Home > MikroTik > Router > MikroTik Router OS V3.0 User Manual

MikroTik Router OS V3.0 User Manual

Add to Favourites
    Download as PDF Print this page Share this page

    Have a look at the manual MikroTik Router OS V3.0 User Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 1 MikroTik manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.

    View all the pages
    Page
    of 491
    Add page 371 to Favourites
    image text
    Enable zoom 
    							cache-used: 7KiB[admin@MikroTik] ip dns>
Cache Monitoring
Home menu level:/ip dns cache
Description
 
 ( 	 
 
 	 	 &59! 
 H+H  
 
 
 (
Property Description
address(read-only: IP address) - IP address of the host
name(read-only: name) - DNS name of the host
ttl(read-only: time) - remaining time-to-live for the record
All DNS Entries
Home menu level:/ip dns cache all
Description
 
 ( 	 
 
 
 	 59!  
 
 
 (
Property Description
data(read-only: text) - DNS data field. IP address for type A records. Other record types may
have different contents of the data field (like hostname or arbitrary text)
name(read-only: name) - DNS name of the host
ttl(read-only: time) - remaining time-to-live for the record
type(read-only: text) - DNS record type
Static DNS Entries
Home menu level:/ip dns static
Description
  
 ! 	 	
  59! ( 	
 
 59! 	 *
 	  
 
 

	
	 	
 
	 
 
 
( *$ 	 	
 	(
2 
 
 
 
 59! 

 


 
 	 
 59! (  	
 	
 	   
 ( 	 59! 
	

 
 


 

 # 	 (
 	
 59! 8
  	 
	
 
  	
 &  
 
*



 
  
 	
 (  		  (
 59! 8
 	 
 $ !*B 	 	 
  
	
 

8
 	
  	
 
 
 	 

 *
 	 	
 

  

 
 
 59! 
	


	
	 
  
 	 	 
 	
 	 
 Z[ 	  
   	
  
Page 360 of 480Copyright 1999-2007, MikroTik. All rights reserved. Mikrotik, RouterOS and RouterBOARD are trademarks of Mikrotikls SIA.Other trademarks and registred trademarks mentioned herein are properties of their respective owners.
    Add page 372 to Favourites
    image text
    Enable zoom 
    							 
 
 

 	 
 	  
 

 
 	
 
Property Description
address(IP address) - IP address to resolve domain name with
name(text) - DNS name to be resolved to a given IP address. May be a regular expression
ttl(time) - time-to-live of the DNS record
Notes
( 59!  &+ 
 9	  
 	 
 

  

  E 	
 (
	 	
 	

	 	
  
 
 	 *$ 	 	
   
	  

 
	
 
 	

  	 
 & 
 	 
  	
 		
  
 
  
	  # 	   
 
 	
 	


 

%	
 
 

 	 

	
 
	
 4
 
 
example.com www.another-example.com 
name=.*\\.example\\.com
	 
 	

  
	

  
	
  
 	
 

  
  	( 
 
2 


  	 
  	
 
2 
 
 
(
Example
 	 	 
	
 59! 

 $$$%%
  ( 
!+%+%+%!*$ 	
[admin@MikroTik] ip dns static> add name www.example.com address=10.0.0.1[admin@MikroTik] ip dns static> printFlags: D - dynamic, X - disabled, R - regexp# NAME ADDRESS TTL0 www.example.com 10.0.0.1 1d[admin@MikroTik] ip dns static>
Flushing DNS cache
Command name:/ip dns cache flush
Command Description
flush- clears internal DNS cache
Example
[admin@MikroTik] ip dns> cache flush[admin@MikroTik] ip dns> printprimary-dns: 159.148.60.2secondary-dns: 0.0.0.0allow-remote-requests: yescache-size: 2048 KiBcache-max-ttl: 1wcache-used: 10 KiB[admin@MikroTik] ip dns>
Page 361 of 480Copyright 1999-2007, MikroTik. All rights reserved. Mikrotik, RouterOS and RouterBOARD are trademarks of Mikrotikls SIA.Other trademarks and registred trademarks mentioned herein are properties of their respective owners.
    Add page 373 to Favourites
    image text
    Enable zoom 
    							HotSpot Gateway
Document revision 4.3 (January 14, 2008, 8:59 GMT)
This document applies to MikroTik RouterOS V3.0
Table of Contents
TableofContents
GeneralInformation
Summary
QuickSetupGuide
Specifications
Description
Question&Answer-BasedSetup
CommandDescription
Notes
Example
HotSpotInterfaceSetup
Description
PropertyDescription
CommandDescription
Notes
Example
HotSpotServerProfiles
Description
PropertyDescription
Notes
Example
HotSpotUserProfiles
Description
HotSpotUsers
Description
HotSpotActiveUsers
Description
HotSpotCookies
Description
PropertyDescription
Notes
Example
HTTP-levelWalledGarden
Description
PropertyDescription
Notes
Example
IP-levelWalledGarden
Description
PropertyDescription
Example
Page 362 of 480Copyright 1999-2007, MikroTik. All rights reserved. Mikrotik, RouterOS and RouterBOARD are trademarks of Mikrotikls SIA.Other trademarks and registred trademarks mentioned herein are properties of their respective owners.
    Add page 374 to Favourites
    image text
    Enable zoom 
    							One-to-oneNATstaticaddressbindings
Description
PropertyDescription
Notes
ActiveHostList
Description
PropertyDescription
CommandDescription
ServicePort
Description
PropertyDescription
Example
CustomizingHotSpot:FirewallSection
Description
CustomizingHotSpot:HTTPServletPages
Description
Notes
Example
PossibleErrorMessages
Description
HotSpotHow-tos
Description
General Information
Summary
  ,
!
 I	
	 
	 (
   

 	  

 
   


 




,
!
 I	
	 	

•	


	

  

 
 	 

 	
		  +5*0! (
•	


 
 	 	
		  +5*0! (
•6	7	
 
 &	
   	 

 	
2	


Quick Setup Guide
I(
 	 
 
 
 

	 A	 & ,
!
 

 	 


 
 	
 $  



 
 
 *



  
  ,
!
 
 
 A	 

	
1.
 	 (	 *$ 
	

  8 
 
 

	  	
  
 

	
 
 


  
 
 	
	 *
 
 	   	 
 
	

 
 5,3$ (
		 
	 
 
 A	 

	
2.(	 59! 
	

 
  
  
 

 

3. 
 ,
!
 
 
 A	 

	 
 
 	 *$ 	  	 5,3$ (   
	


	/ip hotspot add interface=local address-pool=dhcp-pool-1
Page 363 of 480Copyright 1999-2007, MikroTik. All rights reserved. Mikrotik, RouterOS and RouterBOARD are trademarks of Mikrotikls SIA.Other trademarks and registred trademarks mentioned herein are properties of their respective owners.
    Add page 375 to Favourites
    image text
    Enable zoom 
    							4.	
 
	 	 	
 	
 
 ,
!
 /ip hotspot user add name=admin
  
   

 
 
	 ,
!
 

$	 
 ,
!
 ,7
%   	
 
   8

 	
 

 	 ,
!
	
	 	
 
 
  
 	
	 *
  
 
 
	
  	 	
 

	
 	 

/



   
 	 ,
!
 

* 
  

 
• 
	

 

	
 (	 59! ( 
 

 $$$%%
  
	
 59!
(
 
•	  
	
 



 
	
  
	/ip firewall connection tracking set
enabled=yes
Specifications
Packages required:hotspot, dhcp (optional)
License required:level1 (Limited to 1 active user), level3 (Limited to 1 active user), level4
(Limited to 200 active users), level5 (Limited to 500 active users), level6
Home menu level:/ip hotspot
Standards and Technologies:ICMP,DHCP
Hardware usage:Not significant
Description
 ,
!
 I	
	  	( 	
 	
 
 

 

	
1.,
!
 

	    
 


 ,
!
 


2.A+916+9 

	    
 	 

  # 	 59! 	
 +5*0!
(&   	
 		   	 	 ,
!
 

Page 364 of 480Copyright 1999-2007, MikroTik. All rights reserved. Mikrotik, RouterOS and RouterBOARD are trademarks of Mikrotikls SIA.Other trademarks and registred trademarks mentioned herein are properties of their respective owners.
    Add page 376 to Favourites
    image text
    Enable zoom 
    							 ,
!
 

	  	( 	
 *$ 	 	
 
 
 $	 

 



 	 
 

	 

 
 ,
!
 % 
 	
 
 	
	 *
 	
   &
  	
  
 
 +$   &
 9*3 	   


 
 	   	 

Introduction to HotSpot
,
!
  	 	 
 	
2  
 	  

  *
  

 ( 
	 



  
  	  	
 	
   &
 ,$  ,$! 
  
 	 

 8

 

	 	

	 
	  	
	  	


 
 
 	
 	

  
	 	  
 


	(  	
 	 	
 
 
 
	

 
 	 +5*0! (  ,
!
 
 	 
 	
	
	 % 
	
 

	 	

  
	 
 	
  
 		
 
  


 


 
 


 ,
!
 
  
	
 
 ( 	


	

 

 	 	 

 & 
 	 

 

 	 
 *



 
 	 	    
 	
2 	  
 

 
 	 	
 & 	
 	


	

 	
	  
 
  
 	  

 3

 6	
I	
 	
 
   
 	  
 	   	 

 
 
  
	


	


Getting Address
#
  	 	 

 
 
 	
 *$ 	 *
 	  
 
 
 

 
	
	  	  	 5,3$
(  5,3$ ( 	 ( 	  

 

 *$ 	 
 

 +3 	 
Page 365 of 480Copyright 1999-2007, MikroTik. All rights reserved. Mikrotik, RouterOS and RouterBOARD are trademarks of Mikrotikls SIA.Other trademarks and registred trademarks mentioned herein are properties of their respective owners.
    Add page 377 to Favourites
    image text
    Enable zoom 
    							8  ,
!
 
  

 	   	 

 
 	
 	  1 
 
 

,
!
 
 	
( ,
!
 ( 	 	
	
	 	
 
	
	

 	
 	
 *$ 	 & 	

 	
*$ 	  	 

 
 	 (	 
 	  
 
 *$  * 	   	 
 
1 *



 



 
 	
 
 	 1   	 
 
 1 



 
 


 ,
!
 

  	
 ( 	 
 
 ( 	 

 	 & 	 *



	 
  

 
	
 	 

 
 & 	 	 

 8	 
  
 
	 

	
 
 


 


    

 

 
 
	
	

 & 
  

  	
 	


 
 % 
 
 
 
 
   
 

 & 	
  	
	 
 
 	


  *$ 	 
 	
 

  
 

 &(
 
 	 	
 
	  %% 


	
	
 	  

8  	 
7
7
 9+ 
  	 

 	 H0
(	 3

H 	

	
   
 	 	 
 
 
 ! (
 -C
 
7
7
 9+ 	
 	
 

 	  	 


 

 

	 	
  	 


	 
	
	

  
	
 	
	 	  
 
 
	
	 *$ 

 3

 	  	


 	 * 
 
7
7
 9+ 	
  
 
 
	
	
 	 

% 	 
 	  *$
	 

 
 

 	 (
 
 	 (  	
 
 ( 
	
 8 	  *$ 	 
9+  	

  	  	 	
 4
 	
 
  (  
 
 &
    9+

	
   	 
 
 	
 	
  
	
 (
 	 	
 
	  
	 %% (
	
 
	
 	
 
 %% 
 
	
	
 	

	 
	
 
 
 
 

	   
7
7
 9+ 

Before the authentication
6
 
	
 ,
!
 
 	
 

	 
 
 	
	
	 
  (

 
 
  

	  	 

 
	
 	 

  
   
  	
 
	 

	

 9+   
	
 ( 
 	 
 ,
!
 
   	 
 
 
 	 ,$ 	
 ,$! 8

 
	
2  
 
 ,
!
 	


	

   
  
	
 	 	 

  
 	
 
 	 	 

  
 	
	
*
 
 
 
 

 	
 ,$ 	  
  
 ,
!
 (
 
 	 & 	
 

2 

( 	  	
 
 + 
	  	(  
 
  	  
 59!

	 	 (	 59! 
	

   
  
 
 ,
!
 	
	 
 &
   


 
 	
	  
	
 
  

 8 	 59! 
	

 
  	 
	

 
	
	 	
 
 

 

Walled Garden
E 	  

 
 8 	
2	

   ( & 	 
 
 

 	 
 
(   	
 

 
	

  (
 
 8 	
2	

 
 
 	 
  (
& 	   
  	 
 	 	
 


	  (  	

 

 		  	
 

  


  6	 I	
 

6
 	 

 7
  8
 	 ( 	 
 
 6	 I	
 
	

 
 ,
!
	
	  

 


 
  
 	  ,$  
 
 8
 
 
 
	 

	


 
 8
 	 
 
 
 ,
!
 (
 &
 	 
	

 6
 	    


  
 
  
 
	 
 1
Page 366 of 480Copyright 1999-2007, MikroTik. All rights reserved. Mikrotik, RouterOS and RouterBOARD are trademarks of Mikrotikls SIA.Other trademarks and registred trademarks mentioned herein are properties of their respective owners.
    Add page 378 to Favourites
    image text
    Enable zoom 
    							6	 I	
  ,$ 8
  
 
   ( &
   	
 
	
 	 


 		
  
	
  (  	  
(  
 6	I	
 

 &	  	 
	 

 
	
 	( 
	
	

  
	
Authentication
•HTTP PAP- simplest method, which shows the HotSpot login page and expect to get the
authentication info (i.e. username and password) in plain text. Note that passwords are not
being encrypted when transferred over the network. Another use of this method is the
possibility of hard-coded authentication information in the servlets login page simply creating
the appropriate link.
•HTTP CHAP- standard method, which includes CHAP challenge in the login page. The
CHAP MD5 hash challenge is to be used together with the users password for computing the
string which will be sent to the HotSpot gateway. The hash result (as a password) together with
username is sent over network to HotSpot service (so, password is never sent in plain text over
IP network). On the client side, MD5 algorithm is implemented in JavaScript applet, so if a
browser does not support JavaScript (like, for example, Internet Explorer 2.0 or some PDA
browsers) or it has JavaScipt disabled, it will not be able to authenticate users. It is possible to
allow unencrypted passwords to be accepted by turning on HTTP PAP authentication method,
but it is not recommended (due to security considerations) to use that feature.
•HTTPS- the same as HTTP PAP, but using SSL protocol for encrypting transmissions.
HotSpot user just send his/her password without additional hashing (note that there is no need
to worry about plain-text password exposure over the network, as the transmission itself is
encrypted). In either case, HTTP POST method (if not possible, then - HTTP GET method) is
used to send data to the HotSpot gateway.
•HTTP cookie- after each successful login, a cookie is sent to the web browser and the same
cookie is added to active HTTP cookie list. Next time the same user will try to log in, web
browser will send the saved HTTP cookie. This cookie will be compared with the one stored on
the HotSpot gateway and only if source MAC address and randomly generated ID match the
ones stored on the gateway, user will be automatically logged in using the login information
(username and password pair) was used when the cookie was first generated. Otherwise, the
user will be prompted to log in, and in the case authentication is successful, old cookie will be
removed from the local HotSpot active cookie list and the new one with different random ID
and expiration time will be added to the list and sent to the web browser. It is also possible to
erase cookie on user manual logoff (not in the default server pages, but you can modify them to
perform this). This method may only be used together with HTTP PAP, HTTP CHAP or
HTTPS methods as there would be nothing to generate cookies in the first place otherwise.
•MAC address- try to authenticate clients as soon as they appear in the hosts list (i.e., as soon
as they have sent any packet to the HotSpot server), using clients MAC address as username.
•Trial- users may be allowed to use the service free of charge for some period of time for
evaluation, and be required to authenticate only after this period is over. HotSpot can be
configured to allow some amount of time per MAC address to be freely used with some
limitations imposed by the provided user profile. In case the MAC address still has some trial
time unused, the login page will contain the link for trial login. The time is automatically reset
after the configured amount of time (so that, for example, any MAC address may use 30
minutes a day without ever registering). The username of such a user (as seen in the active user
table and in the login link) is T-XX:XX:XX:XX:XX:XX (where XX:XX:XX:XX:XX:XX is
his/her MAC address). The authentication procedure will not ask RADIUS server permission to
Page 367 of 480Copyright 1999-2007, MikroTik. All rights reserved. Mikrotik, RouterOS and RouterBOARD are trademarks of Mikrotikls SIA.Other trademarks and registred trademarks mentioned herein are properties of their respective owners.
    Add page 379 to Favourites
    image text
    Enable zoom 
    							authorise such a user.
 	 

 G 

 	


	

 
 E 	
  
    
 
	

,
!
 	
 	


	
  


 
 	  	
		  	 +5*0! ( &	 	
		 


 
 

 7 	 +5*0! ( *
 	  ,$  	


	

 (	 +5*0! ( 


  
 
 	 
	

 
 
 ( 	 	  
 
  	 
 
	
 *
	


	

  
 	  

 
 
	
    
 &
 	 +5*0!  


 

	
 
   
	
  
 	
    
 
 	
 (	  		
 
	 

 
 
 +5*0! 	7	
 	 #  
	

 
  
 

	

 
 	 +5*0!
(   
 
( 	
	 


 ,$ $+$ 
 	 	 
  
 	


	
  8

 
 	
/login?username=username&password=password *
 	  	

 
  
 
 


 



 

	
 ,$ 8
    
	
O8# 
>R$$
##5!%+&

 
	
 
 8
  	7

(
Authorization
+
 	


	

  
 	 
 
 *



 	
 (  
	

 & 	  
 ,
!
 	 	  	 
7
7
 9+  
 

  
	
 	 	
	   		
( 
 	 *$ 	 	  	
 $3  1 
 	

 
  	
	
	 

 	
 
 8
 
 	  ( 	 

  
 & 	
 
 	
 
 
 1 


 
  	
 


 
   ( 
 
  (  
 
 

+
2	

 	  	
 
 	 +5*0! (  ( 	 
	

 

 	 
 	
	
		 # 	
  8
 	
2	

 	 +5*0! ( 
 8 
 	
  
  (

 	 	
		  	
 +5*0! ( 	 
 	 3	
  +
2	

 8
 	
 


	
	 
 	
 
 ( 	
 		

Advertisement
 	    
	
2 

 
 ( 6	7I	
 	
 	 	   
	
2  
  
 	(


  	
	

   	
2  	 



 

 8
  
 

 	
 
 
	  	

  8 *
 
	 
 
 
 


	
 	 (
  

   
  	 	 	  	 
  	(


 
 	
 

6
 
 
 	  
  	
 	(


 
 ( 
 

%   
 
 
	

	  
 8
  ( 
 



 	 
 &	 	
 
 



  

 
	
  
	
 	 	 
 	(


 	
 

 	(
7

(	   
  

	(


 * 
	
 	  
	 
 	 	
 	(


  
 

 
	

 


 
 
   
  
 

 	   

 	7	
 &4
 	

	
2 

 	 3

  
 
 
  	  
	 
 9
 
	
  

 	  
 
  
 
 
 
 
	
 	 	   
 
 
 	(


	
	
6 

   #$ 	
 
 (  

  	  8
 

 
 
 	

	(


  	
 *



 	
(
 

 	 	  
 6	7I	

Page 368 of 480Copyright 1999-2007, MikroTik. All rights reserved. Mikrotik, RouterOS and RouterBOARD are trademarks of Mikrotikls SIA.Other trademarks and registred trademarks mentioned herein are properties of their respective owners.
    Add page 380 to Favourites
    image text
    Enable zoom 
    							Accounting
 ,
!
 
 

 	


 


	  	 

 8 
  	


 	  
 

  	


 
	

  	  	  

 
 	 +5*0! (
Configuration menus
•/ip hotspot- HotSpot servers on particular interfaces (one server per interface). HotSpot server
must be added in this menu in order for HotSpot system to work on an interface
•/ip hotspot profile- HotSpot server profiles. Settings, which affect login procedure for
HotSpot clients are configured here. More than one HotSpot servers may use the same profile
•/ip hotspot host- dynamic list of active network hosts on all HotSpot interfaces. Here you can
also find IP address bindings of the one-to-one NAT
•/ip hotspot ip-binding- rules for binding IP addresses to hosts on hotspot interfaces
•/ip hotspot service-port- address translation helpers for the one-to-one NAT
•/ip hotspot walled-garden- Walled Garden rules at HTTP level (DNS names, HTTP request
substrings)
•/ip hotspot walled-garden ip- Walled Garden rules at IP level (IP addresses, IP protocols)
•/ip hotspot user- local HotSpot system users
•/ip hotspot user profile- local HotSpot system users profiles (user groups)
•/ip hotspot active- dynamic list of all authenticated HotSpot users
•/ip hotspot cookie- dynamic list of all valid HTTP cookies
Question&Answer-Based Setup
Command name:/ip hotspot setup
Questions
address pool of network(name) - IP address pool for the HotSpot network
dns name(text) - DNS domain name of the HotSpot gateway (will be statically configured on the
local DNS proxy
dns servers(IP addressIP address) - DNS servers for HotSpot clients
hotspot interface(name) - interface to run HotSpot on
ip address of smtp server(IP address; default:0.0.0.0) - IP address of the SMTP server to redirect
SMTP requests (TCP port 25) to
•0.0.0.0- no redirect
local address of network(IP address; default:10.5.50.1/24) - HotSpot gateway address for the
interface
masquerade network(yes | no; default:yes) - whether to masquerade the HotSpot network
name of local hotspot user(text; default:admin) - username of one automatically created user
passphrase(text) - the passphrase of the certificate you are importing
password for the user(text) - password for the automatically created user
Page 369 of 480Copyright 1999-2007, MikroTik. All rights reserved. Mikrotik, RouterOS and RouterBOARD are trademarks of Mikrotikls SIA.Other trademarks and registred trademarks mentioned herein are properties of their respective owners.
    All MikroTik manuals Comments (0)