Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
| technical:mikrotik-hotspot [2025/05/13 09:52] – [Configure a Hotspot running on the wlan1 WiFi interface] system | technical:mikrotik-hotspot [2025/05/13 15:01] (current) – system | ||
|---|---|---|---|
| Line 11: | Line 11: | ||
| With this scenario we assume you have: | With this scenario we assume you have: | ||
| - | * A recent installation of RADIUSdesk | + | * A recent installation of RADIUSdesk. | 
| * We will use our **cloud.radiusdesk.com** demo server which has an IP Address of **164.160.89.129** in this document. | * We will use our **cloud.radiusdesk.com** demo server which has an IP Address of **164.160.89.129** in this document. | ||
| * Our cloud.radiusdesk.com demo server has a site wide RADIUS shared secret of **testing123**. | * Our cloud.radiusdesk.com demo server has a site wide RADIUS shared secret of **testing123**. | ||
| Line 145: | Line 145: | ||
| === Modify the created Server Profile === | === Modify the created Server Profile === | ||
| + | * We need to tel the **hsprof1** Server Profile to make sure it use RADIUS. | ||
| + | * Connect to the Mikrotik' | ||
| + | * Select **IP → Hotspot**. Select the **Server Profiles** sub-tab and select **hsprof1** | ||
| + | * Make sure **Use RADIUS** is selected. | ||
| + | * Make sure **Interim Update** has a sane value e.g. 00:10:00 for every 10 minutes. | ||
| + | * Click **Apply** to save this value. | ||
| + | * You can optionally enable MAC authentication and the format of the MAC address. Select **XX-XX-XX-XX-XX-XX** to work with RADIUSdesk. | ||
| + | |||
| + | Your Mikrotik Hotspot is now configured. Next we will prepare RADIUSdesk. | ||
| + | |||
| + | ---------------- | ||
| + | |||
| + | ===== Prepare RADIUSdesk ===== | ||
| + | ==== Our Setup ==== | ||
| + | * The setup described here makes use of a VPS server that runs RADIUSdesk somewhere in the cloud. (We use cloud.radiusdesk.com) | ||
| + | * RADIUSdesk makes it super easy to add a RADIUS client to the FreeRADIUS server. | ||
| + | * Simply take care of the following items when you are pointing a RADIUS client to the RADIUSdesk server: | ||
| + | * Public IP Address of the RADIUSdesk server. | ||
| + | * Ensure the site wide shared secret is correct. (Check this with the person who configured the RADIUSdesk server) | ||
| + | * Ensure there is a unique identifier the RADIUS client can identify itself with to the server. (We did this by setting the Identity of the Mikrotik router.) | ||
| + | * After you took care of that simply reboot the Mikrotik router while it has an active Internet connection. | ||
| + | * It should then be reported under **New Arrivals - RADIUS**. | ||
| + | * The **New Arrivals - RADIUS** tab is closed by default. | ||
| + | * To launch it, click the **New Arrivals** button in the **RADIUS Clients** applet. | ||
| + | |||
| + | <panel type=" | ||
| + | {{: | ||
| + | </ | ||
| + | |||
| + | ---------- | ||
| + | |||
| + | ==== On-boarding a new arrival ==== | ||
| + | * After the Mikrotik appeared under the **New Arrivals - RADIUS** tab we can change it to a RADIUS Client. | ||
| + | <panel type=" | ||
| + | {{: | ||
| + | </ | ||
| + | * Select the new arrival you want to change and click on the **Attach** button. | ||
| + | * This will bring pop up a window where you can provide some detail. | ||
| + | * Give it a name: | ||
| + | <panel type=" | ||
| + | {{: | ||
| + | </ | ||
| + | * The **Monitor** and **Maps** sub-tabs you can leave as default. | ||
| + | * The Enhancements tab has some handy enhancements. You are also advised to enable auto close - We give it a value of one hour (3600 seconds) | ||
| + | <panel type=" | ||
| + | {{: | ||
| + | </ | ||
| + | * Finally select the realms that can use this RADIUS Client. | ||
| + | <panel type=" | ||
| + | {{: | ||
| + | </ | ||
| + | * After you click the **Next** button this item will be moved to the list of RADIUS Clients. You will see this item indicates that it never contacted the RADIUSdesk server. | ||
| + | * Simply reboot the Mikrotik to confirm that contact is now established. | ||
| + | * This brings us to the end of this section. | ||
| + | |||
| + | ----------- | ||
| + | |||
| + | ==== Testing it out ==== | ||
| + | * Reboot the Mikrotik | ||
| + | * Connect to the WiFi Access point which the wlan1 interface advertises and confirm the following | ||
| + | * You get an IP Address in the 10.5.50.x range | ||
| + | * The DHCP server assigns you a DNS server' | ||
| + | * As soon as you try to visit a website on the Internet you are redirected to the Mikrotik login page. | ||
| + | * Try to connect with a valid user defined in RADIUSdesk and confirm that the authentication works as intended. | ||
| + | * If things do not work correct; run a debug trace on FreeRADIUS and restart the Mikrotik router. | ||
| + | * Confirm that the Mikrotik router does send an Accounting-On packet to the RADIUS server by looking at the debug output of the FreeRADIUS server. | ||
| + | |||
| + | ------------- | ||
| + | |||
| + | ==== What next ==== | ||
| + | |||
| + | Although your system is up and running now you may want to do the following advanced configurations | ||
| + | |||
| + | * Introduce central managed Dynamic Login Pages for Mikrotik. | ||
| + | |||
| + | The Advanced setup page will cover these topics. | ||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||