Skip to main content

RADIUS Concept

Connecting your Mikrotik and Ubiquiti routers to a RADIUS (Remote Authentication Dial-In User Service) server in your ISP network serves several key purposes, primarily centered around centralized authentication, authorization, and accounting (AAA) for your network users. Here’s a breakdown of the purpose and benefits:

1. Centralized Authentication

  • Purpose: A RADIUS server allows you to centrally manage user authentication instead of configuring credentials or access rules individually on each router (Mikrotik or Ubiquiti).
  • How it works: When a user tries to connect to your ISP network (e.g., via PPPoE, hotspot, or Wi-Fi), the router (acting as a RADIUS client or Network Access Server, NAS) forwards the authentication request to the RADIUS server. The server checks the user’s credentials (username/password) against a database and approves or denies access.
  • Benefit: Simplifies management, especially in a larger ISP network with many routers and users. You don’t need to update credentials on every device separately.

2. Authorization

  • Purpose: Beyond just verifying identity, RADIUS determines what a user is allowed to do once authenticated.
  • How it works: The RADIUS server can send attributes back to the router, such as bandwidth limits, IP addresses, session timeouts, or access policies. For example, Mikrotik supports RADIUS attributes like Mikrotik-Rate-Limit to enforce speed caps, while Ubiquiti devices can use similar parameters.
  • Benefit: Enables you to enforce policies (e.g., data caps, QoS) consistently across all devices and users, tailoring services to different subscription plans.

3. Accounting

  • Purpose: Tracks usage data for billing, monitoring, or troubleshooting.
  • How it works: The routers send accounting data (e.g., session duration, data usage) to the RADIUS server, which logs it in a centralized database. Mikrotik’s Universal Plug and Play (UPnP) or Ubiquiti’s UniFi systems can integrate with RADIUS for this purpose.
  • Benefit: Provides detailed records for billing customers accurately or analyzing network performance. This is critical for an ISP to ensure fair usage and profitability.

4. Scalability and Security

  • Scalability: As your ISP grows, managing hundreds or thousands of users across multiple Mikrotik and Ubiquiti devices becomes impractical without a centralized system like RADIUS. It scales easily by adding more NAS devices (routers) without reconfiguring the entire authentication system.
  • Security: RADIUS supports encrypted communication (e.g., using PAP, CHAP, or EAP), reducing the risk of credential exposure compared to local storage on each router. It also allows for stronger password policies and integration with two-factor authentication (if supported).

5. Specific Use Cases with Mikrotik and Ubiquiti

  • Mikrotik: Often used in ISP networks for PPPoE or hotspot services. Integrating with RADIUS allows you to manage PPPoE users or hotspot clients centrally. For example, you can use the Mikrotik RADIUS client feature under PPP > RADIUS to offload authentication.
  • Ubiquiti: Commonly used for wireless access points (e.g., UniFi APs). RADIUS integration is useful for authenticating Wi-Fi users via WPA-Enterprise or managing guest access through a captive portal. You configure this in the UniFi Controller under RADIUS settings.

Practical Example

Imagine a customer connects to your ISP via a Ubiquiti AP or a Mikrotik PPPoE server:

  1. The router sends the user’s login details to the RADIUS server.
  2. The RADIUS server verifies the credentials and responds with “accept” plus attributes like “100M/10M” (100 Mbps download, 10 Mbps upload).
  3. The router enforces the bandwidth limit and logs the session start/stop times for billing.

Why Connect Both Mikrotik and Ubiquiti to RADIUS?

If your ISP uses Mikrotik for core routing (e.g., PPPoE termination) and Ubiquiti for wireless access, connecting both to the same RADIUS server ensures a unified user experience and policy enforcement across wired and wireless connections. It eliminates silos and simplifies administration.

In summary, a RADIUS server streamlines user management, enhances security, and provides the flexibility to scale your ISP network efficiently. It’s especially valuable when juggling diverse hardware like Mikrotik and Ubiquiti in a single environment.

Back to top