Managed RADIUS

FreeRADIUS Cloud Managed

ISPAgents Managed RADIUS is commercial early access with tenant-specific onboarding, live smoke, and launch signoff while preserving existing FreeRADIUS, MikroTik direct control, and hybrid rollout options.

Read RADIUS guide
Operator console

Subscribers, devices, and access in one view

subscribers
4.2k
sites live
3
critical fails
0
LiveSubscriber + device identityMapped
ActionGuarded command previewApproved
AuditEvery change loggedTracked
One operator surface ties each subscriber to their devices, access, and history.
Page type
Solutions
Primary search
FreeRADIUS cloud managed
Updated
2026-06-07

Managed RADIUS is available with tenant launch signoff

FreeRADIUS is powerful, but operating it well takes discipline: backups, latency, secrets, NAS configuration, policy mapping, accounting, health checks, and safe change control. Small ISPs often want the control of RADIUS without owning every server and failure mode.

ISPAgents Managed RADIUS is commercial early access for tenants with signed failure posture, verified NAS onboarding, and launch signoff. It connects billing, payments, support, audit, and router operations while keeping public claims tied to evidence.

What the beta launch includes

The launch is tenant-specific. Before a tenant moves live subscriber traffic, ISPAgents prepares the onboarding packet, registers the NAS, seeds tenant-scoped secret references, configures primary and secondary RADIUS endpoints, runs live auth/accounting/CoA smoke, and imports a signed launch package into the management dashboard.

Launch stepCustomer outcome
Tenant intake and NAS registrationThe operator sees the exact router, source CIDR, CoA target, and shared-secret reference before any router change.
Primary and secondary RADIUS configurationThe tenant MikroTik or NAS has a reversible server list instead of a one-shot cutover.
Failure policy signoffThe tenant chooses fail-open-secondary, fail-closed, or local-fallback posture before the maintenance window.
Live smoke and rollback planAuth, accounting, CoA, and rollback evidence are attached to the launch package.
Management signoffThe dashboard records claim control before commercial traffic is accepted.

Early-access capabilities

CapabilityWhy it matters
Billing-driven policyPaid, overdue, suspended, restored, upgraded, and downgraded states map to access rules after policy validation.
Managed shared RADIUSISPAgents operates the RADIUS engine for tenants after launch proof and signoff.
CoA workflowsDisconnect or update sessions where the NAS and network design support it.
NAS managementTrack MikroTik routers, secrets, site mapping, and expected policy behavior.
Hybrid rolloutKeep existing FreeRADIUS while moving selected sites or plans to managed RADIUS.
Audit evidenceShow who changed policy, what was applied, and what the subscriber experienced.

Packaging options

OptionBest fitLaunch boundary
Included RADIUS integrationISPs keeping their existing FreeRADIUS, Splynx, UISP, or generic RADIUS/controller stack.Supported as an integration path after adapter/vendor validation.
Managed shared RADIUSSmall and medium ISPs that want ISPAgents to operate the RADIUS engine.Commercial early access after tenant-specific onboarding, live smoke, and launch signoff.
Dedicated RADIUS shardLarger, regulated, or strict-isolation tenants.Quoted premium posture after tenant-specific review and capacity planning.
RouterOS Local PPP/PPPoETenants explicitly asking for MikroTik local PPP management instead of RADIUS subscriber auth.Beta pilot only until a real live local PPPoE subscriber-session proof passes.

Existing FreeRADIUS still matters

Managed RADIUS after proof does not force every operator to migrate immediately. Many ISPs already have working FreeRADIUS deployments. ISPAgents should support:

  • Read and write integration with existing FreeRADIUS workflows where suitable.
  • Migration from existing tables, groups, profiles, and policy names.
  • Gradual movement by site, router, package, or customer segment.
  • MikroTik direct-control fallback when RADIUS is not the right enforcement method.

FAQ

Is ISPAgents a RADIUS service?

ISPAgents offers managed RADIUS as one commercial early-access control option with tenant launch proof, not the only default. It also integrates with existing FreeRADIUS and MikroTik direct control because ISP networks are not all designed the same way.

Is subscriber authentication HTTP/API?

No. The ISPAgents management plane is HTTP/API, but subscriber authentication remains RADIUS: classic UDP auth/accounting/CoA or RadSec when enabled and verified for that tenant.

What is the launch boundary?

Managed RADIUS can be promoted as commercial early access after tenant-specific onboarding, live smoke, and launch signoff. It is not public GA, not hard-SLA-backed, and not a broad multi-region default.

Can managed RADIUS work with MikroTik?

Yes. MikroTik can act as a NAS in RADIUS-based networks. ISPAgents can also use direct RouterOS control when the operator needs queues, address lists, or site-specific logic outside RADIUS; RouterOS Local PPP/PPPoE remains a beta pilot until a live local subscriber-session proof is captured.

Next step

See how this works in your network.