Login: (admin is the default)
Password: (none by default)
From any menu you can type:
"?" to show a list of possible commands
"print" will display any configuration from that menu if there is any.
".." will navigate to a previous menu
"/" will navigate to the root menu
to change from "ip address>" to "ip route>" type ".." then "route"
Set the IP addresses.
ip address> add address=x.x.x.x netmask=x.x.x.x interface=ether1
(to set up the second interface use ether2 for the interface)
Add the default route or gateway.
ip route> add gateway=x.x.x.x
For additional routes:
ip route> add dst-address=x.x.x.x netmask=x.x.x.x gateway=x.x.x.x
(dst-address="this is the subnet address")
(netmask="this is the mask of the dst-address")
(gateway="this is the next router to the dst-address")
Enable the interfaces.
interface> print (this will display the interfaces you have an X will show if it is diasbled or not)
interface> set 0 disable=no (this will enable interface 0, repeet for any interface needed)
Change port speed and duplex of the ethernet ports if needed.
interface ethernet> set ether1 "press TAB for options for ether1"
Configure the DHCP POOL.
ip dhcp-server>setup
dhcp server interface:ether2
dhcp server address space:x.x.x.x/x (this is the subnet for dhcp)
Gateway for DHCP network:x.x.x.x (this is normaly the ip of the mikrotik dhcp server interface)
addresses to give out:x.x.x.x-x.x.x.x (these are the ip's of handed out with DHCP)
DNS Servers:69.5.139.3,69.5.136.253 (our DNS servers)
Lease time:3d (default of 3 days)
Configure the Hotspot service.
ip hotspot>setup (DO NOT run setup on a router more than once it WILL screw things up)
hotspot interface:ether2
interface already configured:yes
use ssl:no
use transparent web proxy:no
use local DNS cache:no
dns Name:x.x.x.x (please enter the ip of ether2)
another port for service:8081 (this is the port winbox connects on)
name of local hotspot user:admin (admin is the default)
password for the user: (please enter one or provide anyone with a clue free access)
ip hotspot> set auth-http-cookie=yes (tell to hotspot to use cookies)
ip hotspot> set http-cookie-lifetime=3d (how long before the login cookie expires)
ip hotspot> set auth-mac=yes (alows mac address authentication)
ip hotspot> set auth-mac-password=yes (uses mac address for password with the mac login)
ip hotspot> set login-mac-universal=yes
(this allows computers to be logged in without a web browser you must set up universal for this to work)
Configure Walled-garden to allow non-authenticated users access to some of our servers.
ip hotspot walled-garden> add dst-host=faye.ics-llc.net
ip hotspot walled-garden> add dst-host=www.ics-llc.net
ip hotspot walled-garden> add dst-host=secure.ics-llc.net
Setting up universal.
ip hotspot universal> add address-pool=dhcp_pool1 addresses-per-mac=1 arp=no-arp interface=ether2 use-dhcp=yes
(address-pool='the name of the DHCP pool')(addesses-per-mac='number of ips allowed per mac address')
(arp='weather or not to respond to ALL arp requests')(interface='should be the same as hotspot interface)
Configure the Hotspot service to use radius.
ip hotspot aaa> set use-radius=yes
Configure the firewall to allow an ssl login on our server.
ip firewall mangle> add dst-address=69.5.139.13/32 action=accept mark-flow=hs-auth
Configure DNS Servers.
ip dns> set primary-dns=69.5.139.3 secondary-dns=69.5.136.253
Adding the Radius Server
Radius> add service=login,hotspot, address=x.x.x.x secret=xxxxxxxxx
(service='login-if you want to use the database for authentication to the console, hotspot for internet users')
(address='the ip of your radius server')
(secret='this is the radius server passphase')
!!!!!Remember to allow the Mikrotik access to the Radius Server!!!!!
Changeing the Admin Login password
User> set admin password=xxxxxxxxx
Setting up WatchDog reboot
system watchdog> set reboot-on-failure=yes watch-address=x.x.x.x watchdog-timer=yes ping-start-after-boot=5m