To manage a mikrotik router using Jaze ISP Manager, the following steps are to be followed:

On Mikrotik Winbox/Webfig

Step 1

Setup the initial configuration of Mikrotik following the steps from here. Make sure that you are able to connect to the internet via any port in the Mikrotik router. 

In winbox click IP > DHCP Client and Add DHCP Client to port ether1  (IP through DHCP)

(or)

In winbox click IP > Addresses and Add Address. Assign a static IP to the interface ether1 (Static IP) 

If you are able to access the internet then we are ready to integrate with Jaze ISP Manager.

Now you will have two interfaces. One is the ether1(WAN) which you had setup and the other would be the ether2(LAN) which is your local network where guests connect. Let us assume for this tutorial that the LAN IP address is 192.168.88.1/24

Step 2

Go to Quick Set. Click on Check for Updates. Click on "Download & Upgrade"  button if it appears. Make sure the version is the latest in 6.X. For more details visit http://wiki.mikrotik.com/wiki/Manual:Upgrading_RouterOS

Step 3

  • Go to System -> NTP Client

    • Check the Enable checkbox.

    • Leave the mode as unicast

    • Enter NTP server IP. Example -> Primary NTP server - 103.224.117.98, Secondary NTP server - 204.2.134.162

  • Go to System -> Clock

    • Choose the correct Time Zone Name.

Step 4

  • You can see the MAC address of the WAN interface by clicking on interfaces in the winbox. Copy the MAC address.

  • Open System -> Identity. Set the value as the MAC address of the WAN interface copied above.

Step 7

Setup DHCP for PPPoE users.

  • Go to IP -> Pool
    • On the Server tab, click on + button to add a new IP pool. In the dialog which appears, enter the following values -
        • Name - local_pool
        • Addresses - 192.168.88.10-192.168.88.250
        • Next Pool - none
      • Click Ok.

    • On the Server tab, click on + button to add a new IP pool. In the dialog which appears, enter the following values -
        • Name - ppp_pool
        • Addresses - 192.168.89.10-192.168.89.250
        • Next Pool - none
      • Click Ok.

Step 8

Setup NAT for ppp_pool.

  • Go to IP -> Firewall -> NAT
    • On the NAT tab, click on + button to add a NAT rule. In the dialogue which appears, enter the following values -
      • In source address, add the ppp_pool (192.168.89.0/24).
      • In the action tab, change action to masquerade.
      • Click Ok.

Step 9

Configure the radius server.

Primary Radius

  • Open Radius from the sidebar
  • On the General tab, click on + button to add a new radius server. In the dialog which appears, enter the following values -
    • Service - hotspot
    • Address - 180.179.56.164
    • Secret - jazenetworks
    • Timeout - 5000 ms
    • Leave the rest of the values at their defaults.
  • Click Ok
  • Accept Radius Incoming. Then, Click Ok.
Secondary Radius

Primary Radius

  • Open Radius from the sidebar
  • On the General tab, click on + button to add a new radius server. In the dialog which appears, enter the following values -
    • Service - hotspot
    • Address - 180.179.56.165
    • Secret - jazenetworks
    • Timeout - 5000 ms
    • Leave the rest of the values at their defaults.
  • Click Ok
  • Accept Radius Incoming. Then, Click Ok.

Step 10

 

Configure the PPP Server.

  •  Now we can add a PPPOE to the LAN interface. 

 

    • Go to PPP and click the PPPoE server tab. 
    • Change the Name of the server to MAC address of the WAN interface.
    • Choose ether2 as interface and choose "Defaut Profile" as default
    • Enable the One Session Per Host option.
    • Choose authentication as pap.

 

 

  • Under the "Secrets" tab, click on "PPP Authentication & Accounting". Enable the checkboxes Use Radius and Accounting.

 

  • Under profiles tab the local address will be the initial address from the IP Pool which does not have internet access and remote address will be the address in the IP pool which has internet access.

 

 

Step 12

Setup scheduler

  • Open System -> Scheduler 
  • On the General tab, click on + button to add a new scheduler. In the dialog which appears, enter the following values -
    • Name - heartbeat
    • Start Date <Leave as it is>
    • Start Time - <Leave as it is>
    • Interval - 00:01:00
    • On Event -

      /tool fetch keep-result=yes url=("https://isp.jazenetworks.com/heartbeat?ap=".[/system identity get name]."&_uptime=".[/system resource get uptime]."&rx_bytes=".[/interface ethernet get 0 rx-bytes]."&tx_bytes=".[/interface ethernet get 0 tx-bytes]."&rx_packets=".[/interface ethernet get 0 rx-broadcast]."&tx_packets=".[/interface ethernet get 0 tx-broadcast]."&rx_error=".[/interface ethernet get 0 rx-fcs-error]."&tx_error=".[/interface ethernet get 0 tx-fcs-error]."&version=".[/system resource get version]."&architecture=".[/system resource get architecture-name]."&cpu-load=".[/system resource get cpu-load]) dst-path=("jaze.rsc") 
      /import file-name=jaze.rsc
      /file remove jaze.rsc

       

    • Policy <Leave all checkboxes enabled>

  • Click Ok

 

If MAC authentication is enabled in IP -> Hotspot -> Server Profiles -> Login -> Login By, then add another scheduler with the following values -

    • Name - removeUnauthorizedHosts
    • Start Date <Leave as it is>
    • Start Time - <Leave as it is>
    • Interval - 00:10:00
    • On Event -
      :foreach HOST in=[/ip hotspot host find authorized=no bypassed=no] do={/ip hotspot host remove $HOST}
    • Policy <Leave all checkboxes enabled>

Step 13

To enable Per-user MRTG graphs, do the following - 

  • Open IP -> SNMP
    • Check the Enabled checkbox
    • Click on the Communites button on the right
    • In the SNMP Communities dialog, open the entry with value Public. Set the following values -
      • Name - jaze
      • Addresses - 180.179.56.164
    • Leave the rest at their default 

Step 14

To enable NAT logging, do the following - 

  • Open System -> Logging
    • Go to the Actions tab
      • Click on the + button to create a new logging action with the following values -
        • Name - jaze
        • Type - remote 
        • Remote Address - 128.199.230.45
        • Remote Port - 514
        • Src. Address - <empty>
        • BSD syslog - <unchecked>

    • Go to the Rules tab
      • Click on the + button to create a new rule with the following values -
        • Topics - firewall
        • Prefix - nat-<System identity value from step 4>
        • Action - jaze



      • Open the default logging rule with Topic as info. Add the topic value !firewall and click Ok



  • Open the terminal and execute the following command, replacing 8.8.8.8 with the IP address of the primary DNS server -

     

    > /ip firewall nat add chain=srcnat action=log dst-address=!8.8.8.8 log=no place-before=0

On Jaze ISP Manager admin dashboard

  • Go to https://isp.jazenetworks.com/routers
  • Click on Add Router
  • In the page which appears enter the following values - 
    • Model - Mikrotik
    • MAC Address <Set as the Identity set in Step 4 above>
    • Name <Give the router some name>
    • Group <Select a group from the dropdown>
    • CoA Port - 3799

      If you want per-user MRTG graphs and the Mikrotik router is on a public IP, enter the following values as well. Else leave the rest empty and click Add

    • Router IP <Public IP of Mikrotik router>
    • Username <Mikrotik login username>
    • Password <Mikrotik login password>
    • Port - 8728
    • IP Auth - <If MAC Login type is enabled, and you want clients to be authorized if they just have the same static IP set as in the user created in Jaze ISP Manager, enable this checkbox>
    • Community String - jaze
  • Click Add