Scribd Logo
Upload

Welcome to Scribd!

  • 43 views

    Donny Ufoakses

    Uploaded by

    Kang Bowo D'wizard
    This document summarizes a presentation on customizing Mikrotik hotspots. It discusses various customization scenarios including adding advertisements to the hotspot, creating a "walled garden" to restrict user access, limiting user bandwidth, using shared user profiles, integrating with external user management and RADIUS servers, making simple changes to captive portal pages, and centralizing the login page on an external web server. The full presentation provides step-by-step instructions for configuring each of these customizations in the Mikrotik interface and software.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd

    Donny Ufoakses

    Uploaded by

    Kang Bowo D'wizard
    43 views27 pages
    This document summarizes a presentation on customizing Mikrotik hotspots. It discusses various customization scenarios including adding advertisements to the hotspot, creating a "walled garden" to restrict user access, limiting user bandwidth, using shared user profiles, integrating with external user management and RADIUS servers, making simple changes to captive portal pages, and centralizing the login page on an external web server. The full presentation provides step-by-step instructions for configuring each of these customizations in the Mikrotik interface and software.

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    This document summarizes a presentation on customizing Mikrotik hotspots. It discusses various customization scenarios including adding advertisements to the hotspot, creating a "walled garden" to restrict user access, limiting user bandwidth, using shared user profiles, integrating with external user management and RADIUS servers, making simple changes to captive portal pages, and centralizing the login page on an external web server. The full presentation provides step-by-step instructions for configuring each of these customizations in the Mikrotik interface and software.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd
    Download as ppt, pdf, or txt
    43 views27 pages

    Donny Ufoakses

    Uploaded by

    Kang Bowo D'wizard
    This document summarizes a presentation on customizing Mikrotik hotspots. It discusses various customization scenarios including adding advertisements to the hotspot, creating a "walled garden" to restrict user access, limiting user bandwidth, using shared user profiles, integrating with external user management and RADIUS servers, making simple changes to captive portal pages, and centralizing the login page on an external web server. The full presentation provides step-by-step instructions for configuring each of these customizations in the Mikrotik interface and software.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd
    Download as ppt, pdf, or txt
    of 27

    Hotspot Customization

    Mikrotik User Meeting (MUM) Indonesia Bali, 13-14 June 2008

    About Me
    Donny Fauzan Electrical Engineering Graduate Software Engineer (Mostly Web) since college Network Engineer (BSD, Linux & Mikrotik) since college Current jobs :
    PT.Pramindo Ikat (Telkom) Wireless Hotspot Network (Setting Mikrotik Hotspot with FreeRadius MySQL, developing HotspotManager for Radius) Ministry of Education Accounting (SAI) Network (Setting VPN+OSPF Network, developing client software. Training for UFOAKSES Indonesia

    Agenda
    Introduction & basics
    Hotspot setup Hotspot Customization

    Q&A

    Agenda
    Introduction & basics
    Hotspot setup Hotspot Customization

    Q&A

    Introduction
    Hotspot : zero configuration
    User would not require any setup, everything is done automatically

    Hotspot components
    IP Address assignment (DHCP) DNS relay & cache NAT & Firewall Traffic shaping & QoS AAA (Authentication, Authorization, Accounting)

    AAA
    Authentication Captive portal
    User logs in via web interface (http cookie). Captive means jailed or prisoned. You can connect to the AP, but in very restrictive environment.

    Authorization firewall
    Walled garden NAT

    Accounting RADIUS
    Postpaid billing Voucher (prepaid)

    Scenario
    User search for wireless network SSID User find the SSID, then connect without any wi-fi security (WEP, WPA, WPA2, etc) User starts browsing Captive portal will then be shown User enters his/her login information (user & password) Mikrotik will check the account supplied against local user table, and radius server supplied After the user is verified, the accounting process will be started. A pop up will be shown, contains connection status

    Login Page or Captive Portal

    Agenda
    Introduction & basics
    Hotspot setup Hotspot Customization

    Q&A

    Step by Step (1)


    Prepare your wireless interface
    Mode : AP Bridge SSID : Any string (max. 32 chars) Band : 2.4 GHz (B/G or G-only) Frequency : better scan first

    Add wlan interface IP address Run hotspot wizard


    Interface : to run hotspot on Gateway address : the router hotspot interfaces IP address Address pool : for DHCP Certificate : for https login page SMTP server : for relaying mails to DNS server : for clients DNS resolves DNS name : DNS alias for your routers hotspot pages User : for testing purposes

    Step by Step (2)


    Set your hotspot server
    Name : better rename it (ex : myhotspot)

    Set your server profile


    General > Name : better rename it (ex: myhotspot-profile) General > HTML Directory : may be different for multiple AP or VAP setups Login > Login By : set CHAP (encrypted password), Cookie (user sessions stored in browsers as cookies) HTTPS (in case using https login pages requires certificate) Radius : set Check Use Radius Check Accounting

    Hotspot Setup Wizard

    Server Profile

    User Profile

    Hotspot Servlet Pages

    Agenda
    Introduction & basics
    Hotspot setup Hotspot Customization

    Q&A

    Hotspot Customization Scenarios


    1. 2. 3. 4. 5. 6. 7. Hotspot with advertisements. Hotspot with walled garden. Limit user bandwidth (using local users table). Shared user Attach the hotspot to the UserManager Attach the hotspot to another Radius server Customize the captive portal, by adding simple changes to login page and/or other servlet pages. 8. Centralize login page on a webserver

    (1) Advertisements
    Advertisement feature could be enabled in user profiles (there is a default profile). Add another user profile or change the default one. Go to advertisement tab, and check Advertise Insert advertisement pages (for more, click down arrow) Set advertisement interval Example implementation : Ad-Supported Free Hotspot

    (2) Walled Garden


    Walled garden : sites that are allowed to be accessed from the network without being authenticated. Can be set from Hotspot > Walled Garden tab Configuration :
    Set action (usually allow) Set the particular hotspot server (useful for VAP) Set src address to prohibit certain clients Set dst address to specify allowed/blocked sites by IP Set dst host to specify allowed/blocked sites by DNS Set the port

    Example implementation : Paid Hotspot with external webserver displaying subscription info

    (3) Limit User Bandwidth (local)


    Limit user bandwidth, using mikrotik hotspot local user profile. Can be set from Hotspot > Profile Configuration :
    General > Rate Limit (rx/tx)

    Example implementation : Free hotspot

    (4) Shared Users


    One user name can be used more then once, for a limited number. Set the limit number of users from Hotspot > Profile When the shared-users limit for the user's profile is reached, one will have wait until someone with this username logs out, use different login name or extend the shared-users limit Configuration :
    General > Shared users (set the maximum limit)

    Example implementation : Limited guest user name for a hotspot

    (5) Use UserManager


    Download the usermanager package from mikrotik.com/download.html The User Manager package is included in the all package file named "Separate packages for Netinstall Upload the package to files, then reboot Enable the radius settings in the corresponding Server Profiles > Radius tab > Use Radius Add the userman as a radius server in Radius > New Radius Server Configuration (refer to refman2.9.pdf page 395)
    For Radius client for information about the Services settings refer to refman Example setup for wireless hotspot authentication based on username (not MAC address which is unsecure) : check hotspot & login Set 127.0.0.1 for address if the userman resides in the AP Set Radius > incoming to enable the AP receiving and executing radius attributes & commands

    Go to http://routeraddress/userman Example implementation : Paid hotspot with prepaid or postpaid users

    (6) Use other Radius Server


    Install Radius server if it hasnt been installed yet. Alternatives : FreeRADIUS, XTRadius, Steel-Belted Radius. Install the database (oracle, mysql, postgres, etc) Configure the radius
    Set the secret word Set the Mikrotiks dictionary in its dictionary directory. Set the database & prepaid script realms

    Install the dictionary for mikrotik. Look for it in : http://www.mikrotik.com/documentation/manual_2.9/dictionary.mik rotik Save in the corresponding directory. In freeradius-Fedora it will be: /usr/share/freeradius/dictionary.mikrotik Install the radius management software (or develop one ;))

    (6) Use other Radius Server (contd)


    Add the radius server in Radius > New Radius Server Refer to refman2.9.pdf page 395 about Radius client for information about the Services settings Configuration (refer to refman2.9.pdf page 395)
    For Radius client for information about the Services settings refer to refman Example setup for wireless hotspot authentication based on username (not MAC address which is unsecure) : check hotspot & login Set the radius servers address & secret (equal to the server) Set Radius > incoming to enable the AP receiving and executing radius attributes & commands

    (7) Simple Changes


    Look for them in Files hotspot Download using copy-paste Change on your computer Re-upload to the router

    (8) Centralize the Captive Portal


    Follow (7) steps Redirect the login page to your server, using simple javascript. Dont forget to include the servlet variables in the URI Show your own login page, with action=POST & url replaced by the corresponding servlet variable. You can also post to your server to be able to fetch some data, and then forward the POST to your AP router.

    Agenda
    Introduction & basics
    Hotspot setup Hotspot Customization

    Q&A

    You might also like