Mikrotik Aradial Configuration Guide

Mikrotik Router OS - Setup and Configuration Guide for Aradial Radius Server
Mikrotik Router OS Installation and Configuration for Aradial and Spotngo.
2006 Aradial
This document contains proprietary and confidential information of Aradial and Spotngo and shall not be reproduced or transferred to other documents, disclosed to others, or used for any purpose other than that for which it is furnished, without the prior written consent of Aradial. It shall be returned to the Aradial upon request. The trademark and service marks of Aradial, including the Aradial logo, are the exclusive property of Aradial, and may not be used without permission. The trademark and service marks of Spotngo, including the Spotngo logo, are the exclusive property of Spotngo, and may not be used without permission. All other marks mentioned in this material are the property of their respective owners. http://www.aradial.com
0H
http://www.radius-server.com
1H
http://www.wifi-radius.com
2H
http://www.spotngo.ca
3H
Document Information
Software Version: Document Version: Publication Date: Author 3.x 1.0 January 2006 Tomer Shahaf
Page 2
Copyrights 2006 Aradial & Spotngo http://www.aradial.com & http://www.spotngo.ca
Contents
Overview ............................................................................................................................................................... 4 General................................................................................................................................................................ 4 Sample Network deployments........................................................................................................................... 5 Centralized Deployment: .............................................................................................................................. 5 Localized Deployment:................................................................................................................................. 6 Mikrotik Router OS Installation ........................................................................................................................ 8 CD Installation............................................................................................................................................... 8 Initial Configuration ......................................................................................................................................... 12 IP configuration through the command line interface ............................................................................... 12 Winbox GUI configuration...................................................................................................................... 16 Winbox GUI configuration...................................................................................................................... 16 Hotspot Configuration:.....................................................................................................................................20
Page 3
Overview
General
This document is created to provide a sample deployment guide for a centralized deployment utilizing Aradial Radius server, Spotngo Payment module and Mikrotik Router OS Network Access Server. The document contains information relevant to central, localized and distributed network deployments. Additional documentation for Aradial, Spotngo Payment module and Mikrotik are available in their respective installations. Aradial Documentation is located in the 'Docs' folder or can be opened from the 'start', 'programs,' Aradial, selecting Manual. Aradial Web Admin is available at: http://locahost:8000 (user: admin, password: password). Aradial Client Web Self Care module is available at: http://locahost:8001 Aradial Hotspot Captive Portal is located at: http://locahost:8002 Spotngo Captive portal is available at: https://localhost Spotngo Web Admin is available at https://localhost/Payment?page=mainadmin This document intended for the configuration of the network assuming Aradial and Spotngo Payment Modules are installed.
Page 4
Sample Network deployments

Centralized Deployment:
Typical Deployments: Hotspot service Providers, ISP, WISP, VOIP, Corporate, hosted solution, etc. Aradial and Spotngo Payment Module are installed at the NOC, Network Operation Center, Data Center, Hosted environment or Head office. Mikrotik gateway / Access controller (Network Access Server) installed on site at internet point of presence. Client redirection and AAA Radius requests will be sent by the Mikrotik unit to the centralized Radius server and billing solution for processing. Sample network diagrams:
Centralized deployment for multiple Points of Presence

Hotzone 1
Mikrotik Access Controller
Modem
Hotzone n
` Wired Client AP Switch
Hotzone 2 AC / AP
Head Office / NOC
PDA
` PC with Wireless Client
PDA
Laptop
Integrated Mikrotik Access Controller & Access Point
Laptop Computer with Wireless Card
Page Redirect + Session control
Centralized Aradial Radius Server Including:

Captive portal Web Self Care User Database Optional Payment Module
PDA When the user tries to surf the Access Controller redirects him to a SSL secured login page
Laptop
Notes: Hotzones are located at a different geographical location each with their own internet connection. Access controllers will perform the AAA (Authentication, Authorization and Accounting) through the centralized Aradial Server. The network further supports roaming, and custom branding per location, dealers and affiliates. Aradial Radius server can be deployed in a redundant high availability. Supports a wide range of access controller and access points. Please Inquire for additional information
Page 5
Centralized WISP and Hot Zones Single Point of Presence
lL ink
Ba ckh au
Back Link haul
Wireless client, PC, IP phone
NOC / Head Office

Base station Equipment Internet Point of presence Wireless Clients Modem Mikrotik Access controller Switch Building 1 Backhaul base station Access points Local service
Aradial Radius Server Web self care Billing Module Captive Portals
Localized Deployment:
Typically used in stand alone venues including air ports, hotels, small ISP, WISP, call shops, cyber cafes and corporate. The Aradial radius server, Billing solution and Access controller are all deployed locally on site.
Sample Network Diagrams:
Page 6
In the sample network diagram above, the Mikrotik will provide session control, captive portal redirection and authentication for wired clients connected to the switch or wireless clients connected through the Access points.
MP l PT khau c Ba
Page 7
SSL Secured Authentication for Wireless Local and remote deployment

WAN IP: Based on internet connection LAN IP: 192.168.5.1 DHCP Server: 192.168.5.100 192.168.5.149
Local Authentication
xDSL / Cable Etc.
Modem
Router
Static IP: 192.168.5.10 xDSL / Cable
Switch
Aradial Radius Server + Login Page Web Server
Remote Locations
Modem
WAN IP: 192.168.5.12 Static LAN IP: Hotspot defined Integrated Mikrotik Access Controller & Access Point
WAN IP: 192.168.5.11 Static LAN IP: Hotspot defined
` PDA PC Computer with Wireless Card When the user tries to surf the Access Controller redirects him to a SSL secured login page
PDA When the user tries to surf the Access Controller redirects him to a SSL secured login page
Laptop
Laptop Computer with Wireless Card
***Note: All IP assignments in this diagram are for example only and should be replaced with existing network IPs. The Mikrotik LAN IP will be assigned during the Hotspot setup.
***Note: All IP assignments in this diagram are for example only and should be replaced with existing network IP addresses. The Mikrotik LAN IP will be assigned during the Hotspot setup and the hotspot DHCP server will assign IP to the clients. Static IP Clients out of the range of the hotspot will be assigned local IP which will bind to the client preset IP to support service to any IP.
Mikrotik Router OS Installation

CD Installation
To install the RouterOS using a CD you will need a CD-writer and a blank CD. Burn the CD-image (an .iso file) to a CD. The archive with image can be downloaded from the Mikrotik Download site: Follow the instructions to install RouterOS using CD-Install: 1. After downloading the CD image from www.mikrotik.com you will have an ISO file on your computer:
Page 8
2.
Open a CD Writing software, like Ahead NERO as in this example:
3.
In the program, choose Burn Image entry from the Recorder menu (there should be similary named option in all major CD burning programs):
Page 9

4. Select the recently extracted ISO file and click Open:
5.
Finally, click Burn button:
6. 7.
Set the first boot device to CDROM in router's BIOS. After booting from CD you will see a menu where to choose packages to install:
Page 10
Welcome to MikroTik Router Software installation Move around menu using 'p' and 'n' or arrow keys, select with 'spacebar'. Select all with 'a', minimum with 'm'. Press 'i' to install locally or 'r' to install remote router or 'q' to cancel and reboot. [X] system [X] ppp [X] dhcp [X] advanced-tools [X] arlan [X] gps [X] hotspot [X] isdn [X] lcd [X] ntp [X] radiolan [X] routerboard [X] routing [X] security [X] synchronous [X] telephony [X] ups [X] web-proxy [X] wireless
Follow the instructions, select needed packages, and press 'i' to install the software. I would select all packages as future services requirements might expand. 8. You will be asked for 2 questions:
Warning: all data on the disk will be erased! Continue? [y/n]
Press [Y] to continue or [N] to abort the installation.

Do you want to keep old configuration? [y/n]:
You should choose whether you want to keep old configuration (press [Y]) or to erase the configuration permanently (press [N]) and continue without saving it. For a fresh installation, press [N].
Creating partition... Formatting disk...
The system will install selected packages. After that you will be prompted to press 'Enter'. Before doing that, remove the CD from your CD-Drive:
Software installed. Press ENTER to reboot
Once the Router OS is installed please contact us to arrange for the Mikrotik License purchase. For WRAP boards and generic PC, we also offer the licensed Mikrotik Router OS preinstalled on Compact Flash.
Page 11
Initial Configuration
IP configuration through the command line interface
The newly installed router OS needs to be initially configured with an IP address through the command line interface prior being able to continue the configuration through the Winbox or web interface. The command line interface can be accessed via a keyboard and monitor connected to the PC, or through remote terminal such as Windows hyper terminal and a Null Modem cable. The settings for Windows hyper terminal are:
The default admin login credentials: username: admin and no password. Username: admin Password:
Page 12
IP Address for the unit can be either statically or dynamically assigned.
Static IP assignment: Once logged in to the command line interface, Type: Setup And the following menu will appear:
[admin@MikroTik] > setup Setup uses Safe Mode. It means that all changes that are made during setup are reverted in case of error, or if Ctrl-C is used to abort setup. To keep changes exit setup using the 'x' key. [Safe Mode taken] Choose options by pressing one of the letters in the left column, before dash. Pressing 'x' will exit current menu, pressing Enter key will select the entry that is marked by an '*'. You can abort setup at any time by pressing Ctrl-C. Entries marked by '+' are already configured. Entries marked by '-' cannot be used yet. Entries marked by 'X' cannot be used without installing additional packages. r - reset all router configuration + l - load interface driver + a - configure ip address and gateway + d - setup dhcp client * s - setup dhcp server p - setup pppoe client t - setup pptp client x - exit menu your choice [press Enter to setup dhcp server]:
Type: a To configure IP address and gateway.

your choice [press Enter to setup dhcp server]: a + a - add ip address + g - setup default gateway * x - exit menu your choice:
Type: a To add IP address. Select the interface you would like the IP assigned to typically the WAN IP is assigned to ether1 Enter the IP address and the CIDR for example: 192.168.8.54/24 Then add the gateway by typing: g Add the gateway to the network, in this example: 192.168.8.1 Then x to exit the setup.
your choice [press Enter to add ip address]: a enable interface: ether1
Page 13
ip address/netmask: 192.168.8.54/24 #Enabling interface /interface enable ether1 #Adding IP address /ip address add address=192.168.8.54/24 interface=ether1 comment="added by \ setup" + a - add ip address * g - setup default gateway x - exit menu your choice [press Enter to setup default gateway]: g gateway: 192.168.8.1 #Adding default route /ip route add dst-address=0.0.0.0/0 gateway=192.168.8.1 comment="added by \ setup" + a - add ip address + g - setup default gateway * x - exit menu your choice: x r - reset all router configuration + l - load interface driver + a - configure ip address and gateway d - setup dhcp client * s - setup dhcp server p - setup pppoe client t - setup pptp client x - exit menu your choice [press Enter to setup dhcp server]: x [Safe Mode released] Setup completed successfully. Following commands were executed during this setup: #Enabling interface /interface enable ether1 #Adding IP address /ip address add address=192.168.8.54/24 interface=ether1 comment="added by \ setup" #Adding default route /ip route add dst-address=0.0.0.0/0 gateway=192.168.8.1 comment="added by \ setup"
At this point, we can continue the configuration through the Winbox interface with the newly assigned IP address.
Dynamic DHCP IP assignment: Once logged in to the command line interface, Type: Setup And the following menu will appear:
[admin@MikroTik] > setup Setup uses Safe Mode. It means that all changes that are made during setup are reverted in case of error, or if Ctrl-C is used to abort setup. To keep changes exit setup using the 'x' key.
Page 14
[Safe Mode taken] Choose options by pressing one of the letters in the left column, before dash. Pressing 'x' will exit current menu, pressing Enter key will select the entry that is marked by an '*'. You can abort setup at any time by pressing Ctrl-C. Entries marked by '+' are already configured. Entries marked by '-' cannot be used yet. Entries marked by 'X' cannot be used without installing additional packages. r - reset all router configuration + l - load interface driver + a - configure ip address and gateway + d - setup dhcp client * s - setup dhcp server p - setup pppoe client t - setup pptp client x - exit menu your choice [press Enter to setup dhcp server]:
Type: d to set up dhcp client Select the interface to assign the DHCP client to, typically: ether1
your choice [press Enter to configure ip address and gateway]: d interface: ether1 #Adding DHCP client /ip dhcp-client add disabled=no interface=ether1 comment="added by setup" r - reset all router configuration + l - load interface driver * a - configure ip address and gateway + d - setup dhcp client s - setup dhcp server p - setup pppoe client t - setup pptp client x - exit menu your choice [press Enter to configure ip address and gateway]: x [Safe Mode released] Setup completed successfully. Following commands were executed during this setup: #Adding DHCP client /ip dhcp-client add disabled=no interface=ether1 comment="added by setup" [admin@MikroTik] >
Page 15
Winbox GUI configuration.

Winbox is the graphical user interface for configuring the Mikrotik Router OS. There are two ways to access the device via Winbox. You can download the winbox application from the router or through the DUDE.
Downloading the winbox from the router: 1. 2. 3. 4. Open a web browser and type the address assigned to the router: Then click on Download it link on the top left to download the Winbox. See router page below. Once downloaded, you can run it to access the router, enter the device IP address, username and password. The default credentials are username: admin and no password.
Page 16
Page 17
Winbox through the DUDE: The Dude network monitor is a new application by MikroTik which can dramatically improve the way you manage your network environment. It can automatically scan all devices within specified subnets, draw and layout a map of your networks, monitor services of your devices and alert you in case some service has problems. You can download the Dude from: http://www.mikrotik.com/thedude.php Once installed and running, click on discover, verify the network address and subnet are for the range of the newly installed Router OS, and click discover. Alternatively, you can right click the window and add a device.
Page 18
Once the devices are discovered and displayed as below, you can right click on the Router OS select tools then select Winbox. The Winbox GUI: Winbox is one of the main tools used in deploying and configuring the router OS. In this portion of the manual we will concentrate on the hotspot configuration, additional deployment types will be added in the future.
Page 19
Hotspot Configuration:
The hotspot configuration includes the following settings: The Radius server configuration Hotspot setup Editing the profile Adding the walled garden IP in the IP list for the Aradial Captive portal Replacing the built in Captive portal with a redirect file for the Aradial Captive portal or the Spotngo Payment Module. 6. Replacing the Status Page and adding an image. 1. 2. 3. 4. 5.
Radius Server Configuration: On the left hand menu, select the Radius. Page 20 Copyrights 2006 Aradial & Spotngo http://www.aradial.com & http://www.spotngo.ca
Then in the radius window click on the + sign to add a radius server.
At the Add radius window: 1. Select hotspot 2. Enter the Radius server IP 3. Enter the shared secret 4. Click on Apply 5. Click OK
Page 21
Hotspot Setup: On the Left hand menu go to IP then Hotspot. Then click on the + sign to add an hotspot interface.
Click on Setup Select the hotspot interface typically ether2 or Wlan1
Select the desire ip address for the Hotspot
Select the IP address range
Page 22
If you have an SSL certificate for the Mikrotik Already, enter it now or you can add it later.
If you would like to offer SMTP server to your hotspot clients, enter it now, or you can enter it later. Most Hotspot providers will not add their SMTP server to avaid clients registering for short period and using their servers for spam.
Enter the DNS server for the Mikrotik. Typically if it is behind another gateway, you should enter the IP of the gateway as well for local DNS.
Enter the local DNS name for the Mikrotik. This is used for the Aradial Radius server Portal posting. It can further be changed in the Aradial and Spotngo Portal to match the service providers choice for the local DNS name.
Enter an admin hotspot user for local account in case you have to get in through the captive portal when to correct a miss configuration. Page 23 Copyrights 2006 Aradial & Spotngo http://www.aradial.com & http://www.spotngo.ca
Set up should now have completed successfully. Editing the Hotspot profile: The hotspot profile is used to further control the hotspot setting including the login page to be used and for the radius authentication.
In the main hotspot menu, click on profiles and double click the profile you would like to edit. On the Tab menu on top, go to Login
In the Login menu, uncheck the HTTP CHAP and Cookie and check the HTTP PAP
Page 24
Proceed to the Radius Tab And select use Radius and accounting.
Click Apply an OK. At this point you are ready to log in through the built in Mikrotik Captive Portal with a user in your radius server. If you have not added the NAS in the Aradial Radius Server, now is a good time to do so. In the Aradial Main Admin, go to Server Configurations Then select Add NAS Enter the name of the new NAS, IP address, secret and for the NAS model select Mikrotik. For NAS server on dynamic IP, add the NASID as sent by the Mikrotik and the secret and select dynamic IP. The NASID setting in the Mikrotik is located under System side menu and Identity submenu.
Page 25
Walled Garden: Walled garden is the allowed sites which can be accessed prior authentication by the hotspot clients. Typically used for the service providers captive portal, their site, additional information bout the venue, terms and conditions, etc In Order for External Captive portal redirection to work, it has to be added to the Walled garden list of allowed IP. In the Hotspot window, click on the Walled Garden in the top menu. Then click on IP List.
Then click on the + sign to add a location. Select the hotspot server you would like the rule to apply to. Select the Destination IP And the destination ports Optional
Note: the check mark on the side of the setting mean NOT (!), if checked the rule will apply to NOT hotspot1.
External Captive portal redirection: Page 26 Copyrights 2006 Aradial & Spotngo http://www.aradial.com & http://www.spotngo.ca
The Mikrotik internal Captive Portal ca be replaced with an External captive portal redirection. On the side menu go to files, and replace the login.html file under the hotspot directory with a new login.html containing the following redirect code. Login.html for Spotngo Payment Module portal:
<html> <head> <title>...</title> <meta http-equiv="refresh" content="0; url=https://r01.spotngo.net:8025/Payment?AP=MT"> <meta http-equiv="pragma" content="no-cache"> <meta http-equiv="expires" content="-1"> </head> <body> </body> </html>
Page 27
Page 28
Login.html for Aradial portal:

<html> <head> <title>...</title> <meta http-equiv="refresh" content="0; url=http://192.168.8.34:8002/Portal?AP=MT"> <meta http-equiv="pragma" content="no-cache"> <meta http-equiv="expires" content="-1"> </head> <body> </body> </html>
Page 29
Both Aradial and Spotngo Captive Portals support location branding and the parameter can be entered in the login.html redirect URL to identify the calling location and price groups. Additional Status page is available including the persistent popup window. Please let us know and we can send it to you. Page 30 Copyrights 2006 Aradial & Spotngo http://www.aradial.com & http://www.spotngo.ca

Mikrotik Aradial Configuration Guide

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Mikrotik Aradial Configuration Guide

Uploaded by

Copyright:

Available Formats

Mikrotik Router OS - Setup and Configuration Guide for Aradial Radius Server

Mikrotik Router OS Installation and Configuration for Aradial and Spotngo.

Copyrights 2006 Aradial & Spotngo http://www.aradial.com & http://www.spotngo.ca

Mikrotik Router OS Installation and Configuration for Aradial and Spotngo.

Copyrights 2006 Aradial & Spotngo http://www.aradial.com & http://www.spotngo.ca

Mikrotik Router OS Installation and Configuration for Aradial and Spotngo.

Copyrights 2006 Aradial & Spotngo http://www.aradial.com & http://www.spotngo.ca

Mikrotik Router OS Installation and Configuration for Aradial and Spotngo.

Sample Network deployments

Centralized deployment for multiple Points of Presence

Mikrotik Access Controller

Head Office / NOC

` PC with Wireless Client

Integrated Mikrotik Access Controller & Access Point

Laptop Computer with Wireless Card

Page Redirect + Session control

Centralized Aradial Radius Server Including:

Copyrights 2006 Aradial & Spotngo http://www.aradial.com & http://www.spotngo.ca

Mikrotik Router OS Installation and Configuration for Aradial and Spotngo.

Centralized WISP and Hot Zones Single Point of Presence

Back Link haul

Wireless client, PC, IP phone

NOC / Head Office

Sample Network Diagrams:

Copyrights 2006 Aradial & Spotngo http://www.aradial.com & http://www.spotngo.ca

Mikrotik Router OS Installation and Configuration for Aradial and Spotngo.

Copyrights 2006 Aradial & Spotngo http://www.aradial.com & http://www.spotngo.ca

Mikrotik Router OS Installation and Configuration for Aradial and Spotngo.

SSL Secured Authentication for Wireless Local and remote deployment

Page Redirect + Session control

Aradial Radius Server + Login Page Web Server

Page Redirect + Session control

Integrated Mikrotik Access Controller & Access Point

WAN IP: 192.168.5.11 Static LAN IP: Hotspot defined

Integrated Mikrotik Access Controller & Access Point

Laptop Computer with Wireless Card

Mikrotik Router OS Installation

Copyrights 2006 Aradial & Spotngo http://www.aradial.com & http://www.spotngo.ca

Mikrotik Router OS Installation and Configuration for Aradial and Spotngo.

Open a CD Writing software, like Ahead NERO as in this example:

Copyrights 2006 Aradial & Spotngo http://www.aradial.com & http://www.spotngo.ca

Mikrotik Router OS Installation and Configuration for Aradial and Spotngo.

Finally, click Burn button:

Copyrights 2006 Aradial & Spotngo http://www.aradial.com & http://www.spotngo.ca

Mikrotik Router OS Installation and Configuration for Aradial and Spotngo.

Press [Y] to continue or [N] to abort the installation.

Copyrights 2006 Aradial & Spotngo http://www.aradial.com & http://www.spotngo.ca

Mikrotik Router OS Installation and Configuration for Aradial and Spotngo.

Copyrights 2006 Aradial & Spotngo http://www.aradial.com & http://www.spotngo.ca

Mikrotik Router OS Installation and Configuration for Aradial and Spotngo.

IP Address for the unit can be either statically or dynamically assigned.

Type: a To configure IP address and gateway.

Copyrights 2006 Aradial & Spotngo http://www.aradial.com & http://www.spotngo.ca

Mikrotik Router OS Installation and Configuration for Aradial and Spotngo.

Copyrights 2006 Aradial & Spotngo http://www.aradial.com & http://www.spotngo.ca

Mikrotik Router OS Installation and Configuration for Aradial and Spotngo.

Copyrights 2006 Aradial & Spotngo http://www.aradial.com & http://www.spotngo.ca

Mikrotik Router OS Installation and Configuration for Aradial and Spotngo.

Winbox GUI configuration.

Copyrights 2006 Aradial & Spotngo http://www.aradial.com & http://www.spotngo.ca

Mikrotik Router OS Installation and Configuration for Aradial and Spotngo.

Copyrights 2006 Aradial & Spotngo http://www.aradial.com & http://www.spotngo.ca

Mikrotik Router OS Installation and Configuration for Aradial and Spotngo.

Copyrights 2006 Aradial & Spotngo http://www.aradial.com & http://www.spotngo.ca