Scribd
Upload
61 views

Mikrotik Hotspot Quick Setup Guide Tips N Tricks For Hotspot

This document provides a guide for setting up a Mikrotik hotspot using the command line interface. It includes instructions for configuring IP addresses, DHCP, DNS, the hotspot profile and user, firewall NAT rules, and a default route. Tips are also provided for customizing the hotspot login page, redirecting users after login, allowing access for some URLs without authentication, and bypassing authentication for specific clients. Flags for different hotspot states are also defined.

Uploaded by

Willian Peterson
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
61 views

Mikrotik Hotspot Quick Setup Guide Tips N Tricks For Hotspot

This document provides a guide for setting up a Mikrotik hotspot using the command line interface. It includes instructions for configuring IP addresses, DHCP, DNS, the hotspot profile and user, firewall NAT rules, and a default route. Tips are also provided for customizing the hotspot login page, redirecting users after login, allowing access for some URLs without authentication, and bypassing authentication for specific clients. Flags for different hotspot states are also defined.

Uploaded by

Willian Peterson
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

Mikrotik Hotspot Quick Setup Guide + Tips n Tricks

for Hotspot !
aacable.wordpress.com /2011/09/12/mikrotik-hotspot-quick-setup-guide-cli-version/

Filed under: — Tags: , , , , , , , , , , , , , , — Syed Jahanzaib / Pinochio~:) @ 3:39 PM

A HOTSPOT is way to provide internet access to


subscribers by means of an easy to use login
interface as it does not require any client
software/driver/dialer at user end. To log in, users
may use almost any web browser , so they are not
required to install additional software.It is also
possible to allow users to access some web pages
without authentication using Walled Garden
feature.

In my personnel opinion, Hotspot is best suited for ad hoc situations, where you
cannot control how the client has their machines configured. This is generally
useful in Conference Rooms, Hotels, Cafe’s , Restaurants and likewise since
people will come and go and you have few permanent users.

One big advantage of using hotspot is that HotSpot does not require any client
software/driver/dialer. One disadvantage of using HotSpot is that its usually
requires your client to open up his browser to log in before he can use your service . So users wanting
to connect to your service using a router or some kind usually have a problem (as routers usually don’t
support logging in via HTTP).

Following is a quick setup guide (CLI version) on how-to setup HOTSPOT server in Mikrotik using
command interface.

This guide will help you in setting up . . .

# HOTSPOT server,

# It will also configure DHCP to assign users IP Address from 172.16.0.1-172.16.0.255 ip pool .
Change it accordingly.

# I will add two Speed / Rate Limit Profiles, 256k and 512k, it will add a new user ‘zaib‘ password=test
with 512k profile and user ‘test‘ Password=test with 256k Limit.

# It will Add Default Route to internet which is DSL router ip 192.168.2.2 ,


Change it accordingly.

In this examples, Mikrotik have two interface cards.

Ether1 LAN = 172.16.0.1 / Connected with LAN/Hotspot users


Ether2 WAN = 192.168.2.1 / Connected with DSL router
DSL Router = 192.168.2.2

Script Starts Below.


/ip address
add address=172.16.0.1/24 comment=LAN disabled=no interface=ether1
network=172.16.0.0
add address=192.168.2.1/24 comment=WAN disabled=no interface=ether2
network=192.168.2.0
/ip pool
add name=hs-pool-1 ranges=172.16.0.10-172.16.0.255
/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=10000KiB max-udp-
packet-size=512 servers=192.168.2.2
/ip dhcp-server
add address-pool=hs-pool-1 authoritative=after-2sec-delay bootp-
support=static disabled=no interface=ether1 lease-time=1h name=dhcp1
/ip dhcp-server config set store-leases-disk=5m
/ip dhcp-server network add address=172.16.0.0/24 comment="hotspot
network" gateway=172.16.0.1
/ip hotspot profile
set default dns-name="" hotspot-address=0.0.0.0 html-
directory=hotspot http-cookie-lifetime=3d http-proxy=0.0.0.0:0 login-
by=cookie,http-chap name=default rate-limit="" smtp-
server=0.0.0.0 split-user-domain=no use-radius=no
add dns-name=login.aacable.net hotspot-address=172.16.0.1 html-
directory=hotspot http-cookie-lifetime=1d http-proxy=0.0.0.0:0 login-
by=cookie,http-chap name=hsprof1 rate-limit="" smtp-
server=0.0.0.0 split-user-domain=no use-radius=no
/ip hotspot
add address-pool=hs-pool-1 addresses-per-mac=2 disabled=no idle-timeout=5m
interface=ether1 keepalive-timeout=none name=hotspot1 profile=hsprof1
/ip hotspot user profile
set default idle-timeout=none keepalive-timeout=2m name=default shared-
users=1 status-autorefresh=1m transparent-proxy=no
add address-pool=hs-pool-1 advertise=no idle-timeout=none keepalive-
timeout=2m name="512k Limit" open-status-page=always rate-
limit=512k/512k shared-users=1 status-autorefresh=1m transparent-proxy=yes
add address-pool=hs-pool-1 advertise=no idle-timeout=none keepalive-
timeout=2m name="256k Limit" open-status-page=always rate-
limit=256k/256k shared-users=1 status-autorefresh=1m transparent-proxy=yes
/ip hotspot service-port set ftp disabled=yes ports=21
/ip hotspot walled-garden ip add action=accept disabled=no dst-
address=172.16.0.1
/ip hotspot set numbers=hotspot1 address-pool=none
/ip firewall nat add action=masquerade chain=srcnat disabled=no
/ip hotspot user
add disabled=no name=admin password=123 profile=default
add disabled=no name=zaib password=test profile="512k Limit"
server=hotspot1
add disabled=no name=test-256k password=test profile="256k Limit"
server=hotspot1
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.2.2
scope=30 target-scope=10

Basic HOSTPOT is now configured. Now goto client pc, Upon booting, it will automatically receive ip
from hotspot dhcp server, Open your browser and try to open any web site, You will see Hotspot Login
page asking for credentials.
OR you can customize the
hotspot login page to show your
logo look like something

You can also make configuration


changes via GUI. Please read
the following guide for easy n
step by step guide on HOTSPOT
setup.

http://wiki.mikrotik.com/wiki/Hotspot_server_setup

HOWTO CUSTOMIZE HOTSPOT


LOGIN PAGE
You can use some fancy good looking login page.
To customize the login page, Open Winbox , Goto
Files , here you will see various files, look at
hotspot/login.html , Drag n Drop this file to
Desktop. See the attached picture.

Now open it using any html editor, I always prefer


FRONTPAGE for editing HTML pages due to its
easy interface. Customize it according to your
need, You must have some prior knowledge of
some website / html editing. You can insert your
logo , advertisement and lot more in this page.
After you are done, simply Upload the file back
from where you downloaded it. use drag n drop
feature. For beginners, I recommend you not to
change any default variable, just ad your logo n
text , After you are familiarized with the structure,
you can build your own fully customized login
page.

Good examples of hotspot login page can be found at following link.

http://forum.mikrotik.com/viewtopic.php?t=26609

Howto Redirect User to your selected site after succesful Login


If you want that after successful login to hotspot , user must be redirected to your advertisement web
site / any other web, then You will need to replace a variable on the hotspot/login.html document on the
mikrotik router. You must replace $(link-orig) with the url of the website you want them to get after
login.

There are two links that you have to replace, and both look like this:

input type=hidden name=dst value=$(link-orig)

Change them to

input type=hidden name=dst


value=http://aacable.wordpress.com

Now after successful login, user will automatically redirected to yoursite.com, you can also create your
customized page showing users details using the variables available.

Howto Allow URL for some destinations for non authenticated Users
Sometimes it is required to allow access to some destinations / URLs for non authenticated users, for
example if you have a web / radius server and you want that user can access it without login to hotspot,
then you can add its ip address in walled garden.

/ip hotspot walled-garden add dst-host=www.website.com


/ip hotspot walled-garden ip add dst-address=192.168.2.2 action=accept
OR
/ip firewall nat add chain=pre-hotspot dst-address=192.168.2.2
action=accept

HOTSPOT users can’t communicate with each other on LAN or PROXY-


ARP issue
If you face hotspot broadcast issue / arp-poisoning , problem, Remove the address pool from the
Hotspot to turn off Universal NAT,

/ip hotspot set number address-pool=none


OR
/ip hotspot set numbers=hotspot1 address-
pool=none
OR

Howto Bypass authentication for Few Clients


This bypasses the hotspot by mac address.

/ip hotspot ip-binding add mac-address=xx:xx:xx:xx:xx:xx


type=bypassed

(change xx:xx:xx:xx:xx:xx with your user’s mac address. You can also use the ip address to bypass.
.

HOTSPOT FLAGS,
HOTSPOT FLAGS, S – static, If you have the lease set as a static dhcp lease (assigns same ip every
time device requests one) it shows as static. That is in “/ip dhcp-server lease” using “make-static”.

H – DHCP,

D – Dynamic,

A – If someone connects to the hotspot, they show up in the Hosts tab but are not yet authorized. Once
they log in, they show up in the Active tab and are now authorized.

P – bypassed > Go to IP > Hotspot > IP Bindings > and add a new item. One of the “type” options is
bypassed, which simply means they don’t have to login. From the wiki, “bypassed – performs the
translation, but excludes client from login to the HotSpot”

============ Some more flags for ROUTE

X – Disabled, not active A – Active, in use C – Connected, a directly connected host route S – Static,
added manually R – RIP route, received from the routing information protocol B – BGP, received from
the border gateway protocol O – Received from the open shortest path first protocol M – Received
from the mesh made easy protocol B – Blackhole route, packets are silently discarded U –
Unreachable, discards the packets and sends an ICMP unreachable messages P – Prohibit, discards
packet and sends an ICMP communication administratively prohibited message

24.851000 67.008300

About these ads

You might also like