Community discussions

MikroTik App
 
igortolk
just joined
Topic Author
Posts: 12
Joined: Fri Mar 21, 2014 11:20 am
Location: UK

HotSpot does not work. Need help.

Tue Mar 25, 2014 6:18 pm

I went through available instructions from online wiki, but I cannot get the Mikrotik hotspot to work. Any ideas?
Here is my config:
[admin@Mikrotik Router] > /export compact 
# jan/02/1970 04:08:23 by RouterOS 5.25
# software id = XXXXXXXX
#
/interface bridge
add admin-mac=D4:CA:6D:A6:53:77 auto-mac=no l2mtu=1598 name=bridge-local \
    protocol-mode=rstp
/interface wireless
set 0 antenna-gain=90 band=2ghz-b/g/n channel-width=20/40mhz-ht-above \
    country="united kingdom" disabled=no distance=indoors frequency=2417 \
    frequency-mode=regulatory-domain ht-rxchains=0,1 ht-txchains=0,1 l2mtu=\
    2290 mode=ap-bridge ssid="eduroam test" wireless-protocol=802.11
/interface ethernet
set 0 name=ether1-gateway
set 1 name=ether2-master-local
set 2 master-port=ether2-master-local name=ether3-slave-local
set 3 master-port=ether2-master-local name=ether4-slave-local
set 4 master-port=ether2-master-local name=ether5-slave-local
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-eap,wpa2-eap group-ciphers=\
    tkip,aes-ccm mode=dynamic-keys supplicant-identity=MikroTik tls-mode=\
    dont-verify-certificate unicast-ciphers=tkip,aes-ccm wpa-pre-shared-key=\
    XXXXXXXXXX wpa2-pre-shared-key=XXXXXXXXX
add authentication-types=wpa-psk,wpa2-psk eap-methods=passthrough \
    management-protection=allowed name=Open supplicant-identity=""
/interface wireless
add disabled=no l2mtu=2290 mac-address=D6:CA:6D:A6:53:7B master-interface=\
    wlan1 name=wlan1-1 security-profile=Open ssid="eduroam setup test" \
    wds-cost-range=0 wds-default-cost=0
/ip hotspot profile
add dns-name=eduroam.igor.local hotspot-address=192.168.1.200 login-by=\
    http-chap,trial name=hsprof1 trial-uptime=2m/2m
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m
/ip pool
add name=dhcp ranges=192.168.1.10-192.168.1.30
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge-local name=default
add address-pool=dhcp disabled=no interface=wlan1-1 lease-time=1h name=dhcp1
/ip hotspot
add address-pool=dhcp disabled=no interface=wlan1-1 name=hotspot1 profile=\
    hsprof1
/interface bridge port
add bridge=bridge-local interface=ether2-master-local
add bridge=bridge-local interface=wlan1
add bridge=bridge-local interface=wlan1-1
/ip address
add address=192.168.1.254/24 comment="default configuration" interface=wlan1
add address=192.168.1.253/24 interface=wlan1-1
add address=192.168.1.200/24 comment="hotspot network" interface=wlan1-1
/ip dhcp-client
add comment="default configuration" disabled=no interface=ether1-gateway
/ip dhcp-server network
add address=192.168.1.0/24 comment="default configuration" dns-server=\
    192.168.88.1 gateway=192.168.1.254 netmask=24
/ip dns
set allow-remote-requests=yes servers=192.168.1.2
/ip dns static
add address=192.168.88.1 name=router
/ip firewall filter
add chain=input comment="default configuration" protocol=icmp
add chain=input comment="default configuration" connection-state=established
add chain=input comment="default configuration" connection-state=related
add action=drop chain=input comment="default configuration" in-interface=\
    ether1-gateway
add chain=forward comment="default configuration" connection-state=\
    established
add chain=forward comment="default configuration" connection-state=related
add action=drop chain=forward comment="default configuration" \
    connection-state=invalid
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" \
    out-interface=ether1-gateway
/ip hotspot user
add name=eduroam password=XXXXXX
/ip hotspot walled-garden
add dst-host=http://eduroam.igor.local
/ip neighbor discovery
set ether1-gateway disabled=yes
set wlan1 disabled=yes
set wlan1-1 disabled=yes
/radius
add address=192.168.1.52 secret=XXXXXXX service=wireless timeout=500ms
add address=192.168.1.53 secret=XXXXXXX service=wireless timeout=500ms
/system identity
set name="Eduroam Router"
/system leds
set 0 interface=wlan1
/tool mac-server
add disabled=no interface=ether2-master-local
add disabled=no interface=ether3-slave-local
add disabled=no interface=ether4-slave-local
add disabled=no interface=ether5-slave-local
add disabled=no interface=wlan1
add disabled=no interface=bridge-local
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=ether3-slave-local
add interface=ether4-slave-local
add interface=ether5-slave-local
add interface=wlan1
add interface=bridge-local
[admin@Eduroam Router] >
 
SurferTim
Forum Guru
Forum Guru
Posts: 4636
Joined: Mon Jan 07, 2008 10:31 pm
Location: Miramar Beach, Florida

Re: HotSpot does not work. Need help.

Tue Mar 25, 2014 6:27 pm

You have problems with your ip subnets. You have wlan1 and wlan1-1 sharing the same subnet.
/ip address
add address=192.168.1.254/24 comment="default configuration" interface=wlan1
add address=192.168.1.253/24 interface=wlan1-1
add address=192.168.1.200/24 comment="hotspot network" interface=wlan1-1
 
igortolk
just joined
Topic Author
Posts: 12
Joined: Fri Mar 21, 2014 11:20 am
Location: UK

Re: HotSpot does not work. Need help.

Tue Mar 25, 2014 6:55 pm

You have problems with your ip subnets. You have wlan1 and wlan1-1 sharing the same subnet.
/ip address
add address=192.168.1.254/24 comment="default configuration" interface=wlan1
add address=192.168.1.253/24 interface=wlan1-1
add address=192.168.1.200/24 comment="hotspot network" interface=wlan1-1
Thanks for your help.

I removed the wlan1-1 from local bridge, and as you've suggested, I gave it a different network and NUT it, and it worked.
 
igortolk
just joined
Topic Author
Posts: 12
Joined: Fri Mar 21, 2014 11:20 am
Location: UK

Re: HotSpot does not work. Need help.

Wed Mar 26, 2014 1:06 pm

You have problems with your ip subnets. You have wlan1 and wlan1-1 sharing the same subnet.
/ip address
add address=192.168.1.254/24 comment="default configuration" interface=wlan1
add address=192.168.1.253/24 interface=wlan1-1
add address=192.168.1.200/24 comment="hotspot network" interface=wlan1-1
Thanks for your help.

I removed the wlan1-1 from local bridge, and as you've suggested, I gave it a different network and NUT it, and it worked.
Next morning hot spot stooped working, or maybe it never even worked. Still need help here please.
here is the current config:
# jan/02/1970 01:52:35 by RouterOS 5.25
# software id = XXXXXXXX
#
/interface bridge
add admin-mac=D4:CA:6D:A6:53:77 auto-mac=no l2mtu=1598 name=bridge-local \
    protocol-mode=rstp
/interface wireless
set 0 antenna-gain=18 band=2ghz-b/g/n channel-width=20/40mhz-ht-above \
    country="united kingdom" disabled=no distance=indoors frequency=2472 \
    frequency-mode=regulatory-domain ht-rxchains=0,1 ht-txchains=0,1 l2mtu=\
    2290 mode=ap-bridge ssid="eduroam test" wireless-protocol=802.11
/interface ethernet
set 0 name=ether1-gateway
set 1 name=ether2-master-local
set 2 master-port=ether2-master-local name=ether3-slave-local
set 3 master-port=ether2-master-local name=ether4-slave-local
set 4 master-port=ether2-master-local name=ether5-slave-local
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-eap,wpa2-eap group-ciphers=\
    tkip,aes-ccm mode=dynamic-keys supplicant-identity=MikroTik tls-mode=\
    dont-verify-certificate unicast-ciphers=tkip,aes-ccm wpa-pre-shared-key=\
    XXXXXXXX wpa2-pre-shared-key=XXXXXXXX
add authentication-types=wpa-psk,wpa2-psk eap-methods=passthrough \
    management-protection=allowed name=Open supplicant-identity=""
/interface wireless
add disabled=no l2mtu=2290 mac-address=D6:CA:6D:A6:53:7B master-interface=\
    wlan1 name=wlan1-1 security-profile=Open ssid="eduroam setup test" \
    wds-cost-range=0 wds-default-cost=0
/ip hotspot profile
add dns-name=http://eduroam.igor.local hotspot-address=172.16.1.1 login-by=\
    http-chap,trial name=hsprof1 trial-uptime=5m/5m
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m
/ip pool
add name=dhcp ranges=192.168.1.10-192.168.1.30
add name=hs-pool-8 ranges=172.16.1.10-172.16.1.100
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge-local name=default
add address-pool=hs-pool-8 disabled=no interface=wlan1-1 lease-time=1h name=\
    dhcp1
/ip hotspot
add address-pool=hs-pool-8 disabled=no interface=wlan1-1 name=hotspot1 \
    profile=hsprof1
/interface bridge port
add bridge=bridge-local interface=ether2-master-local
add bridge=bridge-local interface=wlan1
/ip address
add address=192.168.1.254/24 comment="default configuration" interface=wlan1
add address=172.16.1.1/16 comment="hotspot network" interface=wlan1-1
/ip dhcp-client
add comment="default configuration" disabled=no interface=ether1-gateway
/ip dhcp-server network
add address=172.16.0.0/16 comment="hotspot network" gateway=172.16.1.1
add address=192.168.1.0/24 comment="default configuration" dns-server=\
    192.168.88.1 gateway=192.168.1.254 netmask=24
/ip dns
set allow-remote-requests=yes servers=192.168.1.2
/ip dns static
add address=192.168.88.1 name=router
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment=\
    "place hotspot rules here"
add chain=input comment="default configuration" protocol=icmp
add chain=input comment="default configuration" connection-state=established
add chain=input comment="default configuration" connection-state=related
add action=drop chain=input comment="default configuration" in-interface=\
    ether1-gateway
add chain=forward comment="default configuration" connection-state=\
    established
add chain=forward comment="default configuration" connection-state=related
add action=drop chain=forward comment="default configuration" \
    connection-state=invalid
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment=\
    "place hotspot rules here" to-addresses=0.0.0.0
add action=masquerade chain=srcnat comment="default configuration" \
    out-interface=bridge-local
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
    src-address=172.16.0.0/16
/ip hotspot user
add name=admin password=XXXXXXXX
/ip hotspot walled-garden
add dst-host=eduroam.igor.local
/ip neighbor discovery
set ether1-gateway disabled=yes
set wlan1 disabled=yes
set wlan1-1 disabled=yes
/radius
add address=192.168.1.52 secret=XXXXXXXX service=wireless timeout=500ms
add address=192.168.1.53 secret=XXXXXXXX service=wireless timeout=500ms
/system identity
set name="Eduroam Router"
/system leds
set 0 interface=wlan1
/tool mac-server
add disabled=no interface=ether2-master-local
add disabled=no interface=ether3-slave-local
add disabled=no interface=ether4-slave-local
add disabled=no interface=ether5-slave-local
add disabled=no interface=wlan1
add disabled=no interface=bridge-local
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=ether3-slave-local
add interface=ether4-slave-local
add interface=ether5-slave-local
add interface=wlan1
add interface=bridge-local
[admin@Eduroam Router] >
 
SurferTim
Forum Guru
Forum Guru
Posts: 4636
Joined: Mon Jan 07, 2008 10:31 pm
Location: Miramar Beach, Florida

Re: HotSpot does not work. Need help.

Wed Mar 26, 2014 1:49 pm

I suggest removing the dns-name entry from "/ip hotspot profile". If you use a dns-name entry, it must resolve to the hotspot interface ip, which in your case is 172.16.1.1.
 
igortolk
just joined
Topic Author
Posts: 12
Joined: Fri Mar 21, 2014 11:20 am
Location: UK

Re: HotSpot does not work. Need help.

Wed Mar 26, 2014 2:16 pm

I suggest removing the dns-name entry from "/ip hotspot profile". If you use a dns-name entry, it must resolve to the hotspot interface ip, which in your case is 172.16.1.1.
When I type DNS name of the hotspot it resolves fine from the client on this ssid (I'm getting the hotspot page). Another thing is that when I type any DNS name of any website it does not redirect to the hotspot but when i type tje IP of any website, they all get quickly redirected to the hotspot DNS name.
Seem like a DNS problem?
I use external DNS server which is reachable through LAN ports of the router but wlan1 interface is on different network and doing NAT.
Here is updated config:
# jan/02/1970 00:47:04 by RouterOS 5.25
# software id = XXXXXXXX
#
/interface bridge
add admin-mac=D4:CA:6D:A6:53:77 auto-mac=no l2mtu=1598 name=bridge-local \
    protocol-mode=rstp
/interface wireless
set 0 antenna-gain=18 band=2ghz-b/g/n channel-width=20/40mhz-ht-above country=\
    "united kingdom" disabled=no distance=indoors frequency=2472 \
    frequency-mode=regulatory-domain ht-rxchains=0,1 ht-txchains=0,1 l2mtu=2290 \
    mode=ap-bridge ssid="eduroam test" wireless-protocol=802.11
/interface ethernet
set 0 name=ether1-gateway
set 1 name=ether2-master-local
set 2 master-port=ether2-master-local name=ether3-slave-local
set 3 master-port=ether2-master-local name=ether4-slave-local
set 4 master-port=ether2-master-local name=ether5-slave-local
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-eap,wpa2-eap group-ciphers=\
    tkip,aes-ccm mode=dynamic-keys tls-mode=dont-verify-certificate \
    unicast-ciphers=tkip,aes-ccm wpa-pre-shared-key=XXXXXXXX \
    wpa2-pre-shared-key=XXXXXXXX
add authentication-types=wpa-psk,wpa2-psk eap-methods=passthrough \
    management-protection=allowed name=open supplicant-identity=""
/interface wireless
add disabled=no l2mtu=2290 mac-address=D6:CA:6D:A6:53:7B master-interface=wlan1 \
    name=wlan2 security-profile=open ssid="eduroam setup test" wds-cost-range=0 \
    wds-default-cost=0
/ip hotspot profile
add dns-name=eduroam.igor.local hotspot-address=172.16.1.1 login-by=http-chap \
    name=hsprof1
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m
/ip pool
add name=dhcp ranges=192.168.1.10-192.168.1.100
add name=hs-pool-8 ranges=172.16.1.10-172.16.1.100
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge-local name=default
add address-pool=hs-pool-8 disabled=no interface=wlan2 lease-time=1h name=dhcp1
/ip hotspot
add address-pool=hs-pool-8 disabled=no interface=wlan2 name=hotspot1 profile=\
    hsprof1
/interface bridge port
add bridge=bridge-local interface=ether2-master-local
add bridge=bridge-local interface=wlan1
/ip address
add address=192.168.1.254/24 comment="default configuration" interface=wlan1
add address=172.16.1.1/16 comment="hotspot network" interface=wlan2
/ip dhcp-client
add comment="default configuration" disabled=no interface=ether1-gateway
/ip dhcp-server network
add address=172.16.0.0/16 comment="hotspot network" gateway=172.16.1.1
add address=192.168.1.0/24 gateway=192.168.1.254 netmask=24
add address=192.168.88.0/24 comment="default configuration" dns-server=\
    192.168.88.1 gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes servers=192.168.1.2
/ip dns static
add address=192.168.88.1 name=router
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" \
    disabled=yes
add chain=input comment="default configuration" protocol=icmp
add chain=input comment="default configuration" connection-state=established
add chain=input comment="default configuration" connection-state=related
add action=drop chain=input comment="default configuration" in-interface=\
    ether1-gateway
add chain=forward comment="default configuration" connection-state=established
add chain=forward comment="default configuration" connection-state=related
add action=drop chain=forward comment="default configuration" connection-state=\
    invalid
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" \
    disabled=yes
add action=masquerade chain=srcnat comment="default configuration" \
    out-interface=ether1-gateway
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
    src-address=172.16.0.0/16
/ip hotspot user
add name=admin password=XXXXXXXX
/ip neighbor discovery
set ether1-gateway disabled=yes
set wlan1 disabled=yes
set wlan2 disabled=yes
/radius
add address=192.168.1.52 secret=XXXXXXXX service=wireless
add address=192.168.1.53 secret=XXXXXXXX service=wireless
/system leds
set 0 interface=wlan1
/tool mac-server
add disabled=no interface=ether2-master-local
add disabled=no interface=ether3-slave-local
add disabled=no interface=ether4-slave-local
add disabled=no interface=ether5-slave-local
add disabled=no interface=wlan1
add disabled=no interface=bridge-local
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=ether3-slave-local
add interface=ether4-slave-local
add interface=ether5-slave-local
add interface=wlan1
add interface=bridge-local
[admin@MikroTik] >
 
SurferTim
Forum Guru
Forum Guru
Posts: 4636
Joined: Mon Jan 07, 2008 10:31 pm
Location: Miramar Beach, Florida

Re: HotSpot does not work. Need help.

Wed Mar 26, 2014 2:53 pm

Then check your dns server. Is 192.168.1.2 an operating dns server?
 
igortolk
just joined
Topic Author
Posts: 12
Joined: Fri Mar 21, 2014 11:20 am
Location: UK

Re: HotSpot does not work. Need help.

Wed Mar 26, 2014 3:44 pm

Then check your dns server. Is 192.168.1.2 an operating dns server?
Yes, 192.168.1.2 is the DNS server, and its working fine. As I mentioned earlier I could even ping the server IP from the client connected to the wlan2.
 
SurferTim
Forum Guru
Forum Guru
Posts: 4636
Joined: Mon Jan 07, 2008 10:31 pm
Location: Miramar Beach, Florida

Re: HotSpot does not work. Need help.

Wed Mar 26, 2014 4:27 pm

How does the hotspot fail? Just a blank page? When it fails, what is in the address bar of the client web browser?
 
igortolk
just joined
Topic Author
Posts: 12
Joined: Fri Mar 21, 2014 11:20 am
Location: UK

Re: HotSpot does not work. Need help.

Wed Mar 26, 2014 4:43 pm

How does the hotspot fail? Just a blank page? When it fails, what is in the address bar of the client web browser?
Yes, when I type any URL it just displays a blank page, when I type any IP it automatically redirects to the hotspot URL address. Address bar just displays the unresolved URL, not redirection to the hotspot address.
 
SurferTim
Forum Guru
Forum Guru
Posts: 4636
Joined: Mon Jan 07, 2008 10:31 pm
Location: Miramar Beach, Florida

Re: HotSpot does not work. Need help.

Wed Mar 26, 2014 4:55 pm

Then your dns is malfunctioning. See if your router is resolving domain names. From a command prompt in the router:
:put [:resolve www.google.com]
Does it resolve that domain?
 
igortolk
just joined
Topic Author
Posts: 12
Joined: Fri Mar 21, 2014 11:20 am
Location: UK

Re: HotSpot does not work. Need help.

Wed Mar 26, 2014 5:05 pm

Then your dns is malfunctioning. See if your router is resolving domain names. From a command prompt in the router:
:put [:resolve www.google.com]
Does it resolve that domain?
It does not resolve it because its a local test DNS server that only resolved whats in the DNS list. Can this cause a problem with redirecting to resolvable hotspot URL?
Should I create Google entry in DNS to resolve to a local address for testing purposes?
 
SurferTim
Forum Guru
Forum Guru
Posts: 4636
Joined: Mon Jan 07, 2008 10:31 pm
Location: Miramar Beach, Florida

Re: HotSpot does not work. Need help.

Wed Mar 26, 2014 5:09 pm

It does not resolve it because its a local test DNS server that only resolved whats in the DNS list. Can this cause a problem with redirecting to resolvable hotspot URL?
Should I create Google entry in DNS to resolve to a local address for testing purposes?
Yes. If the dns server does not resolve domain names, it won't redirect.
 
igortolk
just joined
Topic Author
Posts: 12
Joined: Fri Mar 21, 2014 11:20 am
Location: UK

Re: HotSpot does not work. Need help.

Wed Mar 26, 2014 5:56 pm

It does not resolve it because its a local test DNS server that only resolved whats in the DNS list. Can this cause a problem with redirecting to resolvable hotspot URL?
Should I create Google entry in DNS to resolve to a local address for testing purposes?
Yes. If the dns server does not resolve domain names, it won't redirect.
I've redirected DNS request to external DNS server and now wlan1 automatically redirects all clients to the hotspot URL.

Thanks for your help.

Who is online

Users browsing this forum: Seekport [Bot] and 35 guests