Hotspot

Divisi Training
Departemen Teknik
PT UFOAKSES SUKSES LUARBIASA
Jakarta
nux@ufoakses.co.id
 Hotspot
z HotSpot is used for authentication in local
network
z Authentication is based on HTTP/HTTPS
protocol meaning it can work with any Internet
browser
z HotSpot is a system combining together various
independent features of RouterOS to provide
the so called ‘Plug-and-Play’ access
Hotspot Scheme
 Hotspot
z User tries to open a web
z page
z Router checks if the user
z is already authenticated in
z the HotSpot system
z If not, user is redirected
z to the HotSpot login page
z User specifies the login
z information
 Hotspot
z If the login information is
z correct, then the router
z authenticates the client in the
z Hotspot system;
z opens the requested web page;
z opens a status pop-up window
z The user can access the
z network through the
z HotSpot gateway
 HotSpot Features
z User authentication
z User accounting by time, data
transmitted/received
z Data limitation
− by data rate
− by amount
z Usage restrictions by time
z RADIUS support
z Walled garden
Konfigurasi Router Via Winbox
Create Wlan for Hotspot
Create Hotspot
 Aded IP address
For gateway Hotspot
Create IP adress Hotspot
Dhcp Server setup
DNS setup
Hotspot Complete Setup
 HotSpot Server Setup
z Automatically creates configuration entries in
z /ip hotspot
z /ip hotspot profile
z /ip hotspot users
z /ip pool
z /ip dhcp-server
z /ip dhcp-server networks
z /ip firewall nat (dynamic rules)
Hotspot Profile
Uses Radius
 HotSpot Authentication
z HTTP PAP - simplest method, which shows the
HotSpot login page and expects to get the user
credentials in plain text (maximum compatibility
mode)
z HTTP CHAP - standard method, which includes
CHAP computing for the string which will be
sent to the HotSpot gateway.
z HTTPS – plain text authentication using SSL
protocol to protect the session
 HotSpot Authentication
z HTTP cookie - after each successful login, a
cookie is sent to the web browser and the same
cookie is added to active HTTP cookie list. This
method may only be used together with HTTP
PAP, HTTP CHAP or HTTPS methods
z MAC address - authenticates clients as soon as
they appear in the hosts list, using client's MAC
address as user name
z Trial - does not require authentication for a
certain amount of time
Configure User
HotSpot User Profiles
HotSpot IP Bindings
 HotSpot IP Bindings
z Setup static NAT translations based on either
− the original IP address (or IP network),
− the original MAC address.
z Allow some addresses to bypass HotSpot
authentication. Usefully for providing IP
telephony or server services.
z Completely block some addresses.
HotSpot HTTP-level Walled Garden
HotSpot HTTP-level Walled Garden

z Walled garden allows to bypass HotSpot

authentication for some resources
z HTTP-level Walled Garden manages HTTP and
HTTPS protocols
z HTTP-level Walled Garden works like Web-
proxy filtering, you can use the same HTTP
methods and same regular expressions to
make an URL string
 HotSpot IP-level Walled
z IP-level Walled Garden works on the IP level,
use it like IP firewall filter
 Login Page Customization
z There are HTML template pages on the router
FTP for each active HotSpot profile
z Those HTML pages contain variables which will
be replaced with the actual information by the
HotSpot before sending to the client
z It is possible to modify those pages, but you
must directly download HTML pages from the
FTP to modify them correctly
Login pages Hotspot
 User Manager for HotSpot
z Centralized Authorization and Accounting
system
z Works as a RADIUS server
z Built in MikroTik RouterOS as a separate
package
 Requirements for User Manager
z x86 based router with MikroTik RouterOS v2.9.x
and v3.1
z Router with at least 32MB RAM
z Free 2MB of HDD space
z RouterOS Level 4 license for more than 10
active sessions (in RouterOS v2.9.x)
 Features
z User Authorization using PAP,CHAP
z Multiple subscriber support and permission
management
z Credits/Prepaid support for users
z Rate-limit attribute support
z User friendly WEB interface support
z Report generation by time/amount
z Detailed sessions and logs support
z Simple user adding and voucher printing
support
 New Features
z User Authorization using MSCHAPv1,MSCHAPv2
z User status page
z User sign up system
z Support for decimal places in credits
z Authorize.net and PayPal payment gateway support
z Database backup feature
z License changes in RouterOS v3.0 for active users:
− Level3 – 10 active users
− Level4 – 20 active users
− Level5 – 50 active users
− Level6 – Unlimited active users
 Supported Services
z Hotspot user authorization
z PPP/PPtP/PPPoE users authorization,
z Encryption also supported
z DHCP MAC authorization
z Wireless MAC authorization
z RouterOS users authorization
 User Manager Usage
z Hotels
z Airports
z Cafés
z Universities
z Companies
z ISPs
 User Signup
z User can create a new account by filling out the
form. An account activation email will be sent to
the users email address
 Billing Hotspot
menggunakan User Manager
Konfigurasi Billing
Menambahkan Radius
Create User
Generate User