Mikrotik RouterOS

  • Updated

Start by logging into your Mikrotik device via Winbox.

Step 1 - Radius

Click Radius on the left menu. In the Radius dialogue box, click + enter the below settings:

Service
Hotspot
Address
*insert radius_server_ip here*
Secret
*insert radius_secret here*
Authentication Port
1812
Accounting Port
1813

Press OK to Save.

 

On the Radius window, click + again, and enter the following settings:

Service
Hotspot
Address
*insert radius_server2_ip here*
Secret
*insert radius_secret here*
Authentication Port
1812
Accounting Port
1813
Step 2 - Hotspot

Click IP > Hotspot on the left menu and then Hotspot Setup. Configure with the below settings:

Hotspot Interface
The WLAN interface, bridge or ethernet port that guests will connect through
Local Address of Network
10.1.0.1/24
Masquerade Network
Yes
Address Pool of Network
10.1.0.1-10.1.0.254
Select Certificate
None
IP Address of SMTP Server
leave at default
DNS Server
8.8.8.8 and 8.8.4.4
DNS Name
Leave blank

Click OK to Complete.

In the Hotspot Window, on the Server tab, double-click the hotspot you've just created to load the Hotspot Server Window.

Change the Name to the MAC address of your Mikrotik WAN interface and press OK.

To find the WAN interface MAC, go to Interfaces on the left menu and click ether1-gateway or whatever your WAN interface is

In the Hotspot Window click the Server Profiles tab. Double click on the newly created Profile and set the following:

On the General tab:

Hotspot Address
10.1.0.1

On the Login tab:

HTTP PAP
Ticked
All others
Unticked

On the RADIUS tab:

Use RADIUS
Ticked
MAC Format
XX-XX-XX-XX-XX-XX
Accounting
Ticked
Interim Update
00:02:00

Click OK to Save

On the Hotspot Window click on User Profiles and double click on the default entry. Set the following:

Session Timeout
24:00:00
Idle Timeout
00:30:00
Keepalive Timeout
blank (click the up arrow to wipe the value)

On the main Winbox interface, click New Terminal to open the Terminal Window. For each of the domains, copy the following text and right click to paste in the window. Please refer to this list.

/ip hotspot walled-garden

add dst-host=*domain here*

 

Step 3 - Upload files

Finally, you'll need to upload two files to the Mikrotik device to ensure guests are redirected properly.

Note: When saving the file, make sure the extension is only .html and .txt is not appended.

Copy and paste the following text in to a text editor and save as login.html on your desktop:

<html>
  <head>
    <script>
      const accessUrl = '*insert access_url here*';
      const params = new URLSearchParams({
        res: 'notyet',
        host: '$(server-name)',
        client_mac: '$(mac)',
        client_ip: '$(ip)',
        userurl: '$(link-orig)',
        login_url: '$(link-login-only)',
        error: '$(error)',
        user: '$(username)'
      });
      window.location.href = `${accessUrl}?${params.toString()}`;
    </script>
    <meta http-equiv="pragma" content="no-cache">
    <meta http-equiv="expires" content="-1">
  </head>
</html>

Next, copy and paste the following text in to a text editor and save as alogin.html on your desktop:

<html>
  <head>
    <script>
      const redirectUrl = '*insert redirect_url here*';
      window.location.href = redirectUrl;
    </script>
    <meta http-equiv="pragma" content="no-cache">
    <meta http-equiv="expires" content="-1">
  </head>
</html>

Back in Mikrotik Winbox, click Files on the left and drag and drop the two files you just saved in to the hotspot folder. Be sure to drop them on the hotspot folder itself.

 

The configuration is now complete.

 

To enable our SecurePass WiFi solution please complete the steps below. This enables a secure, seamless WiFi connection for repeat users.

Secure WiFi Configuration

On the left menu, go to RADIUS. Click + and configure with:

General: wireless, dot1x
Address: 34.150.158.147
Protocol: udp
Secret: *insert radius_secret here*
Authentication Port: 1812
Accounting Port: 1813
Realm: securewifi.purple.ai

Click OK to save. Next, click + and configure again with:

General: wireless, dot1x
Address: 34.86.212.67
Protocol: udp
Secret: *insert radius_secret here*
Authentication Port: 1812
Accounting Port: 1813
Realm: securewifi.purple.ai

Next, on the left menu, click on Wireless. On the Interworking tab, click + and configure with:

Name: purpleconnex
Network Type: public free
Internet: Enabled
Hotspot 2.0: Enabled
Roaming OIS: Add the following, one per line:

5A03BA0000
004096
Venue Names PurpleConnex:eng
IPv4 Availability: single nated
IPv6 Availability: not available
Realms securewifi.purple.ai : not specified
Domain Names securewifi.purple.ai
Operator Names PurpleConnex:eng
WAN Status up
WAN Downlink: 100000
WAN Downlink Load: 0
WAN Uplink: 100000
WAN Uplink Load: 0

Click OK to save. Next, go to Wireless. On the WiFi tab, click + and configure with:

On the General tab:

Name: Securepass
Mode: ap

On the Configuration tab:

SSID: PurpleConnex

On the Security tab:

Authentication Types: WPA2 EAP

On the Interworking tab:

Interworking: purpleconnex

Click OK to save.

The configuration is now complete.

 

Share online:
Was this article helpful?
0 out of 0 found this helpful