Mikrotik RouterOS
Renato.neves (Talk | contribs) |
Renato.neves (Talk | contribs) |
||
Line 119: | Line 119: | ||
=== User Profile === | === User Profile === | ||
+ | |||
+ | Go to IP > Hotspot > User Profiles. Edit the default entry and change the following options: | ||
+ | |||
+ | * Session Timeout: 00:30:00 | ||
+ | * Idle Timeout: clear this entry | ||
+ | * Shared Users: clear this entry | ||
+ | |||
+ | [[File:13-edit-user-profile.png|800px]] | ||
=== Server Profile === | === Server Profile === | ||
+ | |||
+ | Go to IP > Hotspot > Server Profiles. Edit the hsprof1 entry and change the following options: | ||
+ | |||
+ | * Login By: check only "HTTP PAP" option | ||
+ | * Use RADIUS: checked | ||
+ | * MAC Format: XX:XX:XX:XX:XX:XX (default option) | ||
+ | * Accounting: checked (default option) | ||
+ | |||
+ | [[File:14-edit-server-profile.png|800px]] | ||
+ | |||
+ | [[File:15-edit-server-profile-radius.png|800px]] | ||
=== Hotspot Server === | === Hotspot Server === | ||
+ | |||
+ | Go to IP > Hotspot > Servers. Edit the hs-bridge-hotspot and change the following options: | ||
+ | |||
+ | * Idle Timeout: set the desired timeout (e.g.: 00:05:00) | ||
+ | * Addresses Per MAC: 1 | ||
+ | |||
+ | [[File:16-edit-hotspot-server.png|800px]] | ||
=== Walled Garden === | === Walled Garden === | ||
+ | |||
+ | Allow Social-ID NOW platform URLs and social network URLs by configuring the Walled garden. | ||
+ | |||
+ | Go to IP > Hotspot > Walled Garden. For each [[Walled_Garden_for_the_Social_Login | Walled Garden for the Social Login]] domain you need to use, create an entry in the Walled Garden. | ||
+ | |||
+ | For example, to add *.socialidnow.com, click in "Add New" and set the following options: | ||
+ | |||
+ | * Dst. Host: *.socialidnow.com | ||
+ | |||
+ | [[File:17-add-walled-garden.png|800px]] | ||
+ | |||
+ | At the end, you'll have something like this: | ||
+ | |||
+ | [[File:18-walled-garden-list.png|800px]] | ||
== Files == | == Files == | ||
== Gateway == | == Gateway == |
Revision as of 16:01, 3 July 2018
The following guide was created using a Mikrotik network with the following components:
- Router: Mikrotik RouterBoard 450G
- Firmware: 3.22
- RouterOS: v6.23
Contents |
Requirements
You need to have a Mikrotik RouterBoard with Internet access already configured.
You can reset your RouterBoard and connect the cable with Internet access at the ethernet gateway port (ether1-gateway).
By default, the RouterBoard is configured with automatic address acquisition, so it will get the IP and Gateway from your Internet cable connection and will set up a DHCP Client also.
This guide was created using the WebFig configuration interface, but you can apply the same settings using the Winbox.
Interfaces
By default, the RouterBoard 450G comes with 5 ports and the following interfaces:
- ether1-gateway
- ether2-master-local
- ether3-slave-local
- ether4-slave-local
- ether5-slave-local
In this guide, we'll create a new interface (bridge-hotspot) and associate one of the slaves interface to the bridge.
Ethernet
Go to Interfaces and edit one of the interfaces (e.g. ether4-slave-local). Change the following options:
- Name: ether4
- Master Port: none
Bridge
Go to Bridge and click in "Add New". Set the following options:
- Name: bridge-hotspot
Bridge Port
Now you need to associate the Ethernet interface to the bridge.
Go to Bridge > Ports tab and click in "Add New". Set the following options:
- Interface: ether4
- Bridge: bridge-hotspot
Radius
Go to Radius and click in "Add New". Set the following options:
- Enabled: checked
- Service: Hotspot
- Address: the RADIUS server IP according to your environment/region
- Secret: the provided RADIUS client secret
- Authentication Port: 1812
- Accounting Port: 1813
Hotspot
Go to IP > Hotspot.
Mikrotik offers a wizard (Hotspot Setup) to create almost all resources related to the Hotspot.
Hotspot Setup
Click in "Hotspot Setup".
Choose the "bridge-hotspot" as the "Hotspot Interface":
Set "Local Address of Network" as 10.5.50.1/24:
Let the default value (10.5.50.2-10.5.50.254) for "Address Pool of Network":
Set "Select Certificate" as "none":
Set the "IP Address of SMTP Server" as "0.0.0.0":
Set the DNS servers:
- 10.5.50.1
- 8.8.8.8 (optional)
- 8.8.4.4 (optional)
Set the "DNS Name" as "social-id-hotspot-dns":
And create the default Hotspot user:
You can remove this user later.
Now you have your Hotspot resources created. You'll need to change some settings in the following steps.
User Profile
Go to IP > Hotspot > User Profiles. Edit the default entry and change the following options:
- Session Timeout: 00:30:00
- Idle Timeout: clear this entry
- Shared Users: clear this entry
Server Profile
Go to IP > Hotspot > Server Profiles. Edit the hsprof1 entry and change the following options:
- Login By: check only "HTTP PAP" option
- Use RADIUS: checked
- MAC Format: XX:XX:XX:XX:XX:XX (default option)
- Accounting: checked (default option)
Hotspot Server
Go to IP > Hotspot > Servers. Edit the hs-bridge-hotspot and change the following options:
- Idle Timeout: set the desired timeout (e.g.: 00:05:00)
- Addresses Per MAC: 1
Walled Garden
Allow Social-ID NOW platform URLs and social network URLs by configuring the Walled garden.
Go to IP > Hotspot > Walled Garden. For each Walled Garden for the Social Login domain you need to use, create an entry in the Walled Garden.
For example, to add *.socialidnow.com, click in "Add New" and set the following options:
- Dst. Host: *.socialidnow.com
At the end, you'll have something like this: