Presentation is loading. Please wait.

Presentation is loading. Please wait.

Hotspot Customization

Published byFelicity Stair Modified over 9 years ago

Similar presentations

Presentation on theme: "Hotspot Customization"— Presentation transcript:

1 Hotspot Customization
Mikrotik User Meeting (MUM) Indonesia Bali, June 2008

2 About Me Donny Fauzan Electrical Engineering Graduate
Software Engineer (Mostly Web) since college Network Engineer (BSD, Linux & Mikrotik) since college Current jobs : PT.Pramindo Ikat (Telkom) Wireless Hotspot Network (Setting Mikrotik Hotspot with FreeRadius MySQL, developing HotspotManager for Radius) Ministry of Education Accounting (SAI) Network (Setting VPN+OSPF Network, developing client software. Training for UFOAKSES Indonesia

3 Agenda Introduction & basics Hotspot setup Hotspot Customization Q & A

4 Agenda Introduction & basics Hotspot setup Hotspot Customization Q & A

5 Introduction Hotspot : “zero configuration” Hotspot components
User would not require any setup, everything is done automatically Hotspot components IP Address assignment (DHCP) DNS relay & cache NAT & Firewall Traffic shaping & QoS AAA (Authentication, Authorization, Accounting)

6 AAA Authentication  Captive portal Authorization  firewall
User logs in via web interface (http cookie). Captive means “jailed” or “prisoned”. You can connect to the AP, but in very restrictive environment. Authorization  firewall Walled garden NAT Accounting  RADIUS Postpaid billing Voucher (prepaid)

7 Scenario User search for wireless network SSID
User find the SSID, then connect without any wi-fi security (WEP, WPA, WPA2, etc) User starts browsing Captive portal will then be shown User enters his/her login information (user & password) Mikrotik will check the account supplied against local user table, and radius server supplied After the user is verified, the accounting process will be started. A pop up will be shown, contains connection status

8 Login Page or “Captive Portal”

9 Agenda Introduction & basics Hotspot setup Hotspot Customization Q & A

10 Step by Step (1) Prepare your wireless interface
Mode : AP Bridge SSID : Any string (max. 32 chars) Band : 2.4 GHz (B/G or G-only) Frequency : better scan first Add wlan interface IP address Run hotspot wizard Interface : to run hotspot on Gateway address : the router hotspot interface’s IP address Address pool : for DHCP Certificate : for https login page SMTP server : for relaying mails to DNS server : for clients DNS resolves DNS name : DNS alias for your router’s hotspot pages User : for testing purposes

11 Step by Step (2) Set your hotspot server Set your server profile
Name : better rename it (ex : myhotspot) Set your server profile General > Name : better rename it (ex: myhotspot-profile) General > HTML Directory : may be different for multiple AP or VAP setups Login > Login By : set CHAP (encrypted password), Cookie (user sessions stored in browser’s as cookies) HTTPS (in case using https login pages – requires certificate) Radius : set Check “Use Radius” Check “Accounting”

12 Hotspot Setup “Wizard”

13 Server Profile

14 User Profile

15 Hotspot Servlet Pages

16 Agenda Introduction & basics Hotspot setup Hotspot Customization Q & A

17 Hotspot Customization Scenarios
Hotspot with advertisements. Hotspot with “walled garden”. Limit user bandwidth (using local users table). Shared user Attach the hotspot to the UserManager Attach the hotspot to another Radius server Customize the captive portal, by adding simple changes to login page and/or other servlet pages. Centralize login page on a webserver

18 (1) Advertisements Advertisement feature could be enabled in user profiles (there is a “default” profile). Add another user profile or change the default one. Go to “advertisement” tab, and check “Advertise” Insert advertisement pages (for more, click down arrow) Set advertisement interval Example implementation : Ad-Supported Free Hotspot

19 (2) Walled Garden Walled garden : sites that are allowed to be accessed from the network without being authenticated. Can be set from Hotspot > Walled Garden tab Configuration : Set action (usually allow) Set the particular hotspot server (useful for VAP) Set src address to prohibit certain clients Set dst address to specify allowed/blocked sites by IP Set dst host to specify allowed/blocked sites by DNS Set the port Example implementation : Paid Hotspot with external webserver displaying subscription info

20 (3) Limit User Bandwidth (local)
Limit user bandwidth, using mikrotik hotspot local user profile. Can be set from Hotspot > Profile Configuration : General > Rate Limit (rx/tx) Example implementation : Free hotspot

21 (4) Shared Users One user name can be used more then once, for a limited number. Set the limit number of users from Hotspot > Profile When the shared-users limit for the user's profile is reached, one will have wait until someone with this username logs out, use different login name or extend the shared-users limit Configuration : General > Shared users (set the maximum limit) Example implementation : Limited guest user name for a hotspot

22 (5) Use UserManager Download the usermanager package from mikrotik.com/download.html The User Manager package is included in the all package file named "Separate packages for Netinstall“ Upload the package to “files”, then reboot Enable the radius settings in the corresponding Server Profiles > Radius tab > Use Radius Add the userman as a radius server in Radius > New Radius Server Configuration (refer to refman2.9.pdf page 395) For “Radius client” for information about the “Services settings” refer to refman Example setup for wireless hotspot authentication based on username (not MAC address which is unsecure) : check hotspot & login Set for address if the userman resides in the AP Set Radius > incoming to enable the AP receiving and executing radius attributes & commands Go to Example implementation : Paid hotspot with prepaid or postpaid users

23 (6) Use other Radius Server
Install Radius server if it hasn’t been installed yet. Alternatives : FreeRADIUS, XTRadius, Steel-Belted Radius. Install the database (oracle, mysql, postgres, etc) Configure the radius Set the “secret” word Set the Mikrotik’s dictionary in its “dictionary” directory. Set the database & prepaid script realms Install the “dictionary” for mikrotik. Look for it in : Save in the corresponding directory. In freeradius-Fedora it will be: /usr/share/freeradius/dictionary.mikrotik Install the radius management software (or develop one ;))

24 (6) Use other Radius Server (cont’d)
Add the radius server in Radius > New Radius Server Refer to refman2.9.pdf page 395 about “Radius client” for information about the “Services settings” Configuration (refer to refman2.9.pdf page 395) For “Radius client” for information about the “Services settings” refer to refman Example setup for wireless hotspot authentication based on username (not MAC address which is unsecure) : check hotspot & login Set the radius server’s address & secret (equal to the server) Set Radius > incoming to enable the AP receiving and executing radius attributes & commands

25 (7) Simple Changes Look for them in Files  hotspot
Download using copy-paste Change on your computer Re-upload to the router

26 (8) Centralize the Captive Portal
Follow (7) steps Redirect the login page to your server, using simple javascript. Don’t forget to include the servlet variables in the URI Show your own login page, with action=“POST” & url replaced by the corresponding servlet variable. You can also post to your server to be able to fetch some data, and then forward the POST to your AP router.

27 Agenda Introduction & basics Hotspot setup Hotspot Customization Q & A

Download ppt "Hotspot Customization"

Similar presentations

CY-SWR1100 Dual Band Wireless N Router

CY-SWR1100 Dual Band Wireless N Router
Forms Authentication, Users, Roles, Membership Ventsislav Popov Crossroad Ltd.

Forms Authentication, Users, Roles, Membership Ventsislav Popov Crossroad Ltd.
Application Guide For Mesh AP – MAP-3120

Application Guide For Mesh AP – MAP-3120
WHG Product Training Oct 2011 For authorized partners only

WHG Product Training Oct 2011 For authorized partners only
DSL-2730B, DSL-2740B, DSL-2750B.

DSL-2730B, DSL-2740B, DSL-2750B.
MikroTik Vendor Session © MikroTik 2005 1 MikroTik Vendor Session WISPNOG February 17-18 th, 2005 Chicago, IL.

MikroTik Vendor Session © MikroTik MikroTik Vendor Session WISPNOG February th, 2005 Chicago, IL.
Filtering and Security By Mohammad Shanehsaz June 2004.

Filtering and Security By Mohammad Shanehsaz June 2004.
beas WEB App Installation

beas WEB App Installation
Technical Overview July, 2004.

Technical Overview July, 2004.
DAP-1520 FAQ’s Wireless AC750 Dual Band Range Extender.

DAP-1520 FAQ’s Wireless AC750 Dual Band Range Extender.
DNR-322L & DNR-326.

DNR-322L & DNR-326.
DSL-2870B How to Change ADSL Username and Password in your modem router How to Change Wireless Channel in your modem router How to Open Ports in your modem.

DSL-2870B How to Change ADSL Username and Password in your modem router How to Change Wireless Channel in your modem router How to Open Ports in your modem.
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.

Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.
1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.

1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
DVG-N5402SP.

DVG-N5402SP.
1 Configuring Linksys Wireless Router Prof. Valencia Community College.

1 Configuring Linksys Wireless Router Prof. Valencia Community College.
hotEx RADIUS Manager Installation

hotEx RADIUS Manager Installation

Similar presentations

Ads by Google