TRAINING GUIDE

MIKROTIK HOTSPOT
INSTALLATION

www.isptrainings.com
[email protected]
0201 – 453-3954, 0815 321 7100

1
 COURSE OUTINE

1. INTRODUCTION

Understanding a RouterOS and RouterBoard

Platforms for Running a RouterOS
Installing a RouterOS on a PC
Accessing the Router – Winbox
Packages, Upgrade, Backup and Restore
RouterOS Licensing

2. SETUP INTERNET CONNECTION

Setting up IP Address
DHCP Server and Address Pool Configuration
Understanding DNS servers
Setting Up Default Route / Default Gateway
Networks Connectivity Test with ping, terminal

3. BRIDGES AND NETWORKING WITH MIKROTIK ROUTER

Creating Bridge Ports
Adding Ports to Bridge

4 SETTING UP WIRELESS INTERFACE

5. IMPLEMENTING HOTSPOT SERVICE

Hotspot setup
Creating Users
Limitations
Walled-garden
IP-binding
User profiles
Server profiles
Managing Hotspot
Login Portal Customization

2
6. IMPLEMENTING HOTSPOT USER MANAGEMENT

Installing User Manager

Configuring RADIUS for hotspot service
Adding Router to User Manager
Adding Customers
Creating Profiles and Limitation
Single and batch user creation
Setting Up Vouchers
Customising Vouchers
Voucher Templates
Managing Logs

3
INTRODUCTION TO HOTSPOT
A Hotspot solution is used by service providers to offer wireless internet access and other
network resources to authorized users or subscribers by means of a login interface.
This enables the service provider to have full control over download limits, time, speed and
billing for users of the system.
Hotspots are typically deployed in places like hotels, schools, shops, conference centers and
other public places.
It can be used to provide free internet service to guests in hotels for instance or used by Internet
Service Providers to provide commercial internet service to subscribers.

To use the service, users may use almost any web browser on their laptop or Wi-Fi enabled
phone, so they are not required to install additional software.
The hotspot gateway is accounting the uptime and amount of traffic used by each subscriber and
this information can be sent to RADIUS (Remote Access Dial In User Service) for billing.

Features of MikroTik Hotspot Gateway

1. Hotspot user management with local database or remote RADIUS server.

2. Multiple user authentication methods both in local database and remote RADIUS server.
3. Walled Garden system which helps to access some web pages without authentication.
4. Trial user login without authentication with some conditions.
5. Profile base advertising facility.
6. Advertising service within fixed time interval.
7. Highly customizable login page where you can design with your company logo, pictures
and advertisement information.
8. IP binding on a MAC address to provide fixed IP address to any device.
9. Bypass known devices without authentication
10. Able to store authorization credentials to cookie to avoid frequent login prompt.

INTRODUCTION TO MIKROTIK ROUTEROS

RouterOS is the operating system of RouterBOARD. It can also be installed on a PC and will turn it into a
Mikrotik routerr with all the necessary features - routing, firewall, bandwidth management, wireless
access point, backhaul link, hotspot gateway, VPN server and more.

INSTALLING ROUTEROS ON PC
Mikrotik RouterOS can be installed on any X86 PC with network cards and it can be configured to work
the same way as a RouterBoard.
The steps to install the Operating System on a PC involves the following

1. Download the ISO image from Mikrotik website - https://mikrotik.com/download (X86

CD image)
2. Burn the ISO image into CD
3. Boot the PC from the CD and follow the screen instructions to complete software
installation.

4
This installation will turn your PC into a Mikrotik Router during which you can only run the
software for 24 hours trial period without a license. You can however turn off the PC to stop the
timer. During this time you can try all the features of RouterOS.

In order to continue using the software on a PC, you must purchase the license using the SoftID
which can be found under router License menu.

5
LICENSING THE SOFTWARE

When you want to upgrade the installation, you would be required to purchase the license key
from Mikrotik or resellers. You would have to supply the software ID as shown above..

Copy the key you obtained and paste as below and the restart the router.

6
2. SETUP INTERNET CONNECTION ON ROUTER

Before setting up hotspot, ensure that the Mikrotik Router is properly setup and connected to the
internet. The diagram below shows a typical setup where the router is connected to the internet
or ISP Router..

SETTING UP IP ADDRESS
Change the IP to match your network configuration

1. Click on the IP Menu

2. Click on the Addresses Menu
3. Click "+"
4. Enter the IP Address you wish to assign to the router, this will be IP address of the
network that is going out. Also make sure to select the right interface or bridge. (Bridge
would be discussed later down this guide
5. Click on "Apply"

7
CONFIGURE DNS SERVER:
This example uses Google's DNS service. Ensure to make use of your own DNS as supplied by
your ISP.

1. Click on the IP Menu

2. Click on the DNS Menu
3. Enter your desired DNS server eg, 8.8.8.8
4. Click on "Apply"

8
SET UP DEFAULT ROUTE / DEFAULT GATEWAY

1. Click on IP
2. Click on Routes
3. Click on "+"
4. Enter 0.0.0.0/0 as the Dst. Address
5. Enter 10.0.0.1 as the Gateway

9
TESTING INTERNET CONNECTIVITY
When you have completed connecting the router to the internet, you have to check and ensure
that the router can connected to an external IP address. You can check with a ping to any
external IP address or domain e.g 8.8.8.8

1. Click on Tools
2. Click on Ping
3. Enter a publicly available address
4. Click Start

10
11
3. BRIDGES AND NETWORKING WITH MIKROTIK ROUTER

Bridges are used to assign a group of ports into a single broadcast domain. You can add one of
more ports to a bridge. All the ports in a bridge would act as if they were connected to a single
switch.
In hotspot configuration, it is always a good practice to create two bridges, one for hotspot and
the other one for LAN.
Access Points or Wireless routers used as Access Point may be connected to hotspot bridge. The
WLAN interface of the Mikrotik Router must be assigned to the Hotspot bridge if your router
supports Wireless.

CREATING BRIDGE PORTS

1. Click on the "Bridge" menu

2. Click on "+"
3. Enter "Hotspot" for the bridge name
4. Click "Apply"

SETTING UP IP ADDRESS OF BRIDGE

1. Click on the IP Menu

2. Click on the Addresses menu
3. Click the "+" button
4. Enter the IP Address/Subnet Mask e.g "192.168.0.1/24"
5. Select the "Hotspot" bridge Interface you created above
6. Click "OK"

12
ADDING PORTS TO HOTSPOT BRIDGE
Any port that is added to the hotspot interface would present users with a Login page when they
try to access any website.
Users can also connect to this port through LAN cable but the ideal setup for hotspot is to have
WIFI users connected to this interface.

1. Click on the "Bridge" menu

2. Click on the "Ports" Tab
3. Click on the "+"
4. Select the interface you want to add to the hotspot e.g. Wlan1
5. Select the "Hotspot" bridge
6. Click "OK

13
14
4. SETTING UP WIRELESS INTERFACE
If you are using RouterBOARD 950, it has a wireless AP that can be used for the hotspot. But if
your router is RB750 or similar router without Wireless Interface then you have to configure and
connect an access point separately to the router. The steps below if general for setting up
Mikrotik AP.

Since the Hotspot service is a captive portal, there is really no need to implement security key on
the AP.
Click on the "Wireless" Menu

1. Double click on the Wireless Interface that you will be using

2. Set the mode to "ap-bridge"
3. Set the band to 2Ghz-B/G (or otherwise if needs be)
4. Change the SSID to the wireless network name to whatever you want.
5. Click "OK"

15
 5. HOTSPOT SETUP – Hotspot Wizard
The Hotspot wizard enables easy setup hotspot on the router. Follow the steps below to run setup
using the wizard.

1. Click on the "IP" menu.

2. Click on the "Hotspot" item
3. Click on "Hotspot Setup". This will start the Hotspot Setup Wizard

When the setup wizard starts, follow the steps below

1. Select the Hotspot bridge as the Hotspot Interface

2. Click Next

16
3. Click next - The address range should be filled in automatically as per our network
configuration.

4. Click Next - the address pool should be pre-populated with the right settings

5. Select "none" and click next

17
6. Enter the IP-Address of your SMTP server or leave it as 0.0.0.0.

7. Click "Next"

8. Enter one or more DNS servers as provided by your ISP and click netxDNS servers used

9. Enter a host name for the local Hotspot if you have created one on your domain or leave
it as blank and click Next

18
 10. Enter a name for your administrative Hotspot user.
11. Enter a password for your administrative user.
12. Click "Next"

13. Click "OK" to complete your hotspot setup.

That is what is required to setup the Hotspot.

If you connect to the Hotspot now, it should prompt with a default Mikrotik Login page. This
can however be customized and replaced with your own if you have the skills to write HTML
codes.

19
CUSTOMISING THE LOGIN PAGE.
You can turn the login page to whatever design you want by editing the login.html file found in
the hotspot folder. .

If you have knowledge of HTML, you can customize this page and replace it with your own
design.

To customize the login page, use ftp application to save hotspot/login.html in your local drive
and edit this file the way you want. You can insert your logo, advertisement and lot more f your
have the skills. Be careful not to change the break the structure of this page hence the hotspot
would not work.
Upload the file back to the router when you are done. Below is a sample of our customized login
page.

Walled Garden

20
WALLED GARDEN
Walled garden is used to allow access to certain websites without authentication.
For instance, you may want users to connect to your company website in order to learn about
your products and services without having to sign in on the login page. This can be done by
assigning your website address to the walled garden.

When a user that has not logged requests access a website that is in the Walled Garden, the
HotSpot gateway does not intercept the request but when the request is for a website not defined
in the walled garden, the router would redirect the request to the login page..

Example:
In this example we will create a simple Walled Garden for our website www.isptrainings.com.
This would allow users to access that website without authenticating through the Hotspot first.

Step 1:
Add a new walled garden entry for access to www.isptrainings.com.
[admin@MikroTik] > /ip hotspot walled-garden add action=allow dst-host=www.isptrainings.com
disabled=no

Step 2:
Test the walled garden entry by connecting to your hotspot and either entering www,isptrainings.com.
You would be able to access this website before the login page showing up but when you try to access
any other website, the login page would show up.

IP-BINDING
IP binding is used to by-pass the login page. For instance, you may decide that certain computers
do not need to login through the login page each time they want to access the internet. You
would have to implement IP binding by binding the IP and MAC address of this device to the
hotspot. You can also use IP binding to block certain devices from accessing the hotspot.

Go to IP -> Hotspot -> Log IP Bindings Tab -> Add new IP Binding.

21
You must know the MAC address and IP address of the user and then fill in the fields provided.

22
If the host has already connected to the hotspot, you can find the IP Address and MAC address
of this device as follows.

From the host tab, right click on the user and select -> Make Binding.

This will create IP Binding for the connected host.

23
From the Type field. Select bypassed -> OK

Choose blocked if you want to block the host. Note that the blocked user can still connect to Wi-
Fi but would not be able to access internet and the login page.

24
6. IMPLEMENTING USER MANAGER

User Manager is a software package by Mikrotik that used to manage users and data usage on
Mikrotik Hotspot. It is a RADIUS server responsible for billing, accounting and authenticating
users.
The process of making use of user manager with Hotspot involves upgrading the RouterOS and
configuring the Hotspot to make use of User Manager for authentication.
The software does not come preinstalled with the RouterOS, hence it has to be installed by
upgrading the router with the right version of User Manager.
Below are the steps to setup user manager in the same router running the Hotspot. Note that the
two can be different or separate devices i.e. the User Manage running on a separate device from
the Hotspot Router

Download the User Manager firmware package from Mikrotik website -

https://mikrotik.com/download
Extract the zip file on your local drive

1. Make sure that the version of the file matches the version and architecture of your device
2. Open the Files window on winbox
3. Drag the "user-manager-X.X-xxxxxx.npk" to the files window.
4. Reboot the router (/system reboot)

You can also install User Manager or upgrade the router using ftp application. Upload the
upgrade package (user manager) to the root directory of the router and restart it.

25
ADDING CUSTOMER
Note that after installing user manager for the first time as above, a default Subscriber/Customer with
login admin and empty password is created.

The administrative account in User Manager is called customers or subscribers and you would
need to add one using Mikrotik terminal (console).
All the configuration is done under the /tool user-manager menu.

To create a customer or subscriber you should go to /tool user-manager customer menu and
execute add command. You would need to specify tha username and password for the account as
in the command below

[admin@MikroTik] /tool user-manager customer add login="admin"

password="PASSWORD" permissions=owner

For the default user “admin” added during the installation of User Manager, you can use the
following command to change the password for the 'admin' user:

[admin@MikroTik] /tool user-manager customer set admin password=PASSWORD

After that you can use print command to see what you have added.

[admin@MikroTik] /tool user-manager customer print

Flags: X - disabled
0 login="admin" password="adminpassword" backup-allowed=yes currency="USD"
time-zone=-00:00 permissions=owner signup-allowed=no paypal-allowed=no
paypal-secure-response=no paypal-accept-pending=no

CONFIGURING HOTSPOT TO USE RADIUS

1. Click on the "IP" menu

2. Click on "Hotspot"
3. Select the "Server Profiles" tab
4. Double click on "hsprof1"
5. Select the "RADIUS" tab
6. Tick the "Use RADIUS" tickbox
7. Click "OK"

26
CONFIGURING RADIUS FOR HOTSPOT

1. Click on "RADIUS"
2. Click on "+"
3. Tick the "hotspot" tickbox
4. Add the loopback IP to the address field. –e 127.0.0.1 (this means the RADIUS is
running in the same the router
5. Choose a secure password
6. Click "OK"

27
1. Using your browser of choice, connect to http://router-ip/userman
2. Supply the username and password created as Customer above and click "Log In"

28
1. Once you have logged in, click on the "Routers" menu
2. Click "Add" then "New"
3. Enter the name you choose as the name
4. Enter the Loopback IP address 127.0.0.1
5. Enter the password you chose earlier.
6. Click "OK"

29
Your Mikrotik Hotspot should now be able to communicate with the User Manager RADIUS
Server. You can now proceed to set up profiles, limitations and users on the user manager
interface.

30