.1/16 interface=ether1 network=172.16.0.0
        /ip dhcp-server network
        add address=172.16.0.0/16 comment=”hotspot network” gateway=172.16.0.1
        /ip dns
        set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
        /ip firewall filter
        add action=passthrough chain=unused-hs-chain comment=\
        “place hotspot rules here” disabled=yes
        /ip firewall nat
        add action=passthrough chain=unused-hs-chain comment=\
        “place hotspot rules here” disabled=yes to-addresses=0.0.0.0
        add action=masquerade chain=srcnat comment=”masquerade hotspot network” \
        src-address=172.16.0.0/16 to-addresses=0.0.0.0
        /ip hotspot ip-binding
        add address=172.16.0.3 type=bypassed
        /ip hotspot user
        add disabled=yes name=admin password=admin
        /ip route
        add distance=1 gateway=192.168.15.254
        /radius
        add address=127.0.0.1 secret=123456 service=hotspot
        /radius incoming
        set accept=yes
        /tool user-manager user
        add customer=admin disabled=no name=admin password=admin shared-users=1 \
        wireless-enc-algo=none wireless-enc-key=”” wireless-psk=””
        add customer=MikroTik disabled=no name=MikroTik password=MikroTik \
        shared-users=1 wireless-enc-algo=none wireless-enc-key=”” wireless-psk=””
        add customer=admin disabled=no name=demo password=demo shared-users=1 \
        wireless-enc-algo=none wireless-enc-key=”” wireless-psk=””

        Comment by michael chisina — June 18, 2013 @ 11:25 AM

      • If its just a demo testing, we can have a remote session of this mikrotik either via Team.v or live ip, and we can fix it. Dont share any IP or Password info on the comments, contact me on email > aacable [at] hotmail.com

        Comment by Syed Jahanzaib / Pinochio~:) — June 18, 2013 @ 11:27 AM

      • 1 moment i will send the details for team v to youur mail box. thanks

        Comment by michael chisina — June 18, 2013 @ 11:40 AM

      • thanks very very my friend. Keeep up the good work.

        i will be coming back for more questions.

        may GOD bless you

        Comment by michael chisina — June 18, 2013 @ 12:06 PM

  82. Dear Sir,

    I am using windows 7 and unable to connect winbox using PPPoe service. Please guide me how do I connect it. It works perfect with hotspot.

    Thank you.

    Muhammad Fawad

    Comment by Muhammad Fawad — June 22, 2013 @ 10:59 AM

  83. hi,
    i am following your steps and set up user manager and Squid.
    when i configure the squid NAT rule in Mikrotik User manager not working with my Public IP.
    thank you,

    ven

    Comment by ven — June 23, 2013 @ 12:15 PM

  84. salam , dear jahanzaib how to make burstable profile in Mikrotik i mean how to set burstable rate-limit ? (e.g in 512k rate-limite start from 768k for few second )

    Comment by khurram — June 25, 2013 @ 10:11 AM

  85. I setup pppoe to distribute public ip /29 from eth1 through eth4 and across a wireless bridge to cpe. That works. The connection sends public ip to client computer as /32 address using the public-pool but with subnet mask=ff.ff.ff.ff and GW=0.0.0.0. Then the address is not ping-able from public side of network and also, the client with the pppoe address can not access the internet. Eth1 address is public ip/29. Eth4 address is 10.x.x.x – wireless link is Ubnt clear bridge w WDS. The pppoe server is on interface Eth4. Any suggestions?

    Comment by Ralph — July 12, 2013 @ 5:55 AM

  86. Sir, please help. i tried pppoe+um but at the client i give this error : TCP/IP CP reported error 738: The server did not assign an address.
    need help urgent

    Comment by moataz — August 9, 2013 @ 9:03 AM

  87. Please a need help
    i make my hotspot is going well but went i connect ping is going but i can’t open some page.
    please help me

    Comment by kevin — August 25, 2013 @ 11:57 PM

  88. what causes the following error ‘RADIUS server not responding’ when user tries to login on Hotspot? How can i fix it?

    Comment by michael chisina — September 9, 2013 @ 6:55 PM

    • possible reasons are.
      radius is not configured
      user manager or your external have no entry for your mikrotik nas
      radius timeout value is set to too low, if using external radius set ti at least 2000 ms
      radius secrets are not matched

      Comment by Syed Jahanzaib / Pinochio~:) — September 10, 2013 @ 9:08 AM

      • last time you assisted me by login to the system using team viewer and you managed to fix a different problem. If you have time let me know when you can assist.

        Comment by michael chisina — September 10, 2013 @ 11:44 AM

      • ok. contact me on skype

        Comment by Syed Jahanzaib / Pinochio~:) — September 10, 2013 @ 12:33 PM

      • SOLVED.

        Comment by Syed Jahanzaib / Pinochio~:) — September 10, 2013 @ 1:18 PM

      • You have been of great support. keep up the good work. thanks a lot. regards.

        Comment by michael chisina — September 10, 2013 @ 4:01 PM

  89. Hi,
    Thank you for your share.
    I want to setup for Captive portal with RadiusDesk+Mikrotik RB450G+MikrotikRB912Gx3 (AccessPoint)
    RadiusDesk is setuped. RB912G is setuped to AP mode. RB450G is setuped and connecting intenet.

    How can I config radiusDesk and RB450G integration for user authentication (is pppoe required)?

    Do you suggestion some help links?

    Comment by Ali Osman — November 2, 2013 @ 10:11 PM

  90. Thank you for this tutorial. pls can you help me out on how to upload bulk users from ecxel to usermanager v6.Thank you.

    Comment by Agboola Raphael — November 25, 2013 @ 6:24 PM

  91. can i use RB751U-2HnD as a web cashe server?

    Comment by imran — January 1, 2014 @ 12:03 AM

  92. i have user who has used his one profile for one month now i have added a new profile to his id but it is not showing that again when his account is going to expire. please help me.

    Comment by ABN NETWORKS — January 14, 2014 @ 11:54 PM

  93. AoA, Sir
    can u please guide me that i am using Mikrotik OS and i want to install radius manager with hotspot along with external squid proxy server. please let me know how is it work under this senario.

    Muhamamd Asif Janjua

    Comment by Muhammad Asif Janjua — February 11, 2014 @ 12:58 PM

  94. Hi I wish to use this exact setup, as a test bed, but I have a /29 range of ip addresses which im going to use. Can you advise how i would best go about using the /29 rather than private ips?

    Comment by James — March 18, 2014 @ 4:37 PM

  95. I am trying to have a user with fair usage policy. he gets say 2 mbps till 20 gb and thereafter the speed drops. can we do that in mikrotik usermanager?

    Comment by AK — April 15, 2014 @ 8:18 AM

  96. hello bro salam, I can’t found 10.0.0.1/useman on my mikrotik, how to enable it I am using RB1100 pls help me

    Comment by tanvir — July 1, 2014 @ 12:06 PM

    • First check in PACKAGES list , if userman is not listed, then download the matched version fo user manager and upload and restart, it will auto enable.

      Comment by Syed Jahanzaib / Pinochio~:) — July 2, 2014 @ 9:50 AM

  97. Sir,i want your help.i have configured pppoe server with pofiles and secrets.user can connect to internet.even i can monitor real time bandwidth utilization of clients.as i am not using usermanager for accounting purpose.i have another server called log2space,where accounting and client utilization is stored for limited and unlimited plans.i want users to connect on mikrotik and log2space server will store and save clients utilization.

    Log2space server has inbuilt radius and pppoe service.
    how can i do it.pls help.

    Comment by sarang — July 30, 2014 @ 11:34 AM


RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

The Silver is the New Black Theme. Create a free website or blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

Join 2,270 other followers

%d bloggers like this: