Mikrotik RouterBoard

Start by logging into your Mikrotik device.

Step 1 - Radius

Click Radius on the left menu. In the Radius dialogue box, click + enter the below settings:

Service
Hotspot
Address
*insert radius_server_ip here*
Secret
*insert radius_secret here*
Authentication Port
1812
Accounting Port
1813

Press OK to Save.


On the Radius window, click + again, and enter the following settings:

Service
Hotspot
Address
*insert radius_server2_ip here*
Secret
*insert radius_secret here*
Authentication Port
1812
Accounting Port
1813
Step 2 - Hotspot

Click IP > Hotspot on the left menu and then Hotspot Setup. Configure with the below settings:

Hotspot Interface
The WLAN interface, bridge or ethernet port that guests will connect through
Local Address of Network
10.1.0.1/24
Masquerade Network
Yes
Address Pool of Network
10.1.0.1-10.1.0.254
Select Certificate
None
IP Address of SMTP Server
leave at default
DNS Server
8.8.8.8 and 8.8.4.4
DNS Name
Leave blank

Click OK to Complete.


In the Hotspot Window, on the Server tab, double-click the hotspot you've just created to load the Hotspot Server Window.


Change the Name to the MAC address of your Mikrotik WAN interface and press OK.

To find the WAN interface MAC, go to Interfaces on the left menu and click ether1-gateway or whatever your WAN interface is

In the Hotspot Window click the Server Profiles tab. Double click on the newly created Profile and set the following:


On the General tab:

Hotspot Address
10.1.0.1

On the Login tab:

HTTP PAP
Ticked
All others
Unticked

On the RADIUS tab:

Use RADIUS
Ticked
MAC Format
XX-XX-XX-XX-XX-XX
Accounting
Ticked
Interim Update
00:02:00

Click OK to Save


On the Hotspot Window click on User Profiles and double click on the default entry. Set the following:

Session Timeout
24:00:00
Idle Timeout
00:30:00
Keepalive Timeout
blank (click the up arrow to wipe the value)


On the main Winbox interface, click New Terminal to open the Terminal Window. Copy the following text and right click to paste in the window:

/ip hotspot walled-garden

add dst-host=*insert access_domain here*

add dst-host=*venuewifi*

add dst-host=*cloudfront*

add dst-host=*openweathermap*

add dst-host=*stripe*



Note: If you wish to support social network logins, you also need to copy/paste the below entries for each network you plan to support.


Facebook:

/ip hotspot walled-garden

add dst-host=*facebook*

add dst-host=*fbcdn*

add dst-host=*akamai*



Twitter:

/ip hotspot walled-garden

add dst-host=*twitter*

add dst-host=*twimg*



LinkedIn:

/ip hotspot walled-garden

add dst-host=*linkedin*

add dst-host=*licdn*



Instagram:

/ip hotspot walled-garden

add dst-host=*instagram*




Step 3 - Upload files

Finally, you'll need to upload two files to the Mikrotik device to ensure guests are redirected properly.

Note: When saving the file, make sure the extension is only .html and .txt is not appended.

Copy and paste the following text in to a text editor and save as login.html on your desktop:

<html>
<head>
<meta http-equiv="refresh" content="0; url=*insert access_url here*?res=notyet&host=$(server-name)&client_mac=$(mac)&client_ip=$(ip)&userurl=$(link-orig)&login_url=$(link-login-only)&error=$(error)&user=$(username)" />
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="expires" content="-1">
</head>
</html>

Next, copy and paste the following text in to a text editor and save as alogin.html on your desktop:

<html>
<head>
<meta http-equiv="refresh" content="0; url=*insert redirect_url here*" />
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="expires" content="-1">
</head>
</html>

Back in Mikrotik Winbox, click Files on the left and drag and drop the two files you just saved in to the hotspot folder. Be sure to drop them on the hotspot folder itself.


The configuration is now complete.


Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.