Hello ,
is it possiable to redirect my hotspot to an external mikrotik hotspot server?
so if I have 4 hotspots all of them will have the same login page , and only one place I will mange the users?
Thanks ,
To manage multiple routers from a single central authority, it’s best you set up a RADIUS server, and have all of your hotspots connect to it.
For the central web page… You can use rlogin.html (see this guide for details) to setup a redirect to the external hotspot page.. Which should be in a walled garden. From that page, set up the form so that the action URL is back on the router. As long as all routers have the same internal IP or domain, the form will always effectively be submitted to the original router.
can you guide me even more about it?
waht do I need to do in the main hotspot router
I know how to redirect from a unit to external web page - but then what ?
how do I tell him to connect using a raduis ?
I will explian my scenario better:
I have 5 (it will grow to 10) RB with hotspot on it , that are all around our building.
I have 1 x86 ROS that is the radius server that I can manage all the users (now I have only 2 users with 2 profile - guest\workers just for the example)
this onw is working without any problem
now what do I need to change in the X86 so all the hotspot user will get his login page ? (I want all the clients will see the same page )
Thanks ,
See this page in the manual for more details on RADIUS.
Basically, in the “/radius” menu, you add a RADIUS server, tell MikroTik to use it for hotspot, and in the hotspot server profile, you check the “use RADIUS” option. That’s about it on the MikroTik end… If a user doesn’t exist on the local router, MikroTik will lookup the RADIUS servers configured for hotspot, from first to last.
The hard part comes in configuring the RADIUS server. I’ve never actually configured one on an external device, so I can’t really help there… The only one I’ve used is MikroTik’s “User Manager” package, configured on the same router (for the purposes of using a single source of truth for hotspot, PPPoE and Wi-Fi credentials), but only in testing, because there is a critical feature that “User Manager” doesn’t support that I need - “WPA2 - EAP” - so I haven’t deployed it for real.
The radius part is working without any problem
when I connect to the hotspot I see I register on the raduis server - this is fine
but waht I want to do is - create a login page on the radius server it self - so I will have 1 login page for all the units
so if I want to change a image on the login page - I will do it in 1 place and not in every RB with hotspot ..
Do you understadn what I wnat to do?
Thanks ,
In addition to the RADIUS server, you’d setup a web server (Apache, Nginx) on the device where the RADIUS server sits. Or it could be a separate device, but the point is it’s separate and in addition to RADIUS.
The router redirects to the web page. The web page redirects back to the router with the details typed by the user. The router then authenticates over RADIUS the same as it would have if the web page was served from inside itself.
If you need access to some data that is only known to the router (e.g. the user’s MAC address), you could supply them in the redirect from the router to the web server, but know that those can be spoofed. To avoid spoofing, you could insted look these details up with the RouterOS API (using the IP:port of the client to find them in “/ip firewall connection”, and lookup the rest based on the private IP found there), though that brings its own set of problems (notably, the router needs to have a public IP or connect to the server through a VPN of which the web server is also a part of).