Start by logging into your Mikrotik device via Winbox.
Step 1 - Radius
Click Radius on the left menu. In the Radius dialogue box, click + and enter the below settings:
| Service | Hotspot |
| Address | *insert radius_server_ip here* |
| Secret | *insert radius_secret here* |
| Authentication Port | 1812 |
| Accounting Port | 1813 |
Press OK to Save.
On the Radius window, click + again, and enter the following settings:
| Service | Hotspot |
| Address | *insert radius_server2_ip here* |
| Secret | *insert radius_secret here* |
| Authentication Port | 1812 |
| Accounting Port | 1813 |
Step 2 - Hotspot
Click IP > Hotspot on the left menu and then Hotspot Setup. Configure with the below settings:
| Hotspot Interface | The WLAN interface, bridge or ethernet port that guests will connect through |
| Local Address of Network | 10.1.0.1/24 |
| Masquerade Network | Yes |
| Address Pool of Network | 10.1.0.1-10.1.0.254 |
| Select Certificate | None |
| IP Address of SMTP Server | leave at default |
| DNS Server | 8.8.8.8 and 8.8.4.4 |
| DNS Name | Leave blank |
Click OK to Complete.
In the Hotspot Window, on the Server tab, double-click the hotspot you've just created to load the Hotspot Server Window.
Change the Name to the MAC address of your Mikrotik WAN interface and press OK.
| Note: To find the WAN interface MAC, go to Interfaces on the left menu and click ether1-gateway or whatever your WAN interface is. |
In the Hotspot Window click the Server Profiles tab. Double click on the newly created Profile and set the following:
On the General tab:
| Hotspot Address | 10.1.0.1 |
On the Login tab:
| HTTP PAP | Ticked |
| All others | Unticked |
On the RADIUS tab:
| Use RADIUS | Ticked |
| MAC Format | XX-XX-XX-XX-XX-XX |
| Accounting | Ticked |
| Interim Update | 00:02:00 |
Click OK to Save
On the Hotspot Window click on User Profiles and double click on the default entry. Set the following:
| Session Timeout | 24:00:00 |
| Idle Timeout | 00:30:00 |
| Keepalive Timeout | blank (click the up arrow to wipe the value) |
On the main Winbox interface, click New Terminal to open the Terminal Window. For each of the domains, copy the following text and right click to paste in the window. Please refer to this list.
| Terminal Command: | /ip hotspot walled-garden add dst-host=*domain here* |
Step 3 - Upload files
Finally, you'll need to upload two files to the Mikrotik device to ensure guests are redirected properly.
| Note: When saving the file, make sure the extension is only .html and .txt is not appended. |
Copy and paste the following text into a text editor and save as login.html on your desktop:
| login.html | <html>
<head>
<script>
const accessUrl = '*insert access_url here*';
const params = new URLSearchParams({
res: 'notyet',
host: '$(server-name)',
client_mac: '$(mac)',
client_ip: '$(ip)',
userurl: '$(link-orig)',
login_url: '$(link-login-only)',
error: '$(error)',
user: '$(username)'
});
window.location.href = `${accessUrl}?${params.toString()}`;
</script>
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="expires" content="-1">
</head>
</html> |
Next, copy and paste the following text into a text editor and save as alogin.html on your desktop:
| alogin.html | <html>
<head>
<script>
const redirectUrl = '*insert redirect_url here*';
window.location.href = redirectUrl;
</script>
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="expires" content="-1">
</head>
</html> |
Back in Mikrotik Winbox, click Files on the left and drag and drop the two files you just saved into the hotspot folder. Be sure to drop them on the hotspot folder itself.
The configuration is now complete.
| SecurePass Note: To enable our SecurePass WiFi solution please complete the steps below. This enables a secure, seamless WiFi connection for repeat users. |
Secure WiFi Configuration
On the left menu, go to RADIUS. Click + and configure with:
| General: | wireless, dot1x |
| Address: | 34.150.158.147 |
| Protocol: | udp |
| Secret: | *insert radius_secret here* |
| Authentication Port: | 1812 |
| Accounting Port: | 1813 |
| Realm: | securewifi.purple.ai |
Click OK to save. Next, click + and configure again with:
| General: | wireless, dot1x |
| Address: | 34.86.212.67 |
| Protocol: | udp |
| Secret: | *insert radius_secret here* |
| Authentication Port: | 1812 |
| Accounting Port: | 1813 |
| Realm: | securewifi.purple.ai |
Next, on the left menu, click on Wireless. On the Interworking tab, click + and configure with:
| Name: | purple |
| Network Type: | public free |
| Internet: | Enabled |
| Hotspot 2.0: | Enabled |
| Roaming OIS: | Add the following, one per line: 5A03BA0000 004096 |
| Venue Names | Purple:eng |
| IPv4 Availability: | single nated |
| IPv6 Availability: | not available |
| Realms | securewifi.purple.ai : not specified |
| Domain Names | securewifi.purple.ai |
| Operator Names | Purple:eng |
| WAN Status | up |
| WAN Downlink: | 100000000 |
| WAN Downlink Load: | 0 |
| WAN Uplink: | 100000000 |
| WAN Uplink Load: | 0 |
Click OK to save. Next, go to Wireless. On the WiFi tab, click + and configure with:
On the General tab:
| Name: | Securepass |
| Mode: | ap |
On the Configuration tab:
| SSID: | Purple |
On the Security tab:
| Authentication Types: | WPA2 EAP |
On the Interworking tab:
| Interworking: | purple |
Click OK to save.
Configuration Complete
The configuration is now complete.
Free Guest WiFi
Purple App
SecurePass
Splash Access