A HOTSPOT is way to provide internet access to subscribers by means of an easy to use login interface as it does not require any client software/driver/dialer at user end. To log in, users may use almost any web browser , so they are not required to install additional software.It is also possible to allow users to access some web pages without authentication using Walled Garden feature.
In my personnel opinion, Hotspot is best suited for ad hoc situations, where you cannot control how the client has their machines configured. This is generally useful in Conference Rooms, Hotels, Cafe’s , Restaurants and likewise since people will come and go and you have few permanent users.
One big advantage of using hotspot is that HotSpot does not require any client software/driver/dialer. One disadvantage of using HotSpot is that its usually requires your client to open up his browser to log in before he can use your service . So users wanting to connect to your service using a router or some kind usually have a problem (as routers usually don’t support logging in via HTTP).
Following is a quick setup guide (CLI version) on how-to setup HOTSPOT server in Mikrotik using command interface.
This guide will help you in setting up . . .
# HOTSPOT server,
- It will also configure DHCP to assign users IP Address from 172.16.0.1-172.16.0.255 ip pool .
Change it accordingly.
- I will add two Speed / Rate Limit Profiles, 256k and 512k, it will add a new user ‘zaib‘ password=test with 512k profile and user ‘test‘ Password=test with 256k Limit.
- It will Add Default Route to internet which is DSL router ip 192.168.2.2 ,
Change it accordingly.
In this examples, Mikrotik have two interface cards.
- Ether1 LAN = 172.16.0.1 / Connected with LAN/Hotspot users
- Ether2 WAN = 192.168.2.1 / Connected with DSL router
- DSL Router = 192.168.2.2
COPY PASTE SCRIPT. MAKE SURE YOUR MIKROTIK HAVE NO CONFIG , IT SHOULD BE EMPTY
Script Starts Below.
# Configure IP address for LAN and WAN interfaces / zaib /ip address add address=172.16.0.1/24 comment=LAN disabled=no interface=ether1 network=172.16.0.0 add address=192.168.2.1/24 comment=WAN disabled=no interface=ether2 network=192.168.2.0 # ADD IP pool for hotspot users /ip pool add name=hs-pool-1 ranges=172.16.0.10-172.16.0.255 # Add GOOGLE DNS for resolving /ip dns set allow-remote-requests=yes cache-max-ttl=1w cache-size=10000KiB max-udp-packet-size=512 servers=188.8.131.52 # Add DHCP Server /ip dhcp-server add address-pool=hs-pool-1 authoritative=after-2sec-delay bootp-support=static disabled=no interface=ether1 lease-time=1h name=dhcp1 /ip dhcp-server config set store-leases-disk=5m /ip dhcp-server network add address=172.16.0.0/24 comment="hotspot network" gateway=172.16.0.1 # Add HOTSPOT profile /ip hotspot profile set default dns-name="" hotspot-address=0.0.0.0 html-directory=hotspot http-cookie-lifetime=3d http-proxy=0.0.0.0:0 login-by=cookie,http-chap name=default rate-limit="" smtp-server=0.0.0.0 split-user-domain=no use-radius=no add dns-name=login.aacable.net hotspot-address=172.16.0.1 html-directory=hotspot http-cookie-lifetime=1d http-proxy=0.0.0.0:0 login-by=cookie,http-chap name=hsprof1 rate-limit="" smtp-server=0.0.0.0 split-user-domain=no use-radius=no /ip hotspot add address-pool=hs-pool-1 addresses-per-mac=2 disabled=no idle-timeout=5m interface=ether1 keepalive-timeout=none name=hotspot1 profile=hsprof1 # Add HOTSPOT User Profile like 256k and 512k /ip hotspot user profile set default idle-timeout=none keepalive-timeout=2m name=default shared-users=1 status-autorefresh=1m transparent-proxy=no add address-pool=hs-pool-1 advertise=no idle-timeout=none keepalive-timeout=2m name="512k Limit" open-status-page=always rate-limit=512k/512k shared-users=1 status-autorefresh=1m transparent-proxy=yes add address-pool=hs-pool-1 advertise=no idle-timeout=none keepalive-timeout=2m name="256k Limit" open-status-page=always rate-limit=256k/256k shared-users=1 status-autorefresh=1m transparent-proxy=yes /ip hotspot service-port set ftp disabled=yes ports=21 /ip hotspot walled-garden ip add action=accept disabled=no dst-address=172.16.0.1 /ip hotspot set numbers=hotspot1 address-pool=none /ip firewall nat add action=masquerade chain=srcnat disabled=no /ip hotspot user add disabled=no name=admin password=123 profile=default add disabled=no name=zaib password=test profile="512k Limit" server=hotspot1 add disabled=no name=test-256k password=test profile="256k Limit" server=hotspot1 /ip route add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.2.2 scope=30 target-scope=10
Basic HOSTPOT is now configured. Now goto client pc, Upon booting, it will automatically receive ip from hotspot dhcp server, Open your browser and try to open any web site, You will see Hotspot Login page asking for credentials.
OR you can customize the hotspot login page to show your logo look like something
You can also make configuration changes via GUI.
Please read the following guide for easy n step by step guide on HOTSPOT setup.
HOWTO CUSTOMIZE HOTSPOT LOGIN PAGE
You can use some fancy good looking login page. To customize the login page, Open Winbox , Goto Files , here you will see various files, look at hotspot/login.html , Drag n Drop this file to Desktop. See the attached picture.
Now open it using any html editor, I always prefer FRONTPAGE for editing HTML pages due to its easy interface. Customize it according to your need, You must have some prior knowledge of some website / html editing. You can insert your logo , advertisement and lot more in this page. After you are done, simply Upload the file back from where you downloaded it. use drag n drop feature. For beginners, I recommend you not to change any default variable, just ad your logo n text , After you are familiarized with the structure, you can build your own fully customized login page. – zaib
Good examples of hotspot login page can be found at following link.
Howto Redirect User to your selected site after successful Login
If you want that after successful login to hotspot , user must be redirected to your advertisement web site / any other web, then You will need to replace a variable on the hotspot/login.html document on the mikrotik router.
You must replace $(link-orig) with the url of the website you want them to get after login.
There are two links that you have to replace, and both look like this:
input type=hidden name=dst value=$(link-orig)
Change them to
input type=hidden name=dst value=https://aacable.wordpress.com
Now after successful login, user will automatically redirected to yoursite.com, you can also create your customized page showing users details using the variables available.
Howto Allow URL for some destinations for non authenticated Users
Sometimes it is required to allow access to some destinations / URLs for non authenticated users, for example if you have a web / radius server and you want that user can access it without login to hotspot, then you can add its ip address in walled garden.
/ip hotspot walled-garden add dst-host=www.website.com /ip hotspot walled-garden ip add dst-address=192.168.2.2 action=accept OR /ip firewall nat add chain=pre-hotspot dst-address=192.168.2.2 action=accept
HOTSPOT users can’t communicate with each other on LAN or PROXY-ARP issue
If you face hotspot broadcast issue / arp-poisoning , problem, Remove the address pool from the Hotspot to turn off Universal NAT,
/ip hotspot set number address-pool=none OR /ip hotspot set numbers=hotspot1 address-pool=none
As showed in the image below …
Howto Bypass authentication for Few Clients
This bypasses the hotspot by mac address.
/ip hotspot ip-binding add mac-address=xx:xx:xx:xx:xx:xx type=bypassed
(change xx:xx:xx:xx:xx:xx with your user’s mac address. You can also use the ip address to bypass.
You can also use mac-login or cookies features introduced in newer version to let auto login client.
S – static, If you have the lease set as a static dhcp lease (assigns same ip every time device requests one) it shows as static. That is in “/ip dhcp-server lease” using “make-static”.
H – DHCP,
D – Dynamic,
A – If someone connects to the hotspot, they show up in the Hosts tab but are not yet authorized. Once they log in, they show up in the Active tab and are now authorized.
P – bypassed > Go to IP > Hotspot > IP Bindings > and add a new item. One of the “type” options is bypassed, which simply means they don’t have to login. From the wiki, “bypassed – performs the translation, but excludes client from login to the HotSpot”
Some more flags for ROUTE
X – Disabled, not active
A – Active, in use
C – Connected, a directly connected host route
S – Static, added manually
R – RIP route, received from the routing information protocol
B – BGP, received from the border gateway protocol
O – Received from the open shortest path first protocol
M – Received from the mesh made easy protocol
B – Blackhole route, packets are silently discarded
U – Unreachable, discards the packets and sends an ICMP unreachable messages
P – Prohibit, discards packet and sends an ICMP communication administratively prohibited
Change Default ADMIN password for USERMAN
By default , there is no password for admin id for user-man. you can login by entering admin id and no password. this is dangerous.
Make sure you set password
/tool user-manager customer print
and note the number of admin id
Now change the password
/tool user-manager customer set password=zaib1234 numbers=0