Mikrotik aradial-configuration-guide

  • 1,775 views
Uploaded on

 

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
1,775
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
93
Comments
0
Likes
1

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Mikrotik Router OS - Setup andConfiguration Guide for Aradial Radius Server
  • 2. Mikrotik Router OS – Installation and Configuration for Aradial and Spotngo.©2012 AradialThis document contains proprietary and confidential information of Aradial and Spotngo and shall not be reproduced ortransferred to other documents, disclosed to others, or used for any purpose other than that for which it is furnished,without the prior written consent of Aradial. It shall be returned to the Aradial upon request.The trademark and service marks of Aradial, including the Aradial logo, are the exclusive property of Aradial, and maynot be used without permission. The trademark and service marks of Spotngo, including the Spotngo logo, are theexclusive property of Spotngo, and may not be used without permission. All other marks mentioned in this material arethe property of their respective owners. http://www.aradial.com0H http://www.radius-server.com1H http://www.wifi-radius.com2H http://www.spotngo.ca3HDocument InformationSoftware Version: 5.xDocument Version: 2.0Publication Date: July 2012Author Tomer ShahafPage 2 Copyrights ©201212 Aradial & Spotngo http://www.aradial.com & http://www.spotngo.ca
  • 3. Mikrotik Router OS – Installation and Configuration for Aradial and Spotngo. ContentsOverview....................................................................................................................................................................... 4 General ....................................................................................................................................................................... 4 Sample Network deployments ................................................................................................................................ 5 Centralized Deployment: .................................................................................................................................... 5 Localized Deployment: ....................................................................................................................................... 6 Mikrotik Router OS Initial Configuration ............................................................................................................. 8 IP configuration: .................................................................................................................................................. 8 Winbox – GUI configuration. ............................................................................................................................ 9 Hotspot Configuration:........................................................................................................................................... 14 Radius Server Configuration:........................................................................................................................... 15 Hotspot Setup:.................................................................................................................................................... 16 Editing the Hotspot profile: .............................................................................................................................. 20 Walled Garden: .................................................................................................................................................. 23 External Captive portal redirection:................................................................................................................. 24 Aradial URL Redirection links: ....................................................................................................................... 29Page 3 Copyrights ©201212 Aradial & Spotngo http://www.aradial.com & http://www.spotngo.ca
  • 4. Mikrotik Router OS – Installation and Configuration for Aradial and Spotngo.Overview GeneralThis document is created to provide a sample deployment guide for a centralized deployment utilizingAradial Radius server, Spotngo Payment module and Mikrotik Router OS Network Access Server.The document contains information relevant to central, localized and distributed network deployments.Additional documentation for Aradial, Spotngo Payment module and Mikrotik are available in theirrespective installations.Aradial Documentation is located in the Docs folder or can be opened from the start, programs,Aradial, selecting Manual.Aradial and Spotngo Web Services:Default Built in Web services:Aradial Web Admin is available at: http://locahost:8000 (user: admin, password: password).Aradial Client Web Self Care module is available at: http://locahost:8001Aradial Hotspot Captive Portal is located at: http://locahost:8002Spotngo Captive portal is available at: https://localhostSpotngo Web Admin is available at https://localhost/Payment?page=mainadminUsing IIS Web Server:Aradial Web Admin is available at: http://localhost/ardweb/ardadminis.dll (user: admin,password: password).Aradial Client Web Self Care module is available at: http://localhost/ardweb/ardwscis.dll(Login with the end user credentials)Aradial Hotspot Captive Portal is located at: http://localhost/ardweb/ardportalis.dllSpotngo Captive portal is available at: http://localhost/ardweb/spngpaymentis.dllSpotngo Web Admin is available athttp://localhost/ardweb/spngpaymentis.dll?page=mainadmin(user: admin, password: password).This document intended for the configuration of the network assuming Aradial and Spotngo PaymentModules are installed.Page 4 Copyrights ©201212 Aradial & Spotngo http://www.aradial.com & http://www.spotngo.ca
  • 5. Mikrotik Router OS – Installation and Configuration for Aradial and Spotngo. Sample Network deploymentsCentralized Deployment:Typical Deployments: Hotspot service Providers, ISP, WISP, VOIP, Corporate, hosted solution,etc.Aradial and Spotngo Payment Module are installed at the NOC, Network Operation Center, DataCenter, Hosted environment or Head office.Mikrotik gateway / Access controller (Network Access Server) installed on site at internet point ofpresence.Client redirection and AAA Radius requests will be sent by the Mikrotik unit to the centralizedRadius server and billing solution for processing.Sample network diagrams: Centralized deployment for multiple Points of Presence Hotzone 1 Mikrotik Access Controller Modem Hotzone n ` Switch Head Office / NOC Wired Hotzone 2 Client AP AC / AP PDA Laptop PDA ` Integrated Mikrotik Access Centralized Aradial Radius PC with Controller & Access Point Server Including: Page Wireless Client Captive portal Redirect Web Self Care Laptop Computer with + Session User Database Wireless Card control Optional Payment Module PDA Laptop Notes: Hotzones are located at a different geographical location each with their own internet connection. Access controllers will perform the AAA (Authentication, Authorization and Accounting) through When the user tries to surf the centralized Aradial Server. the Access Controller The network further supports roaming, and custom branding per redirects him to a SSL location, dealers and affiliates. secured login page Aradial Radius server can be deployed in a redundant – high availability. Supports a wide range of access controller and access points. Please Inquire for additional informationPage 5 Copyrights ©201212 Aradial & Spotngo http://www.aradial.com & http://www.spotngo.ca
  • 6. Mikrotik Router OS – Installation and Configuration for Aradial and Spotngo. Back ink haul lL au Link ckh BaLocalized Deployment:Typically used in stand alone venues including air ports, hotels, small ISP, WISP, call shops,cyber cafes and corporate. The Aradial radius server, Billing solution and Access controller are alldeployed locally on site.Sample Network Diagrams:Page 6 Copyrights ©201212 Aradial & Spotngo http://www.aradial.com & http://www.spotngo.ca
  • 7. Mikrotik Router OS – Installation and Configuration for Aradial and Spotngo. PT khau Ba MP l cIn the sample network diagram above, the Mikrotik will provide session control, captive portalredirection and authentication for wired clients connected to the switch or wireless clientsconnected through the Access points.Page 7 Copyrights ©201212 Aradial & Spotngo http://www.aradial.com & http://www.spotngo.ca
  • 8. Mikrotik Router OS – Installation and Configuration for Aradial and Spotngo. SSL Secured Authentication for Wireless Local and remote deployment WAN IP: Based on internet connection Local Authentication LAN IP: 192.168.5.1 DHCP Server: 192.168.5.100 – xDSL / Cable 192.168.5.149 Etc. Modem Router Static IP: 192.168.5.10 xDSL / Cable Remote Locations Page Modem Aradial Redirect Radius + Session Switch Server + control Page Login Page Redirect Web Server Integrated Mikrotik Access + Session Controller & Access Point control WAN IP: 192.168.5.12 – Static WAN IP: 192.168.5.11 – Static LAN IP: Hotspot defined LAN IP: Hotspot defined Integrated Mikrotik Access Controller & Integrated Mikrotik Access Point Access Controller & Access Point ` PC Computer with PDA Laptop PDA Wireless Card When the user tries to surf When the user tries to surf the Access Controller the Access ControllerLaptop Computer with redirects him to a SSL redirects him to a SSL Wireless Card secured login page secured login page ***Note: All IP assignments in this diagram are for example only and should be replaced with existing network IPs. The Mikrotik LAN IP will be assigned during the Hotspot setup. ***Note: All IP assignments in this diagram are for example only and should be replaced with existing network IP addresses. The Mikrotik LAN IP will be assigned during the Hotspot setup and the hotspot DHCP server will assign IP to the clients. Static IP Clients out of the range of the hotspot will be assigned local IP which will bind to the client preset IP to support service to any IP. Mikrotik Router OS Initial ConfigurationIP configuration:The new MikroTik Hardware comes preconfigured with the following services:  Dynamic DHCP Client on Ethernet port 1.  Firewall Rules blocking input from Ethernet port 1 (WAN)Page 8 Copyrights ©201212 Aradial & Spotngo http://www.aradial.com & http://www.spotngo.ca
  • 9. Mikrotik Router OS – Installation and Configuration for Aradial and Spotngo.  Ports 2-5 Switched together with Ether 2 as the Master.  IP Address 192.168.88.1/24 and DHCP Server in the range of 192.168.88.0/24 on switched Ethernet ports 2-5Winbox – GUI configuration.Winbox is the graphical user interface for configuring the Mikrotik Router OS.There are a few ways to download winbox application from the router, MikroTik website(www.mikrotik.com ) or from the DUDE Utility.Downloading the winbox from the router: 1. Open a web browser and type the address assigned to the router: 2. Then click on Download it link on the top left to download the Winbox. 3. See router page below. 4. Once downloaded, you can run it to access the router, enter the device IP address, username and password. The default credentials are username: admin and no password.Page 9 Copyrights ©201212 Aradial & Spotngo http://www.aradial.com & http://www.spotngo.ca
  • 10. Mikrotik Router OS – Installation and Configuration for Aradial and Spotngo.From recent FirmwarePage 10 Copyrights ©201212 Aradial & Spotngo http://www.aradial.com & http://www.spotngo.ca
  • 11. Mikrotik Router OS – Installation and Configuration for Aradial and Spotngo.From Older Firmware:Page 11 Copyrights ©201212 Aradial & Spotngo http://www.aradial.com & http://www.spotngo.ca
  • 12. Mikrotik Router OS – Installation and Configuration for Aradial and Spotngo.Winbox through the DUDE:The Dude network monitor is a new application by MikroTik which can dramatically improve theway you manage your network environment. It can automatically scan all devices within specifiedsubnets, draw and layout a map of your networks, monitor services of your devices and alert youin case some service has problems.You can download the Dude from: http://www.mikrotik.com/thedude.phpOnce installed and running, click on discover, verify the network address and subnet are for therange of the newly installed Router OS, and click discover.Alternatively, you can right click the window and add a device.Page 12 Copyrights ©201212 Aradial & Spotngo http://www.aradial.com & http://www.spotngo.ca
  • 13. Mikrotik Router OS – Installation and Configuration for Aradial and Spotngo.Once the devices are discovered and displayed as below, you can right click on the Router OSselect tools then select Winbox.The Winbox GUI:Winbox is one of the main tools used in deploying and configuring the router OS.In this portion of the manual we will concentrate on the hotspot configuration, additionaldeployment types will be added in the future.Page 13 Copyrights ©201212 Aradial & Spotngo http://www.aradial.com & http://www.spotngo.ca
  • 14. Mikrotik Router OS – Installation and Configuration for Aradial and Spotngo. Hotspot Configuration:The hotspot configuration includes the following settings: 1. The Radius server configuration 2. Hotspot setup 3. Editing the profile 4. Adding the walled garden IP in the IP list for the Aradial Captive portal 5. Replacing the built in Captive portal with a redirect file for the Aradial Captive portal or the Spotngo Payment Module. 6. Replacing the Status Page and adding an image.Page 14 Copyrights ©201212 Aradial & Spotngo http://www.aradial.com & http://www.spotngo.ca
  • 15. Mikrotik Router OS – Installation and Configuration for Aradial and Spotngo.Radius Server Configuration:On the left hand menu, select the Radius.Then in the radius window click on the + sign to add a radius server.At the Add radius window: 1. Select hotspot 2. Enter the Radius server IP 3. Enter the shared secret 4. Click on Apply 5. Click OKPage 15 Copyrights ©201212 Aradial & Spotngo http://www.aradial.com & http://www.spotngo.ca
  • 16. Mikrotik Router OS – Installation and Configuration for Aradial and Spotngo.Hotspot Setup:On the Left hand menu go to IP then Hotspot.Then click on the + sign to add an hotspot interface.Page 16 Copyrights ©201212 Aradial & Spotngo http://www.aradial.com & http://www.spotngo.ca
  • 17. Mikrotik Router OS – Installation and Configuration for Aradial and Spotngo.Click on SetupSelect the hotspot interface typically ether2 or Wlan1Select the desire ip address for the HotspotPage 17 Copyrights ©201212 Aradial & Spotngo http://www.aradial.com & http://www.spotngo.ca
  • 18. Mikrotik Router OS – Installation and Configuration for Aradial and Spotngo.Select the IP address rangeIf you have an SSL certificate for the Mikrotik Already, enter it now or you can add it later.If you would like to offer SMTP server to your hotspot clients, enter it now, or you can enter it later.Most Hotspot providers will not add their SMTP server to avaid clients registering for short periodand using their servers for spam.Enter the DNS server for the Mikrotik.Typically if it is behind another gateway, you should enter the IP of the gateway as well for localDNS.Page 18 Copyrights ©201212 Aradial & Spotngo http://www.aradial.com & http://www.spotngo.ca
  • 19. Mikrotik Router OS – Installation and Configuration for Aradial and Spotngo.Enter the local DNS name for the Mikrotik. This is used for the Aradial Radius server Portalposting. It can further be changed in the Aradial and Spotngo Portal to match the serviceprovider’s choice for the local DNS name.Aradial Default setting is: wireless.aradial.comEnter an admin hotspot user for local account in case you have to get in through the captive portalwhen to correct a miss configuration.This users credentials will be stored on the router and the authorization requests will not be sentAradial.Page 19 Copyrights ©201212 Aradial & Spotngo http://www.aradial.com & http://www.spotngo.ca
  • 20. Mikrotik Router OS – Installation and Configuration for Aradial and Spotngo.Set up should now have completed successfully.Editing the Hotspot profile:The hotspot profile is used to further control the hotspot setting including the login page to be usedand for the radius authentication.In the main hotspot menu, click on Server Profiles and double click the profile you would like toedit.On the Tab menu on top, go to LoginPage 20 Copyrights ©201212 Aradial & Spotngo http://www.aradial.com & http://www.spotngo.ca
  • 21. Mikrotik Router OS – Installation and Configuration for Aradial and Spotngo.In the Login menu, uncheck the HTTP CHAP and Cookie and check the HTTP PAPPage 21 Copyrights ©201212 Aradial & Spotngo http://www.aradial.com & http://www.spotngo.ca
  • 22. Mikrotik Router OS – Installation and Configuration for Aradial and Spotngo.Proceed to the Radius TabAnd select use Radius and accounting.Enabling interim updates: Under Interim Update, set the time interval for the mikrotik to sendinterim accounting updates to Aradial if desired. For example for interim updates every 5 minutes,enter 00:05:00 for interim update.Click Apply an OK.At this point you are ready to log in through the built in Mikrotik Captive Portal with a user in yourAradial radius server.If you have not added the NAS in the Aradial Radius Server, now is a good time to do so.To add the NAS in Aradial admin: - In the Aradial Main Admin, go to Server Configurations - Then select Add NAS - Enter the name of the new NAS, IP address, secret and for the NAS model select Mikrotik.For NAS server on dynamic IP, add the NASID as sent by the Mikrotik and the secret and selectdynamic IP.The NASID setting in the Mikrotik is located under System side menu and Identity submenu.Page 22 Copyrights ©201212 Aradial & Spotngo http://www.aradial.com & http://www.spotngo.ca
  • 23. Mikrotik Router OS – Installation and Configuration for Aradial and Spotngo.Walled Garden:Walled garden is the allowed sites which can be accessed prior authentication by the hotspotclients. Typically used for the service provider’s captive portal, their site, additional informationabout the venue, terms and conditions, etcIn Order for External Captive portal redirection to work, it has to be added to the Walled garden listof allowed IP.In the Hotspot window, click on the Walled Garden IP Listin the top menu.Then click on IP List.- Then click on the + sign to add a location.- Select the hotspot server you would like the rule to apply to.- Select the Destination IP- And the destination ports – OptionalPage 23 Copyrights ©201212 Aradial & Spotngo http://www.aradial.com & http://www.spotngo.ca
  • 24. Mikrotik Router OS – Installation and Configuration for Aradial and Spotngo.Note: 1. The check mark on the side of the setting means NOT (!), if checked the rule will apply to all other hotspot except hotspot1. 2. For website URL or redirection using URL and SSL Certificate such as: https://secure.aradial.com , Use the Dst. Host instead of Dst. Address for example:External Captive portal redirection:The Mikrotik internal Captive Portal can be replaced with an External captive portal redirection.On the side menu go to files, and replace the login.html file under the hotspot directory with a newlogin.html containing the following redirect code. This can be accomplished by removing theoriginal login.html from the /hotspot/login.html (Highlight it and click the Minus button (-) to remove.Page 24 Copyrights ©201212 Aradial & Spotngo http://www.aradial.com & http://www.spotngo.ca
  • 25. Mikrotik Router OS – Installation and Configuration for Aradial and Spotngo.Then drag the newly created login.html from your desktop and drop it under the hotspot directory.The file will reposition itself to /hotspot/login.html.Login.html for Spotngo Payment Module portal:<html><head><title>Aradial Hotspot</title><meta http-equiv="refresh" content="0; url=https://r01.spotngo.net:8025/Payment?AP=MT"><meta http-equiv="pragma" content="no-cache"><meta http-equiv="expires" content="-1"></head><body></body></html>Page 25 Copyrights ©201212 Aradial & Spotngo http://www.aradial.com & http://www.spotngo.ca
  • 26. Mikrotik Router OS – Installation and Configuration for Aradial and Spotngo.Page 26 Copyrights ©201212 Aradial & Spotngo http://www.aradial.com & http://www.spotngo.ca
  • 27. Mikrotik Router OS – Installation and Configuration for Aradial and Spotngo.Login.html for Aradial portal:<html><head><title>...</title><meta http-equiv="refresh" content="0; url=http://192.168.8.34:8002/Portal?AP=MT"><meta http-equiv="pragma" content="no-cache"><meta http-equiv="expires" content="-1"></head><body></body></html>Page 27 Copyrights ©201212 Aradial & Spotngo http://www.aradial.com & http://www.spotngo.ca
  • 28. Mikrotik Router OS – Installation and Configuration for Aradial and Spotngo.Page 28 Copyrights ©201212 Aradial & Spotngo http://www.aradial.com & http://www.spotngo.ca
  • 29. Mikrotik Router OS – Installation and Configuration for Aradial and Spotngo.Aradial URL Redirection links:Depending on your Aradial Installation and configuration, you can deploy the portal using Aradialbuilt in web servers, Windows IIS or others.Please see the most common URL deployments below:Aradial Portal – Aradial web server: http://192.168.8.34:8002/Portal?AP=MTAradial Portal – Windows IIS server: http://192.168.8.34/ardweb/ardadminis.dll?AP=MTSpotngo – Spotngo Web server: https://r01.spotngo.net/Payment?AP=MTSpotngo Portal – Windows IIS server: http://192.168.8.34/ardweb/SPNGPaymentis.dll?AP=MTLocation Branding:Both Aradial and Spotngo Captive Portals support location branding and the parameter can beentered in the login.html redirect URL to identify the calling location and price groups.The following Portal identity should be sent with the redirection:&Portal=Location-Subdirectory, where the Location- subdirectory refers to the brandingsubdirectory under the Portal folder.For Example:Aradial Portal – Windows IIS server:http://192.168.8.34/ardweb/ardadminis.dll?AP=MT&Portal=Example1Mikrotik Login Portal Error Display:Both Aradial and Spotngo Portals can display the Mikrotik login errors when redirecting client tothe portal following a portal login error.To instruct the MikroTik to send the Error message to the Portal, please add &MT_Error=$(error)to the redirect URL:For example:Aradial Portal – Windows IIS server with portal branding and login error display:Page 29 Copyrights ©201212 Aradial & Spotngo http://www.aradial.com & http://www.spotngo.ca
  • 30. Mikrotik Router OS – Installation and Configuration for Aradial and Spotngo.http://192.168.8.34/ardweb/ardadminis.dll?AP=MT&Portal=Example1&MT_Error=$(error)Additional Status page is available including the persistent popup window.Please let us know and we can send it to you.Trouble shooting Portal Redirection:If the MT did not do a captive portal redirection then it could be one of the following reasons:1. IF the DNS does not resolve, the MikroTik hotspot does not know if the user is allowed to go tothe destination/url requested, then will not know if the allow through or block access and redirectto the portal. Symptom: The URL in the browser will still point to the original requested URL. Most likely with page cannot be displayed. Possible Cause: Check to make sure the DNS servers primary and secondary are configured properly in the Mikrotik. And make sure your PC received a DNS from the MikroTik.2. IF the MikroTik is attempting to redirect: Symptom: If the url changes to wireless.aradial.com/login. Or the hotspot local DNS NAME: Possible Cause: Check the redirection login.html file on the MikroTik and make sure it is under /hotspot/login.html Symptom: If the url changes to Aradial IP / URL but page does not load. Possible Cause: Check: - The IP >> Hotspot >> Walled Garden IP List has a rule to accept traffic to the Aradial Server IP Address and / or URL. - Aradial portal is reachable from outside the server on that URL. And that no firewall is blocking access to the service.Page 30 Copyrights ©201212 Aradial & Spotngo http://www.aradial.com & http://www.spotngo.ca