MikroTik Router Configuration

  2. Home--------------------------
  3. Router configuration

HOW TO CONFIGURE MIKROTIK ROUTER TO RUN JOINMYWIFI MARKETING SOLUTION

The below configuration was tested on MikroTik RB951Ui-2HnD with RouterOS ver. 6.41.4 and firmware ver. 6.41.4 (13 Apr 2018).

Although the configuration is for RB951Ui-2HnD, with basic knowledge of RouterOS you can execute it on any MikroTik router.

All the needed files and credentials will be provided by JoinMyWifi.

IMPORTANT: You will need to provide us the serial number of the MikroTik otherwise the service to will not work (System->Routerboard->Serial Number).

MikroTik Congiuration

RB951Ui-2HnD Specifications

ROUTER WITH DEFAULT CONFIGURATION:

Assuming that the MikroTik router has the default configuration installed you can follow the steps below. If not, reset the router and will revert back to factory settings with the default configuration.

STEP 1: UPDATE ROUTEROS
#Connect MikroTik to the internet via ethernet1
#Connect your computer with MikroTik via ethernet2
#Use latest WinBox software to connect to the MikroTik using IP(default username:admin/default password:(none))
MikroTik RouterOS #If all is well the Mikrotik will have access to the internet
#Update RouterOS (System->Packages->Check For Updates->Download & Install). It will automatically reboot
MikroTik RouterOS Update

STEP 2: UPDATE FIRMWARE/UPLOAD FILES
#Connect to MikroTik using IP
#Update Routerboard (System->Routerboard->Upgrade)
MikroTik firmware update #Disable mpls and routing packages (System->Packages select packages and click "Disable")
#Put the "HotspotFiles" folder's contents in MikroTik's root folder(File). You can drag and drop files in MikroTik
MikroTik RouterOS #Reset default configuration(System->Reset Configuration->Check "No Default Configuration, Check "Do Not Backup", Click "Reset Configuration"). It will automatically reboot

STEP 3: IMPORT CONFIGURATION
#Connect to the MikroTik using MAC. If at any time you get disconnected, dont worry, it's normal because MAC connection is not very steady. Check if latest RouterOS version (shown in WinBox window at the top) and latest Routerboard firmware installed correctly
MikroTik using MAC #Run the configuration script. Notes: Ctrl-l clears the terminal's window. Ctrl-v enables disables auto complete (if it is enabled, paste is not working properly) so, always use right click to paste. If you are pasting configuration, beware of any errors in execution (they are easily spoted since they begin at the left side of the terminal). For now we are going to import the configuration. Follow the steps below:

  1. Run the below command. In case of error, fix it (or leave it behind if it's not important), and copy/paste the rest contents of "configuration1.rsc" in a New Terminal (if you get disconnected while the command is running, reconnect and check if the last command was loaded succesfully. If not, it may be prudent to reset configuration and retry):
    /import verbose=yes configuration1.rsc
    2. MikroTik configuration.rsc
    MikroTik configuration.rsc 2
  2. Disconnect and connect using IP
    3. MikroTik disconnect and connect using IP
  3. Check if connection to oVPN is running (PPP->Interface: "oVPN-server1" should have an "R" flag on the left). IMPORTANT: The service to will not work if the oVPN is not running
    4. MikroTik oVPN
  4. Run the below command. In case of error, fix it (or leave it behind if it's not important), and copy/paste the rest contents of "configuration2.rsc" in a New Terminal:
    /import verbose=yes configuration2.rsc
    5. MikroTik configuration2.rsc
    MikroTik Connect Identity Syntax
  5. Set a password for admin user (System->Password)

CONFIGURATION COMPLETED: REBOOT AND TEST SERVICE

Possible on-site changes

  1. SSIDs, passwords, channels
  2. WIRELESS ACCESS LIST
    Enable Wireless->Access Lists and disable "Default Authentication" in Wireless->Interfaces
    In case of more than one MikroTik APs in the same area to help roaming
  3. QUEUES
    Enable Queues->"PCQ Guests-Staff" and set upload/download max limit accordirg to the bandwidth
    Enable Queues->"Limit each Guest-Staff"
  4. Change MAC address of virtual APs [64:D1:54:00:00:02]
    In case of more than one MikroTik APs in the same area to eliminate conflict
  5. Add access points MAC addresses in ip->hotspot->ip-binding to get access to the internet
  6. Change timezone to autodetect if outside Cyprus:
    Enable System->Clock->"Time Zome Autodetect"

Interfaces descriptions

ether1: WAN port (DHCP client)

bridge-admin: Admin ports (DHCP server 192.168.88.1/24)
	->ether2

bridge-pos (DHCP server 10.10.0.1/16): Point of sales network (secure network for cameras/order tablets etc.)
	->wlan1 (SSID="JoinMyWifi POS")
	->ether3
	->ether4
	->ether5

bridge-staff (DHCP server 10.20.0.1/16): Staff network
	->vlan-wlan1-staff: SSID="JoinMyWifi Staff" vlan(ID=20) on wlan1
	->vlan3-staff: vlan(ID=20) on ether3
	->vlan4-staff: vlan(ID=20) on ether4
	->vlan5-staff: vlan(ID=20) on ether5

bridge-guests (DHCP server 10.30.0.1/16): Hotspot users
	->vlan-wlan1-guests: SSID="JoinMyWifi Guests (Free)" vlan(ID=30) on wlan1
	->vlan3-guests: vlan(ID=30) on ether3
	->vlan4-guests: vlan(ID=30) on ether4
	->vlan5-guests: vlan(ID=30) on ether5

oVPN-server1: oVPN to JoinMyWifi dedicated server (DHCP client from oVPN server 172.17.0.1/16)


MikroTik Interfaces Description

ROUTER WITH EXISTING CONFIGURATION:

IMPORTANT: In this case you should ask JoinMyWifi to provide different configuration files.

If your router has existing configuration that you don't want to delete make the following changes:

On the router (before running scripts):
  1. Disable DHCP server and IP address for the bridge used by APs
  2. Disable existing hotspot server
  3. Disable dns propagation from DHCP client if any
  4. Delete rules:
    /ip firewall filter add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
    /ip firewall nat add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
Run scripts as stated in the section above and then:
  1. Move the added rules to the top of their list if are not already there: Firewall filter rules, Firewall nat rules, Hotspot walled-garden rules
  2. Set timezone in clock
  3. Check for IP conflicts
  4. Set srcnat for wan interface
  5. Set bridge ports for hotpost

More information at MikroTik official website

Select appropriate MikroTik router according to the table below

MikroTik Rourters Table