1 / 27

Hotspot Customization

Hotspot Customization. Mikrotik User Meeting (MUM) Indonesia Bali, 13-14 June 2008. About Me. Donny Fauzan Electrical Engineering Graduate Software Engineer (Mostly Web) since college Network Engineer (BSD, Linux & Mikrotik) since college Current jobs :

meryle
Download Presentation

Hotspot Customization

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Hotspot Customization Mikrotik User Meeting (MUM) Indonesia Bali, 13-14 June 2008

  2. About Me • Donny Fauzan • Electrical Engineering Graduate • Software Engineer (Mostly Web) since college • Network Engineer (BSD, Linux & Mikrotik) since college • Current jobs : • PT.Pramindo Ikat (Telkom) Wireless Hotspot Network (Setting Mikrotik Hotspot with FreeRadius MySQL, developing HotspotManager for Radius) • Ministry of Education Accounting (SAI) Network (Setting VPN+OSPF Network, developing client software. • Training for UFOAKSES Indonesia

  3. Agenda • Introduction & basics • Hotspot setup • Hotspot Customization • Q & A

  4. Agenda • Introduction & basics • Hotspot setup • Hotspot Customization • Q & A

  5. Introduction • Hotspot : “zero configuration” • User would not require any setup, everything is done automatically • Hotspot components • IP Address assignment (DHCP) • DNS relay & cache • NAT & Firewall • Traffic shaping & QoS • AAA (Authentication, Authorization, Accounting)

  6. AAA • Authentication  Captive portal • User logs in via web interface (http cookie). • Captive means “jailed” or “prisoned”. You can connect to the AP, but in very restrictive environment. • Authorization  firewall • Walled garden • NAT • Accounting  RADIUS • Postpaid billing • Voucher (prepaid)

  7. Scenario • User search for wireless network SSID • User find the SSID, then connect without any wi-fi security (WEP, WPA, WPA2, etc) • User starts browsing • Captive portal will then be shown • User enters his/her login information (user & password) • Mikrotik will check the account supplied against local user table, and radius server supplied • After the user is verified, the accounting process will be started. A pop up will be shown, contains connection status

  8. Login Page or “Captive Portal”

  9. Agenda • Introduction & basics • Hotspot setup • Hotspot Customization • Q & A

  10. Step by Step (1) • Prepare your wireless interface • Mode : AP Bridge • SSID : Any string (max. 32 chars) • Band : 2.4 GHz (B/G or G-only) • Frequency : better scan first • Add wlan interface IP address • Run hotspot wizard • Interface : to run hotspot on • Gateway address : the router hotspot interface’s IP address • Address pool : for DHCP • Certificate : for https login page • SMTP server : for relaying mails to • DNS server : for clients DNS resolves • DNS name : DNS alias for your router’s hotspot pages • User : for testing purposes

  11. Step by Step (2) • Set your hotspot server • Name : better rename it (ex : myhotspot) • Set your server profile • General > Name : better rename it (ex: myhotspot-profile) • General > HTML Directory : may be different for multiple AP or VAP setups • Login > Login By : set • CHAP (encrypted password), • Cookie (user sessions stored in browser’s as cookies) • HTTPS (in case using https login pages – requires certificate) • Radius : set • Check “Use Radius” • Check “Accounting”

  12. Hotspot Setup “Wizard”

  13. Server Profile

  14. User Profile

  15. Hotspot Servlet Pages

  16. Agenda • Introduction & basics • Hotspot setup • Hotspot Customization • Q & A

  17. Hotspot Customization Scenarios • Hotspot with advertisements. • Hotspot with “walled garden”. • Limit user bandwidth (using local users table). • Shared user • Attach the hotspot to the UserManager • Attach the hotspot to another Radius server • Customize the captive portal, by adding simple changes to login page and/or other servlet pages. • Centralize login page on a webserver

  18. (1) Advertisements • Advertisement feature could be enabled in user profiles (there is a “default” profile). • Add another user profile or change the default one. • Go to “advertisement” tab, and check “Advertise” • Insert advertisement pages (for more, click down arrow) • Set advertisement interval • Example implementation : Ad-Supported Free Hotspot

  19. (2) Walled Garden • Walled garden : sites that are allowed to be accessed from the network without being authenticated. • Can be set from Hotspot > Walled Garden tab • Configuration : • Set action (usually allow) • Set the particular hotspot server (useful for VAP) • Set src address to prohibit certain clients • Set dst address to specify allowed/blocked sites by IP • Set dst host to specify allowed/blocked sites by DNS • Set the port • Example implementation : Paid Hotspot with external webserver displaying subscription info

  20. (3) Limit User Bandwidth (local) • Limit user bandwidth, using mikrotik hotspot local user profile. • Can be set from Hotspot > Profile • Configuration : • General > Rate Limit (rx/tx) • Example implementation : Free hotspot

  21. (4) Shared Users • One user name can be used more then once, for a limited number. • Set the limit number of users from Hotspot > Profile • When the shared-users limit for the user's profile is reached, one will have wait until someone with this username logs out, use different login name or extend the shared-users limit • Configuration : • General > Shared users (set the maximum limit) • Example implementation : Limited guest user name for a hotspot

  22. (5) Use UserManager • Download the usermanager package from mikrotik.com/download.html • The User Manager package is included in the all package file named "Separate packages for Netinstall“ • Upload the package to “files”, then reboot • Enable the radius settings in the corresponding Server Profiles > Radius tab > Use Radius • Add the userman as a radius server in Radius > New Radius Server • Configuration (refer to refman2.9.pdf page 395) • For “Radius client” for information about the “Services settings” refer to refman • Example setup for wireless hotspot authentication based on username (not MAC address which is unsecure) : check hotspot & login • Set 127.0.0.1 for address if the userman resides in the AP • Set Radius > incoming to enable the AP receiving and executing radius attributes & commands • Go to http://routeraddress/userman • Example implementation : Paid hotspot with prepaid or postpaid users

  23. (6) Use other Radius Server • Install Radius server if it hasn’t been installed yet. Alternatives : FreeRADIUS, XTRadius, Steel-Belted Radius. • Install the database (oracle, mysql, postgres, etc) • Configure the radius • Set the “secret” word • Set the Mikrotik’s dictionary in its “dictionary” directory. • Set the database & prepaid script realms • Install the “dictionary” for mikrotik. Look for it in : http://www.mikrotik.com/documentation/manual_2.9/dictionary.mikrotik • Save in the corresponding directory. In freeradius-Fedora it will be: /usr/share/freeradius/dictionary.mikrotik • Install the radius management software (or develop one ;))

  24. (6) Use other Radius Server (cont’d) • Add the radius server in Radius > New Radius Server • Refer to refman2.9.pdf page 395 about “Radius client” for information about the “Services settings” • Configuration (refer to refman2.9.pdf page 395) • For “Radius client” for information about the “Services settings” refer to refman • Example setup for wireless hotspot authentication based on username (not MAC address which is unsecure) : check hotspot & login • Set the radius server’s address & secret (equal to the server) • Set Radius > incoming to enable the AP receiving and executing radius attributes & commands

  25. (7) Simple Changes • Look for them in Files  hotspot • Download using copy-paste • Change on your computer • Re-upload to the router

  26. (8) Centralize the Captive Portal • Follow (7) steps • Redirect the login page to your server, using simple javascript. Don’t forget to include the servlet variables in the URI • Show your own login page, with action=“POST” & url replaced by the corresponding servlet variable. • You can also post to your server to be able to fetch some data, and then forward the POST to your AP router.

  27. Agenda • Introduction & basics • Hotspot setup • Hotspot Customization • Q & A

More Related