FreeRADIUS Cloud Managed
ISPAgents Managed RADIUS is commercial early access with tenant-specific onboarding, live smoke, and launch signoff while preserving existing FreeRADIUS, MikroTik direct control, and hybrid rollout options.
Subscribers, devices, and access in one view
Managed RADIUS is available with tenant launch signoff
FreeRADIUS is powerful, but operating it well takes discipline: backups, latency, secrets, NAS configuration, policy mapping, accounting, health checks, and safe change control. Small ISPs often want the control of RADIUS without owning every server and failure mode.
ISPAgents Managed RADIUS is commercial early access for tenants with signed failure posture, verified NAS onboarding, and launch signoff. It connects billing, payments, support, audit, and router operations while keeping public claims tied to evidence.
What the beta launch includes
The launch is tenant-specific. Before a tenant moves live subscriber traffic, ISPAgents prepares the onboarding packet, registers the NAS, seeds tenant-scoped secret references, configures primary and secondary RADIUS endpoints, runs live auth/accounting/CoA smoke, and imports a signed launch package into the management dashboard.
| Launch step | Customer outcome |
|---|---|
| Tenant intake and NAS registration | The operator sees the exact router, source CIDR, CoA target, and shared-secret reference before any router change. |
| Primary and secondary RADIUS configuration | The tenant MikroTik or NAS has a reversible server list instead of a one-shot cutover. |
| Failure policy signoff | The tenant chooses fail-open-secondary, fail-closed, or local-fallback posture before the maintenance window. |
| Live smoke and rollback plan | Auth, accounting, CoA, and rollback evidence are attached to the launch package. |
| Management signoff | The dashboard records claim control before commercial traffic is accepted. |
Early-access capabilities
| Capability | Why it matters |
|---|---|
| Billing-driven policy | Paid, overdue, suspended, restored, upgraded, and downgraded states map to access rules after policy validation. |
| Managed shared RADIUS | ISPAgents operates the RADIUS engine for tenants after launch proof and signoff. |
| CoA workflows | Disconnect or update sessions where the NAS and network design support it. |
| NAS management | Track MikroTik routers, secrets, site mapping, and expected policy behavior. |
| Hybrid rollout | Keep existing FreeRADIUS while moving selected sites or plans to managed RADIUS. |
| Audit evidence | Show who changed policy, what was applied, and what the subscriber experienced. |
Packaging options
| Option | Best fit | Launch boundary |
|---|---|---|
| Included RADIUS integration | ISPs keeping their existing FreeRADIUS, Splynx, UISP, or generic RADIUS/controller stack. | Supported as an integration path after adapter/vendor validation. |
| Managed shared RADIUS | Small and medium ISPs that want ISPAgents to operate the RADIUS engine. | Commercial early access after tenant-specific onboarding, live smoke, and launch signoff. |
| Dedicated RADIUS shard | Larger, regulated, or strict-isolation tenants. | Quoted premium posture after tenant-specific review and capacity planning. |
| RouterOS Local PPP/PPPoE | Tenants explicitly asking for MikroTik local PPP management instead of RADIUS subscriber auth. | Beta pilot only until a real live local PPPoE subscriber-session proof passes. |
Existing FreeRADIUS still matters
Managed RADIUS after proof does not force every operator to migrate immediately. Many ISPs already have working FreeRADIUS deployments. ISPAgents should support:
- Read and write integration with existing FreeRADIUS workflows where suitable.
- Migration from existing tables, groups, profiles, and policy names.
- Gradual movement by site, router, package, or customer segment.
- MikroTik direct-control fallback when RADIUS is not the right enforcement method.
FAQ
Is ISPAgents a RADIUS service?
ISPAgents offers managed RADIUS as one commercial early-access control option with tenant launch proof, not the only default. It also integrates with existing FreeRADIUS and MikroTik direct control because ISP networks are not all designed the same way.
Is subscriber authentication HTTP/API?
No. The ISPAgents management plane is HTTP/API, but subscriber authentication remains RADIUS: classic UDP auth/accounting/CoA or RadSec when enabled and verified for that tenant.
What is the launch boundary?
Managed RADIUS can be promoted as commercial early access after tenant-specific onboarding, live smoke, and launch signoff. It is not public GA, not hard-SLA-backed, and not a broad multi-region default.
Can managed RADIUS work with MikroTik?
Yes. MikroTik can act as a NAS in RADIUS-based networks. ISPAgents can also use direct RouterOS control when the operator needs queues, address lists, or site-specific logic outside RADIUS; RouterOS Local PPP/PPPoE remains a beta pilot until a live local subscriber-session proof is captured.
Continue the operations map.
Automatic Internet Suspension Software
Design suspension and restoration workflows without losing control by connecting billing, payment evidence, RADIUS, MikroTik, custom agents, approvals, and rollback evidence.
Open pageSolutionsCustomer Self-Service App
A phone-first app for an ISP's subscribers — view plan and balance, track data usage, pay, and open support — branded to the operator. Account and usage are live today; CPE controls are on the way.
Open pageIntegrationsController Integrations
Pull devices, topology, and telemetry from external controllers — Ubiquiti UniFi, Cambium cnMaestro, and UISP — into one tenant-scoped pane, mapped to canonical devices. Read-only and safe. This is early access.
Open pageIntegrationsFreeRADIUS Integration
Keep your existing FreeRADIUS where it works, or move selected access workflows to Managed RADIUS early access after tenant launch signoff.
Open page