Escolar Documentos
Profissional Documentos
Cultura Documentos
About Me
Donny Fauzan
Electrical Engineering Graduate
Software Engineer (Mostly Web) since college
Network Engineer (BSD, Linux & Mikrotik) since
college
Current jobs :
PT.Pramindo Ikat (Telkom) Wireless Hotspot Network
(Setting Mikrotik Hotspot with FreeRadius MySQL,
developing HotspotManager for Radius)
Ministry of Education Accounting (SAI) Network
(Setting VPN+OSPF Network, developing client software.
Training for UFOAKSES Indonesia
Agenda
Introduction & basics
Hotspot setup
Hotspot Customization
Q&A
Agenda
Introduction & basics
Hotspot setup
Hotspot Customization
Q&A
Introduction
Hotspot : zero configuration
User would not require any setup, everything is
done automatically
Hotspot components
AAA
Authentication Captive portal
User logs in via web interface (http cookie).
Captive means jailed or prisoned. You can connect
to the AP, but in very restrictive environment.
Authorization firewall
Walled garden
NAT
Accounting RADIUS
Postpaid billing
Voucher (prepaid)
Scenario
User search for wireless network SSID
User find the SSID, then connect without any wi-fi
security (WEP, WPA, WPA2, etc)
User starts browsing
Captive portal will then be shown
User enters his/her login information (user & password)
Mikrotik will check the account supplied against local
user table, and radius server supplied
After the user is verified, the accounting process will be
started. A pop up will be shown, contains connection
status
Agenda
Introduction & basics
Hotspot setup
Hotspot Customization
Q&A
Mode : AP Bridge
SSID : Any string (max. 32 chars)
Band : 2.4 GHz (B/G or G-only)
Frequency : better scan first
Server Profile
User Profile
Agenda
Introduction & basics
Hotspot setup
Hotspot Customization
Q&A
(1) Advertisements
For Radius client for information about the Services settings refer to refman
Example setup for wireless hotspot authentication based on username (not
MAC address which is unsecure) : check hotspot & login
Set 127.0.0.1 for address if the userman resides in the AP
Set Radius > incoming to enable the AP receiving and executing radius
attributes & commands
Go to http://routeraddress/userman
Example implementation : Paid hotspot with prepaid or postpaid users
http://www.mikrotik.com/documentation/manual_2.9/dictionary.mikr
otik
Save in the corresponding directory. In freeradius-Fedora it will be:
/usr/share/freeradius/dictionary.mikrotik
Install the radius management software (or develop one ;))
Agenda
Introduction & basics
Hotspot setup
Hotspot Customization
Q&A