Setting up a Mikrotik Hotspot with UserManager (Step-By-Step) 15:14
POSTED BY JURGENS KRAUSE
S T E P , T U T O R I A L
HOTSPOT , MIKROTIK , STEP-BY-
69 COMMENTS
Mikrotik RouterOS provides a very powerful Hotspot Feature. This can be used with the Mikrotik built in Radius server (Useran! or with a reote Radius"Freeradius Server.
#ou will need$
Mikrotik Router%O&R'$ •
evel ) or better licence (ower (o wer licences will allow only a sin*le Hotspot client!
•
RouterOS +., (-., will also work but this tutorial is based on v+./! The network will be b e confi*ured as below. be low. #ou #ou ay need to ad0ust a d0ust the 12 &ddresses to suit your needs
3otes$ The RouterBOARD CPU and RAM will directly affect the performance of your Hotspot, so consider eforehand how many clients you wish to connect! A RouterBOARD RouterBOARD "#$ can comfortaly run aout %#&#$ users! 'n my e(ample ' will use a RouterBOARD #)% with one %!*+h %!*+h -.A/ card
Step 1: Configure internet access on the router
Add Router IP Address: /ip address add address=10.0.0.2/24 interface=ether1
Chan+e the 'P to match your networ0 confi+uration 4.
5lick on the 12 Menu
6.
5lick on the &ddresses Menu
7.
5lick 898
).
:nte :n terr the the 12 &dd ddre ress ss you wi wish sh to as assi si*n *n to th the e rou route terr th this is wi will ll be th the e out outwa ward rd fa faci cin* n* 12 so ake sure to select the ethernet interface that will *ive the router internet access. 12 a ccess.
-.
5lick on 8&pply8
Configure Upstream DNS Server: /ip dns set servers=8.8.8.8 allow-remote-requests=yes
This e,aple uses ;oo*le
5lick on the 12 Menu
6.
5lick on the '3S Menu
7.
:nter your desired '3S server = here 1 a usin* ;oo*le
).
5lick on 8&pply8
Configure Default Route: /ip route add dst-address=0.0.0.0/0 gateway 10.0.0.1
4.
5lick on 12
6.
5lick on Routes
7.
5lick on 898
).
:nter >.>.>.>"> as the 'st. &ddress
-.
:nter 4>.>.>.4 as the ;ateway
Test: 5heck if you can pin* a public ip address like ?.?.?.? 4.
5lick on Tools
6.
5lick on 2in*
7.
:nter a publicly available address
).
5lick Start
Step : Install User !anager and "otspot 1f you plan to use a stand alone Radius Server you ay skip this step.
'ownload the firware packa*e fro Mikrotik :,tract the @ip file on your local drive 4.
Make sure that the version of the file atches the version and architecture of your device
6.
Open the Files window on winbo,
7.
'ra* the 8user=ana*er=A.A=,,,,,,.npk8 to the files window.
).
'o the sae for 8hotspot=A.A=,,,,,,.npk8.
-.
Reboot the router ("syste reboot!
Step #: Configure interfaces First we need to confi*ure two %rid*e interfaces. The first one will be a loopback interface. 1 have found in the past that if you use the noral loopback address (46/.>.>.4! or one of the other static addresses for the Radius (Userana*er! server you ay e,perience soe difficulties.
#$1$1 % Create &oop'ac( )ridge /interface ridge add name=!oopac"
4.
5lick on the 8%rid*e8 enu
6.
5lick on 898
7.
:nter 8oopback8 for the brid*e nae
).
5lick 8&pply8
#$1$ % Add &oop'ac( )ridge IP Address 1 use any unused private ip ran*e for this it is used siply as an interface to run the R&'1US server on. /ip address add address=10.10.0.1/#2 interface=!oopac"
4.
5lick on the 12 Menu
6.
5lick on the &ddresses enu
7.
5lick the 898 button
).
:nter 84>.4>.>.4"768 as the 12 &ddress
-.
Select the 8oopback8 1nterface
+.
5lick 8OB8
#$$1 % Create "otspot )ridge 1f you are plannin* to run the hotspot on a sin*le interface you ay skip this step. /interface ridge add name=$otspot
4.
5lick on the 8%rid*e8 enu
6.
5lick on 898
7.
:nter 8Hotspot8 for the brid*e nae
).
5lick 8&pply8 #$$ % Add "otspot )ridge IP Address 1 ake use of the private 4C6.4+?.>.4"6) ran*e for the hotspot network but you can use whatever is suitable in your setup. /ip address add address=1%2.1&8.0.1/24 interface=$otspot
4.
5lick on the 12 Menu
6.
5lick on the &ddresses enu
7.
5lick the 898 button
).
:nter 84C6.4+?.>.4"6)8 as the 12 &ddress
-.
Select the 8Hotspot8 1nterface
+.
5lick 8OB8
#$$# % Add "otspot Ports to )ridge 1f you would like ultiple interfaces to have access to the hotspot you can repeat this process only chan*in* the interface each tie. 1f you are runnin* on a Router%O&R' /-> or siilar you will need to add the ports that you &2
4.
5lick on the 8%rid*e8 enu
6.
5lick on the 82orts8 Tab
7.
5lick on the 898
).
Select the interface you want to add to the hotspot in y case it is 8wlan48
-.
Select the 8Hotspot8 brid*e
+.
5lick 8OB
#$# % Configure the Access Point 1f you are usin* a Router%O&R' /-> or siilar you will not be usin* this section. #ou ay choose to ipleent security on your access point but since this is a captive portal you should not need to use any security. This tutorial will not include any security settin*s. /interface wireless set ' find default-name=wlan1 ( and=2gh)-/g disaled=no mode=ap-ridge ssid=$otspot
4.
5lick on the 8Direless8 Menu
6.
'ouble click on the Direless 1nterface that you will be usin*
7.
Set the ode to 8ap=brid*e8
).
Set the band to 6;h@=%"; (or otherwise if needs be!
-.
5han*e the SS1' to 8Hotspot8 or whatever suits you.
+.
5lick 8OB8
* % Configure the "otspot /ip hotspot profile add dns-name=hotspot.e*ample.com hotspot-address=1%2.1&8.0.1 name=hsprof1 smtp-server=1%2.1&8.12#.4 /ip hotspot add address-pool=hs-pool-+ disaled=no interface=$otspot name=hotspot1 profile=hsprof1 /ip hotspot user profile set ' find default=yes ( idle-timeout=none "eepalive-timeout=2m mac-coo"ie-
timeout=#d /ip hotspot user add name=de*ter password=de*ter
4.
5lick on the 8128 enu. 1f this option is not available refer to step 6
6.
5lick on the 8Hotspot8 ite
7.
5lick on 8Hotspot Setup8. This will start the Hotspot Setup Di@ard
*$1 % The "otspot +i,ard 4.
Select the Hotspot brid*e as the Hotspot 1nterface
6.
5lick 3e,t
4.
5lick ne,t = The address ran*e should be filled in autoatically as per our network confi*uration.
4.
5lick 3e,t = the address pool should be pre=populated with the ri*ht settin*s
4.
This tutorial will not cover the use of 5ertificates so you ay select 8none8 and click ne,t
4.
:nter the 12=&ddress of your SMT2 server. Many providers do not allow use of their SMT2 servers outside their own network so this option allows you to circuvent the SMT2 server confi*ured on the client
6.
5lick 83e,t8
These are the upstrea '3S servers used b y the hotspot. 4.
:nter one or ore upstrea '3S servers you can use Open'3S to provide you with a basic filterin* service. Here 1 use ;oo*le
6.
5lick 83e,t8
4.
:nter a host nae for the local Hotspot. 1 a usin* hotspot.e,aple.co but this could be anythin* you want.
6.
5lick 83e,t8
4.
:nter a nae for your adinistrative Hotspot user.
6.
:nter a password for your adinistrative user.
7.
5lick 83e,t8
4.
5lick 8OB8 to coplete your hotspot setup.
5on*ratulations you have now set up basic functionality for a Mikrotik Direless Hotspot you can create users under 812=EHotspot=EUsers. %ut alas you still need to confi*ure the Userana*er for a fully featured hotspot.
Step - % Configuring User!anager -$1 Setting up the "otspot to use RADIUS 4.
5lick on the 8128 enu
6.
5lick on 8Hotspot8
7.
Select the 8Server 2rofiles8 tab
).
'ouble click on 8hsprof48
-.
Select the 8R&'1US8 tab
+.
Tick the 8Use R&'1US8 tickbo,
/.
5lick 8OB8
4.
5lick on 8R&'1US8
6.
5lick on 898
7.
Tick the 8hotspot8 tickbo,
).
&dd the loopback brid*e 12 to the address field in this tutorial 4>.4>.>.4
-.
5hoose a secure password
+.
5lick 8OB8
4.
Usin* your browser of choice connect to http$""router=ip"useran
6.
5lick 8o* 1n8 = The default usernae is
admin
with no password
4.
Once you have lo**ed in click on the 8Routers8 enu
6.
5lick 8&dd8 then 83ew8
7.
:nter 8ocal Router8 as the nae
).
:nter the oopback %rid*e 12 address
-.
:nter the password you chose earlier.
+.
5lick 8OB8
#our Mikrotik Hotspot should now be able to counicate with the Userana*er Radius Server. #ou can now proceed to set up profiles and users on the user ana*er interface.
1 will soon do a UserMana*er Tutorial as well.
