Setting up a RADIUS server for MikroTik hotspots is essential for centralized user authentication, billing, and management. This comprehensive guide walks you through everything you need to know about MikroTik RADIUS integration and how cloud solutions make it incredibly simple.
What is RADIUS and Why Do You Need It?
RADIUS (Remote Authentication Dial-In User Service) is a networking protocol that provides centralized authentication, authorization, and accounting (AAA) for users connecting to network services. For MikroTik hotspots, RADIUS enables:
- ✅ Centralized user database management
- ✅ Automatic session tracking and accounting
- ✅ Bandwidth control and fair usage policies
- ✅ Prepaid voucher authentication
- ✅ Real-time usage monitoring
- ✅ Multi-location user management
Traditional RADIUS Setup Challenges
Setting up a traditional RADIUS server (like FreeRADIUS) requires:
- ❌ Dedicated server hardware or VPS
- ❌ Linux system administration skills
- ❌ Public IP address for each location
- ❌ Complex configuration files
- ❌ Database setup and management
- ❌ Ongoing maintenance and security updates
This complexity is why many small ISPs and hotels struggle with proper hotspot management.
Cloud RADIUS: The Modern Solution
Cloud-based RADIUS solutions like YesSpot eliminate all the traditional complexity. Here's how:
No Server Required
YesSpot runs a highly available RADIUS infrastructure in the cloud. Your MikroTik routers connect via secure WireGuard VPN tunnels, eliminating the need for your own servers.
No Public IP Needed
Traditional setups require public IPs for RADIUS communication. With YesSpot's VPN-based approach, your routers can be behind NAT—no public IP required.
Zero Configuration
Simply paste the connection script into your MikroTik terminal. The RADIUS settings are automatically configured. No manual IP addresses, secrets, or port configurations needed.
How MikroTik RADIUS Authentication Works
Authentication Flow
- User connects to WiFi and opens browser
- Captive portal appears requesting credentials
- User enters voucher code or username/password
- MikroTik sends Access-Request to RADIUS server
- RADIUS validates credentials against database
- Access-Accept returned with bandwidth attributes
- User gets internet access with assigned limits
Accounting Flow
- Session starts - Accounting-Start sent to RADIUS
- Interim updates - Usage data sent periodically
- Session ends - Accounting-Stop with final usage
Key RADIUS Attributes for MikroTik
Understanding RADIUS attributes helps you configure advanced features:
Authentication Attributes
- User-Name: The username or voucher code
- User-Password: The password (PAP) or challenge response (CHAP)
- NAS-IP-Address: IP of the MikroTik router
- Calling-Station-Id: User's MAC address
Authorization Attributes
- Mikrotik-Rate-Limit: Bandwidth limits (rx/tx)
- Session-Timeout: Maximum session duration
- Idle-Timeout: Disconnect after idle period
- Mikrotik-Total-Limit: Data usage limit
Accounting Attributes
- Acct-Session-Time: Session duration in seconds
- Acct-Input-Octets: Downloaded bytes
- Acct-Output-Octets: Uploaded bytes
- Acct-Terminate-Cause: Why session ended
Setting Up MikroTik with YesSpot RADIUS
Step 1: Create YesSpot Account
Sign up at yesspot.in for a free 14-day trial. No credit card required.
Step 2: Add Your Router
In the YesSpot dashboard, click "Add Router" and enter your router details. The system generates a unique connection script.
Step 3: Run Connection Script
Open your MikroTik terminal (Winbox or SSH) and paste the script. This automatically:
- Creates WireGuard VPN interface
- Configures RADIUS settings
- Sets up hotspot server
- Applies firewall rules
Step 4: Create Plans & Vouchers
In YesSpot dashboard, create pricing plans with bandwidth limits and generate vouchers for your customers.
Step 5: Go Live
Your hotspot is now live with full RADIUS authentication! Users can login with vouchers and their usage is tracked automatically.
Advanced RADIUS Features
MAC Address Binding
Bind vouchers to specific devices to prevent sharing. Once a voucher is used on a device, it cannot be used on another.
Concurrent Session Limits
Control how many devices can use the same credentials simultaneously. Perfect for family plans or multi-device users.
Fair Usage Policy (FUP)
Automatically throttle speeds when users exceed data limits. For example, reduce speed to 1Mbps after 10GB usage.
Time-Based Access
Create plans that work only during specific hours (e.g., 6 PM - 12 AM only) for night-time packages.
Troubleshooting RADIUS Issues
Authentication Failures
- Check if voucher is valid and not expired
- Verify RADIUS server is reachable
- Confirm shared secret matches
- Check for MAC binding conflicts
Accounting Not Working
- Ensure interim-update is enabled
- Check NAS-IP configuration
- Verify firewall allows RADIUS ports
Conclusion
RADIUS is the backbone of professional hotspot management, but traditional setups are complex and expensive. Cloud solutions like YesSpot bring enterprise-grade RADIUS to businesses of all sizes—no servers, no public IPs, no complexity.
Ready to simplify your MikroTik RADIUS setup? Start your free trial with YesSpot and have your hotspot running in under 30 seconds.
![WireGuard VPN MikroTik Hotspot Setup Tutorial [2025]](/images/blog/wireguard-tutorial.jpg)