How to configure a MikroTik router for HotSpot Gateway operation
A hotSpot is a way to authorize users to access some network resources but does not provide traffic encryption. To log in, users may use almost any web browser (either HTTP or HTTPS protocol), so they are not required to install additional software. The gateway is accounting for the uptime and amount of traffic each client has used, and also can send this information to a RADIUS server. The HotSpot system may limit each particular user’s bitrate, the total amount of traffic, uptime and some other parameters mentioned further in this document.
The HotSpot system is targeted to provide authentication within a local network (for the local network users to access the Internet). But may as well be used to authorize access from outer networks to access local resources (like an authentication gateway for the outside world to access your network). It is possible to allow users to access some web pages without authentication using the Walled Garden feature.
HotSpot Aim and features
The MikroTik HotSpot Gateway provides authentication for clients before access to public networks. A HotSpot only works reliably when the IPv4 protocol is used; the HotSpot relies on Firewall NAT rules which aren’t supported with IPv6.
The HotSpot gateway features:
- Various authentication methods of clients using a local client database on the router or remote RADIUS server
- Users accounting in the local database on the router or on the remote RADIUS server
- Walled-garden system, access to some web pages without authorization
- Login page modifications for companies
- Automatic and transparent change any IP address of a client to a valid address
MikroTik Hotspot Setup
The simplest way to set up a HotSpot server on the MikroTik router is through the WebFig portal. So Log in to your router by pasting its IP address into the search bar and entering your admin credentials.
You should arrive at the home screen. Find the buttons at the top right that read Quick Set, WebFig, and Terminal. Click on the Terminal button.
First, we need to configure the interface connected to the WAN. Type the below into the terminal and press enter:
How to Setup the DNS
Next, we will set up the DNS server.
- Click on the button at the top that says WebFig. You should come to a screen with several buttons on the left side of the screen.
- Select the IP drop-down arrow, then click DNS. Fill in the appropriate information provided by your ISP, and make sure the Allow Remote Requests option is checked.
- Apply your settings, then navigate to the Routes button on the left side of the screen.
How to Setup the Routes
- Click the Add New button at the top of the screen.
- Under Gateway, type the IP address of the gateway of your WAN interface. Apply your settings, then navigate to the HotSpot button on the left side of the screen.
How to Setup the Hotspot
- Click the button that says HotSpot setup at the top of the screen. Select ether2, as this is the interface connected to the local network.
- The next screen will ask for the local address of the network. You won’t need to change anything here, so just click Next.
- The next page will ask for the IP range to be used by the DHCP server for providing IPs to clients. Make certain the IP range is acceptable for the server. When you’re finished, click Next.
- Select “none” for the certificate. Click Next.
- Click Next.
- We don’t need to make any changes to this screen because we’ve already configured this in an earlier step. Click Next.
- Now you’ll need to define your server’s name by which clients can access the HotSpot’s login page through a web browser. Type the name you’d like and click Next.
- The last step is to create a user. By default, it creates a user admin with no password. Here you can set the password and user name for the default user. Change the values if you’d like, then click Next.
Conclusion