membuat hotspot di mikrotik


HotSpot configuration

  • Set HotSpot to use User Manager for HotSpot server users,
 / ip hotspot profile set hsprof1 use-radius=yes
  • Add radius client to consult User Manager for HotSpot service.
 / radius add service=hotspot address=y.y.y.y secret=123456

‘secret’ is equal to User Manager router secret. ‘y.y.y.y’ is the User Manager router address. By default this is 127.0.0.1. If using a remotely located Router (perhaps via a VPN) then the IP address entered is the IP address of that remote Router. The router could be a Radius Server, or another ROS with User Manager installed.

  • Note, first local HotSpot database is consulted, then User Manager database.

It means that if you have configuration in ‘/ ip hotspot user print’, users will be able to authenticate in HotSpot using this data.

Delete users configuration from ‘/ ip hotspot print’ to stop using local HotSpot database for authentication. To move batch of local HotSpot users to the User Manager database use export and import . Use text editor program to create appropriate file to import local users to the User Manager database.

User Manager configuration

  • First, you need to download and install User Manager package;
  • Create User Manager subscriber (root customer). Note that when using a version 3.0 or newer, a subscriber called ‘admin’ is created automatically – you can skip the following stage and change ‘MikroTik’ to ‘admin’ in subsequent steps;
/ tool user-manager customer add login="MikroTik" password="qwerty" permissions=owner
  • Add HotSpot router information to router list,
 / tool user-manager router add subscriber=MikroTik ip-address=x.x.x.x shared-secret=123456

‘x.x.x.x’ is the address of the HotSpot router, ‘shared-secret’ should match on both User Manager and HotSpot routers. Adding ‘x.x.x.x’ as a router allows Radius requests from ‘x.x.x.x’ to be passed to the Radius Server built into User Manager. Therefore if you have any remote ROS Hotspots that require access to this Radius Server, then all their IP addresses must be added to this list.

  • Add HotSpot user information, it is equal to ‘ip hotspot user’ when local HotSpot is used for clients

In version 3:

 / tool user-manager user add name=demo password=demo subscriber=MikroTik

In version 4:

 / tool user-manager user add name=demo password=demo customer=MikroTik

We discuss only basic configuration example, detailed information about ‘user’ menu configuration.

  • To make sure, that client is using User Manager for AAA,
 / ip hotspot active print
 Flags: R - radius, B - blocked
  #    USER          ADDRESS         UPTIME       SESSION-TIME-LEFT IDLE-TIMEOUT
  0 R  00:01:29:2... 192.168.100.2   1m29s

‘R’ means that client uses User Manager server for AAA services.

HotSpot configuration

 / radius add service=hotspot address=127.0.0.1 secret=123456

We add radius client to consult User Manager server for appropriate service. ‘address=127.0.0.1’ points RADIUS client to use local router as RADIUS server, ‘secret’ is shared secret to exchange information between RADIUS server and client.

 / ip hotspot profile set hsprof1 use-radius=yes

To use RADIUS for HotSpot AAA.

User Manager configuration

/ tool user-manager customer add login="MikroTik" password="qwerty" permissions=owner
  • Then add router information to the User Manager configuration,
/ tool user-manager router add subscriber=MikroTik ip-address=127.0.0.1 shared-secret=123456

‘ip-address’ is the address of the RADIUS client router.

Note, ‘shared-secret’ should match on User Manager and RADIUS client.

User Manager/RouterOS user Example

From MikroTik Wiki

Jump to: navigation, search

Introduction

User Manager server might be used as remote storage of RouterOS login and password information. MikroTik router will consult User Manager for login and password, when you are accessing RouterOS via Winbox or console session. Let us consider configuration steps.

RouterOS configuration

  • Set RouterOS to use User Manager server for checking login and password information,
 / user aaa set use-radius=yes
  • ‘/user aaa’ has ‘default-group’ option, that define type of the default group. Default is read permissions, if you need to allow full permissions for users stored in User Manager database
 / user aaa set default-group=full
  • Add radius client to consult User Manager for login service.
/ radius add service=login address=y.y.y.y secret=123456

‘secret’ is equal to User Manager router secret. ‘y.y.y.y’ is the User Manager router address.

  • Note, first local router database is consulted, then User Manager database.

User Manager configuration

  • Create User Manager subscriber (root customer). Note that when using a version 3.0 or newer, a subscriber called ‘admin’ is created automatically – you can skip the following stage and change ‘MikroTik’ to ‘admin’ in subsequent steps;
/ tool user-manager customer add login="MikroTik" password="qwerty" permissions=owner
  • Add RouterOS router information to router list,

In version 3:

/ tool user-manager router add subscriber=MikroTik ip-address=x.x.x.x shared-secret=123456

In version 4:

/ tool user-manager router add customer=MikroTik ip-address=x.x.x.x shared-secret=123456

‘x.x.x.x’ is the address of the RouterOS router, ‘shared-secret’ must match on both User Manager and RouterOS routers.

  • Add login/password information, that account will be able to access RouterOS. login is MikroTik, password is MikroTik.

In version 3:

/ tool user-manager user add subscriber=MikroTik username=MikroTik password=MikroTik

In version 4:

/ tool user-manager user add customer=MikroTik username=MikroTik password=MikroTik

This entry was posted on Jumat, Februari 18th, 2011 at 6:05 am and is filed under Komputer Jaringan. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Tinggalkan komentar