Professional Documents
Culture Documents
Mikrotik Aradial Configuration Guide
Mikrotik Aradial Configuration Guide
©2006 Aradial
This document contains proprietary and confidential information of Aradial and Spotngo and shall not be reproduced or
transferred to other documents, disclosed to others, or used for any purpose other than that for which it is furnished,
without the prior written consent of Aradial. It shall be returned to the Aradial upon request.
The trademark and service marks of Aradial, including the Aradial logo, are the exclusive property of Aradial, and may
not be used without permission. The trademark and service marks of Spotngo, including the Spotngo logo, are the
exclusive property of Spotngo, and may not be used without permission. All other marks mentioned in this material are
the property of their respective owners.
http://www.aradial.com
0H
http://www.radius-server.com
1H
http://www.wifi-radius.com
2H
http://www.spotngo.ca
3H
Document Information
Software Version: 3.x
Document Version: 1.0
Publication Date: January 2006
Author Tomer Shahaf
Contents
Overview ............................................................................................................................................................... 4
General................................................................................................................................................................ 4
Sample Network deployments........................................................................................................................... 5
Centralized Deployment: .............................................................................................................................. 5
Localized Deployment:................................................................................................................................. 6
Mikrotik Router OS Installation ........................................................................................................................ 8
CD Installation............................................................................................................................................... 8
Initial Configuration ......................................................................................................................................... 12
IP configuration through the command line interface ............................................................................... 12
Winbox – GUI configuration...................................................................................................................... 16
Winbox – GUI configuration...................................................................................................................... 16
Hotspot Configuration:.....................................................................................................................................20
Overview
General
This document is created to provide a sample deployment guide for a centralized deployment utilizing
Aradial Radius server, Spotngo Payment module and Mikrotik Router OS Network Access Server.
The document contains information relevant to central, localized and distributed network deployments.
Additional documentation for Aradial, Spotngo Payment module and Mikrotik are available in their
respective installations.
Aradial Documentation is located in the 'Docs' folder or can be opened from the 'start', 'programs,'
Aradial, selecting Manual.
Aradial Web Admin is available at: http://locahost:8000 (user: admin, password: password).
Aradial Client Web Self Care module is available at: http://locahost:8001
Aradial Hotspot Captive Portal is located at: http://locahost:8002
Spotngo Captive portal is available at: https://localhost
Spotngo Web Admin is available at https://localhost/Payment?page=mainadmin
This document intended for the configuration of the network assuming Aradial and Spotngo Payment
Modules are installed.
Typical Deployments: Hotspot service Providers, ISP, WISP, VOIP, Corporate, hosted solution,
etc.
Aradial and Spotngo Payment Module are installed at the NOC, Network Operation Center, Data
Center, Hosted environment or Head office.
Mikrotik gateway / Access controller (Network Access Server) installed on site at internet point of
presence.
Client redirection and AAA Radius requests will be sent by the Mikrotik unit to the centralized
Radius server and billing solution for processing.
Hotzone n
`
Switch Head Office / NOC
Wired Hotzone 2
Client
AP AC / AP
PDA Laptop
PDA `
Integrated Mikrotik Access Centralized Aradial Radius
PC with Controller & Access Point Server Including:
Page
Wireless Client Captive portal
Redirect
Web Self Care
Laptop Computer with + Session User Database
Wireless Card control Optional Payment Module
Back
ink
haul
lL
au
Link
ckh
Ba
Mikrotik
Access controller
Localized Deployment:
Typically used in stand alone venues including air ports, hotels, small ISP, WISP, call shops,
cyber cafes and corporate. The Aradial radius server, Billing solution and Access controller are all
deployed locally on site.
PT khau
Ba
MP l
c
In the sample network diagram above, the Mikrotik will provide session control, captive portal
redirection and authentication for wired clients connected to the switch or wireless clients
connected through the Access points.
Modem
Router
Static IP: 192.168.5.10
xDSL / Cable
Remote
Locations
Page Modem
Aradial Redirect
Radius + Session
Switch Server + control
Page Login Page
Redirect Web Server Integrated Mikrotik Access
+ Session Controller & Access Point
control
WAN IP: 192.168.5.12 – Static WAN IP: 192.168.5.11 – Static
LAN IP: Hotspot defined LAN IP: Hotspot defined
Integrated
Mikrotik Access
Controller & Integrated Mikrotik
Access Point Access Controller &
Access Point
`
PC Computer with PDA Laptop
PDA Wireless Card
When the user tries to surf When the user tries to surf
the Access Controller the Access Controller
Laptop Computer with
redirects him to a SSL redirects him to a SSL
Wireless Card
secured login page secured login page
***Note: All IP assignments in this diagram are for example only and should be replaced with existing network IPs. The
Mikrotik LAN IP will be assigned during the Hotspot setup.
***Note: All IP assignments in this diagram are for example only and should be replaced with existing network IP addresses. The Mikrotik
LAN IP will be assigned during the Hotspot setup and the hotspot DHCP server will assign IP to the clients. Static IP Clients out of the
range of the hotspot will be assigned local IP which will bind to the client preset IP to support service to any IP.
To install the RouterOS using a CD you will need a CD-writer and a blank CD. Burn the CD-image (an .iso file) to a CD.
The archive with image can be downloaded from the Mikrotik Download site:
1. After downloading the CD image from www.mikrotik.com you will have an ISO file on your computer:
3. In the program, choose Burn Image entry from the Recorder menu (there should be similary named option in all
major CD burning programs):
7. After booting from CD you will see a menu where to choose packages to install:
Move around menu using 'p' and 'n' or arrow keys, select with 'spacebar'.
Select all with 'a', minimum with 'm'. Press 'i' to install locally or 'r' to
install remote router or 'q' to cancel and reboot.
Follow the instructions, select needed packages, and press 'i' to install the software.
Continue? [y/n]
You should choose whether you want to keep old configuration (press [Y]) or to erase the configuration
permanently (press [N]) and continue without saving it. For a fresh installation, press [N].
Creating partition...
Formatting disk...
The system will install selected packages. After that you will be prompted to press 'Enter'. Before doing that,
remove the CD from your CD-Drive:
Software installed.
Press ENTER to reboot
Once the Router OS is installed please contact us to arrange for the Mikrotik License purchase.
For WRAP boards and generic PC, we also offer the licensed Mikrotik Router OS preinstalled on
Compact Flash.
Initial Configuration
IP configuration through the command line interface
The newly installed router OS needs to be initially configured with an IP address through the
command line interface prior being able to continue the configuration through the Winbox or web
interface.
The command line interface can be accessed via a keyboard and monitor connected to the PC, or
through remote terminal such as Windows hyper terminal and a Null Modem cable.
Username: admin
Password:
Static IP assignment:
Once logged in to the command line interface, Type:
Setup
And the following menu will appear:
[admin@MikroTik] > setup
Setup uses Safe Mode. It means that all changes that are made during setup
are reverted in case of error, or if Ctrl-C is used to abort setup. To keep
changes exit setup using the 'x' key.
Type: a
Type: a
To add IP address.
Select the interface you would like the IP assigned to typically the WAN IP is assigned to ether1
Enter the IP address and the CIDR for example: 192.168.8.54/24
Then add the gateway by typing: g
Add the gateway to the network, in this example: 192.168.8.1
Then x to exit the setup.
ip address/netmask: 192.168.8.54/24
#Enabling interface
/interface enable ether1
#Adding IP address
/ip address add address=192.168.8.54/24 interface=ether1 comment="added by \
setup"
+ a - add ip address
* g - setup default gateway
x - exit menu
your choice [press Enter to setup default gateway]: g
gateway: 192.168.8.1
#Adding default route
/ip route add dst-address=0.0.0.0/0 gateway=192.168.8.1 comment="added by \
setup"
+ a - add ip address
+ g - setup default gateway
* x - exit menu
your choice: x
r - reset all router configuration
+ l - load interface driver
+ a - configure ip address and gateway
d - setup dhcp client
* s - setup dhcp server
p - setup pppoe client
t - setup pptp client
x - exit menu
your choice [press Enter to setup dhcp server]: x
At this point, we can continue the configuration through the Winbox interface with the newly
assigned IP address.
Setup
And the following menu will appear:
[admin@MikroTik] > setup
Setup uses Safe Mode. It means that all changes that are made during setup
are reverted in case of error, or if Ctrl-C is used to abort setup. To keep
changes exit setup using the 'x' key.
Winbox is the graphical user interface for configuring the Mikrotik Router OS.
There are two ways to access the device via Winbox. You can download the winbox application
from the router or through the DUDE.
1. Open a web browser and type the address assigned to the router:
2. Then click on Download it link on the top left to download the Winbox.
3. See router page below.
4. Once downloaded, you can run it to access the router, enter the device IP address,
username and password. The default credentials are username: admin and no password.
The Dude network monitor is a new application by MikroTik which can dramatically improve the
way you manage your network environment. It can automatically scan all devices within specified
subnets, draw and layout a map of your networks, monitor services of your devices and alert you
in case some service has problems.
Once installed and running, click on discover, verify the network address and subnet are for the
range of the newly installed Router OS, and click discover.
Alternatively, you can right click the window and add a device.
Once the devices are discovered and displayed as below, you can right click on the Router OS
select tools then select Winbox.
Winbox is one of the main tools used in deploying and configuring the router OS.
In this portion of the manual we will concentrate on the hotspot configuration, additional
deployment types will be added in the future.
Hotspot Configuration:
The hotspot configuration includes the following settings:
Then in the radius window click on the + sign to add a radius server.
Hotspot Setup:
Click on Setup
Select the hotspot interface typically ether2 or Wlan1
If you have an SSL certificate for the Mikrotik Already, enter it now or you can add it later.
If you would like to offer SMTP server to your hotspot clients, enter it now, or you can enter it later.
Most Hotspot providers will not add their SMTP server to avaid clients registering for short period
and using their servers for spam.
Enter the local DNS name for the Mikrotik. This is used for the Aradial Radius server Portal
posting. It can further be changed in the Aradial and Spotngo Portal to match the service
provider’s choice for the local DNS name.
Enter an admin hotspot user for local account in case you have to get in through the captive portal
when to correct a miss configuration.
The hotspot profile is used to further control the hotspot setting including the login page to be used
and for the radius authentication.
In the main hotspot menu, click on profiles and double click the profile you would like to edit.
In the Login menu, uncheck the HTTP CHAP and Cookie and check the HTTP PAP
At this point you are ready to log in through the built in Mikrotik Captive Portal with a user in your
radius server.
If you have not added the NAS in the Aradial Radius Server, now is a good time to do so.
In the Aradial Main Admin, go to Server Configurations
Then select Add NAS
Enter the name of the new NAS, IP address, secret and for the NAS model select Mikrotik.
For NAS server on dynamic IP, add the NASID as sent by the Mikrotik and the secret and select
dynamic IP.
The NASID setting in the Mikrotik is located under System side menu and Identity submenu.
Walled Garden:
Walled garden is the allowed sites which can be accessed prior authentication by the hotspot
clients. Typically used for the service provider’s captive portal, their site, additional information
bout the venue, terms and conditions, etc
In Order for External Captive portal redirection to work, it has to be added to the Walled garden list
of allowed IP.
In the Hotspot window, click on the Walled Garden in the top menu.
Then click on IP List.
Note: the check mark on the side of the setting mean NOT (!), if checked the rule will apply to
NOT hotspot1.
The Mikrotik internal Captive Portal ca be replaced with an External captive portal redirection.
On the side menu go to files, and replace the login.html file under the hotspot directory with a new
login.html containing the following redirect code.
<head>
<title>...</title>
</head>
<body>
</body>
</html>
<head>
<title>...</title>
</head>
<body>
</body>
</html>
Both Aradial and Spotngo Captive Portals support location branding and the parameter can be
entered in the login.html redirect URL to identify the calling location and price groups.