HotSpot Setup 100% CPU Usage

darshakamodi · April 20, 2012, 5:58am

Hi All, we are beginner to MT products and interested to use it a lot.
Currently we have setup HotSpot for our customer.
The problem is that CPU Usage touches 100% in minutes of starting devices.
In Profile we see, www,hotspot,web-proxy each consuming 30% and hence the usage goes 100%.

We have simple setup, where we authenticate users using radius.
/ip hotspot> print
Flags: X - disabled, I - invalid, S - HTTPS

NAME INTERFACE ADDRESS-POOL PROFILE IDLE-TIMEOUT

0 hotspot1 Local LAN hs-pool-2 hsprof1 5m

Flags: * - default
0 * name="default" hotspot-address=0.0.0.0 dns-name="" html-directory=hotspot
rate-limit="" http-proxy=0.0.0.0:0 smtp-server=0.0.0.0
login-by=cookie,http-chap http-cookie-lifetime=3d split-user-domain=no
use-radius=no

1 name="hsprof1" hotspot-address=11.12.13.1 dns-name="test.hotspot.in"
html-directory=hotspot rate-limit="6M/6M" http-proxy=0.0.0.0:0
smtp-server=0.0.0.0 login-by=http-chap split-user-domain=no use-radius=yes
radius-accounting=yes radius-interim-update=5m
nas-port-type=wireless-802.11 radius-default-domain=""
radius-location-id="" radius-location-name=""
radius-mac-format=XX:XX:XX:XX:XX:XX

Why its using www/web-proxy cpus? Currently no active users, all are denied access using radius.

Feklar · April 20, 2012, 3:48pm

The most likely cause is that you have a client/device that is on the network that is contstantly requesting a resource by HTTP and will keep on requesting it until it gets it. The hotspot redirects that HTTP request and uses the proxy to service it, the service doesn’t get what it wants so it asks for it again. The loop continues and increases CPU use.

darshakamodi · April 20, 2012, 5:56pm

It means unauthorized user? And how do I identify that?
What is solution for that?

Feklar · April 20, 2012, 6:09pm

Identify the device/user and prevent them, or set up a general firewall rule that will limit the number of connections the hotspot will process from a given user at a time.

/ip firewall filter
add action=drop chain=pre-hs-input connection-limit=10,32 disabled=no dst-port=64872-64875 protocol=tcp

darshakamodi · April 21, 2012, 3:07am

Thanks, I did the same but still web-proxy get 25-30% CPU, and overall remain 90%.

There must be solution or work around, as this would be common issue.

Feklar · April 22, 2012, 1:10pm

Contact support with a suppout.rif file and see if they can spot what is going on then.

yresquirol · January 29, 2020, 3:49am

The problem
Sometimes using the Hotspot feature in some Mikrotik devices can cause an increase in the CPU usage reaching up to 100% in some cases. Why does this happen? How do you fix this problem?

Summary
When a user (IP) has not signed into the hotspot the firewall places its packets in a chain “hs-unauth”.
Any packet in that chain going to port 80 (http) is automatically redirected to the internal port 64874, where the hotspot’s web server is listening, logically this shows the user how to log in. This results in a lot of requests that the web server must answer and most of them are not useful, causing the CPU usage to increase.

Proposed Solution and results
Redirect only the packets going to any direction used by web browsers/SO to detect the captive portal.
Once the redirecting condition is established, the amount of request going to the hotspot’s web server will decrease allowing only the necessary amount of answers to go out and bringing down the CPU usage.

Steps to apply this solution
First step: copy the block of code found at the end, paste it in the terminal and press enter.
Second step: create a scheduler that is executed at the “startup”, with interval 0 and put the following line in “On event”:
delay 10; ip firewall nat set dst-address-list=“DetHotspot” [find chain=hs-unauth && protocol=“tcp” && dst-port=“80” action=“redirect” to-ports=“64874”];

{
    ip firewall address-list add address="www.msftconnecttest.com" list=DetHotspot;
    ip firewall address-list add address="www.gstatic.com" list=DetHotspot;
    ip firewall address-list add address="connectivitycheck.gstatic.com" list=DetHotspot;
    ip firewall address-list add address="captive.apple.com" list=DetHotspot;
    ip firewall address-list add address="detectportal.firefox.com" list=DetHotspot;
    ip firewall address-list add address="connect.rom.miui.com" list=DetHotspot;
    ip firewall nat set dst-address-list="DetHotspot" [find chain=hs-unauth && protocol="tcp" && dst-port="80" action="redirect" to-ports="64874"];
}

Mohammad.pazouki1382 · December 18, 2025, 1:23pm

Hello, my Mikrotik router hotspot CPU becomes 100 and the hotspot login page no longer opens. Please tell me a solution.