Say, you are a network administrator and want to establish a network that will have user bandwidth package management facility with prepaid billing system as well as partner advertisement facility. Then, MikroTik Hotspot Server Configuration with MikroTik User Manager Radius Server will be a wise decision. Because, MikroTik User Manager Radius Server is a user authentication, authorization and accounting application that will give facility to manage user bandwidth package with prepaid billing system. On the other hand, you can easily advertise your partner banner using MikroTik Hotspot Server. Because, to get connected through MikroTik Hotspot Server, Hotspot client must provide login credentials in a HTML page and you can easily put your partner banner in this HTML page knowing basic HTML and CSS coding.
So, it is time to learn MikroTik Hotspot Server Configuration with MikroTik User manager Radius Server for managing a bandwidth limitation and prepaid billing system network. In this article, I will discuss how to configure MikroTik Hotspot Server with User Manager Radius Server bandwidth limitation and prepaid billing system.
Article Purpose
The purpose of this article is to design a Hotspot network with User Manager Radius Server that will have
- User bandwidth package management and
- Prepaid billing system with scratch card facility.
Network Diagram
For the configuration of this article I am going to establish a network like below network diagram.
This is a simple and basic network diagram. In real situation, your network might be larger than this network but the basic diagram will remain same. In this network, the WAN Distribution Switch is connected to internet gateway. MikroTik Router’s (NAS) WAN interface and MikroTik User Manager Radius Server are also connected to this WAN Distribution Switch. Hotspot users will be connected to NAS Router through LAN Switch and will get internet access and MikroTik Router will communicate to Radius Server through WAN interface.
Core Devices and IP Information
To setup a Hotspot network according to above network diagram, I have installed and completed initial configuration of MikroTik User Manager Radius Server Package in a dedicated physical server where MikroTik RouterOS is running. I have also a physical MikroTik RouterOS (MikroTik RouterBOARD 1100AHX2) which is the NAS (Network Access Server) RouterOS of this network. IP information that I am using for this network configuration are given below.
- Radius Server IP: 192.168.110.10/28
- MikroTik RouterOS (NAS) WAN IP: 192.168.110.2/28
- LAN IP Block: 192.168.10.0/24
- Hotspot Server IP: 192.168.10.1
This IP information is just for my RND purpose. So, change this information according to your network requirements.
MikroTik Hotspot Server Configuration with User Manager Prepaid Billing System
We are now going to start our Hotspot network configuration with User Manager Radius Server according to the above network diagram. The complete configuration can be divided into two parts.
- Part 1: MikroTik RouterOS Configuration (NAS Router)
- Part 2: MikroTik User Manager Radius Server Configuration
Part 1: MikroTik RouterOS Configuration (NAS Router)
In the first part, we will configure our MikroTik RouterOS (NAS) so that it can turn into a Hotspot Server and can communicate with Radius Server to authenticate users. Complete RouterOS configuration can be divided into below topics.
- Basic MikroTik RouterOS Configuration
- Hotspot Configuration in MikroTik RouterOS
- Radius Client Configuration in MikroTik RouterOS
Basic MikroTik RouterOS Configuration
MikroTik Router basic configuration includes WAN IP Assign, DNS IP Assign and Default Gateway Configuration. The following steps will show how to perform these topics in your MikroTik RouterOS.
- Login to your MikroTik Router using Winbox with full permission user such as admin user.
- Go to IP > Addresses menu item. Address List window will appear. Click on PLUS SIGN (+). New Address window will appear.
- Put RouterOS WAN IP (RouterOS WAN IP: 192.168.110.2/28) in Address input field and choose WAN interface from Interface dropdown menu and then click Apply and OK button.
- Now go to IP > DNS. DNS Settings window will appear. Put your DNS server IP (Public DNS IP: 8.8.8.8 or 8.8.4.4) in Servers input field and then click Apply and OK button.
- Go to IP > Routes. Route List window will appear. Click on PLUS SIGN (+). New Route window will appear. Click on Gateway input box and put your internet gateway IP (in this network: 192.168.110.1) in this input field. Click on Apply and OK button.
MikroTik Router basic configuration has been completed. Now we will configure Hotspot Server in our NAS RouterOS.
Hotspot Configuration in MikroTik RouterOS
After completing MikroTik Router basic configuration, we will now setup Hotspot Server in our MikroTik RouterOS. The following steps will show how to setup Hotspot Server in your MikroTik RouterOS.
- Go to IP > Hotspot menu item. Hotspot window will appear.
- Click on Hotspot Setup button from this window. Hotspot Setup will appear now.
- Choose your LAN interface on which you want to setup Hotspot Server from Hotspot Interface drop-down menu. Now click Next button.
- Put your LAN address (in this case: 192.168.10.1/24) in Local Address of Network input box. Also check the Masquerade Network checkbox is checked and then click Next button.
- Now it is time to choose address pool for your Hotspot network from where IP address will be assigned to clients. Normally, it will show your network IP range without gateway IP. You can change default IP range as your wish or can keep the default range. Click Next button now.
- If you have SSL certificate, you can import by choosing import other certificate option or select none if you do not have any SSL certificate. Now click Next button.
- If you have SMTP server, you can put your SMTP server address in IP Address of SMTP Server input box or you can keep blank if you do not want to use SMTP server. Click Next button.
- Now it is option to setup DNS. DNS servers that you have provided in basic configuration will automatically be selected here. So, nothing to do, just click Next button now.
- Now it is time to put DNS name which is a mandatory field. DNS name will be used to get Hotspot login page. So, put a standard DNS name such as systemzone.mk or systemzone.hotspot etc. and click Next button.
- Now put a local Hotspot user. By default it is admin. You can keep this user or can change as your wish. Also put password in Password for the User input box. Click Next button.
- Hotspot server setup will be completed and you will get a successful message now.
- Click on Servers tab and you will find a new server has been created. Click on it and change your automated created server name if you wish and then find what the server profile is from Profile dropdown menu.
- Now click on Server Profiles tab and you will find your Hotspot Server profile here. Click on it. Hotspot Server Profile window will come.
- Under General tab, change your server profile name if you wish.
- Click on Login tab and uncheck Cookie and check HTTP CHAP, HTTPS and HTTP PAP from Login By panel.
- Click on RADIUS tab and click on Use RADIUS checkbox and Accounting checkbox and then click Apply and OK button.
MikroTik Hotspot server configuration has been completed. In the next step, we will configure Radius client in our MikroTik RouterOS.
Radius Client Configuration in MikroTik RouterOS
The following steps will show you how to configure Radius client in MikroTik RouterOS.
- Click on Radius menu item from left menu bar. Radius window will appear now.
- Click on PLUS SIGN (+). New Radius Server window will appear now.
- Click on hotspot checkbox from Service panel.
- Put Radius Server IP address (in this article: 192.168.110.10) in Address input field.
- Provide a password in Shared Secret input field. This password is important and has to provide when client router will be configured in User Manager Radius Server.
- Click Apply and OK.
- Now click on Incoming button and Radius Incoming window will appear.
- Click on Accept checkbox and put 1700 in Port input box and then click Apply and OK.
Radius client configuration has been completed. Now MikroTik RouterOS is able to communicate with Radius Server to authenticate Hotspot users.
Part 2: MikroTik User Manager Radius Server Configuration
MikroTik User Manager Radius Server installation and initial configuration has been discussed in my previous article. If you don’t have enough introduction with User Manager Radius Server installation and initial configuration, first spend some time to study that article and complete your Radius Server installation and initial configuration and then continue my below section. In this section, I will do below topics in our Radius Server for Hotspot user authentication, authorization and accounting.
- Adding Client Router (NAS) in Radius Server
- User Profile Configuration for Bandwidth Limitation
- Creating Voucher Template
- Adding User in Radius Server
- Accessing User Page
Adding Client Router (NAS) in Radius Server
The following steps will show you how to add client router in User Manager Radius Server.
- Login to User Manager Radius Server web interface with customer or subscriber credentials using https://radius-server-ip-address/userman (for this configuration: https://192.168.110.10/userman) URL.
- Click on Routers button from left button panel and then click on Add > New menu item from top menu bar. Router Details window will appear now.
- In Main panel, put a meaningful name for your client router in Name input field. Also choose owner from Owner dropdown menu.
- Put your client router IP address (RouterOS IP: 192.168.110.2) in IP address input field.
- Now put shared secret password that you have provided at Radius client configuration in MikroTik RouterOS Shared secret input field.
- In Radius incoming panel, click on CoA support check box and put 1700 in CoA port input box.
- Click on Add button to add this router in Radius Server Router list.
MikroTik RouterOS has been added in User Manager Radius Server as a client router. Now User Manager will reply any query that will be asked by our MikroTik RouterOS.
User Profile Configuration for Bandwidth Limitation
We will now create three bandwidth packages (512kbps package, 1Mbps package and 2Mbps package) in User Manager Radius Server so that different user gets different bandwidth. The following steps will show how to create bandwidth packages in User Manager Radius Server.
- Click on Profiles button from left button panel and then click on Limitations
- Click on Add > New menu item from top menu bar. Limitation details window will appear now.
- In Main panel, put your package name what you want in Name input field. As I am creating my first 512kbps package, I am providing 512kbps Package in name field. Also choose owner from Owner dropdown menu.
- In Rate limits panel, put your bandwidth limitation parameter. For a 512kbps package, I am providing below information.
Parameter name Rx Tx Rate limit 512k 512k Burst rate 1M 1M Burst threshold 512k 512k Burst time 60 60 Min rate 32k 32k Also choose priority from Priority dropdown menu. For my configuration I am choosing 8 that mean lowest priority.
- In Constraints panel, put IP Pool name that you will find at IP > Pool window in your NAS RouterOS.
- Click Save button to save this limitation package.
- Similarly, create 1Mbps and 2Mbps package limitations. Just change Rate limits parameter according to your package requirements.
- Now click on Profiles tab and click on PLUS SIGN (+). Create profile window will appear. Put profile name what you want in Name input field. For my configuration, I am providing 512kbps users as name. Click on Create
- First profile will be created and shown in Profiles dropdown menu.
- Select your created profile from Profiles dropdown menu and then put your package validity value in Validity input box. For example, if you want 30 days validity, put 4w2d in Validity input field.
- Choose package starting time At first logon from Starts dropdown menu.
- Put price of this package in Price input box.
- Keep Shared users value 1 so that only one user can login at a time with a username and password.
- Click Save profile button to save your information.
- At the bottom of this profile, you will find Unlimited profile that mean there is no limitation for this profile. So, click on Add new limitation Profile part window will appear now.
- You will find your limitation packages that you have created in Limits Click on your desired package (512kbps package for 512kbps users) and click on Add button to add this limitation for this profile.
- Similarly, create 1Mbps and 2Mbps user profile. In this case, just change price value and limitation package for these packages.
Creating Voucher Template
Now we are going to create scratch card template so that after creating users we can print scratch card according to this template. The following steps will show how to create scratch card or voucher template in User Manager Radius Server.
- Click on Settings button from left button panel and then click on Templates
- Now choose Vouchers from Name dropdown menu.
- In Header textarea, put below HTML and CSS code.
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "https://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="https://www.w3.org/1999/xhtml"> <head> <title>Vouchers</title> <style> @media print { .noprint { display: none; } .pagebreak { page-break-after: always; } } body { font-family: 'Lucida Grande', 'Helvetica Neue', Helvetica, Arial, sans-serif; padding: 100px; font-size: 13px; } div.box { background: rgb(230,240,163); /* Old browsers */ background: -moz-linear-gradient(-45deg, rgba(230,240,163,1) 0%, rgba(210,230,56,1) 50%, rgba(195,216,37,1) 51%, rgba(219,240,67,1) 100%); /* FF3.6+ */ background: -webkit-gradient(linear, left top, right bottom, color-stop(0%,rgba(230,240,163,1)), color-stop(50%,rgba(210,230,56,1)), color-stop(51%,rgba(195,216,37,1)), color-stop(100%,rgba(219,240,67,1))); /* Chrome,Safari4+ */ background: -webkit-linear-gradient(-45deg, rgba(230,240,163,1) 0%,rgba(210,230,56,1) 50%,rgba(195,216,37,1) 51%,rgba(219,240,67,1) 100%); /* Chrome10+,Safari5.1+ */ background: -o-linear-gradient(-45deg, rgba(230,240,163,1) 0%,rgba(210,230,56,1) 50%,rgba(195,216,37,1) 51%,rgba(219,240,67,1) 100%); /* Opera 11.10+ */ background: -ms-linear-gradient(-45deg, rgba(230,240,163,1) 0%,rgba(210,230,56,1) 50%,rgba(195,216,37,1) 51%,rgba(219,240,67,1) 100%); /* IE10+ */ background: linear-gradient(135deg, rgba(230,240,163,1) 0%,rgba(210,230,56,1) 50%,rgba(195,216,37,1) 51%,rgba(219,240,67,1) 100%); /* W3C */ filter: progid:DXImageTransform.Microsoft.gradient( startColorstr='#e6f0a3', endColorstr='#dbf043',GradientType=1 ); /* IE6-9 fallback on horizontal gradient */ width: 3.6in; height: 2.1in; padding: 0 17px 18px 12px; margin: 10px 0; border: solid 1px #D9D9D9; border-radius: 10px; -webkit-border-radius: 2px; -moz-border-radius: 2px; } div.box h2 { background: rgb(30,87,153); /* Old browsers */ background: -moz-linear-gradient(top, rgba(30,87,153,1) 0%, rgba(41,137,216,1) 50%, rgba(32,124,202,1) 51%, rgba(125,185,232,1) 100%); /* FF3.6+ */ background: -webkit-gradient(linear, left top, left bottom, color-stop(0%,rgba(30,87,153,1)), color-stop(50%,rgba(41,137,216,1)), color-stop(51%,rgba(32,124,202,1)), color-stop(100%,rgba(125,185,232,1))); /* Chrome,Safari4+ */ background: -webkit-linear-gradient(top, rgba(30,87,153,1) 0%,rgba(41,137,216,1) 50%,rgba(32,124,202,1) 51%,rgba(125,185,232,1) 100%); /* Chrome10+,Safari5.1+ */ background: -o-linear-gradient(top, rgba(30,87,153,1) 0%,rgba(41,137,216,1) 50%,rgba(32,124,202,1) 51%,rgba(125,185,232,1) 100%); /* Opera 11.10+ */ background: -ms-linear-gradient(top, rgba(30,87,153,1) 0%,rgba(41,137,216,1) 50%,rgba(32,124,202,1) 51%,rgba(125,185,232,1) 100%); /* IE10+ */ background: linear-gradient(to bottom, rgba(30,87,153,1) 0%,rgba(41,137,216,1) 50%,rgba(32,124,202,1) 51%,rgba(125,185,232,1) 100%); /* W3C */ filter: progid:DXImageTransform.Microsoft.gradient( startColorstr='#1e5799', endColorstr='#7db9e8',GradientType=0 ); /* IE6-9 */ margin: 0 -17px 1px -12px; padding: 15px 0px 0 10px; height: 20px; border-top-left-radius: 10px; border-top-right-radius: 10px; -webkit-border-radius: 2px; -moz-border-radius: 2px; font: bold 18px/0.2 Arial; color: #fff; text-shadow: red 0.1em 0.1em 0.6em} div.box h3 { background-color: #FFF8DC; border-color: #000; border-style:solid; border-width:1px; margin: -35px 0 0 70px; padding: 12px 50px 3px 10px; height: 8px; width: 30px; font: bold 12px/0 Arial; color: #000; } div.box h4 { background: rgb(174,188,191); /* Old browsers */ background: -moz-linear-gradient(top, rgba(174,188,191,1) 0%, rgba(110,119,116,1) 50%, rgba(10,14,10,1) 51%, rgba(10,8,9,1) 100%); /* FF3.6+ */ background: -webkit-gradient(linear, left top, left bottom, color-stop(0%,rgba(174,188,191,1)), color-stop(50%,rgba(110,119,116,1)), color-stop(51%,rgba(10,14,10,1)), color-stop(100%,rgba(10,8,9,1))); /* Chrome,Safari4+ */ background: -webkit-linear-gradient(top, rgba(174,188,191,1) 0%,rgba(110,119,116,1) 50%,rgba(10,14,10,1) 51%,rgba(10,8,9,1) 100%); /* Chrome10+,Safari5.1+ */ background: -o-linear-gradient(top, rgba(174,188,191,1) 0%,rgba(110,119,116,1) 50%,rgba(10,14,10,1) 51%,rgba(10,8,9,1) 100%); /* Opera 11.10+ */ background: -ms-linear-gradient(top, rgba(174,188,191,1) 0%,rgba(110,119,116,1) 50%,rgba(10,14,10,1) 51%,rgba(10,8,9,1) 100%); /* IE10+ */ background: linear-gradient(to bottom, rgba(174,188,191,1) 0%,rgba(110,119,116,1) 50%,rgba(10,14,10,1) 51%,rgba(10,8,9,1) 100%); /* W3C */ filter: progid:DXImageTransform.Microsoft.gradient( startColorstr='#aebcbf', endColorstr='#0a0809',GradientType=0 ); /* IE6-9 */ margin: 0px -17px 0px -12px; padding: 10px 10px 5px 10px; height: 10px; font: bold 14px/0.2 Arial; color: #fff; text-shadow: white 0.1em 0.1em 0.6em } .txtbox { background-color: transparent; width: 330px; } </style> </head> <body> - In Row textarea, put below HTML and CSS code.
<div class="box"> <h2>System Zone - Internet Card $%u_moneyPaid%</h2> <div class="txtbox"> How to use this card? <br> Type systemzone.mk in your browser and <br> Put the <b>UsreName</b> & <b>Password</b> in required field and click <b>OK </b> button.</b> </br> </div> <p align="left"> UserName: <h3>%u_username%</h3> </p> <p align="left"> Password: <h3>%u_password%</h3></p> <h5 style="margin-top: -70px; margin-left: 230px; font: bold 30px Arial; color: #fff; text-shadow: black 0.1em 0.1em 0.6em;">%u_timeLeft%</h5> <p style="margin-top: -40px; margin-left: 250px;"> Price: $%u_moneyPaid%</p> <h4>Contact for more info. sayeedsezan@gmail.com</h4> </div>
- Click Save button to save this voucher template.
You can change this card design if you have a little HTML and CSS idea. Card text can also be changed without having knowledge on HTML and CSS. In Row textarea, you just change card text according to your requirement.
Adding User in User Manager Radius Server
The following steps will show how to add random users in your User Manager Radius Server.
- Click on Users button from left button panel. Now click on Add > Batch menu item from top menu bar. User details window will appear.
- In Main panel, choose owner from Owner dropdown menu and provide number of users you want to create at a time. You can also provide username prefix as well as username and password length in this panel.
- Choose your desired profile package for these users from Assign profile dropdown menu and then click on Add button to add these users. All the created users will be available in Users
- Now click on all the users checkbox for whom you want to create scratch card.
- Click on Generate menu and then choose Vouchers Vouchers window will appear.
- Now click on Generate button and you will find your entire scratch cards in a HTML page like below image.
Now sell these cards to your nearest shop and get auto revenue monthly or your desired time period.
Hotspot Server is now ready to authenticate users via User Manager Radius Server. Now it is time to test our Hotspot server. For this, connect any IP device to your network. After connecting, a dynamic IP will be assigned to your device from DHCP server that was created while installing Hotspot server. Usually, Hotspot uses DHCP server to assign IP address and other related information that are necessary to get login page. Now open any web browser and try to visit any web page. You can see the login page of your Hotspot server. If you do not get login page for any cause, type your DNS name that was provided while installing Hotspot server. Now you can see your Hotspot login page like below image.
Put username and password that you find in your scratch card and then click OK button. You will now be able to visit any webpage if you provide correct username and password.
Accessing User Page
Radius Server offers a user page where user can login their profile page and can show their account status as well as can change their account information and password. The following steps will show how to access this user page in your Radius Server.
- Type https://radius_server_ip_address/user to get user login page if you have only one subscriber or customer in your Radius Server. But if you have more than one customer or subscribe, you have to type https://radius_server_ip_address/user/public_id where public_id is Public ID of the customer or subscriber. This Public ID must provide when customer or subscriber is created.
- Type username and password of your desired user in Login and Password input field and then hit login button.
- Now user can show his account status, profile, sessions and payment option from this page. Also he can change his password from Settings
You will be able to configure a Hotspot network with bandwidth limitation and prepaid billing system if you follow the above steps properly. However, if you face any confusion to do above steps, watch my video about MikroTik Hotspot configuration with bandwidth limitation and prepaid billing system carefully. I hope, it will reduce your any confusion.
MikroTik Hotspot Configuration with Bandwidth Limitation and Prepaid billing System has been explained in this article. I hope you are now able to setup a Hotspot Server with Radius Server that will have bandwidth limitation and prepaid billing system. However, if you face any confusion, feel free to discuss in comment or contact with me from Contact page. I will try my best to stay with you.