Manualshelf

Setup guide

ManualsBrandsD-Link ManualsComputer equipmentDWL-500 - 11Mb Wireless LAN PCI Network Card
331332333334335336337338339340
exception is that particular IP addresses take precedence over IP pools in the local-address and
remote-address settings, as described later on).
RADIUS authentication gives the ISP or network administrator the ability to manageP2P user
access and accounting from one server throughout a large network. The Wandy RouterOS has a
RADIUS client which can authenticate for PPP, PPPoE, PPTP, L2TP and ISDN connections. The
attributes received from RADIUS server override the ones set in the default profile, but if some
parameters are not received they are taken from the respective default profile.
Traffic is accounted locally with Cisco IP pairs and snapshot image can be gathered using Syslog
utilities. If RADIUS accounting is enabled, accounting information is also sent to the RADIUS
server default for that service.
Router User Groups
user group
Property Description
name (integer) - the name of the user group
policy (multiple choice: local | telnet | ssh | ftp | reboot | read | write | policy | test | web; default:
!local,!telnet,!ssh,!ftp,!reboot,!read,!write,!policy,!test,!web) - group rights set
local - user can log on locally via console
telnet - user can log on remotely via telnet
ssh - user can log on remotely via secure shell
ftp - user can log on remotely via ftp and send and retrieve files from the router
reboot - user can reboot the router
read - user can retrieve the configuration
write - user can retrieve and change the configuration
policy - user can manage user policies and add and remove users
test - user can run ping, traceroute, bandwidth test
web - user can log on remotely via winbox
Notes
There are three system groups which cannot be deleted:
[admin@Wandy] user group> print
0 ;;; users with read only permission
name="read"
policy=local,telnet,ssh,!ftp,reboot,read,!write,!policy,test,web
1 ;;; users with write permission
name="write"
policy=local,telnet,ssh,!ftp,reboot,read,write,!policy,test,web
2 ;;; users with complete access
name="full" policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,web
[admin@Wandy] user group>
Exclamation sign '!' just before policy name means NOT.
Example
To add reboot group that is allowed to reboot the router locally or using telnet, as well as read the
router's configuration: