Mikrotik Hotspot Quick Setup Guide + Tips n Tricks for Hotspot !

A HOTSPOT is way to provide internet access to subscribers by means of an easy to use login interface as it does not require any client software/driver/dialer at user end. To log in, users may use almost any web browser , so they are not required to install additional software.It is also possible to allow users to access some web pages without authentication using Walled Garden feature. In my personnel opinion, Hotspot is best suited for ad hoc situations, where you cannot control how the client has their machines configured. This is generally useful in Conference Rooms, Hotels, Cafes , Restaurants and likewise since people will come and go and you have few permanent users. One big advantage of using hotspot is that HotSpot does not require any client software/driver/dialer. One disadvantage of using HotSpot is that its usually requires your client to open up his browser to log in before he can use your service . So users wanting to connect to your service using a router or some kind usually have a problem (as routers usually dont support logging in via HTTP). Following is a quick setup guide (CLI version) on how-to setup HOTSPOT server in Mikrotik using command interface. This guide will help you in setting up . . . # HOTSPOT server, # It will also configure DHCP to assign users IP Address from 172.16.0.1-172.16.0.255 ip pool . Change it accordingly. # I will add two Speed / Rate Limit Profiles, 256k and 512k, it will add a new user zaib password=test with 512k profile and user test Password=test with 256k Limit. # It will Add Default Route to internet which is DSL router ip 192.168.2.2 , Change it accordingly. In this examples, Mikrotik have two interface cards. Ether1 LAN = 172.16.0.1 / Connected with LAN/Hotspot users Ether2 WAN = 192.168.2.1 / Connected with DSL router DSL Router = 192.168.2.2 Script Starts Below.
01 /ip address add address=172.16.0.1/24 comment=LAN disabled=no interface=ether1 02 network=172.16.0.0 add address=192.168.2.1/24 comment=WAN disabled=no interface=ether2 03 network=192.168.2.0

04 05 /ip pool 06 add name=hs-pool-1 ranges=172.16.0.10-172.16.0.255 07 08 /ip dns set allow-remote-requests=yes cache-max-ttl=1w cache-size=10000KiB max09 udp-packet-size=512 servers=192.168.2.2 10 11 /ip dhcp-server add address-pool=hs-pool-1 authoritative=after-2sec-delay bootp12 support=static disabled=no interface=ether1 lease-time=1h name=dhcp1 13 14 /ip dhcp-server config set store-leases-disk=5m 15 /ip dhcp-server network add address=172.16.0.0/24 comment="hotspot 16 network" gateway=172.16.0.1 17 18 /ip hotspot profile 19 set default dns-name="" hotspot-address=0.0.0.0 html-directory=hotspot http-cookie-lifetime=3d http-proxy=0.0.0.0:0 login-by=cookie,http-chap 20 name=default rate-limit="" smtp-server=0.0.0.0 split-user-domain=no useradius=no 21 add dns-name=login.aacable.net hotspot-address=172.16.0.1 htmldirectory=hotspot http-cookie-lifetime=1d http-proxy=0.0.0.0:0 login22 by=cookie,http-chap name=hsprof1 rate-limit="" smtp-server=0.0.0.0 splituser-domain=no use-radius=no 23 24 /ip hotspot add address-pool=hs-pool-1 addresses-per-mac=2 disabled=no idle25 timeout=5m interface=ether1 keepalive-timeout=none name=hotspot1 profile=hsprof1 26 27 /ip hotspot user profile 28 set default idle-timeout=none keepalive-timeout=2m name=default shared29 users=1 status-autorefresh=1m transparent-proxy=no 30 add address-pool=hs-pool-1 advertise=no idle-timeout=none keepalive31 timeout=2m name="512k Limit" open-status-page=always rate-limit=512k/512k shared-users=1 status-autorefresh=1m transparent-proxy=yes 32 add address-pool=hs-pool-1 advertise=no idle-timeout=none keepalive33 timeout=2m name="256k Limit" open-status-page=always rate-limit=256k/256k shared-users=1 status-autorefresh=1m transparent-proxy=yes 34 35 /ip hotspot service-port set ftp disabled=yes ports=21 36 /ip hotspot walled-garden ip add action=accept disabled=no dst37 address=172.16.0.1 38 39 /ip hotspot set numbers=hotspot1 address-pool=none

40 41 /ip firewall nat add action=masquerade chain=srcnat disabled=no 42 43 /ip hotspot user 44 add disabled=no name=admin password=123 profile=default add disabled=no name=zaib password=test profile="512k Limit" 45 server=hotspot1 add disabled=no name=test-256k password=test profile="256k Limit" 46 server=hotspot1 47 48 /ip route add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.2.2 49 scope=30 target-scope=10

Basic HOSTPOT is now configured. Now goto client pc, Upon booting, it will automatically receive ip from hotspot dhcp server, Open your browser and try to open any web site, You will see Hotspot Login page asking for credentials.

OR you can customize the hotspot login page to show your logo look like something

You can also make configuration changes via GUI. Please read the following guide for easy n step by step guide on HOTSPOT setup. http://wiki.mikrotik.com/wiki/Hotspot_server_setup

HOWTO CUSTOMIZE HOTSPOT LOGIN PAGE

You can use some fancy good looking login page. To customize the login page, Open Winbox , Goto Files , here you will see various files, look at hotspot/login.html , Drag n Drop this file to Desktop. See the attached picture.

Now open it using any html editor, I always prefer FRONTPAGE for editing HTML pages due to its easy interface. Customize it according to your need, You must have some prior knowledge of some website / html editing. You can insert your logo , advertisement and lot more in this page. After you are done, simply Upload the file back from where you downloaded it. use drag n drop feature. For beginners, I recommend you not to change any

default variable, just ad your logo n text , After you are familiarized with the structure, you can build your own fully customized login page. Good examples of hotspot login page can be found at following link.
1

http://forum.mikrotik.com/viewtopic.php?t=26609

Howto Redirect User to your selected site after succesful Login

If you want that after successful login to hotspot , user must be redirected to your advertisement web site / any other web, then You will need to replace a variable on the hotspot/login.html document on the mikrotik router. You must replace $(link-orig) with the url of the website you want them to get after login. There are two links that you have to replace, and both look like this:
1 <input type="hidden" name="dst" value="$(link-orig)">

Change them to
1 <input type="hidden" name="dst" value="http://aacable.wordpress.com">

Now after successful login, user will automatically redirected to yoursite.com, you can also create your customized page showing users details using the variables available.

Howto Allow URL for some destinations for non authenticated Users
Sometimes it is required to allow access to some destinations / URLs for non authenticated users, for example if you have a web / radius server and you want that user can access it without login to hotspot, then you can add its ip address in walled garden.
1 /ip hotspot walled-garden add dst-host=www.website.com 2 /ip hotspot walled-garden ip add dst-address=192.168.2.2 action=accept 3 OR /ip firewall nat add chain=pre-hotspot dst-address=192.168.2.2 4 action=accept

HOTSPOT users cant communicate with each other on LAN or PROXY-ARP issue
If you face hotspot broadcast issue / arp-poisoning , problem, Remove the address pool from the Hotspot to turn off Universal NAT, 1 /ip hotspot set <number> address-pool=none 2 OR 3 /ip hotspot set numbers=hotspot1 address-pool=none

4 OR /ip firewall nat add chain=pre-hotspot dst-address-type=!local 5 hotspot=auth action=accept

Howto Bypass authentication for Few Clients

This bypasses the hotspot by mac address. 1 /ip hotspot ip-binding add mac-address=xx:xx:xx:xx:xx:xx type=bypassed (change xx:xx:xx:xx:xx:xx with your user's mac address. You can also use the ip address to bypass.