Setting up a MikroTik Router as a HotSpot
This document outlines how to configure a MikroTik RouterBoard to be used as a HIB with SIMPLer.
General information on the RouterBoard may be found in the MikroTik Wiki: http://wiki.mikrotik.com/wiki/Category:Manual
- Do basic setup on the routerboard as per http://wiki.mikrotik.com/wiki/Manual:First_time_startup - basic requirement is to configure ether1 with the following:
- IP address and gateway
Once an IP address is assigned, use Winbox (download from the first time setup page) to do the remainder of the setup.
- Setup the hotspot as follows (this info is based on http://www.hotspotsystem.com/en/hotspot/install_guide_mikrotik.html
- Verify that the routerboard DNS settings are correct - click on IP -> DNS and then Settings - if the default values are not correct, update them to reflect the current network.
- Add the hotspot service to ether2 (or any other ether port - just replace references to ether2 with whatever ethernet port you are using below) by going IP -> Hotspot and then clicking Hotspot Setup:
- Select ether2 from the drop down and click Next.
- Pick a suitable IP range to use (192.168.182.1/24 is the default used on HIBs, so use that)
- Click Next for the "Address Pool of Network"
- Click Next for the "Certificate" - leave at "none"
- Ignore the SMTP server setting, and accept the default for the DNS server setting, and leave the DNS name blank.
- On the next dialog, create a password for the "admin" user - this will allow you to login to the hotspot with this username/password without having to use the RADIUS server - this is useful to verify basic operation before going any further.
- At this point the basic hotspot should be up and running. Connect a laptop to the ether2 port, and verify that you get an IP address from the range 192.168.182.2 - 192.168.182.254. Try to access the internet using a web browser, and you should get the default MikroTik splash page. You can enter the admin username / password you created above in order to get access to the internet. (if the status / logout dialog does not popup, you can logout using http://192.168.182.1/logout)
Adding RADIUS support to authenticate against SIMPLer
- Again using winbox, configure RADIUS support as follows:
- In the hotspot profiles (IP -> HotSpot -> Server Profiles), double click the hotspot you created (should probably be hsprof1)
- In the Login tab, deselect Cookie and select CHAP and PAP:
- In the RADIUS tab, select "Use RADIUS", and click OK:
- On the left colum, click Radius, and then the red + to add a new RADIUS server. On the dialog, click hotspot, and enter the IP address of the RADIUS server and the secret (the default, which you can get from the hotspot setup in SIMPLer is az0s3cr3t):
- If you want to allow access to certain sites without authentication (e.g. payment gateways, etc), you can add them to IP -> HotSpot -> Walled Garden. For basic setup this should not be necessary.
- Set the clock on the routerboard by going to System -> NTP Client, click "Enabled", set the Mode to unicast and the server to "pool.ntp.org":
- Set the system identity to be the hotspot name as follows: Go to System -> Identity and enter the full hotspot name (for example demowisp_demowisp_hs5 is the one I am using):
- At this point you should be able to login using a token from the selected hotspot. You can verify which users are logged in using IP -> Hotspot -> Active in winbox
Updating the login splash page
The login (and logout) splash pages can be updated as wished. However in order to allow customers to purchase a token using the operator's payment gateway, a link to the SIMPLer captive portal purchase form must be added. The format of the link is as follows:
Where xyz and hotspot_name are replaced with the relevant equivalents for the operator.
To get the html code for the current login page, click on Files in winbox, and go to hotspot/login.html:
You can just drag'n'drop this file to your desktop, update it, and then drag it back into the Files dialog. Or, if you wish, you can copy the file to your PC using ssh/ftp. The ssh command to copy it is as follows:
scp admin@<ip of mikrotik>:/hotspot/login.html login.html
To copy it back, use
scp login.html admin@<ip of mikrotik>:/hotspot/login.html
You can also drag'n'drop graphics to the hotspot/img directory to be used on the login page.
Azotel | River House | Blackpool Park | Cork | Ireland
US +1-312-239-0680 | IE +353-21-234-8100 | UK +44-207-193-4170 | SA +27-11-083-6900