Manual:IP/Hotspot/Profile 1

Manual:IP/Hotspot/ProfileApplies to RouterOS: v3, v4, v5+

SummarySub-menu: /ip hotspot profileThis submenu contains list of Hotspot server profiles. There may be various different HotSpot systems, defined asHotSpot Server Profiles, on the same gateway machine. One or more interfaces can be grouped into one serverprofile. There are very few settings for the servers on particular interfaces - most of the configuration is set in theserver profiles. For example, it is possible to make completely different set of servlet pages for each server profile,and define different RADIUS servers for authentication.

Properties

Property Description

dns-name (string; Default: "") DNS name of the HotSpot server (itappears as the location of the loginpage). This name will automatically beadded as a static DNS entry in the DNScache.

hotspot-address (IP; Default: 0.0.0.0) IP address of HotSpot service.

html-directory (string; Default: hotspot) Directory name in which HotSpotHTML pages are stored (by defaulthotspot directory). It is possible tospecify different directory with modifiedHTML pages. To change HotSpot loginpage, connect to the router with FTP anddownload hotspot directory contents.Read more >>

http-cookie-lifetime (time; Default: 3d) HTTP cookie validity time, the option isrelated to cookie HotSpot login method

http-proxy (IP:Port; Default: 0.0.0.0:0) Address and port of the proxy server forHotSpot service, when default value isused all request are resolved by the local/ip proxy

Manual:IP/Hotspot/Profile 2

login-by (cookie|http-chap|http-pap|https|mac|trial; Default: http-chap, cookie) Used HotSpot authentication method

• cookie - may only be used with otherHTTP authentication method. HTTPcookie is generated, when userauthenticates in HotSpot for the firsttime. User is not asked for thelogin/password and authenticatedautomatically, until cookie-lifetime isactive

• http-chap - login/password isrequired for the user to authenticatein HotSpot. CHAPchallenge-response method withMD5 hashing algorithm is used forprotecting passwords.

• http-pap - login/password isrequired for user to authenticate inHotSpot. Username and passwordare sent over network in plain text.

• https - login/password is requiredfor user to authenticate in HotSpot.Client login/password exchangebetween client and server isencrypted with SSL tunnel

• mac - client is authenticated withoutasking login form. ClientMAC-address is added to /ip hotspotuser database, client is authenticatedas soon as connected to the HotSpot

• trial - client is allowed to useinternet without HotSpot login forthe specified amount of time

mac-auth-password (string; Default: ) Used together with MAC authentication,field used to specify password for theusers to be authenticated by their MACaddresses. The following option isrequired, when specific RADIUS serverrejects authentication for the clients withblank password

name (string; Default: ) Descriptive name of the profile

nas-port-type (string; Default: wireless-802.11) NAS-Port-Type value to be sent toRADIUS server, NAS-Port-Type valuesare described in the RADIUS RFC 2865.This optional value attribute indicatesthe type of the physical port of theHotSpot server.

radius-accounting (yes | no; Default: yes) Send RADIUS server accountinginformation for each user, when yes isused

radius-default-domain (string; Default: ) Default domain to use for RADIUSrequests. Allows to use separateRADIUS server per /ip hotspot profile

Manual:IP/Hotspot/Profile 3

radius-interim-update (time | received; Default: received) How often to send accounting updates .When received is set, interim-time isused from RADIUS server. 0s is thesame as received.

radius-location-name (string; Default: ) RADIUS-Location-Id to be sent toRADIUS server. Used to identifylocation of the HotSpot server during thecommunication with RADIUS server.Value is optional and used together withRADIUS server.

radius-mac-format ("XX XX XX XX XXXX"|XX:XX:XX:XX:XX:XX|XXXXXX-XXXXXX|XXXXXXXXXXXX|XX-XX-XX-XX-XX-XX|XXXX:XXXX:XXXX|XXXXXX:XXXXXX;Default: XX:XX:XX:XX:XX:XX)

rate-limit (string; Default: "") Rate limitation in form ofrx-rate[/tx-rate][rx-burst-rate[/tx-burst-rate][rx-burst-threshold[/tx-burst-threshold][rx-burst-time[/tx-burst-time]]]][priority] [rx-rate-min[/tx-rate-min]]from the point of view of the router (so"rx" is client upload, and "tx" is clientdownload). All rates should be numberswith optional 'k' (1,000s) or 'M'(1,000,000s). If tx-rate is not specified,rx-rate is as tx-rate too. Same goes fortx-burst-rate and tx-burst-threshold andtx-burst-time. If both rx-burst-thresholdand tx-burst-threshold are not specified(but burst-rate is specified), rx-rate andtx-rate is used as burst thresholds. Ifboth rx-burst-time and tx-burst-time arenot specified, 1s is used as default.rx-rate-min and tx-rate min are thevalues of limit-at properties

smtp-server (IP; Default: 0.0.0.0) SMTP server address to be used toredirect HotSpot users SMTP requests.

split-user-domain (yes | no; Default: no) Split username from domain name whenthe username is given in "user@domain"or in "domain\user" format fromRADIUS server

ssl-certificate (string | none; Default: none) Name of the SSL certificate on therouter to to use only for HTTPSauthentication.

trial-uptime (time/time; Default: 30m/1d) Used only with trial authenticationmethod. First time value specifies, howlong trial user identified by MACaddress can use access to publicnetworks without HotSpotauthentication. Second time valuespecifies amount of time, that has to passuntil user is allowed to use trial again.

trial-user-profile (string; Default: default) Specifies hotspot user profile for trialusers.

Manual:IP/Hotspot/Profile 4

use-radius (yes | no; Default: no) Use RADIUS to authenticate HotSpotusers.

[Back to Content]

Article Sources and Contributors 5

Article Sources and ContributorsManual:IP/Hotspot/Profile  Source: http://wiki.mikrotik.com/index.php?oldid=19273  Contributors: Marisb

Image Sources, Licenses and ContributorsImage:Version.png  Source: http://wiki.mikrotik.com/index.php?title=File:Version.png  License: unknown  Contributors: Normis