Tuesday, August 23, 2011
Konfigurasi Dasar Mikrotik
Konfigurasi dasar routerOS Mikrotik, perencanaan IP Address, menambahkan IP Address, DHCP Client, Masquerade, Simple Queue (QoS), NTP Client
Basic Mikrotik Hotspot
Setting up a basic MikroTik hotspot
Mikrotik RouterOS includes an excellent hotspot solution. Read on for details on getting a basic hotspot going using RouterOS on any standard x86 PC hardware or a RouterBOARD.
The RouterOS hotspot solution is very powerful and only the very basics of the solution are covered here; just enough to get you started.
Introduction
This article assumes you want to set up a basic hotspot as shown in the diagram below. If you have a DNS server integrated into your router the same rule applies, just use the router IP for your DNS server as well.
To help get you started MikroTik now include a combined RADIUS server and simple web administration package for RouterOS called the User Manager. This provides a much simpler means of user administration then the command line or Winbox. The User Manager package is included standard with all versions of RouterOS from about 2.9.35 onwards.
Advanced users might wish to provide their own RADIUS server, however this is outside the scope of this article.
Getting the Hotspot to Work
First of all you will need to have a copy of RouterOS. You can purchase a license or download a 24-hour trial from Mikrotik. RouterBOARDs also usually come with RouterOS pre-licensed and installed. You will also need a computer with at least a 100MHz CPU, 32MB RAM and an IDE hard disk, or a RouterBOARD. Either method you choose will need a compatible wireless card and Ethernet adapter, or two Ethernet adapters with one connected to a standard wireless access point. You should check your hardware against the RouterOS compatibility list.
If you are installing RouterOS for the first time, download the ISO image from Mikrotik and burn it to CD. Note that installation of RouterOS will completely wipe the contents of the hard disk! Boot the PC off this CD and install the following packages:
System
DHCP
Wireless
Hotspot
Proxy
User Manager (optional)
Security (optional - recommended)
Advanced tools (optional)
Now to get started. Log onto the PC as admin with no password. If this box intended for deployment, change set a password by typing in password at the prompt. Change the hostname by typing in name.
Assign an IP address to each interface. As this is going to be set up as a router, they will need to be on a different subnet. Substitute wlan1 with ether2 if you have a separate access point.
[admin@Mikrotik] > ip address add address=192.168.24.3/24 interface=ether1
[admin@Mikrotik] > ip address add address=192.168.30.1/24 interface=wlan1
Now we need to add a default route to the IP of the internet router.
[admin@MikroTik] > ip route add gateway 192.168.24.1
Enable the wireless interface and set it to run as an access point as below. If you have an access point instead, ignore the command below, make sure it is running with no security enabled, use a suitable SSID and channel and change its admin password.
[admin@Mikrotik]> interface wireless set wlan1 ssid="My HotSpot" band=2.4ghz-b mode=ap-bridge
Run the hotspot setup as below. Substitute the values in italics to suit your network. The user account bears no relation to the admin account and is used for the hotspot service only. You may also need to add a host record to your DNS server for the hostname of the hotspot box. Make sure the address pool does not conflict with any devices using static IPs, such as access points.
[admin@MikroTik] > ip hotspot setup
hotspot interface: wlan1
local address of network: 192.168.30.1/24
masquerade network: yes
address pool of network: 192.168.30.2-192.168.30.99
select certificate: none
ip address of smtp server: 0.0.0.0
dns servers: 192.168.24.2
dns name: hotspot.mydomain.net (or leave this blank)
name of local hotspot user: user
password for the user: password
That’s the guts of it there. Fire up your laptop, associate to the network and try to access a web page. You should be redirected to the hotspot login page instead where you can enter the user credentials you set up earlier. Click the thumbnails for a full view of the default page.
You should now be able to access the web normally and a pop-up window will display your connection time and data usage as you go.
Bear in mind I have left out the certificate so usernames and passwords will be sent as plain text. If you intend on deploying the hotspot, you should install a certificate on it and set up SSL to protect account data from being sniffed.
Setting up User Manager
The User Manager is a nice and simple web administration for setting up user account for the MikroTik hotspot and other services. It can be hosted on either the same box as the hotspot or located in a separate box on the same local network. One User Manager package can control multiple hotspots.
Before getting the User Manager set up, check for any existing hotspot account and remove them. To do this, run the following command:
[admin@MikroTik] > ip hotspot user print
Flags: X - disabled, D - dynamic
# SERVER NAME ADDRESS PROFILE UPTIME
0 fred default 0s
If any items are listed (in this case bob), run the following command to remove them:
[admin@MikroTik] > ip hotspot user remove 0
You can delete multiple items at the same time, simply separate each item number with a comma.
To get the User Manager working we first need to add a customer login. This is used to access the UM web administration. Make sure you substitute the values in italics to suit.
[admin@MikroTik] > tool user-manager customer add login=hs_admin password=password
Now we need to add the hotspot as a RADIUS client to the user manager. This is done under the user manager router section. The shared secret can be any string of text and should be reasonably long and complex. If you are setting the user manager up on the same box as the hotspot, use 127.0.0.1 for the IP address.
[admin@MikroTik] > tool user-manager router add ip-address=hotspot-ip shared-secret=12345 subscriber=hs_admin
In return, we need to set up the hotspot to use RADIUS for user authentication. First this involves creating a RADIUS client to communicate with the UM. Remember that if you have both services on the same box, the IP address should be set to 127.0.0.1. The secret should be the same as you set up above.
[admin@MikroTik] > radius add service=hotspot address=ip-address secret=12345
Now we tell the hotspot itself to use a RADIUS client. First bring up a list of hotspot profiles:
admin@MikroTik] > ip hotspot profile print
Locate the profile in use and type the following command where 1 is the number of the profile to configure:
[admin@MikroTik] > ip hotspot profile set 1 use-radius=yes
Now we are done with configuration. Browse to http://router-ip/userman where router-ip is the IP address of the box you are configuring UM on. Login using the customer username and password created earlier.
Click on the User menu and select Add. Enter in a username, password and any other details you wish. You can limit the speed the client can access the internet by selecting the Rate limits checkbox and typing in a suitable speed (e.g. for a flat 128kBps download/64kBps upload speed limit simply type in 128k in the RX field and 64k in the TX field).
Click Add and you should be able to now access the hotspot using the username and password you specified. If you want to generate a printable ticket for the users you set up, click on the Users link, select the users to make a ticket for, click Generate and select the number of tickets per page.
Other Tips
You can also go a step further and play with some other available options, as this only skims the surface of the hotspot capabilities. I’ll post more notes as I play with additional options.
To disable communication between wireless clients (recommended), disable the default forward option on the wireless interface.
interface wireless set wlan1 default-forward=disabled
To set up a walled garden (pages people can access without authenticating), use the following command:
ip hotspot walled-garden add dst-host=www.website.com
To limit client bandwidth type the following, replacing profilename with the current hotspot profile in use and speed with the rate limit in bits per second:
ip hotspot profile set profilename rate-limit=”speed“
You can customise the login and status pages by editing the files in the hotspot directory of the Mikrotik box. You can access these via FTP.
scr:www.marlwifi.org.nz
Hotspot Gateway
How to make a HotSpot gateway
The MikroTik HotSpot Gateway enables providing of public network access for clients using wireless or wired network connections. HotSpot Gateway should have at least two network interfaces:
1. HotSpot interface, which is used to connect HotSpot clients
2. LAN/WAN interface, which is used to access network resources.
The following picture shows wireless HotSpot setup
How to make a HotSpot gateway
To setup simple HotSpot Gateway follow the steps below:
1. Configure wireless interface on HotSpot Gateway:
[admin@HotSpot_Gateway]> interface wireless set wlan1 ssid=HotSpot band=2.4ghz-b \
\... mode=ap-bridge
2. Configure ip address for HotSpot interface:
[admin@HotSpot_Gateway] > ip add add address=192.168.0.1/24 interface=wlan1
3. Configure ip address for WAN/LAN interface:
[admin@HotSpot_Gateway] > ip add add address=10.5.8.250/24 interface=ether1
4. Add a route on HotSpot Gateway
[admin@HotSpot_Gateway] > ip route add gateway=10.5.8.1
5. Configure Hotspot on wlan1 interface and add user admin with pasword test
[admin@MikroTik] > ip hotspot setup
hotspot interface: wlan1
local address of network: 192.168.0.1/24
masquerade network: yes
address pool of network: 192.168.0.2-192.168.0.254
select certificate: none
ip address of smtp server: 0.0.0.0
dns servers: 10.5.8.2
dns name: hs.example.net
name of local hotspot user: admin
password for the user: test
In order to access network resources HotSpot clients have to configure their wireless interfaces setting proper ssid, band and mode, and enabling dynamic host configuration (dhcp) on the wireless interface.
scr: mikrotik wiki
The MikroTik HotSpot Gateway enables providing of public network access for clients using wireless or wired network connections. HotSpot Gateway should have at least two network interfaces:
1. HotSpot interface, which is used to connect HotSpot clients
2. LAN/WAN interface, which is used to access network resources.
The following picture shows wireless HotSpot setup
How to make a HotSpot gateway
To setup simple HotSpot Gateway follow the steps below:
1. Configure wireless interface on HotSpot Gateway:
[admin@HotSpot_Gateway]> interface wireless set wlan1 ssid=HotSpot band=2.4ghz-b \
\... mode=ap-bridge
2. Configure ip address for HotSpot interface:
[admin@HotSpot_Gateway] > ip add add address=192.168.0.1/24 interface=wlan1
3. Configure ip address for WAN/LAN interface:
[admin@HotSpot_Gateway] > ip add add address=10.5.8.250/24 interface=ether1
4. Add a route on HotSpot Gateway
[admin@HotSpot_Gateway] > ip route add gateway=10.5.8.1
5. Configure Hotspot on wlan1 interface and add user admin with pasword test
[admin@MikroTik] > ip hotspot setup
hotspot interface: wlan1
local address of network: 192.168.0.1/24
masquerade network: yes
address pool of network: 192.168.0.2-192.168.0.254
select certificate: none
ip address of smtp server: 0.0.0.0
dns servers: 10.5.8.2
dns name: hs.example.net
name of local hotspot user: admin
password for the user: test
In order to access network resources HotSpot clients have to configure their wireless interfaces setting proper ssid, band and mode, and enabling dynamic host configuration (dhcp) on the wireless interface.
scr: mikrotik wiki
Mikrotik Hotspot
How to Setup Your Own Hotspot with MIKROTIK routers
You need to setup your Mikrotik router by using Winbox. Winbox is the graphical user interface for configuring the Mikrotik Router OS. You can get Winbox via The Dude. Once installed, click on Discover. Once the devices are discovered and displayed, you can right click on the Router OS select tools then select Winbox.
1. First we need to define the first port for WAN connection so the router will connect to the internet via another router with DHCP.
In winbox click IP > DHCP Client and Add DHCP Client to port ether1
2. Let's add the hotspot service to wlan Click IP > HotSpot and the Setup box, choose wlan1 as hotspot interface. You can accept default values but choose none for certificate. Leave the IP as it is (10.5.50.x). If you change this IP, the LOGIN and LOGOUT links will not work on your splash page.
3. You need to add our radius server as authentication and accounting server.
In the hotspot profiles (IP > HotSpot > Profiles) choose your hotspot profile and allow radius in the radius tab, de-select cookie, allow http pap and chap.
4. You need to define our radius server. Click Radius and the + sign to add our radius server.
Click Servies > Hotspot, enter radius address: 195.228.254.149, Secret: hotsys123
5. We have to allow certain sites and servers for non authenticated users otherwise they can't buy access.
In the section IP > HotSpot > Walled Garden, click on + sign and add the following domains to Dst. Host one by one:
*.hotspotsystem.com
*.rbsworldpay.com
*.paypal.com
*.paypalobjects.com
*.akamaiedge.net
paypal.112.2O7.net
*.moneybookers.com
*.adyen.com
Then in the section IP > HotSpot > Walled Garden > IP List add the following IPs to Dst. Address one by one (if your Mikrotik doesn't allow netmask values (.0/24) you can skip the netmask value):
194.149.46.0/24
198.241.128.0/17
66.211.128.0/17
216.113.128.0/17
70.42.128.0/17
128.242.125.0/24
216.52.17.0/24
62.249.232.74
155.136.68.77
66.4.128.0/17
66.211.128.0/17
66.235.128.0/17
88.221.136.146
195.228.254.149
195.228.254.152
203.211.140.157
203.211.150.204
82.199.90.136/29
82.199.90.160/27
91.212.42.0/24
6. You need to syncronize the router's time with our server.
Click on System > NTP Client. Enter primary and secondary NTP servers. To find NTP servers, go to http://www.pool.ntp.org/ and select the location's continent on the right side of the page. You'll find NTP servers there.
Be sure to leave TimeZoneName: manual, and TimeZone: 00:00 in System > Clock. (Don't set your own timezone, because the router has to show the GMT time!)
7. You need to change the router's NASID. The NASID setting in the Mikrotik is located under System > Identity. Default is 'MikroTik'.
Change this the following way: OPERATORUSERNAME_LOCATIONNUMBER
Example: Operator Username is 'globalhotspot', Location ID: '2', then NASID should be: 'globalhotspot_2'
8. You have to customize Mikrotik's built-in login page. On the side menu go to Files, and find the login.html file under the 'hotspot' directory. Double click on the file and choose Backup.
Open a simple text editor like notepad and copy and paste the following to the editor:
Save it as login.html to your Desktop.
Drag and drop this login.html to your "hotspot" directory in the Winbox program.
If you wish to use FTP you can FTP to your mikrotik router with the admin userid and password and replace the file there under the 'hotspot' directory.
If you don't wish to redirect users to our nice splash page you can continue to use the router's built-in login page but in this case it is important to add a link to the internal page where your users can buy access or activate their prepaid cards. Click here for more information.
9. You have to set the Login/Logout URL IP addresses in the Control Center. Log in to the Control Center with your Operator Username and password and go to Manage > Locations. Click on the location, then click on Modify Hotspot Data & Settings. In Splash Page Settings modify the Internal Login/Logout URL Set to Mikrotik. Make sure that 'Display Login Box on Main Splash Page' option is CHECKED.
10. As the last step you have to add hourly checking for up status for the Router Alert feature.
Go to System > Scheduler and add a new task by pressing the plus sign.
Name: up
Interval: 01:00:00
On Event:
/tool fetch keep-result=no mode=http address=tech.hotspotsystem.com src-path=("up.php?mac=".[/interface ethernet get 0 mac-address]."&nasid=".[/system identity get name]."&os_date=Mikrotik&uptime=".[/system clock get time]."%20up%20".[/system resource get uptime].",%20load%20average:%20".[/system resource get cpu-load]."%")
Policy: enable all
Press Apply and OK.
That's all. You can setup hotspot service even on a wired connection. In this case you have to choose an ethernet port instead of wlan or you can setup hotspot on both ports.
If you have successfully setup your mikrotik router you have to see a login window when connecting via wireless. You can log in with username admin, blank password.
scr: http://www.hotspotsystem.com/en/hotspot/install_guide_mikrotik.html
Subscribe to:
Posts (Atom)