Documentation Series

Learn About VISP App Dashboard

Help Documentations / Networks / Mikrotik Hotspot Configuration

Mikrotik Hotspot Configuration

Initial Setup

If you’re using a new Mikrotik router, we recommend resetting the device to remove the preinstalled configuration as it contains settings you will probably not need. You may also need to upgrade your RouterOS to the latest stable version, from mikrotik.com.

If you are using a Mikrotik that’s already running in a production network, we suggest that you make a backup of your current configuration. Go to Files > Backup, then click to backup your current configs to the file. Optionally drag-and-drop the new backup file to your desktop to save it locally.

Adding IP Addresses to the Mikrotik

Add an IP for your Hotspot network by going to IP > Addresses. Ensure you assign the IP address to the proper interface on which the switch or AP for the hotspot network will be connected. It is also best practice to put comments on the newly added subnet.

Mikrotik Hotspot Configuration - Visp App

Configuring the Hotspot Server

To configure a hotspot server, follow these steps:

  1. Click IP > Hotspot.
  2. Click the Hotspot Setup button to open the wizard.
  3. Select the correct interface for the hotspot network and then click Next.
  4. Verify the IP of the server, which should be the address you had created for the hotspot network, and click Next.
  5. Verify the IP range that’s automatically chosen for the hotspot users and click Next.
  6. Ignore the server certificate setting, at least for now, and click Next.
  7. Accept the default IP Address of SMTP Server (0.0.0.0) or ignore the setting and click Next.
  8. Verify that the DNS server address from your Internet connection is entered and click Next. If you don’t want to use the DNS server from your uplink provider and prefer to use public DNS instead, you can create one here and click Next.
  9. Finally, create a local hotspot user as required in the setup process; then click Next.

 

Hotspot Server

Double-click on the new hotspot server that is created (usually named ‘hotspot1’) and perform the following steps:Mikrotik Hotspot Configuration - Visp App

  1. On the Address Pool option, select ‘none’ from the drop-down (reason: addresses are assigned by DHCP, so this is redundant and can cause issues).
  2. Set the login-timeout to five minutes (00:05:00), If the device hasn’t self-authorized within this timeframe, the host entry gets deleted from the host table. This loop repeats until the device is authenticated.
  3. Click the Reset HTML button on the right, confirm by clicking Yes.

 

Server Profile

Edit the server profile created in the last step (by default named hsprof1) by double-clicking on it.

Mikrotik Hotspot Configuration - Visp App

  1. Click RADIUS
  2. Select ‘Use Radius’
  3. Ensure ‘Accounting’ is checked
  4. NAS Port Type = 19 (Wireless-802.11)
  5. Click the Login tab
  6. Check MAC, HTTP CHAP, HTTP PAP, uncheck Cookie
  7. Enter ‘visp’ (no quotes) as MAC Auth Password

 

User Profile

Edit the User profile by double-clicking it and performing the following steps:

  1. If the ‘Keepalive Timeout’ option has a value in it, click the up-arrow to the right of it to disable the Keep alive timeout.
  2. Make sure that the ADD MAC COOKIE OPTION is unchecked.Mikrotik Hotspot Configuration - Visp App
  3. Choose the Scripts tab and paste the following line into the On Logout section:  /ip hotspot host remove [find where address=”$address” and !authorized and !bypassed] Mikrotik Hotspot Configuration - Visp App

 

IP Bindings

IP-Binding allows specifying the subnet that is only allowed to authenticate to the hotspot server. It also helps to eliminate unwanted traffic.

To allow authentication only within the Hotspot network.

  • Add the Hotspot network address on the address box
  • Set server = all or specific server
  • Set type = regular

To block unwanted hosts/subnets from the HotSpot network (Eliminating Unwanted Traffic).

  • Add a quad-zero route (0.0.0.0/0) on the address box
  • Set server = all or specific server
  • Set type = blocked

Mikrotik Hotspot Configuration - Visp App

Note: Make sure that the drop rule is added last on the list. It will block all traffic if it’s added to the top.

Walled Garden IP List

Walled-garden IP list allows you to add URLs or websites which are accessible for clients without authorization. This is where we will be adding the URL for the payment portal, signup page and login page.

  1. Add (+ symbol)
  2.  Action > accept
  3. Set Dst. Host: ocsp.godaddy.com
  4. Add another the same way with Dst Host: vportal.visp.net
  5. Add another the same way with Dst Host: wlogin.userservices.net
  6. When using RouterOS v7, we recommend adding a rule to accept traffic going to the Hotspot gateway or IP address. Add another the same way with Dst Host: Hotspot IP (example: 100.64.0.1)

Mikrotik Hotspot Configuration - Visp App

Queues

  1. Select the Queue Types tab, and then double-click the default-small queue to open it.
  2. Change the default-small queue Kind value to ‘SFQ’ and leave the default settings.

Mikrotik Hotspot Configuration - Visp App

SFQ and RED are the two best at large connections. However, RED randomly drops packets when the connection begins to become congested. That’s ok for big pipes like 1gbps that shouldn’t be congested often. It’s not so great for home internet that you expect to be hitting these limits regularly. You don’t want to drop UDP traffic. Games and VoIP don’t do well with packet loss.

SFQ will insert delay which will slow down the TCP connections, generally without packet loss. The weakness of SFQ is the resources consumed in the router. However modern MikroTik’s have more than enough resources to manage SFQ’s. In general, SFQ is recommended for the setup.

Files

  1. Populate the fields below for your ISP domain eg. Visp.net and optionally the Location ID (which can be left blank). Use the “Generate Login.html File” to download a customized login.html which will be placed in your router.
  2. Drag the login.html file from your desktop into the HTML directory specified on the Hotspot Server profile.

Mikrotik Hotspot Configuration - Visp App

RADIUS Servers

Follow the instructions on this page to configure the RADIUS servers.

1. Allow Pre-signup Authentication

Let’s say you have a building that buys internet access from you that it supplies free and anonymously for all tenants. You earn revenue from the main connection but also when tenants upgrade to faster packages. Before, each of those tenants could not connect their…

2. Set-up SmartSession Authentication

VISP’s HyperRadius has many unique powerful features, one of which is SmartSession. SmartSession will allow you to make changes to your subscribers that are authenticated on Mikrotik devices, on the fly, including disconnects and package speed changes, right from…

3. Assigning a Static IP Address

When assigning static IP addresses through Visp.net, we recommend setting the IP into static if it is not included in the DHCP server’s address pool. Visp can’t tell Mikrotik which IP is not available for leases. When the static option is enabled, the RADIUS will…

4. Location ID

Setting up a location ID for your internet package allows you to: Restrict the location where the package is displayed on the signup page. Apply location-based authentications. Use the location ID of the customer’s subscribed package to filter the upgrade package list…

5. RADIUS Configuration

This section configures your Mikrotik router to communicate with the Visp.net HyperRADIUS servers. Critical Note: For the Multi-ISP setup, you must use these proxy servers: 52.37.68.81 and 52.11.17.135. Primary Click Radius (left) and click (+) symbol to add a radius…

6. Mikrotik DHCP Configuration

Client Isolation Recommendations AP’s should use Client-Isolation. This reduces load and improves reliability. Repeating broadcast messages between subscribers increases network load and can allow for rogue DHCP servers or other broadcast services to exist on the…

7. PPPoE Configuration

These instructions assume that you have a new Mikrotik with little to no existing configuration. It specifies certain IP ranges which are commonly used; however, you can replace the IP ranges referenced below with your own custom ranges if you wish. Likewise, if you…

8. Mikrotik Hotspot Configuration

Initial Setup If you’re using a new Mikrotik router, we recommend resetting the device to remove the preinstalled configuration as it contains settings you will probably not need. You may also need to upgrade your RouterOS to the latest stable version, from…

9. Automation Profile: Low Stock Notification or Reordering

If you’re running low on certain equipment or devices, set up an automation profile to refill your stocks. This feature will either alert you when inventory drops below a certain level or it can automatically create a purchase order in Visp to the supplier. Follow…
?