Professional Documents
Culture Documents
Setting Up A Mikrotik Hotspot With UserManager (Step-By-Step) - Binary Heartbeat
Setting Up A Mikrotik Hotspot With UserManager (Step-By-Step) - Binary Heartbeat
SettingupaMikrotikHotspotwithUserManager(StepByStep)~BinaryHeartbeat
SettingupaMikrotikHotspotwithUserManager(StepBy
Step)
15:14
P O S T E D B Y J U R G E N S K R A U S E H O T S P O T , M I K R O T I K , S T E P B Y S T E P , T U T O R I A L
5 2 COM M E NT S
MikrotikRouterOSprovidesaverypowerfulHotspotFeature.ThiscanbeusedwiththeMikrotikbuilt
inRadiusserver(Userman)orwitharemoteRadius/FreeradiusServer.
Youwillneed:
MikrotikRouterBOARD:
Level4orbetterlicence(LowerlicenceswillallowonlyasingleHotspotclient)
RouterOS6.x(5.xwillalsowork,butthistutorialisbasedonv6.7)
Thenetworkwillbeconfiguredasbelow.YoumayneedtoadjusttheIPAddressestosuityourneeds
Notes:
TheRouterBOARDCPUandRAMwilldirectlyaffecttheperformanceofyourHotspot,soconsider
beforehandhowmanyclientsyouwishtoconnect.
ARouterBOARD750cancomfortablyrunabout2550users.
InmyexampleIwilluseaRouterBOARD532withone2.4ghzWLANcard
Step1:Configureinternetaccessontherouter
AddRouterIPAddress:
/ipaddressaddaddress=10.0.0.2/24interface=ether1
ChangetheIPtomatchyournetworkconfiguration
1. ClickontheIPMenu
data:text/htmlcharset=utf8,%3Ch2%20class%3D%22posttitle%20entrytitle%22%20style%3D%22fontsize%3A%2028px%3B%20margin%3A%200.83em
2. ClickontheAddressesMenu
1/16
12/2/2015
SettingupaMikrotikHotspotwithUserManager(StepByStep)~BinaryHeartbeat
3. Click"+"
4. EntertheIPAddressyouwishtoassigntotherouter,thiswillbetheoutwardfacingIP,somake
suretoselecttheethernetinterfacethatwillgivetherouterinternetaccess.
5. Clickon"Apply"
ConfigureUpstreamDNSServer:
/ipdnssetservers=8.8.8.8allowremoterequests=yes
ThisexampleusesGoogle'sDNSservice.YoucaneasilymakeuseofOpenDNStoimplementsimple
filtering,oruseyourownDNSserversifneeded.
1. ClickontheIPMenu
2. ClickontheDNSMenu
3. EnteryourdesiredDNSserverhereIamusingGoogle'sDNS
4. Clickon"Apply"
data:text/htmlcharset=utf8,%3Ch2%20class%3D%22posttitle%20entrytitle%22%20style%3D%22fontsize%3A%2028px%3B%20margin%3A%200.83em
2/16
12/2/2015
SettingupaMikrotikHotspotwithUserManager(StepByStep)~BinaryHeartbeat
ConfigureDefaultRoute:
/iprouteadddstaddress=0.0.0.0/0gateway10.0.0.1
1. ClickonIP
2. ClickonRoutes
3. Clickon"+"
4. Enter0.0.0.0/0astheDst.Address
5. Enter10.0.0.1astheGateway
data:text/htmlcharset=utf8,%3Ch2%20class%3D%22posttitle%20entrytitle%22%20style%3D%22fontsize%3A%2028px%3B%20margin%3A%200.83em
3/16
12/2/2015
SettingupaMikrotikHotspotwithUserManager(StepByStep)~BinaryHeartbeat
Test:
Checkifyoucanpingapublicipaddresslike8.8.8.8
1. ClickonTools
2. ClickonPing
3. Enterapubliclyavailableaddress
4. ClickStart
data:text/htmlcharset=utf8,%3Ch2%20class%3D%22posttitle%20entrytitle%22%20style%3D%22fontsize%3A%2028px%3B%20margin%3A%200.83em
4/16
12/2/2015
SettingupaMikrotikHotspotwithUserManager(StepByStep)~BinaryHeartbeat
Step2:InstallUserManagerandHotspot
IfyouplantouseastandaloneRadiusServer,youmayskipthisstep.
DownloadthefirmwarepackagefromMikrotik
Extractthezipfileonyourlocaldrive
1. Makesurethattheversionofthefilematchestheversionandarchitectureofyourdevice
2. OpentheFileswindowonwinbox
3. Dragthe"usermanagerX.Xxxxxxx.npk"tothefileswindow.
4. Dothesamefor"hotspotX.Xxxxxxx.npk".
5. Reboottherouter(/systemreboot)
data:text/htmlcharset=utf8,%3Ch2%20class%3D%22posttitle%20entrytitle%22%20style%3D%22fontsize%3A%2028px%3B%20margin%3A%200.83em
5/16
12/2/2015
SettingupaMikrotikHotspotwithUserManager(StepByStep)~BinaryHeartbeat
Step3:Configureinterfaces
First,weneedtoconfiguretwoBridgeinterfaces.Thefirstonewillbealoopbackinterface.Ihave
foundinthepastthatifyouusethenormalloopbackaddress(127.0.0.1),oroneoftheotherstatic
addresses,fortheRadius(Usermanager)server,youmayexperiencesomedifficulties.
3.1.1CreateLoopbackBridge
/interfacebridgeaddname=Loopback
1. Clickonthe"Bridge"menu
2. Clickon"+"
3. Enter"Loopback"forthebridgename
4. Click"Apply"
data:text/htmlcharset=utf8,%3Ch2%20class%3D%22posttitle%20entrytitle%22%20style%3D%22fontsize%3A%2028px%3B%20margin%3A%200.83em
6/16
12/2/2015
SettingupaMikrotikHotspotwithUserManager(StepByStep)~BinaryHeartbeat
3.1.2AddLoopbackBridgeIPAddress
Iuseanyunusedprivateiprangeforthis,itisusedsimplyasaninterfacetoruntheRADIUSserver
on.
/ipaddressaddaddress=10.10.0.1/32interface=Loopback
1. ClickontheIPMenu
2. ClickontheAddressesmenu
3. Clickthe"+"button
4. Enter"10.10.0.1/32"astheIPAddress
5. Selectthe"Loopback"Interface
6. Click"OK"
data:text/htmlcharset=utf8,%3Ch2%20class%3D%22posttitle%20entrytitle%22%20style%3D%22fontsize%3A%2028px%3B%20margin%3A%200.83em
7/16
12/2/2015
SettingupaMikrotikHotspotwithUserManager(StepByStep)~BinaryHeartbeat
3.2.1CreateHotspotBridge
Ifyouareplanningtorunthehotspotonasingleinterfaceyoumayskipthisstep.
/interfacebridgeaddname=Hotspot
1. Clickonthe"Bridge"menu
2. Clickon"+"
3. Enter"Hotspot"forthebridgename
4. Click"Apply"
3.2.2AddHotspotBridgeIPAddress
Imakeuseoftheprivate192.168.0.1/24rangeforthehotspotnetwork,butyoucanusewhateveris
suitableinyoursetup.
/ipaddressaddaddress=192.168.0.1/24interface=Hotspot
1. ClickontheIPMenu
2. ClickontheAddressesmenu
3. Clickthe"+"button
4. Enter"192.168.0.1/24"astheIPAddress
5. Selectthe"Hotspot"Interface
6. Click"OK"
data:text/htmlcharset=utf8,%3Ch2%20class%3D%22posttitle%20entrytitle%22%20style%3D%22fontsize%3A%2028px%3B%20margin%3A%200.83em
8/16
12/2/2015
SettingupaMikrotikHotspotwithUserManager(StepByStep)~BinaryHeartbeat
3.2.3AddHotspotPortstoBridge
Ifyouwouldlikemultipleinterfacestohaveaccesstothehotspot,youcanrepeatthisprocess,only
changingtheinterfaceeachtime.
IfyouarerunningonaRouterBOARD750orsimilar,youwillneedtoaddtheportsthatyouAP'sare
connectedto,tothebridge.
/interfacebridgeportaddbridge=Hotspotinterface=wlan1
1. Clickonthe"Bridge"menu
2. Clickonthe"Ports"Tab
3. Clickonthe"+"
4. Selecttheinterfaceyouwanttoaddtothehotspot,inmycaseitis"wlan1"
5. Selectthe"Hotspot"bridge
6. Click"OK
data:text/htmlcharset=utf8,%3Ch2%20class%3D%22posttitle%20entrytitle%22%20style%3D%22fontsize%3A%2028px%3B%20margin%3A%200.83em
9/16
12/2/2015
SettingupaMikrotikHotspotwithUserManager(StepByStep)~BinaryHeartbeat
3.3ConfiguretheAccessPoint
IfyouareusingaRouterBOARD750orsimilar,youwillnotbeusingthissection.
Youmaychoosetoimplementsecurityonyouraccesspoint,butsincethisisacaptiveportal,you
shouldnotneedtouseanysecurity.Thistutorialwillnotincludeanysecuritysettings.
/interfacewirelessset[finddefaultname=wlan1]band=2ghzb/g
disabled=nomode=apbridgessid=Hotspot
1. Clickonthe"Wireless"Menu
2. DoubleclickontheWirelessInterfacethatyouwillbeusing
3. Setthemodeto"apbridge"
4. Setthebandto2GhzB/G(orotherwiseifneedsbe)
5. ChangetheSSIDto"Hotspot",orwhateversuitsyou.
6. Click"OK"
data:text/htmlcharset=utf8,%3Ch2%20class%3D%22posttitle%20entrytitle%22%20style%3D%22fontsize%3A%2028px%3B%20margin%3A%200.83em
10/16
12/2/2015
SettingupaMikrotikHotspotwithUserManager(StepByStep)~BinaryHeartbeat
4ConfiguretheHotspot
/iphotspotprofile
adddnsname=hotspot.example.comhotspotaddress=192.168.0.1
name=hsprof1smtpserver=192.168.123.4
/iphotspot
addaddresspool=hspool7disabled=nointerface=Hotspot
name=hotspot1profile=hsprof1
/iphotspotuserprofile
set[finddefault=yes]idletimeout=nonekeepalivetimeout=2m
maccookietimeout=3d
/iphotspotuser
addname=dexterpassword=dexter
1. Clickonthe"IP"menu.Ifthisoptionisnotavailablerefertostep2
2. Clickonthe"Hotspot"item
3. Clickon"HotspotSetup".ThiswillstarttheHotspotSetupWizard
data:text/htmlcharset=utf8,%3Ch2%20class%3D%22posttitle%20entrytitle%22%20style%3D%22fontsize%3A%2028px%3B%20margin%3A%200.83em
11/16
12/2/2015
SettingupaMikrotikHotspotwithUserManager(StepByStep)~BinaryHeartbeat
4.1TheHotspotWizard
1. SelecttheHotspotbridgeastheHotspotInterface
2. ClickNext
1. ClicknextTheaddressrangeshouldbefilledinautomaticallyasperournetworkconfiguration.
1. ClickNexttheaddresspoolshouldbeprepopulatedwiththerightsettings
data:text/htmlcharset=utf8,%3Ch2%20class%3D%22posttitle%20entrytitle%22%20style%3D%22fontsize%3A%2028px%3B%20margin%3A%200.83em
12/16
12/2/2015
SettingupaMikrotikHotspotwithUserManager(StepByStep)~BinaryHeartbeat
1. ThistutorialwillnotcovertheuseofCertificates,soyoumayselect"none"andclicknext
1. EntertheIPAddressofyourSMTPserver.ManyprovidersdonotallowuseoftheirSMTP
serversoutsidetheirownnetwork,sothisoptionallowsyoutocircumventtheSMTPserver
configuredontheclient'sdeviceinfavorofyourown.(YoumayevenspecifytheSMTPserver
ofyouownproviderinsomecases)
2. Click"Next"
ThesearetheupstreamDNSserversusedbythehotspot.
1. EnteroneormoreupstreamDNSservers,youcanuseOpenDNStoprovideyouwithabasic
filteringservice.HereIuseGoogle'spublicDNS.
2. Click"Next"
1. EnterahostnameforthelocalHotspot.Iamusinghotspot.example.com,butthiscouldbe
anythingyouwant.
data:text/htmlcharset=utf8,%3Ch2%20class%3D%22posttitle%20entrytitle%22%20style%3D%22fontsize%3A%2028px%3B%20margin%3A%200.83em
2. Click"Next"
13/16
12/2/2015
SettingupaMikrotikHotspotwithUserManager(StepByStep)~BinaryHeartbeat
1. EnteranameforyouradministrativeHotspotuser.
2. Enterapasswordforyouradministrativeuser.
3. Click"Next"
1. Click"OK"tocompleteyourhotspotsetup.
Congratulations,youhavenowsetupbasicfunctionalityforaMikrotikWirelessHotspot,youcan
createusersunder"IP>Hotspot>Users.Butalas,youstillneedtoconfiguretheUsermanagerfora
fullyfeaturedhotspot.
Step5ConfiguringUserManager
5.1SettinguptheHotspottouseRADIUS
1. Clickonthe"IP"menu
2. Clickon"Hotspot"
3. Selectthe"ServerProfiles"tab
4. Doubleclickon"hsprof1"
5. Selectthe"RADIUS"tab
6. Tickthe"UseRADIUS"tickbox
7. Click"OK"
data:text/htmlcharset=utf8,%3Ch2%20class%3D%22posttitle%20entrytitle%22%20style%3D%22fontsize%3A%2028px%3B%20margin%3A%200.83em
14/16
12/2/2015
SettingupaMikrotikHotspotwithUserManager(StepByStep)~BinaryHeartbeat
1. Clickon"RADIUS"
2. Clickon"+"
3. Tickthe"hotspot"tickbox
4. AddtheloopbackbridgeIPtotheaddressfield,inthistutorial10.10.0.1
5. Chooseasecurepassword
6. Click"OK"
1. Usingyourbrowserofchoice,connecttohttp://routerip/userman
2. Click"LogIn"Thedefaultusernameisadminwithnopassword
data:text/htmlcharset=utf8,%3Ch2%20class%3D%22posttitle%20entrytitle%22%20style%3D%22fontsize%3A%2028px%3B%20margin%3A%200.83em
15/16
12/2/2015
SettingupaMikrotikHotspotwithUserManager(StepByStep)~BinaryHeartbeat
1. Onceyouhaveloggedin,clickonthe"Routers"menu
2. Click"Add"then"New"
3. Enter"LocalRouter"asthename
4. EntertheLoopbackBridgeIPaddress
5. Enterthepasswordyouchoseearlier.
6. Click"OK"
YourMikrotikHotspotshouldnowbeabletocommunicatewiththeUsermanagerRadiusServer.You
cannowproceedtosetupprofilesandusersontheusermanagerinterface.
data:text/htmlcharset=utf8,%3Ch2%20class%3D%22posttitle%20entrytitle%22%20style%3D%22fontsize%3A%2028px%3B%20margin%3A%200.83em
16/16