Tuesday, December 14, 2010 0 comments
Run the hotspot setup as below. Substitute the values in italics to suit your network. The user account bears no relation to the admin account and is used for the hotspot service only. You may also need to add a host record to your DNS server for the hostname of the hotspot box. Make sure the address pool does not conflict with any devices using static IPs, such as access points.
[admin@MikroTik] > ip hotspot setup
hotspot interface: wlan1
local address of network: 192.168.30.1/24
masquerade network: yes
address pool of network: 192.168.30.2-192.168.30.99
select certificate: none
ip address of smtp server: 0.0.0.0
dns servers: 192.168.24.2
dns name: hotspot.mydomain.net
name of local hotspot user: user
password for the user: password
Fire up your laptop, associate to the network and try to access a web page. You should be redirected to the hotspot login page instead where you can enter the user credentials you set up earlier. Click the thumbnails for a full view of the default page.
You should now be able to access the web normally and a pop-up window will display your connection time and data usage as you go.
Bear in mind I have left out the certificate so usernames and passwords will be sent as plain text. If you intend on deploying the hotspot, you should install a certificate on it and set up SSL to protect account data from being sniffed. Setting up User Manager The User Manager is a nice and simple web administration for setting up user account for the MikroTik hotspot and other services. It can be hosted on either the same box as the hotspot or located in a separate box on the same local network. One User Manager package can control multiple hotspots. Before getting the User Manager set up, check for any existing hotspot account and remove them. To do this, run the following command:
[admin@MikroTik] > ip hotspot user print
Flags: X - disabled, D - dynamic
# SERVER NAME ADDRESS PROFILE UPTIME
0 fred default 0s
If any items are listed (in this case bob), run the following command to remove them:
[admin@MikroTik] > ip hotspot user remove 0
You can delete multiple items at the same time, simply separate each item number with a comma. To get the User Manager working we first need to add a customer login. This is used to access the UM web administration. Make sure you substitute the values in italics to suit.
[admin@MikroTik] > tool user-manager customer add login=hs_admin password=password
Now we need to add the hotspot as a RADIUS client to the user manager. This is done under the user manager router section. The shared secret can be any string of text and should be reasonably long and complex. If you are setting the user manager up on the same box as the hotspot, use 127.0.0.1 for the IP address.
[admin@MikroTik] > tool user-manager router add ip-address=hotspot-ip shared-secret=12345 subscriber=hs_admin
In return, we need to set up the hotspot to use RADIUS for user authentication. First this involves creating a RADIUS client to communicate with the UM. Remember that if you have both services on the same box, the IP address should be set to 127.0.0.1. The secret should be the same as you set up above.
[admin@MikroTik] > radius add service=hotspot address=ip-address secret=12345
Now we tell the hotspot itself to use a RADIUS client. First bring up a list of hotspot profiles:
[admin@MikroTik] > ip hotspot profile print
Locate the profile in use and type the following command where 1 is the number of the profile to configure:
[admin@MikroTik] > ip hotspot profile set 1 use-radius=yes
Now we are done with configuration. Browse to http://router-ip/userman where router-ip is the IP address of the box you are configuring User Manager on. Login using the customer username and password created earlier. Click on the User menu and select Add. Enter in a username, password and any other details you wish. You can limit the speed the client can access the internet by selecting the Rate limits checkbox and typing in a suitable speed (e.g. for a flat 128kBps download/64kBps upload speed limit simply type in 128k in the RX field and 64k in the TX field). Click Add and you should be able to now access the hotspot using the username and password you specified. If you want to generate a printable ticket for the users you set up, click on the Users link, select the users to make a ticket for, click Generate and select the number of tickets per page.