Community discussions

 
k4rl
just joined
Topic Author
Posts: 1
Joined: Thu Aug 08, 2019 2:27 pm

Hello!!! beginner vs RB3011 external HOTSPOT+UNIFI

Wed Aug 14, 2019 2:33 am

Hi everyone, I bought a Mikrotik for the first time, I don't know the system and I'm not a programmer, but I try to configure it through the manual, threads of this forum and online guides. But I'm giving up: / I try to implement a local network in the configuration of an external hotspot and I would like to change the configuration to use the QCA8337 switch chip.
RouterOS 6.45.3
ether1 WAN port
ether2 and ether3 are used by Captive and Info Portal
ether4 my private LAN
with DHCP server (10.100.0.1/16 or 192.168.10.1/32)?
ether5 connected to
unifi switch + cloudkey gen2 "controller" + Access point

I have two hotspot configurations available, I tried to change the first one which seemed to me the most suitable for the purpose because the other has already configured bridges and vlan that should be removed because written for mikrotiks in general with and without the switch chip, following the manual I try to implement this type of configuration https://wiki.mikrotik.com/wiki/Manual:B ... _switching

This is the cfg of the hotspot

First reset and configure WAN
/system reset-configuration no-default=yes
/ip dhcp-client add disabled=no interface=ether1
/ip dns set server=8.8.8.8

Then
/ip address remove [find comment="WIHSPOT"]
/ip dhcp-server network remove [find comment="WIHSPOT"]
/ip firewall nat remove [find comment="WIHSPOT"]
/radius remove [find comment="WIHSPOT"]
/ip hotspot remove [find name="WIHSPOT"]
/ip dhcp-server remove [find name="dhcpWIHSPOT"]
/ip pool remove [find name="hs-pool-WIHSPOT"]
/ip hotspot profile remove [find name="hpWIHSPOT"]
/ip hotspot walled-garden remove [find comment="WIHSPOT"]
/ip hotspot walled-garden ip remove [find comment="WIHSPOT"]
/ip firewall filter remove [find comment="WIHSPOTFILTER"]
/ip firewall layer7-protocol remove [find comment="WIHSPOT"]
/ip firewall address-list remove [find comment="WIHSPOT"]
/ip firewall nat remove [find comment="WIHSPOT"]
/ip hotspot ip-binding remove [find type="bypassed"]
/ip proxy set enabled=no
/ip dns static remove [find address=10.10.10.10]
/ip proxy access remove [find comment="WIHSPOT"]
/interface wireless remove [find comment="WIHSPOT"]
/interface bridge remove [find comment="WIHSPOT"]
/interface bridge port remove [find comment="WIHSPOT"]
/system logging remove [find prefix="[M]"]

/system identity set name="22990"

/ip dhcp-server config set store-leases-disk=5m

/ip hotspot user profile set [find name="default"] idle-timeout=none keepalive-timeout=1h shared-users=unlimited

/radius add accounting-backup=no accounting-port=1813 address=213.199.136.20 authentication-port=1812 called-id="" comment="WIHSPOT" disabled=no domain=""  realm="" secret="WIHSPOTsecret" service=hotspot timeout=5000ms

/radius incoming set accept=yes port=3779

/ip pool remove [find name="hs-pool-WIHSPOT1"]
/ip hotspot profile remove [find name="hpWIHSPOT1"]
/ip hotspot remove [find name="WIHSPOT1"]
/ip dhcp-server remove [find interface="ether2"]
/ip dhcp-server remove [find name="dhcpWIHSPOT1"]





/ip address add address=10.182.0.1/16 broadcast=10.182.255.255 comment="WIHSPOT" disabled=no interface="ether2" network=10.182.0.0

/ip pool add name=hs-pool-WIHSPOT1 ranges=10.182.0.100-10.182.254.254

/ip dhcp-server add name=dhcpWIHSPOT1 address-pool=hs-pool-WIHSPOT1 authoritative=after-2sec-delay bootp-support=static disabled=no interface="ether2" lease-time=1h 

/ip dhcp-server network add address=10.182.0.0/16 comment="WIHSPOT" gateway=10.182.0.1 dns-server=8.8.8.8

/ip hotspot profile add name=hpWIHSPOT1 hotspot-address=10.182.0.1 html-directory=hotspot1 login-by="http-chap,trial" mac-auth-password=WIHSPOTsecret radius-accounting=yes radius-interim-update=received use-radius=yes
/ip hotspot profile set [find name="hpWIHSPOT1"] trial-uptime-limit=00:02:00 trial-uptime-reset=1m 

/ip hotspot add name=WIHSPOT1 address-pool=hs-pool-WIHSPOT1 disabled=no idle-timeout=none interface="ether2" keepalive-timeout=none profile="hpWIHSPOT1"

/ip firewall nat add action=masquerade chain=srcnat comment="WIHSPOT" disabled=no src-address=10.182.0.0/16

/ip hotspot walled-garden ip add dst-address=213.199.136.20 server="WIHSPOT1" comment="WIHSPOT"
/ip hotspot walled-garden add action=allow comment="WIHSPOT" disabled=no dst-host="*.WIHSPOTservice.com" server=WIHSPOT1


:delay 1

:global rootHotspotPath ""
:if ([:len [/file find name=flash]] > 0) do={ :set $rootHotspotPath "flash/" } 

/file set [find name=($rootHotspotPath . "hotspot1/login.html")] contents="\$(if http-header == Content-Type)\$(var)\$(endif) \r\n\ \$(if var != '') \r\n\ callback({'page':'login.html','logged_in':'\$(logged-in)','link_login_only':'\$(link-login-only)','error_orig': '\$(error-orig)','error': '\$(error)','challenge':'\$(chap-challenge)','chapid':'\$(chap-id)'}) \r\n\ \$(else) \r\n\ <html><head></head><body>  \r\n\ <form name=redirect action='https://cp.WIHSPOTservice.com/login' method=get>  \r\n\ <input type=hidden name=res value=notyet />  \r\n\ <input type=hidden name=mac value=\$(mac) />  \r\n\ <input type=hidden name=locipid value= />  \r\n\ <input type=hidden name=user value='\$(username)' />  \r\n\ <input type=hidden name=uamport value=mikrotik />  \r\n\ <input type=hidden name=userurl value='\$(link-orig)' />  \r\n\ <input type=hidden name=nasid value=\$(identity) />  \r\n\ <input type=hidden name=uamip value=\$(server-address) />  \r\n\ <input type=hidden name=error value='\$(error)' />  \r\n\ <input type=hidden name=chap-id value=\$(chap-id) />  \r\n\ <input type=hidden name=challenge value=\$(chap-challenge) /></form>  \r\n\ <script language=JavaScript>document.redirect.submit();</script>  \r\n\ </body></html>\r\n\ \$(endif)"

/file set [find name=($rootHotspotPath . "hotspot1/alogin.html")] contents="\$(if http-header == Content-Type)\$(var)\$(endif) \r\n\ \$(if var == '') \r\n\ <html><head><title>mikrotik hotspot > redirect</title> \r\n\ <meta http-equiv='refresh' content='0; url=\$(link-redirect)'> \r\n\ <meta http-equiv='Content-Type' content='text/html; charset=iso-8859-1'> \r\n\ <meta http-equiv='pragma' content='no-cache'> \r\n\ <meta http-equiv='expires' content='-1'> \r\n\ \$(var) \r\n\ <head><html> \r\n\ \$(else) \r\n\ callback({'page':'alogin.html','logged_in':'\$(logged-in)','link_login_only':'\$(link-login-only)','error_orig'	:'\$(error-orig)','error':'\$(error)','chap-challange':'\$(chap-challenge)'}) \r\n\ \$(endif)"

/file set [find name=($rootHotspotPath . "hotspot1/logout.html")] contents="\$(if http-header == Content-Type)\$(var)\$(endif) \r\n\ \$(if var == '') \r\n\ <html><head><title>mikrotik hotspot > logout</title> \r\n\ <meta http-equiv='Content-Type' content='text/html; charset=iso-8859-1'> \r\n\ <meta http-equiv='pragma' content='no-cache'> \r\n\ <meta http-equiv='expires' content='-1'> \r\n\ </head><body><table width='100%' height='100%'><tr><td align='center' valign='middle'> \r\n\ <b>You have just logged out</b> <br><br> \r\n\ <table class='tabula' border='1'>   \r\n\ <tr><td align='right'>user name</td><td>\$(username)</td></tr> \r\n\ <tr><td align='right'>IP address</td><td>\$(ip)</td></tr> \r\n\ <tr><td align='right'>MAC address</td><td>\$(mac)</td></tr> \r\n\ <tr><td align='right'>session time</td><td>\$(uptime)</td></tr>	 \r\n\ \$(if session-time-left) \r\n\ <tr><td align='right'>time left</td><td>\$(session-time-left)</td></tr> \r\n\ \$(endif) \r\n\ <tr><td align='right'>bytes up/down:</td><td>\$(bytes-in-nice) / \$(bytes-out-nice)</td></tr></table> \r\n\ <br><form action='http://clients3.google.com/generate_204' name='login'> \r\n\ <input type='submit' value='log in'></form></td></table></body></html> \r\n\ \$(else)  \r\n\ callback({'page':'logout.html'}) \r\n\ \$(endif)"

/file set [find name=($rootHotspotPath . "hotspot1/error.html")] contents="\$(if http-status == 302)Redirect\$(endif) \r\n\ \$(if http-header == \"Location\")http://cp.WIHSPOTservice.com/account/cp/\$(username)\?redir=true\$(endif) \r\n\ "


/ip pool remove [find name="hs-pool-WIHSPOT2"]
/ip hotspot profile remove [find name="hpWIHSPOT2"]
/ip hotspot remove [find name="WIHSPOT2"]
/ip dhcp-server remove [find interface="ether3"]
/ip dhcp-server remove [find name="dhcpWIHSPOT2"]





/ip address add address=10.183.0.1/16 broadcast=10.183.255.255 comment="WIHSPOT" disabled=no interface="ether3" network=10.183.0.0

/ip pool add name=hs-pool-WIHSPOT2 ranges=10.183.0.100-10.183.254.254

/ip dhcp-server add name=dhcpWIHSPOT2 address-pool=hs-pool-WIHSPOT2 authoritative=after-2sec-delay bootp-support=static disabled=no interface="ether3" lease-time=1h 

/ip dhcp-server network add address=10.183.0.0/16 comment="WIHSPOT" gateway=10.183.0.1 dns-server=8.8.8.8

/ip hotspot profile add name=hpWIHSPOT2 hotspot-address=10.183.0.1 html-directory=hotspot2 login-by="http-chap,trial" mac-auth-password=WIHSPOTsecret radius-accounting=yes radius-interim-update=received use-radius=yes
/ip hotspot profile set [find name="hpWIHSPOT2"] trial-uptime-limit=00:00:00 trial-uptime-reset=1m 

/ip hotspot add name=WIHSPOT2 address-pool=hs-pool-WIHSPOT2 disabled=no idle-timeout=none interface="ether3" keepalive-timeout=none profile="hpWIHSPOT2"

/ip firewall nat add action=masquerade chain=srcnat comment="WIHSPOT" disabled=no src-address=10.183.0.0/16

/ip hotspot walled-garden ip add dst-address=213.199.136.20 server="WIHSPOT2" comment="WIHSPOT"
/ip hotspot walled-garden add action=allow comment="WIHSPOT" disabled=no dst-host="*.WIHSPOTservice.com" server=WIHSPOT2
/ip hotspot walled-garden add action=allow comment="WIHSPOT" disabled=no dst-host="cp.WIHSPOTservice.com" server=WIHSPOT2
/ip hotspot walled-garden add action=allow comment="WIHSPOT" disabled=no dst-host="www.softvision.it" server=WIHSPOT2
/ip hotspot walled-garden add action=allow comment="WIHSPOT" disabled=no dst-host="*.core.windows.net" server=WIHSPOT2


:delay 1

:global rootHotspotPath ""
:if ([:len [/file find name=flash]] > 0) do={ :set $rootHotspotPath "flash/" } 

/file set [find name=($rootHotspotPath . "hotspot2/login.html")] contents="\$(if http-header == Content-Type)\$(var)\$(endif) \r\n\ \$(if var != '') \r\n\ callback({'page':'login.html','logged_in':'\$(logged-in)','link_login_only':'\$(link-login-only)','error_orig': '\$(error-orig)','error': '\$(error)','challenge':'\$(chap-challenge)','chapid':'\$(chap-id)'}) \r\n\ \$(else) \r\n\ <html><head></head><body>  \r\n\ <form name=redirect action='http://cp.WIHSPOTservice.com/InfoPortal/RenderPage/11847' method=get>  \r\n\ <input type=hidden name=res value=notyet />  \r\n\ <input type=hidden name=mac value=\$(mac) />  \r\n\ <input type=hidden name=locipid value=2732 />  \r\n\ <input type=hidden name=user value='\$(username)' />  \r\n\ <input type=hidden name=uamport value=mikrotik />  \r\n\ <input type=hidden name=userurl value='\$(link-orig)' />  \r\n\ <input type=hidden name=nasid value=\$(identity) />  \r\n\ <input type=hidden name=uamip value=\$(server-address) />  \r\n\ <input type=hidden name=error value='\$(error)' />  \r\n\ <input type=hidden name=chap-id value=\$(chap-id) />  \r\n\ <input type=hidden name=challenge value=\$(chap-challenge) /></form>  \r\n\ <script language=JavaScript>document.redirect.submit();</script>  \r\n\ </body></html>\r\n\ \$(endif)"

/file set [find name=($rootHotspotPath . "hotspot2/alogin.html")] contents="\$(if http-header == Content-Type)\$(var)\$(endif) \r\n\ \$(if var == '') \r\n\ <html><head><title>mikrotik hotspot > redirect</title> \r\n\ <meta http-equiv='refresh' content='0; url=\$(link-redirect)'> \r\n\ <meta http-equiv='Content-Type' content='text/html; charset=iso-8859-1'> \r\n\ <meta http-equiv='pragma' content='no-cache'> \r\n\ <meta http-equiv='expires' content='-1'> \r\n\ \$(var) \r\n\ <head><html> \r\n\ \$(else) \r\n\ callback({'page':'alogin.html','logged_in':'\$(logged-in)','link_login_only':'\$(link-login-only)','error_orig'	:'\$(error-orig)','error':'\$(error)','chap-challange':'\$(chap-challenge)'}) \r\n\ \$(endif)"

/file set [find name=($rootHotspotPath . "hotspot2/logout.html")] contents="\$(if http-header == Content-Type)\$(var)\$(endif) \r\n\ \$(if var == '') \r\n\ <html><head><title>mikrotik hotspot > logout</title> \r\n\ <meta http-equiv='Content-Type' content='text/html; charset=iso-8859-1'> \r\n\ <meta http-equiv='pragma' content='no-cache'> \r\n\ <meta http-equiv='expires' content='-1'> \r\n\ </head><body><table width='100%' height='100%'><tr><td align='center' valign='middle'> \r\n\ <b>You have just logged out</b> <br><br> \r\n\ <table class='tabula' border='1'>   \r\n\ <tr><td align='right'>user name</td><td>\$(username)</td></tr> \r\n\ <tr><td align='right'>IP address</td><td>\$(ip)</td></tr> \r\n\ <tr><td align='right'>MAC address</td><td>\$(mac)</td></tr> \r\n\ <tr><td align='right'>session time</td><td>\$(uptime)</td></tr>	 \r\n\ \$(if session-time-left) \r\n\ <tr><td align='right'>time left</td><td>\$(session-time-left)</td></tr> \r\n\ \$(endif) \r\n\ <tr><td align='right'>bytes up/down:</td><td>\$(bytes-in-nice) / \$(bytes-out-nice)</td></tr></table> \r\n\ <br><form action='http://clients3.google.com/generate_204' name='login'> \r\n\ <input type='submit' value='log in'></form></td></table></body></html> \r\n\ \$(else)  \r\n\ callback({'page':'logout.html'}) \r\n\ \$(endif)"

/file set [find name=($rootHotspotPath . "hotspot2/error.html")] contents="\$(if http-status == 302)Redirect\$(endif) \r\n\ \$(if http-header == \"Location\")http://cp.WIHSPOTservice.com/account/cp/\$(username)\?redir=true\$(endif) \r\n\ "


/system clock set time-zone-name=manual

/system ntp client set primary-ntp=178.18.90.82 secondary-ntp=129.250.35.250 enabled=yes

/system script
remove [find name="RadiusServer"]
remove [find name="CaptivePortalIP"]
remove [find name="Alive"]
remove [find name="CPUmonitor"]
add name=RadiusServer source=":local radiusname \"radius1.WIHSPOTservice.com\" \r\
    \n:local newradiusip [:resolve \$\"radiusname\"]\r\
    \n:local currentradiusip [/radius get [find comment=\"WIHSPOT\"]  address]\r\
	\n/system logging action set [find remote-port=9392] remote=\$\"newradiusip\"\r\
    \n:if (\$\"currentradiusip\" != \$\"newradiusip\") do={ /radius set [find comment=\"WIHSPOT\"]  address=\$\"newradiusip\"}"
	
add name=CaptivePortalIP source=":local cpname \"cp.WIHSPOTservice.com\" \
    \n:local newcpip [:resolve \$\"cpname\"]\r\
    \n:local currentcpip [/ip hotspot walled-garden ip get [find comment=\"WIHSPOT\"] dst-address]\r\
    \n:if (\$\"currentcpip\" != \$\"newcpip\") do={ /ip hotspot walled-garden ip set [find comment=\"WIHSPOT\"] dst-address=\$\"newcpip\"}"	

add name=CPUmonitor source=":local maxsamples 20 \r\
							\n:global cpuarray \r\
							\n:set cpuarray ([/system resource get cpu-load] , [:pick \$cpuarray 0 (\$maxsamples - 1)]) \r\
							\n:local arraytot 0 \r\
							\n:foreach o in=\$cpuarray do={:set arraytot (\$arraytot + \$o)}; \r\
							\n:local arraysize [:len \$cpuarray] \r\
							\n:global avgcpuload (\$arraytot / \$arraysize)"

add name=Alive source=":local bootPar \r\
					 \n:global avgcpuload \r\
					 \n:global alivecounter \r\
					 \n:if (\$alivecounter>0) do={ :set bootPar \"\"} else={ :set bootPar \"-b\"; :delay 10 } \r\
					 \n:set alivecounter (\$alivecounter+1) \r\
                     \n:local nproc [/system resource get cpu-count] \r\
					 \n:local model [/system resource get board-name]  \r\
					 \n:local memtot [/system resource get total-memory] \r\
					 \n:local mac [/interface get [/interface find default-name=ether1] mac-address] \r\
					 \n:local memfree [/system resource get free-memory] \r\
                     \n:local hsusers [:len [/ip hotspot active find]] \r\
					 \n:local hsips [:len [/ip hotspot host find]] \r\
					 \n:local pppusers [:len [/ppp active find [:pick \$address 0 6]=\"10.128\"]] \r\
					 \n:local pppips [:len [/ppp active find]] \r\
					 \n:local upbytes [/interface get ether2 rx-byte] \r\
					 \n:local dwnbytes [/interface get ether2 tx-byte] \r\
					 \n:local url \"http://app.WIHSPOTservice.com/script/alive/22990\?par=\$bootPar&mac=\$mac&nproc=\$nproc&memtot=\$memtot&model=\$model&cpuload=\$avgcpuload&memfree=\$memfree&users=\$(\$hsusers+\$pppusers)&ips=\$(\$hsips+\$pppips)&dwnbytes=\$dwnbytes&upbytes=\$upbytes\" \r\
					 \n:local encurl \"\" \r\
					 \n:for i from=0 to=([:len \$url] - 1) do={ :local char [:pick \$url \$i]; :if (\$char = \" \") do={ :set \$char \"%20\" }; :if (\$char = \"-\") do={ :set \$char \"%2D\" }; :set \$encurl (\$encurl . \$char) } \r\
					 \n:if ([:len [/file find name=aliveres.rsc]] > 0) do={ /file remove aliveres.rsc } \r\
					 \n/tool fetch keep-result=yes dst-path=aliveres.rsc mode=http url=\"\$encurl\";/import aliveres.rsc"

/system scheduler
remove [find name="UpdateRadiusServer"]
remove [find name="UpdateAlive"]
remove [find name="UpdateCaptivePortalIP"]
remove [find name="UpdateCPUmonitor"]
remove [find name="RunAliveBoot"]
add interval=30m name=UpdateRadiusServer on-event="/system script run RadiusServer" start-time=startup
add interval=2m name=UpdateAlive on-event="/system script run Alive" start-time=startup
add interval=30m name=UpdateCaptivePortalIP on-event="/system script run CaptivePortalIP" start-time=startup
add name=RunAliveBoot on-event="/system script run Alive" start-time=startup
add interval=5s name=UpdateCPUmonitor on-event="/system script run CPUmonitor" start-time=startup

/ip hotspot ip-binding remove [find type="bypassed"]

/ip firewall filter remove [find comment="WIHSPOTFILTER"]
/ip firewall layer7-protocol remove [find comment="WIHSPOT"]
/ip firewall address-list remove [find comment="WIHSPOT"]

/ip dns static add address=10.10.10.10 name=clients1.google.com
/ip dns static add address=10.10.10.10 name=clients3.google.com
/ip dns static add address=10.10.10.10 name=connectivitycheck.android.com
/ip dns static add address=10.10.10.10 name=connectivitycheck.gstatic.com
/ip dns static add address=10.10.10.10 name=www.msftncsi.com

/ip firewall nat add action=redirect chain=dstnat dst-address=10.10.10.10 dst-port=80 protocol=tcp to-ports=8080 comment="WIHSPOT"

/ip proxy set enabled=yes port=8080 
/ip proxy access add action=deny redirect-to=10.182.0.1/error.html comment="WIHSPOT"


/system clock set time-zone-name=Europe/Rome

/system script run [find name=Alive]
Please tell me how to do :(
Sorry for my English and thanks

Who is online

Users browsing this forum: No registered users and 23 guests