Mikrotik Aradial Configuration Guide

Mikrotik Router OS - Setup and Configuration Guide for Aradial Radius Server
Mikrotik Router OS Installation and Configuration for Aradial and Spotngo.
2012 Aradial
This document contains proprietary and confidential information of Aradial and Spotngo and shall not be reproduced or transferred to other documents, disclosed to others, or used for any purpose other than that for which it is furnished, without the prior written consent of Aradial. It shall be returned to the Aradial upon request. The trademark and service marks of Aradial, including the Aradial logo, are the exclusive property of Aradial, and may not be used without permission. The trademark and service marks of Spotngo, including the Spotngo logo, are the exclusive property of Spotngo, and may not be used without permission. All other marks mentioned in this material are the property of their respective owners.
0H
http://www.aradial.com http://www.radius-server.com http://www.wifi-radius.com http://www.spotngo.ca
1H
2H
3H
Document Information
Software Version: Document Version: Publication Date: Author 5.x 2.0 July 2012 Tomer Shahaf
Page 2
Copyrights 201212 Aradial & Spotngo http://www.aradial.com & http://www.spotngo.ca
Contents
Overview....................................................................................................................................................................... 4 General ....................................................................................................................................................................... 4 Sample Network deployments ................................................................................................................................ 5 Centralized Deployment: .................................................................................................................................... 5 Localized Deployment: ....................................................................................................................................... 6 Mikrotik Router OS Initial Configuration ............................................................................................................. 8 IP configuration: .................................................................................................................................................. 8 Winbox GUI configuration. ............................................................................................................................ 9 Hotspot Configuration:........................................................................................................................................... 14 Radius Server Configuration:........................................................................................................................... 15 Hotspot Setup:.................................................................................................................................................... 16 Editing the Hotspot profile: .............................................................................................................................. 20 Walled Garden: .................................................................................................................................................. 23 External Captive portal redirection:................................................................................................................. 24 Aradial URL Redirection links: ....................................................................................................................... 29
Page 3
Overview
General
This document is created to provide a sample deployment guide for a centralized deployment utilizing Aradial Radius server, Spotngo Payment module and Mikrotik Router OS Network Access Server. The document contains information relevant to central, localized and distributed network deployments. Additional documentation for Aradial, Spotngo Payment module and Mikrotik are available in their respective installations. Aradial Documentation is located in the 'Docs' folder or can be opened from the 'start', 'programs,' Aradial, selecting Manual. Aradial and Spotngo Web Services: Default Built in Web services: Aradial Web Admin is available at: http://locahost:8000 (user: admin, password: password). Aradial Client Web Self Care module is available at: http://locahost:8001 Aradial Hotspot Captive Portal is located at: http://locahost:8002 Spotngo Captive portal is available at: https://localhost Spotngo Web Admin is available at https://localhost/Payment?page=mainadmin Using IIS Web Server: Aradial Web Admin is available at: http://localhost/ardweb/ardadminis.dll (user: admin, password: password). Aradial Client Web Self Care module is available at: http://localhost/ardweb/ardwscis.dll (Login with the end user credentials) Aradial Hotspot Captive Portal is located at: http://localhost/ardweb/ardportalis.dll Spotngo Captive portal is available at: http://localhost/ardweb/spngpaymentis.dll Spotngo Web Admin is available at
http://localhost/ardweb/spngpaymentis.dll?page=mainadmin
(user: admin, password: password).
This document intended for the configuration of the network assuming Aradial and Spotngo Payment Modules are installed. Page 4 Copyrights 201212 Aradial & Spotngo http://www.aradial.com & http://www.spotngo.ca
Sample Network deployments

Centralized Deployment:
Typical Deployments: Hotspot service Providers, ISP, WISP, VOIP, Corporate, hosted solution, etc. Aradial and Spotngo Payment Module are installed at the NOC, Network Operation Center, Data Center, Hosted environment or Head office. Mikrotik gateway / Access controller (Network Access Server) installed on site at internet point of presence. Client redirection and AAA Radius requests will be sent by the Mikrotik unit to the centralized Radius server and billing solution for processing. Sample network diagrams:
Centralized deployment for multiple Points of Presence

Hotzone 1
Mikrotik Access Controller
Modem
Hotzone n
` Wired Client AP Switch
Hotzone 2 AC / AP
Head Office / NOC
PDA
` PC with Wireless Client
PDA
Laptop
Integrated Mikrotik Access Controller & Access Point
Laptop Computer with Wireless Card
Page Redirect + Session control
Centralized Aradial Radius Server Including:

Captive portal Web Self Care User Database Optional Payment Module
PDA When the user tries to surf the Access Controller redirects him to a SSL secured login page
Laptop
Notes: Hotzones are located at a different geographical location each with their own internet connection. Access controllers will perform the AAA (Authentication, Authorization and Accounting) through the centralized Aradial Server. The network further supports roaming, and custom branding per location, dealers and affiliates. Aradial Radius server can be deployed in a redundant high availability. Supports a wide range of access controller and access points. Please Inquire for additional information
Page 5
Localized Deployment:
Typically used in stand alone venues including air ports, hotels, small ISP, WISP, call shops, cyber cafes and corporate. The Aradial radius server, Billing solution and Access controller are all deployed locally on site.
Sample Network Diagrams:
Page 6
Ba
ckh
au lL ink
Back Link haul
In the sample network diagram above, the Mikrotik will provide session control, captive portal redirection and authentication for wired clients connected to the switch or wireless clients connected through the Access points.
MP l PT khau c Ba
Page 7
SSL Secured Authentication for Wireless Local and remote deployment

WAN IP: Based on internet connection LAN IP: 192.168.5.1 DHCP Server: 192.168.5.100 192.168.5.149
Local Authentication
xDSL / Cable Etc.
Modem
Router
Static IP: 192.168.5.10 xDSL / Cable
Switch
Aradial Radius Server + Login Page Web Server
Remote Locations
Modem
WAN IP: 192.168.5.12 Static LAN IP: Hotspot defined Integrated Mikrotik Access Controller & Access Point
WAN IP: 192.168.5.11 Static LAN IP: Hotspot defined
` PC Computer with Wireless Card When the user tries to surf the Access Controller redirects him to a SSL secured login page
PDA When the user tries to surf the Access Controller redirects him to a SSL secured login page
Laptop
PDA
Laptop Computer with Wireless Card
***Note: All IP assignments in this diagram are for example only and should be replaced with existing network IPs. The Mikrotik LAN IP will be assigned during the Hotspot setup.
***Note: All IP assignments in this diagram are for example only and should be replaced with existing network IP addresses. The Mikrotik LAN IP will be assigned during the Hotspot setup and the hotspot DHCP server will assign IP to the clients. Static IP Clients out of the range of the hotspot will be assigned local IP which will bind to the client preset IP to support service to any IP.
Mikrotik Router OS Initial Configuration

IP configuration:
The new MikroTik Hardware comes preconfigured with the following services: Page 8 Dynamic DHCP Client on Ethernet port 1. Firewall Rules blocking input from Ethernet port 1 (WAN) Copyrights 201212 Aradial & Spotngo http://www.aradial.com & http://www.spotngo.ca
Ports 2-5 Switched together with Ether 2 as the Master. IP Address 192.168.88.1/24 and DHCP Server in the range of 192.168.88.0/24 on switched Ethernet ports 2-5
Winbox GUI configuration.

Winbox is the graphical user interface for configuring the Mikrotik Router OS. There are a few ways to download winbox application from the router, MikroTik website (www.mikrotik.com ) or from the DUDE Utility. Downloading the winbox from the router: 1. 2. 3. 4. Open a web browser and type the address assigned to the router: Then click on Download it link on the top left to download the Winbox. See router page below. Once downloaded, you can run it to access the router, enter the device IP address, username and password. The default credentials are username: admin and no password.
Page 9
From recent Firmware
Page 10
From Older Firmware:
Page 11
Winbox through the DUDE: The Dude network monitor is a new application by MikroTik which can dramatically improve the way you manage your network environment. It can automatically scan all devices within specified subnets, draw and layout a map of your networks, monitor services of your devices and alert you in case some service has problems. You can download the Dude from: http://www.mikrotik.com/thedude.php Once installed and running, click on discover, verify the network address and subnet are for the range of the newly installed Router OS, and click discover. Alternatively, you can right click the window and add a device.
Page 12
Once the devices are discovered and displayed as below, you can right click on the Router OS select tools then select Winbox. The Winbox GUI: Winbox is one of the main tools used in deploying and configuring the router OS. In this portion of the manual we will concentrate on the hotspot configuration, additional deployment types will be added in the future.
Page 13
Hotspot Configuration:
The hotspot configuration includes the following settings: 1. 2. 3. 4. 5. The Radius server configuration Hotspot setup Editing the profile Adding the walled garden IP in the IP list for the Aradial Captive portal Replacing the built in Captive portal with a redirect file for the Aradial Captive portal or the Spotngo Payment Module. 6. Replacing the Status Page and adding an image. Page 14 Copyrights 201212 Aradial & Spotngo http://www.aradial.com & http://www.spotngo.ca
Radius Server Configuration:

On the left hand menu, select the Radius. Then in the radius window click on the + sign to add a radius server.
At the Add radius window: 1. Select hotspot 2. Enter the Radius server IP 3. Enter the shared secret 4. Click on Apply 5. Click OK
Page 15
Hotspot Setup:
On the Left hand menu go to IP then Hotspot. Then click on the + sign to add an hotspot interface.
Page 16
Click on Setup Select the hotspot interface typically ether2 or Wlan1
Select the desire ip address for the Hotspot
Page 17
Select the IP address range
If you have an SSL certificate for the Mikrotik Already, enter it now or you can add it later.
If you would like to offer SMTP server to your hotspot clients, enter it now, or you can enter it later. Most Hotspot providers will not add their SMTP server to avaid clients registering for short period and using their servers for spam.
Enter the DNS server for the Mikrotik. Typically if it is behind another gateway, you should enter the IP of the gateway as well for local DNS.
Page 18
Enter the local DNS name for the Mikrotik. This is used for the Aradial Radius server Portal posting. It can further be changed in the Aradial and Spotngo Portal to match the service providers choice for the local DNS name. Aradial Default setting is: wireless.aradial.com
Enter an admin hotspot user for local account in case you have to get in through the captive portal when to correct a miss configuration. This users credentials will be stored on the router and the authorization requests will not be sent Aradial.
Page 19
Set up should now have completed successfully.
Editing the Hotspot profile:

The hotspot profile is used to further control the hotspot setting including the login page to be used and for the radius authentication.
In the main hotspot menu, click on Server Profiles and double click the profile you would like to edit. On the Tab menu on top, go to Login
Page 20
In the Login menu, uncheck the HTTP CHAP and Cookie and check the HTTP PAP
Page 21
Proceed to the Radius Tab And select use Radius and accounting. Enabling interim updates: Under Interim Update, set the time interval for the mikrotik to send interim accounting updates to Aradial if desired. For example for interim updates every 5 minutes, enter 00:05:00 for interim update.
Click Apply an OK. At this point you are ready to log in through the built in Mikrotik Captive Portal with a user in your Aradial radius server. If you have not added the NAS in the Aradial Radius Server, now is a good time to do so. To add the NAS in Aradial admin: - In the Aradial Main Admin, go to Server Configurations - Then select Add NAS - Enter the name of the new NAS, IP address, secret and for the NAS model select Mikrotik. For NAS server on dynamic IP, add the NASID as sent by the Mikrotik and the secret and select dynamic IP. The NASID setting in the Mikrotik is located under System side menu and Identity submenu. Page 22 Copyrights 201212 Aradial & Spotngo http://www.aradial.com & http://www.spotngo.ca
Walled Garden:
Walled garden is the allowed sites which can be accessed prior authentication by the hotspot clients. Typically used for the service providers captive portal, their site, additional information about the venue, terms and conditions, etc In Order for External Captive portal redirection to work, it has to be added to the Walled garden list of allowed IP. In the Hotspot window, click on the Walled Garden IP Listin the top menu. Then click on IP List.
- Then click on the + sign to add a location. - Select the hotspot server you would like the rule to apply to. - Select the Destination IP - And the destination ports Optional
Page 23
Note: 1. The check mark on the side of the setting means NOT (!), if checked the rule will apply to all other hotspot except hotspot1. 2. For website URL or redirection using URL and SSL Certificate such as: https://secure.aradial.com , Use the Dst. Host instead of Dst. Address for example:
External Captive portal redirection:

The Mikrotik internal Captive Portal can be replaced with an External captive portal redirection. On the side menu go to files, and replace the login.html file under the hotspot directory with a new login.html containing the following redirect code. This can be accomplished by removing the original login.html from the /hotspot/login.html (Highlight it and click the Minus button (-) to remove. Page 24 Copyrights 201212 Aradial & Spotngo http://www.aradial.com & http://www.spotngo.ca
Then drag the newly created login.html from your desktop and drop it under the hotspot directory. The file will reposition itself to /hotspot/login.html. Login.html for Spotngo Payment Module portal:
<html> <head> <title>Aradial Hotspot</title> <meta http-equiv="refresh" content="0; url=https://r01.spotngo.net:8025/Payment?AP=MT"> <meta http-equiv="pragma" content="no-cache"> <meta http-equiv="expires" content="-1"> </head> <body> </body> </html>
Page 25
Page 26
Login.html for Aradial portal:

<html> <head> <title>...</title> <meta http-equiv="refresh" content="0; url=http://192.168.8.34:8002/Portal?AP=MT"> <meta http-equiv="pragma" content="no-cache"> <meta http-equiv="expires" content="-1"> </head> <body> </body> </html>
Page 27
Page 28
Aradial URL Redirection links:

Depending on your Aradial Installation and configuration, you can deploy the portal using Aradial built in web servers, Windows IIS or others. Please see the most common URL deployments below: Aradial Portal Aradial web server: http://192.168.8.34:8002/Portal?AP=MT Aradial Portal Windows IIS server: http://192.168.8.34/ardweb/ardadminis.dll?AP=MT Spotngo Spotngo Web server: https://r01.spotngo.net/Payment?AP=MT Spotngo Portal Windows IIS server: http://192.168.8.34/ardweb/SPNGPaymentis.dll?AP=MT Location Branding: Both Aradial and Spotngo Captive Portals support location branding and the parameter can be entered in the login.html redirect URL to identify the calling location and price groups. The following Portal identity should be sent with the redirection: &Portal=Location-Subdirectory, where the Location- subdirectory refers to the branding subdirectory under the Portal folder. For Example: Aradial Portal Windows IIS server: http://192.168.8.34/ardweb/ardadminis.dll?AP=MT&Portal=Example1 Mikrotik Login Portal Error Display: Both Aradial and Spotngo Portals can display the Mikrotik login errors when redirecting client to the portal following a portal login error. To instruct the MikroTik to send the Error message to the Portal, please add &MT_Error=$(error) to the redirect URL: For example: Aradial Portal Windows IIS server with portal branding and login error display: Page 29 Copyrights 201212 Aradial & Spotngo http://www.aradial.com & http://www.spotngo.ca
http://192.168.8.34/ardweb/ardadminis.dll?AP=MT&Portal=Example1&MT_Error=$(error)
Additional Status page is available including the persistent popup window. Please let us know and we can send it to you. Trouble shooting Portal Redirection:
If the MT did not do a captive portal redirection then it could be one of the following reasons: 1. IF the DNS does not resolve, the MikroTik hotspot does not know if the user is allowed to go to the destination/url requested, then will not know if the allow through or block access and redirect to the portal.
Symptom: The URL in the browser will still point to the original requested URL. Most likely with page cannot be displayed. Possible Cause: Check to make sure the DNS servers primary and secondary are configured properly in the Mikrotik. And make sure your PC received a DNS from the MikroTik.
2. IF the MikroTik is attempting to redirect: Symptom: If the url changes to wireless.aradial.com/login. Or the hotspot local DNS NAME: Possible Cause: Check the redirection login.html file on the MikroTik and make sure it is under /hotspot/login.html
Symptom: If the url changes to Aradial IP / URL but page does not load. Possible Cause: Check: - The IP >> Hotspot >> Walled Garden IP List has a rule to accept traffic to the Aradial Server IP Address and / or URL. - Aradial portal is reachable from outside the server on that URL. And that no firewall is blocking access to the service.
Page 30

Mikrotik Aradial Configuration Guide

Uploaded by

Mikrotik Aradial Configuration Guide

Uploaded by

Mikrotik Router OS - Setup and Configuration Guide for Aradial Radius Server

Mikrotik Router OS Installation and Configuration for Aradial and Spotngo.

Mikrotik Router OS Installation and Configuration for Aradial and Spotngo.

Mikrotik Router OS Installation and Configuration for Aradial and Spotngo.

(user: admin, password: password).

Mikrotik Router OS Installation and Configuration for Aradial and Spotngo.

Sample Network deployments

Centralized deployment for multiple Points of Presence

Mikrotik Access Controller

Head Office / NOC

` PC with Wireless Client

Integrated Mikrotik Access Controller & Access Point

Laptop Computer with Wireless Card

Page Redirect + Session control

Centralized Aradial Radius Server Including:

Mikrotik Router OS Installation and Configuration for Aradial and Spotngo.

Sample Network Diagrams:

Back Link haul

Mikrotik Router OS Installation and Configuration for Aradial and Spotngo.

Mikrotik Router OS Installation and Configuration for Aradial and Spotngo.

SSL Secured Authentication for Wireless Local and remote deployment

Page Redirect + Session control

Aradial Radius Server + Login Page Web Server

Page Redirect + Session control

Integrated Mikrotik Access Controller & Access Point

WAN IP: 192.168.5.11 Static LAN IP: Hotspot defined

Integrated Mikrotik Access Controller & Access Point

Laptop Computer with Wireless Card

Mikrotik Router OS Initial Configuration

Mikrotik Router OS Installation and Configuration for Aradial and Spotngo.

Winbox GUI configuration.

Mikrotik Router OS Installation and Configuration for Aradial and Spotngo.

From recent Firmware

Mikrotik Router OS Installation and Configuration for Aradial and Spotngo.

From Older Firmware:

Mikrotik Router OS Installation and Configuration for Aradial and Spotngo.

Mikrotik Router OS Installation and Configuration for Aradial and Spotngo.

Mikrotik Router OS Installation and Configuration for Aradial and Spotngo.

Mikrotik Router OS Installation and Configuration for Aradial and Spotngo.

Radius Server Configuration:

Mikrotik Router OS Installation and Configuration for Aradial and Spotngo.

Mikrotik Router OS Installation and Configuration for Aradial and Spotngo.

Click on Setup Select the hotspot interface typically ether2 or Wlan1

Select the desire ip address for the Hotspot

Mikrotik Router OS Installation and Configuration for Aradial and Spotngo.

Select the IP address range

Mikrotik Router OS Installation and Configuration for Aradial and Spotngo.

Mikrotik Router OS Installation and Configuration for Aradial and Spotngo.

Set up should now have completed successfully.

Editing the Hotspot profile:

Mikrotik Router OS Installation and Configuration for Aradial and Spotngo.

Mikrotik Router OS Installation and Configuration for Aradial and Spotngo.

Mikrotik Router OS Installation and Configuration for Aradial and Spotngo.

Mikrotik Router OS Installation and Configuration for Aradial and Spotngo.

External Captive portal redirection:

Mikrotik Router OS Installation and Configuration for Aradial and Spotngo.

Mikrotik Router OS Installation and Configuration for Aradial and Spotngo.

Mikrotik Router OS Installation and Configuration for Aradial and Spotngo.

Login.html for Aradial portal:

Mikrotik Router OS Installation and Configuration for Aradial and Spotngo.

Mikrotik Router OS Installation and Configuration for Aradial and Spotngo.

Aradial URL Redirection links:

Mikrotik Router OS Installation and Configuration for Aradial and Spotngo.

You might also like