If you are a network administrator and want to establish a network that will have data limitation package with prepaid billing system, MikroTik Hotspot Server with MikroTik User Manager Radius Server will be your best solution. Because, MikroTik User Manager is a poplar Radius application that will give facility to manage user data package as well as prepaid billing system efficiently. On the other hand, MikroTik Hotspot is a popular service that will help to connect your network user without any hassle.
So, it is time to know about MikroTik Hotspot Configuration with User Manager Radius Server and this article will guide you how to configure a Hotspot Server with User Manager Radius Server that will have Data Limit and Prepaid Billing System facility.
Article Purpose
The purpose of this article is to design a MikroTik Hotspot network with User Manager Radius Server that will have
- Data Limitation Package and
- Prepaid Billing System with Scratch Card.
Network Diagram
For the configuration of this article I am going to establish a network like below network diagram.
This is a simple and basic network diagram. In real situation, your network might be larger than this network but the basic diagram will remain same. In this network, the WAN Distribution Switch is connected to internet gateway. MikroTik Router’s (NAS) WAN interface and MikroTik User Manager Radius Server are also connected to this WAN Distribution Switch. Hotspot users will be connected to NAS Router through LAN Switch and will get internet access and MikroTik Router will communicate to Radius Server through WAN interface.
Core Devices and IP Information
To setup a Hotspot network according to above network diagram, I have installed and completed initial configuration of MikroTik User Manager Radius Server Package in a dedicated physical server where MikroTik RouterOS is running. I have also a physical MikroTik RouterOS (MikroTik RouterBOARD 1100AHX2) which is the NAS (Network Access Server) RouterOS of this network. IP information that I am using for this network configuration are given below.
- Radius Server IP: 192.168.110.10/28
- MikroTik RouterOS (NAS) WAN IP: 192.168.110.2/28
- LAN IP Block: 192.168.10.0/24
- Hotspot Server IP: 192.168.10.1
This IP information is just for my RND purpose. So, change this information according to your network requirements.
MikroTik Hotspot and Radius Server Configuration with Data Limit and Prepaid Billing System
We are now going to start our Hotspot network configuration with User Manager Radius Server according to the above network diagram. The complete configuration can be divided into two parts.
- Part 1: MikroTik RouterOS Configuration (NAS Router)
- Part 2: MikroTik User Manager Radius Server Configuration
Part 1: MikroTik RouterOS Configuration (NAS Router)
In the first part, we will configure our MikroTik RouterOS (NAS) so that it can turn into a Hotspot Server and can communicate with Radius Server to authenticate users. Complete RouterOS configuration can be divided into below topics.
- Basic MikroTik RouterOS Configuration
- Hotspot Configuration in MikroTik RouterOS
- Radius Client Configuration in MikroTik RouterOS
Basic MikroTik RouterOS Configuration
MikroTik Router basic configuration includes WAN IP Assign, DNS IP Assign and Default Gateway Configuration. The following steps will show how to perform these topics in your MikroTik RouterOS.
- Login to your MikroTik Router using Winbox with full permission user such as admin user.
- Go to IP > Addresses menu item. Address List window will appear. Click on PLUS SIGN (+). New Address window will appear.
- Put RouterOS WAN IP (RouterOS WAN IP: 192.168.110.2/28) in Address input field and choose WAN interface from Interface dropdown menu and then click Apply and OK button.
- Now go to IP > DNS. DNS Settings window will appear. Put your DNS server IP (Public DNS IP: 8.8.8.8 or 8.8.4.4) in Servers input field and then click Apply and OK button.
- Go to IP > Routes. Route List window will appear. Click on PLUS SIGN (+). New Route window will appear. Click on Gateway input box and put your internet gateway IP (in this network: 192.168.110.1) in this input field. Click on Apply and OK button.
MikroTik Router basic configuration has been completed. Now we will configure Hotspot Server in our NAS RouterOS.
Hotspot Configuration in MikroTik RouterOS
After completing MikroTik Router basic configuration, we will now setup Hotspot Server in our MikroTik RouterOS. The following steps will show how to setup Hotspot Server in your MikroTik RouterOS.
- Go to IP > Hotspot menu item. Hotspot window will appear.
- Click on Hotspot Setup button from this window. Hotspot Setup will appear now.
- Choose your LAN interface on which you want to setup Hotspot Server from Hotspot Interface drop-down menu. Now click Next button.
- Put your LAN address (in this case: 192.168.10.1/24) in Local Address of Network input box. Also check the Masquerade Network checkbox is checked and then click Next button.
- Now it is time to choose address pool for your Hotspot network from where IP address will be assigned to clients. Normally, it will show your network IP range without gateway IP. You can change default IP range as your wish or can keep the default range. Click Next button now.
- If you have SSL certificate, you can import by choosing import other certificate option or select none if you do not have any SSL certificate. Now click Next button.
- If you have SMTP server, you can put your SMTP server address in IP Address of SMTP Server input box or you can keep blank if you do not want to use SMTP server. Click Next button.
- Now it is option to setup DNS. DNS servers that you have provided in basic configuration will automatically be selected here. So, nothing to do, just click Next button now.
- Now it is time to put DNS name which is a mandatory field. DNS name will be used to get Hotspot login page. So, put a standard DNS name such as systemzone.mk or systemzone.hotspot etc. and click Next button.
- Now put a local Hotspot user. By default it is admin. You can keep this user or can change as your wish. Also put password in Password for the User input box. Click Next button.
- Hotspot server setup will be completed and you will get a successful message now.
- Click on Servers tab and you will find a new server has been created. Click on it and change your automated created server name if you wish and then find what the server profile is from Profile dropdown menu.
- Now click on Server Profiles tab and you will find your Hotspot Server profile here. Click on it. Hotspot Server Profile window will come.
- Under General tab, change your server profile name if you wish.
- Click on Login tab and uncheck Cookie and check HTTP CHAP, HTTPS and HTTP PAP from Login By panel.
- Click on RADIUS tab and click on Use RADIUS checkbox and Accounting checkbox and then click Apply and OK button.
MikroTik Hotspot server configuration has been completed. In the next step, we will configure Radius client in our MikroTik RouterOS.
Radius Client Configuration in MikroTik RouterOS
The following steps will show you how to configure Radius client in MikroTik RouterOS.
- Click on Radius menu item from left menu bar. Radius window will appear now.
- Click on PLUS SIGN (+). New Radius Server window will appear now.
- Click on hotspot checkbox from Service panel.
- Put Radius Server IP address (in this article: 192.168.110.10) in Address input field.
- Provide a password in Shared Secret input field. This password is important and has to provide when client router will be configured in User Manager Radius Server.
- Click Apply and OK.
- Now click on Incoming button and Radius Incoming window will appear.
- Click on Accept checkbox and put 1700 in Port input box and then click Apply and OK.
Radius client configuration has been completed. Now MikroTik RouterOS is able to communicate with Radius Server to authenticate Hotspot users.
Part 2: MikroTik User Manager Radius Server Configuration
MikroTik User Manager Radius Server installation and initial configuration has been discussed in my previous article. If you don’t have enough introduction with User Manager Radius Server installation and initial configuration, first spend some time to study that article and complete your Radius Server installation and initial configuration and then continue my below section. In this section, I will do below topics in our Radius Server for Hotspot user authentication, authorization and accounting.
- Adding Client Router (NAS) in Radius Server
- User Profile Configuration for Data Limitation
- Creating Voucher Template
- Adding User in Radius Server
- Accessing User Page
Adding Client Router (NAS) in Radius Server
The following steps will show you how to add client router in User Manager Radius Server.
- Login to User Manager Radius Server web interface with customer or subscriber credentials using https://radius-server-ip-address/userman (for this configuration: https://192.168.110.10/userman) URL.
- Click on Routers button from left button panel and then click on Add > New menu item from top menu bar. Router Details window will appear now.
- In Main panel, put a meaningful name for your client router in Name input field. Also choose owner from Owner dropdown menu.
- Put your client router IP address (RouterOS IP: 192.168.110.2) in IP address input field.
- Now put shared secret password that you have provided at Radius client configuration in MikroTik RouterOS Shared secret input field.
- In Radius incoming panel, click on CoA support check box and put 1700 in CoA port input box.
- Click on Add button to add this router in Radius Server Router list.
MikroTik RouterOS has been added in User Manager Radius Server as a client router. Now User Manager will reply any query that will be asked by our MikroTik RouterOS.
User Profile Configuration for Data Limitation
We will now create two Data Limitation packages (512MB for 2 week validation and 1GB for 30 days validation) in User Manager Radius Server. The following steps will show how to create Data Limit packages in User Manager Radius Server.
- Click on Profiles button from left button panel and then click on Limitations
- Click on Add > New menu item from top menu bar. Limitation details window will appear now.
- In Main panel, put your package name what you want in Name input field. As I am creating my first 512MB package, I am providing 512MB Package in name field. Also choose owner from Owner dropdown menu.
- In limits panel, put 512M in Transfer input field. We don’t want to apply any download and upload limit. If total download and upload exceeds 512MB, the user will not be able to connect more.
- We don’t also apply any bandwidth limitation because it is valueless to apply bandwidth limitation in Data Limit package.
- In Constraints panel, put IP Pool name that you will find at IP > Pool window in your NAS RouterOS.
- Click Save button to save this limitation package.
- Similarly, create 1GB Package. Just put 1G in Transfer input filed and put this package name as your wish.
- Now click on Profiles tab and click on PLUS SIGN (+). Create profile window will appear. Put profile name what you want in Name input field. For my configuration, I am providing 512MB as name. Click on Create Similarly, create 1GB profile.
- From Profiles dropdown menu, select 512MB and put 1w in Validity input box. Choose package starting time At first logon from Starts dropdown menu. Put price of this package in Price input box and keep Shared users value 1 so that only one user can login at a time with a username and password.
- Click Save profile button to save your information.
- At the bottom of this profile, you will find Unlimited profile that mean there is no limitation for this profile. So, click Add new limitation Profile part window will appear now.
- You will find your limitation packages that you have created in Limits Click 512MB Package checkbox and the click Add button to add this limitation for this profile.
- Again select 1GB from Profiles dropdown menu and 4w2d in Validity input box. Choose package starting time At first logon from Starts dropdown menu. Put price of this package in Price input box and keep Shared users value 1 so that only one user can login at a time with a username and password. Click Save profile to save this information.
- Now click Add new limitation button and click 1GB Package checkbox from Limits panel and then click Add button to add this limitation.
We have created two Data Limit packages in our profile configuration. Similarly you can create as many Limitation packages as you want following the above steps properly. In the next section, we will create Voucher or Scratch card Template in our Radius Server.
Creating Voucher Template
Now we are going to create scratch card template so that after creating users we can print scratch card according to this template. The following steps will show how to create scratch card or voucher template in User Manager Radius Server.
- Click on Settings button from left button panel and then click on Templates
- Now choose Vouchers from Name dropdown menu.
- In Header textarea, put below HTML and CSS code.
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "https://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="https://www.w3.org/1999/xhtml"> <head> <title>Vouchers</title> <style> @media print { .noprint { display: none; } .pagebreak { page-break-after: always; } } body { font-family: 'Lucida Grande', 'Helvetica Neue', Helvetica, Arial, sans-serif; padding: 100px; font-size: 13px; } div.box { background: rgb(230,240,163); /* Old browsers */ background: -moz-linear-gradient(-45deg, rgba(230,240,163,1) 0%, rgba(210,230,56,1) 50%, rgba(195,216,37,1) 51%, rgba(219,240,67,1) 100%); /* FF3.6+ */ background: -webkit-gradient(linear, left top, right bottom, color-stop(0%,rgba(230,240,163,1)), color-stop(50%,rgba(210,230,56,1)), color-stop(51%,rgba(195,216,37,1)), color-stop(100%,rgba(219,240,67,1))); /* Chrome,Safari4+ */ background: -webkit-linear-gradient(-45deg, rgba(230,240,163,1) 0%,rgba(210,230,56,1) 50%,rgba(195,216,37,1) 51%,rgba(219,240,67,1) 100%); /* Chrome10+,Safari5.1+ */ background: -o-linear-gradient(-45deg, rgba(230,240,163,1) 0%,rgba(210,230,56,1) 50%,rgba(195,216,37,1) 51%,rgba(219,240,67,1) 100%); /* Opera 11.10+ */ background: -ms-linear-gradient(-45deg, rgba(230,240,163,1) 0%,rgba(210,230,56,1) 50%,rgba(195,216,37,1) 51%,rgba(219,240,67,1) 100%); /* IE10+ */ background: linear-gradient(135deg, rgba(230,240,163,1) 0%,rgba(210,230,56,1) 50%,rgba(195,216,37,1) 51%,rgba(219,240,67,1) 100%); /* W3C */ filter: progid:DXImageTransform.Microsoft.gradient( startColorstr='#e6f0a3', endColorstr='#dbf043',GradientType=1 ); /* IE6-9 fallback on horizontal gradient */ width: 3.6in; height: 2.1in; padding: 0 17px 18px 12px; margin: 10px 0; border: solid 1px #D9D9D9; border-radius: 10px; -webkit-border-radius: 2px; -moz-border-radius: 2px; } div.box h2 { background: rgb(30,87,153); /* Old browsers */ background: -moz-linear-gradient(top, rgba(30,87,153,1) 0%, rgba(41,137,216,1) 50%, rgba(32,124,202,1) 51%, rgba(125,185,232,1) 100%); /* FF3.6+ */ background: -webkit-gradient(linear, left top, left bottom, color-stop(0%,rgba(30,87,153,1)), color-stop(50%,rgba(41,137,216,1)), color-stop(51%,rgba(32,124,202,1)), color-stop(100%,rgba(125,185,232,1))); /* Chrome,Safari4+ */ background: -webkit-linear-gradient(top, rgba(30,87,153,1) 0%,rgba(41,137,216,1) 50%,rgba(32,124,202,1) 51%,rgba(125,185,232,1) 100%); /* Chrome10+,Safari5.1+ */ background: -o-linear-gradient(top, rgba(30,87,153,1) 0%,rgba(41,137,216,1) 50%,rgba(32,124,202,1) 51%,rgba(125,185,232,1) 100%); /* Opera 11.10+ */ background: -ms-linear-gradient(top, rgba(30,87,153,1) 0%,rgba(41,137,216,1) 50%,rgba(32,124,202,1) 51%,rgba(125,185,232,1) 100%); /* IE10+ */ background: linear-gradient(to bottom, rgba(30,87,153,1) 0%,rgba(41,137,216,1) 50%,rgba(32,124,202,1) 51%,rgba(125,185,232,1) 100%); /* W3C */ filter: progid:DXImageTransform.Microsoft.gradient( startColorstr='#1e5799', endColorstr='#7db9e8',GradientType=0 ); /* IE6-9 */ margin: 0 -17px 1px -12px; padding: 15px 0px 0 10px; height: 20px; border-top-left-radius: 10px; border-top-right-radius: 10px; -webkit-border-radius: 2px; -moz-border-radius: 2px; font: bold 18px/0.2 Arial; color: #fff; text-shadow: red 0.1em 0.1em 0.6em} div.box h3 { background-color: #FFF8DC; border-color: #000; border-style:solid; border-width:1px; margin: -35px 0 0 70px; padding: 12px 50px 3px 10px; height: 8px; width: 30px; font: bold 12px/0 Arial; color: #000; } div.box h4 { background: rgb(174,188,191); /* Old browsers */ background: -moz-linear-gradient(top, rgba(174,188,191,1) 0%, rgba(110,119,116,1) 50%, rgba(10,14,10,1) 51%, rgba(10,8,9,1) 100%); /* FF3.6+ */ background: -webkit-gradient(linear, left top, left bottom, color-stop(0%,rgba(174,188,191,1)), color-stop(50%,rgba(110,119,116,1)), color-stop(51%,rgba(10,14,10,1)), color-stop(100%,rgba(10,8,9,1))); /* Chrome,Safari4+ */ background: -webkit-linear-gradient(top, rgba(174,188,191,1) 0%,rgba(110,119,116,1) 50%,rgba(10,14,10,1) 51%,rgba(10,8,9,1) 100%); /* Chrome10+,Safari5.1+ */ background: -o-linear-gradient(top, rgba(174,188,191,1) 0%,rgba(110,119,116,1) 50%,rgba(10,14,10,1) 51%,rgba(10,8,9,1) 100%); /* Opera 11.10+ */ background: -ms-linear-gradient(top, rgba(174,188,191,1) 0%,rgba(110,119,116,1) 50%,rgba(10,14,10,1) 51%,rgba(10,8,9,1) 100%); /* IE10+ */ background: linear-gradient(to bottom, rgba(174,188,191,1) 0%,rgba(110,119,116,1) 50%,rgba(10,14,10,1) 51%,rgba(10,8,9,1) 100%); /* W3C */ filter: progid:DXImageTransform.Microsoft.gradient( startColorstr='#aebcbf', endColorstr='#0a0809',GradientType=0 ); /* IE6-9 */ margin: 39px -17px 0px -12px; padding: 10px 10px 5px 10px; height: 10px; font: bold 14px/0.2 Arial; color: #fff; text-shadow: white 0.1em 0.1em 0.6em } .txtbox { background-color: transparent; width: 330px; } </style> </head> <body> - In Row textarea, put below HTML and CSS code.
<div class="box"> <h2>System Zone - Internet Card $%u_moneyPaid%</h2> <div class="txtbox"> How to use this card? <br> Type systemzone.mk in your browser and <br> Put the <b>UsreName</b> & <b>Password</b> in required field and click <b>OK </b> button.</b> </br> </div> <p align="left"> UserName: <h3>%u_username%</h3> </p> <p align="left"> Password: <h3>%u_password%</h3></p> <h5 style="margin-top: -70px; margin-left: 195px; font: bold 25px Arial; color: #fff; text-shadow: black 0.1em 0.1em 0.6em;">%u_actualProfileName%/%u_timeLeft% </h5> <p style="margin-top: -40px; margin-left: 195px;"> Price: $%u_moneyPaid%</p> <h4>Contact for more info. sayeedsezan@gmail.com</h4> </div> - Click Save button to save this voucher template.
You can change this card design if you have a little HTML and CSS idea. If you need to change only card text, just change texts in Row textarea according to your requirement.
Adding User in User Manager Radius Server
The following steps will show how to add random users in your User Manager Radius Server.
- Click on Users button from left button panel. Now click on Add > Batch menu item from top menu bar. User details window will appear.
- In Main panel, choose owner from Owner dropdown menu and provide number of users you want to create at a time. You can also provide username prefix as well as username and password length in this panel.
- Choose your desired profile package for these users from Assign profile dropdown menu and then click on Add button to add these users. All the created users will be available in Users
- Now click on all the users checkbox for whom you want to create scratch card.
- Click on Generate menu and then choose Vouchers Vouchers window will appear.
Now click on Generate button and you will find your entire scratch cards in a HTML page like below image.
Now sell these cards to your nearest shop and get auto revenue monthly or your desired time period.
Hotspot Server is now ready to authenticate users via User Manager Radius Server. Now it is time to test our Hotspot server. For this, connect any IP device to your network. After connecting, a dynamic IP will be assigned to your device from DHCP server that was created while installing Hotspot server. Usually, Hotspot uses DHCP server to assign IP address and other related information that are necessary to get login page. Now open any web browser and try to visit any web page. You can see the login page of your Hotspot server. If you do not get login page for any cause, type your DNS name that was provided while installing Hotspot server. Now you can see your Hotspot login page like below image.
Accessing User Page
Radius Server offers a user page where user can login their profile page and can show their account status as well as can change their account information and password. The following steps will show how to access this user page in your Radius Server.
- Type https://radius_server_ip_address/user to get user login page if you have only one subscriber or customer in your Radius Server. But if you have more than one customer or subscribe, you have to type https://radius_server_ip_address/user/public_id where public_id is Public ID of the customer or subscriber. This Public ID must provide when customer or subscriber is created.
- Type username and password of your desired user in Login and Password input field and then hit login button.
- Now user can show his account status, profile, sessions and payment option from this page. Also he can change his password from Settings menu.
Following the above described method, you can easily create a data limitation and prepaid billing system network with MikroTik Hotspot and User Manager Radius Server. However, if you face any confusion to follow above method, watch my video about MikroTik Hotspot Configuration with Data Limit and Prepaid Billing System. I hope, it will reduce your any confusion.
MikroTik Hotspot Configuration with Data Limit and Prepaid billing System has been explained in this article. I hope you are now able to setup a Hotspot Server with Radius Server that will have data limitation and prepaid billing system. However, if you face any confusion, feel free to discuss in comment or contact with me from Contact page. I will try my best to stay with you.