Hotspot2.0 configuration

RouterOS Wireless Networking
1

Hello!
I’m trying to configure Hospot 2.0 using a Mikrotik cAP ac. I started yesterday and I don’t have any prior experience with any Mikrotik devices.
So far I was able to configure a internetworking profile under hierarchy. In this profile I have mentioned valid and tested values for:

  • Realms
  • Roaming-ois
  • WAN Metrics
    Note: I’ve used these values to successfully test Hotspot 2.0 for multiple vendors and since I’m configuring Hotspot 2.0 Network Deployment using Non-cellular Network Credentials for Authentication only these values are required.
    After this I applied this profile to my SSID interface using the command <set 0 internetworking-profiles=<Profile_Name>

Here’s my question:

  • For my setup to work I wish to tie a Radius server to my SSID so it uses this Radius for authentication. I don’t see how I can change the SSID security settings to use WPA2-Enterprise and add my Radius to this SSID.
  • Do I need to setup a security profile? My end device (cellphone) will have a Certificate installed from the provider, once the device picks up a Hotspot 2.0 enabled SSID it automatically should connect to this SSID using the certificate profile. For this to happen should I configuring anything else for Mikrotik?
2

There is more info and an exemple now in : https://help.mikrotik.com/docs/display/ROS/Interworking+Profiles.

Now we have a Winbox (GUI) interface for this as well.

Is Hotspot 2.0 useful for a multi-AP private network ??? Roaming? Single sign-on for a hotspot (MT or other private hotspot) ?
Still trying to implement this (without using Forigate or Watchguard), as many Radius parameters apply to a portal only: https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/authentication/rsso_about.html

EDIT: Just found another one that automatically maps the WPA/Enterprise EAP/PEAP/MSCHAPv2 login to the portal login. If you study how thay do it, maybe there is some ROS script that does the same and creates either the needed MAC user, or the MAC Cookie in the portal. Has nothing to do with Hotspot 2.0 functionality, so this is under the wrong initial post.
https://www.websense.com/content/support/library/web/v80/radius_agent/radius_agent.pdf