Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Web Design

Document 12643125

advertisement 
University of Babylon, IT College
Information Network Dep., Third Class, Second Semester
MTCNA Course
MikroTik Certified Network Associate
2015-2016
By M.Sc. I.T Alaa A. Mahdi
HotSpot
HotSpot is a way to authorize users to access some
network resources, but does not provide traffic
encryption.
To log in, users may use almost any web browser
(either HTTP or HTTPS protocol), so they are not
required to install additional software.
The gateway is accounting the uptime and amount of
traffic each client have used, and also can send
this information to a RADIUS server.
The HotSpot system may limit each particular user's
bitrate, total amount of traffic, uptime and some
other parameters
• The HotSpot system is targeted to provide
authentication within a local network (for
the local network users to access the
Internet). It is possible to allow users to
access
some
web
pages
without
authentication using Walled Garden feature.
• The MikroTik HotSpot Gateway provides
authentication for clients before access to
public networks .
HotSpot Gateway features:
• Different authentication methods of clients using local
client database on the router, or remote RADIUS
server;
• Users accounting in local database on the router, or on
remote RADIUS server;
• Walled-garden system, access to some web pages
without authorization;
• Login page modification, where you can put
information about the company;
• Automatic and transparent change any IP address of a
client to a valid address;
HotSpot Setup
• The simplest way to setup HotSpot server
on a router is by /ip hotspot setup
command. Router will ask to enter
parameters required to successfully set up
HotSpot.
When
finished,
default
configuration will be added for HotSpot
server.
Interface name
• Interface name on which to run HotSpot.
• To run HotSpot on a bridge interface, make
sure public interfaces are not included to the
bridge ports.
local address of network
• local address of network (IP) which is
HotSpot gateway address
IP address to redirect SMTP (e-mails) to
your SMTP server
dns servers
• dns servers (IP) DNS server addresses used
for HotSpot clients, configuration taken
from /ip dns menu of the HotSpot gateway
name of local hotspot user
• name of local hotspot user (string; Default:
"admin") username of one automatically
created HotSpot user, added to /ip hotspot
user
HotSpot default setup
additional configuration:
creates
1- DHCP-Server on HotSpot Interface.
2- Pool for HotSpot Clients.
3- Dynamic Firewall rules (Filter and NAT).
ip hotspot active
• HotSpot active menu shows all clients
authenticated in HotSpot.
Menu is informational, it is not possible to
change anything here.
ip hotspot host
• Host table lists all computers connected to
the HotSpot server. Host table is
informational and it is not possible to
change any value there.
Users
• This is the menu, where client's
user/password information is actually
added, additional configuration options for
HotSpot users are configured here as well .
User Profile
• User profile menu is used for common
HotSpot client settings. Profiles are like
User groups with the same set of settings,
rate-limit, filter chain name, etc.
rate-limit
Simple dynamic queue is created for user,
once it logs in to the HotSpot. Ratelimitation is configured in the following
form
[rx-rate[/tx-rate] [rx-burst-rate[/tx-burstrate]
[rx-burst-threshold[/tx-burstthreshold] [rx-burst-time[/tx-burst-time]
[priority] [rx-rate-min[/tx-rate-min]]]].
512k/512k 1m/1m 256k/256k 28/28
For example, to set 1M download, 512k
upload for the client, rate-limit=512k/1M
shared-users (integer; Default: 1)Allowed
number of simultaneously logged in users
with the same HotSpot username.
IP Bindings
• IP-Binding HotSpot menu allows to:
• Setup static One-to-One NAT translations,
• Allows to bypass specific HotSpot clients
without any authentication, and also
• Allows to block specific hosts and subnets
from HotSpot network
• address (IP Range; Default: "")The
original IP address of the client
• mac-address (MAC; Default: "")MAC
address of the client
• server (string | all; Default: "all")Name of
the HotSpot server. all - will be applied to
all hotspot servers
• to-address (IP; Default: "")New IP address
of the client, translation occurs on the router
(client does not know anything about the
translation)type (blocked | bypassed |
regular; Default: "")
Type of the IP-binding action
• regular - performs One-to-One NAT
according to the rule, translates address to
to-address
• bypassed - performs the translation, but
excludes client from login to the HotSpot
• blocked - translation is not performed and
packets from host are dropped
Walled Garden
• You may wish not to require authorization for
some services (for example to let clients access
the web server of your company without
registration), or even to require authorization
only to a number of services (for example, for
users to be allowed to access an internal file
server or another restricted area). This can be
done by setting up Walled Garden system.
action
• Action to perform, when packet matches the
rule
• allow - allow access to the web-page
without authorization
• deny - the authorization is required to
access the web-page
• server (string; Default: )Name of the HotSpot
server, rule is applied to.
• src-address (IP)Source address of the user,
usually IP address of the HotSpot client
• method (string; Default: )HTTP method of the
request
• dst-host (string; Default: )Domain name of the
destination web-server
• dst-port (integer; Default: )TCP port number,
client sends request to
• path (string; Default: )The path of the request,
path comes after '''http://dst_host/'''
IP Walled Garden
• Walled-garden menu for the IP requests
(Winbox, SSH, Telnet, etc.)
• action (allow | deny | reject; Default: allow)Action
to perform, when packet matches the rule
• allow - allow access to the web-page without
authorization
• deny - the authorization is required to access the
web-page
• reject - the authorization is required to access the
resource, ICMP reject message will be sent to
client, when packet will match the rule
• server (string; Default: )Name of the HotSpot
server, rule is applied to.src-address (IP; Default:
)Source address of the user, usually IP address of
the HotSpot client
• dst-address (IP; Default: )Destination IP
address, IP address of the WEB-server.
Ignored if dst-host is already specified.
• dst-host (string; Default: )Domain name of
the destination web-server. When this
parameter is specified dynamic entry is
added to Walled Garden
• dst-port (integer; Default: )TCP port
number, client sends request to
• protocol (integer | string; Default: )IP
protocol
• Important Links
• http://wiki.mikrotik.com/wiki/How_to_mak
e_transparent_web_proxy
• http://wiki.mikrotik.com/wiki/Manual:Hots
pot_Introduction
• http://wiki.mikrotik.com/wiki/Manual:IP/H
otspot/User
Related documents
Grat WiFi
Grat WiFi
The Main Goal of this presentation is show you the wireless
The Main Goal of this presentation is show you the wireless
Chapter 6 Notes - Garnet Valley School District
Chapter 6 Notes - Garnet Valley School District
PPT
PPT
RouterBOARD 1000 as a User Manager
RouterBOARD 1000 as a User Manager
Setting-up a Wandy preconfigured with default Hotspot configuration.
Setting-up a Wandy preconfigured with default Hotspot configuration.
Download
advertisement