2 ppp user aaa, 1 general information, 2 local ppp user profiles – Allied Telesis AT-WR4500 User Manual

AT-WR4500 Series - IEEE 802.11abgh Outdoor Wireless Routers

141

RouterOS v3 Configuration and User Guide

7.2 PPP User AAA

Document revision:

2.5 (Fri Jul 07 14:52:59 GMT 2006)

Applies to:

V2.9

7.2.1

General Information

Summary

This document provides summary, configuration reference and examples on PPP user management. This
includes asynchronous PPP, PPTP, PPPoE and ISDN users.

Specifications

Packages required: system
License required: Level1
Submenu level: /ppp

Related Topics

HotSpot User AAA
Router User AAA
RADIUS client
Software Package Management
IP Addresses and ARP
PPPoE
PPTP
L2TP Interface

Description

The RouterOS provides scalable Authentication, Athorization and Accounting (AAA) functionality.
Local authentication is performed using the User Database and the Profile Database. The actual
configuration for the given user is composed using respective user record from the User Database,
associated item from the Profile Database and the item in the Profile database which is set as default for a
given service the user is authenticating to. Default profile settings from the Profile database have lowest
priority while the user access record settings from the User Database have highest priority with the only
exception being particular IP addresses take precedence over IP pools in the local-address and
remote-address settings, which described later on.
Support for RADIUS authentication gives the ISP or network administrator the ability to manage PPP user
access and accounting from one server throughout a large network. The RouterOS has a RADIUS client
which can authenticate for PPP, PPPoE, PPTP, L2TP and ISDN connections. The attributes received from
RADIUS server override the ones set in the default profile, but if some parameters are not received they
are taken from the respective default profile.

7.2.2

Local PPP User Profiles

Submenu level: /ppp profile

Description

PPP profiles are used to define default values for user access records stored under /ppp secret
submenu. Settings in /ppp secret User Database override corresponding /ppp profile settings except
that single IP addresses always take precedence over IP pools when specified as local-address or
remote-address parameters.

Property Description

bridge (name) - bridge interface name, which the PPP tunnel will automatically be added in case BCP
negotiation will be successful (i.e., in case both peers support BCP and have this parameter configured)
change-tcp-mss (yes | no | default; default: default) - modifies TCP connection MSS settings
yes - adjust connection MSS value
no - do not atjust connection MSS value