A HOTSPOT is way to provide internet access to subscribers by means of an easy to use login interface as it does not require any client software/driver/dialer at user end. To log in, users may use almost any web browser , so they are not required to install additional software.It is also possible to allow users to access some web pages without authentication using Walled Garden feature.
In my personnel opinion, Hotspot is best suited for ad hoc situations, where you cannot control how the client has their machines configured. This is generally useful in Conference Rooms, Hotels, Cafe’s , Restaurants and likewise since people will come and go and you have few permanent users.
One big advantage of using hotspot is that HotSpot does not require any client software/driver/dialer. One disadvantage of using HotSpot is that its usually requires your client to open up his browser to log in before he can use your service . So users wanting to connect to your service using a router or some kind usually have a problem (as routers usually don’t support logging in via HTTP).
Following is a quick setup guide (CLI version) on how-to setup HOTSPOT server in Mikrotik using command interface.
This guide will help you in setting up . . .
# HOTSPOT server,
# It will also configure DHCP to assign users IP Address from 172.16.0.1-172.16.0.255 ip pool .
Change it accordingly.
# I will add two Speed / Rate Limit Profiles, 256k and 512k, it will add a new user ‘zaib‘ password=test with 512k profile and user ‘test‘ Password=test with 256k Limit.
# It will Add Default Route to internet which is DSL router ip 192.168.2.2 ,
Change it accordingly.
In this examples, Mikrotik have two interface cards.
Ether1 LAN = 172.16.0.1 / Connected with LAN/Hotspot users
Ether2 WAN = 192.168.2.1 / Connected with DSL router
DSL Router = 192.168.2.2
Script Starts Below.
02 | add address=172.16.0.1/24 comment=LAN disabled=no interface=ether1 network=172.16.0.0 |
03 | add address=192.168.2.1/24 comment=WAN disabled=no interface=ether2 network=192.168.2.0 |
06 | add name=hs-pool-1 ranges=172.16.0.10-172.16.0.255 |
09 | set allow-remote-requests=yes cache-max-ttl=1w cache-size=10000KiB max-udp-packet-size=512 servers=192.168.2.2 |
12 | add address-pool=hs-pool-1 authoritative=after-2sec-delay bootp-support=static disabled=no interface=ether1 lease-time=1h name=dhcp1 |
14 | /ip dhcp-server config set store-leases-disk=5m |
16 | /ip dhcp-server network add address=172.16.0.0/24 comment="hotspot network" gateway=172.16.0.1 |
20 | set default dns-name="" hotspot-address=0.0.0.0 html-directory=hotspot http-cookie-lifetime=3d http-proxy=0.0.0.0:0 login-by=cookie,http-chap name=default rate-limit="" smtp-server=0.0.0.0 split-user-domain=no use-radius=no |
22 | add dns-name=login.aacable.net hotspot-address=172.16.0.1 html-directory=hotspot http-cookie-lifetime=1d http-proxy=0.0.0.0:0 login-by=cookie,http-chap name=hsprof1 rate-limit="" smtp-server=0.0.0.0 split-user-domain=no use-radius=no |
25 | add address-pool=hs-pool-1 addresses-per-mac=2 disabled=no idle-timeout=5m interface=ether1 keepalive-timeout=none name=hotspot1 profile=hsprof1 |
27 | /ip hotspot user profile |
29 | set default idle-timeout=none keepalive-timeout=2m name=default shared-users=1 status-autorefresh=1m transparent-proxy=no |
31 | add address-pool=hs-pool-1 advertise=no idle-timeout=none keepalive-timeout=2m name="512k Limit" open-status-page=always rate-limit=512k/512k shared-users=1 status-autorefresh=1m transparent-proxy=yes |
33 | add address-pool=hs-pool-1 advertise=no idle-timeout=none keepalive-timeout=2m name="256k Limit" open-status-page=always rate-limit=256k/256k shared-users=1 status-autorefresh=1m transparent-proxy=yes |
35 | /ip hotspot service-port set ftp disabled=yes ports=21 |
37 | /ip hotspot walled-garden ip add action=accept disabled=no dst-address=172.16.0.1 |
39 | /ip hotspot set numbers=hotspot1 address-pool=none |
41 | /ip firewall nat add action=masquerade chain=srcnat disabled=no |
44 | add disabled=no name=admin password=123 profile=default |
45 | add disabled=no name=zaib password=test profile="512k Limit" server=hotspot1 |
46 | add disabled=no name=test-256k password=test profile="256k Limit" server=hotspot1 |
49 | add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.2.2 scope=30 target-scope=10 |
Basic HOSTPOT is now configured. Now goto client pc, Upon booting, it will automatically receive ip from hotspot dhcp server, Open your browser and try to open any web site, You will see Hotspot Login page asking for credentials.
or you can customize it to something that looks like this===
HOWTO CUSTOMIZE HOTSPOT LOGIN PAGE
You can use some fancy good looking login page. To customize the login page, Open Winbox , Goto Files , here you will see various files
, look at
hotspot/login.html , Drag n Drop this file to Desktop. See the attached picture.
Now open it using any html editor, I always prefer FRONTPAGE for editing HTML pages due to its easy interface. Customize it according to your need, You must have some prior knowledge of some website / html editing. You can insert your logo , advertisement and lot more in this page. After you are done, simply Upload the file back from where you downloaded it. use drag n drop feature. For beginners, I recommend you not to change any default variable, just ad your logo n text , After you are familiarized with the structure, you can build your own fully customized login page.
Good examples of hotspot login page can be found at following link.
Howto Redirect User to your selected site after succesful Login
If you want that after successful login to hotspot , user must be redirected to your advertisement web site / any other web, then You will need to replace a variable on the hotspot/login.html document on the mikrotik router.
You must replace $(link-orig) with the url of the website you want them to get after login.
There are two links that you have to replace, and both look like this:
1 | <input type="hidden" name="dst" value="$(link-orig)"> |
Change them to
Now after successful login, user will automatically redirected to yoursite.com, you can also create your customized page showing users details using the variables available.
Howto Allow URL for some destinations for non authenticated Users
Sometimes it is required to allow access to some destinations / URLs for non authenticated users, for example if you have a web / radius server and you want that user can access it without login to hotspot, then you can add its ip address in walled garden.
1 | /ip hotspot walled-garden add dst-host=www.website.com |
2 | /ip hotspot walled-garden ip add dst-address=192.168.2.2 action=accept |
4 | /ip firewall nat add chain=pre-hotspot dst-address=192.168.2.2 action=accept |
HOTSPOT users can’t communicate with each other or PROXY-ARP issue
If you face hotspot broadcast issue / arp-poisoning , problem, Remove the address pool from the Hotspot to turn off Universal NAT,
1 | /ip hotspot set <number> address-pool=none |
3 | /ip hotspot set numbers=hotspot1 address-pool=none |
5 | /ip firewall nat add chain=pre-hotspot dst-address-type=!local hotspot=auth action=accept |
Howto Bypass authentication for Few Clients
This bypasses the hotspot by mac address.
1 | /ip hotspot ip-binding add mac-address=xx:xx:xx:xx:xx:xx type=bypassed |
(change xx:xx:xx:xx:xx:xx with your user's mac address.
You can also use the ip address to bypass.
Soo easy Hotspot Guide ...
ReplyDeleteDo you know how to install an SMS Authentication function in a Mikrotik hotspot system?
ReplyDelete