Creating a Fydelia captive HotSpot portal on a MikroTik RouterBoard

Defaut template

Creating a Fydelia captive HotSpot portal on a MikroTik RouterBoard



Print

Creating a Fydelia captive HotSpot portal on a MikroTik RouterBoard

MikroTik RouterBoard External Captive Portal Setup

IMPORTANT: Fydelia does not support V7.x due to known issues with the firmware.  Fydelia has been tested against V6.48.1.  This document will be updated when MikroTik have released a patch.

This device works in a slightly different way to the traditional approach.  When a hotspot is enabled, some splash page files are created on the router.  In order to support an External Captive Portal such as Fydelia, you need to update the login file so that it redirects out to your splash page.

In this guide we’re using the MikroTik RouterBoard RB3011uias-rm:

mceclip0.png

MikroTik RouterBoard RB3011uias-rm

There are 3 key steps to this guide:

1) Enabling the hotspot feature on the RouterBoard

2) Modifying the hotspot for Fydelia External Captive Portal pages

3) Authenticating devices onto the network

STEP 1 – Creating a Bridge for your HotSpot

In this guide we will force devices connected to Ethernet Port 10 (which has the PoE output) to require Guest HotSpot login.  No wireless devices are required for testing, since it will also work with LAN cable connections.

Creating a HotSpot bridge

In a typical environment you will bridge to a VLAN.  You can find instructions on creating a hotspot bridge on a VLAN by clicking this How-To article.

IMPORTANT: For this document we’re going to set up the HotSpot on Ethernet port 10, and NOT a VLAN.

Note that in Ethernet mode you cannot assign a HotSpot to a “slave” port that is linked to the default bridge.  This is why we need to create a new bridge and assign the Hotspot port (ETH 10, in this case) to the new bridge.  This will also prevent you from being locked out of your router if you enable the hotspot on the default bridge. 

To create a new bridge:

  • connect the WAN cable to ETH 1, and your computer to another port such as ETH 2
  • Create a new Bridge and call it “HSBridge”
mceclip1.png
  • Click the PORTS tab 
  • Click the “-” button to delete ETH Port 10
mceclip2.png
  • Click ADD NEW
  • Choose ETH Port 10
mceclip3.png
  • Choose the new bridge HSBridge and Apply
mceclip4.png

Your system is now ready to have a HotSpot assigned to ETH Port 10

Create new DHCP Server

To ensure the HotSpot manages its own IP range for guests, you need to create a new DHCP Server which we will later assign to your new HotSpot.  First we must create our desired address pool:

  • In the IP section, click Pool
mceclip8.png
  • Click Add New
  • Fill in your desired range in CIDR notation. In this case we’ll use 192.168.2.x
mceclip9.png
  • In the IP section, select DHCP Server and ADD NEW
  • Give it a name, such as FODHCP (Fydelia On Demand HotSpot Captive Portal)
  • Assign the interface to the corresponding Bridge.  In this instance we will use HSBridge we created earlier
  • For Address Pool, use the one created in the previous step
mceclip10.png
  • Click Apply to save changes

STEP 2 – Assigning the SSL Certificate

To use your Fydelia hotspot with the HTTPS protocol (strongly recommended), follow these

instructions to install an SSL certificate on your Mikrotik HotSpot

 

STEP 3 – Creating your HotSpot

The key steps in this section are:

  • Create a user profile
  • Create a server profile
  • Create a HotSpot server
  • Walled garden entries

Creating a User Profile

Optionally you can create a profile, which allows you to control the session time before the guest is redirected back to Fydelia for “Welcome Back” and automatic login:

  • Still in the IP section click Hotspot
  • Choose the “User Profiles” tab and click Add New
mceclip12.png
  • Choose the Address Pool you created earlier
  • Set the session time, in this case we will require guests to return to Fydelia after 30 minutes
  • Click Apply

Creating the Hotspot Server Profile

  • Still in the Hotspot section click the Server Profiles tab
  • Provide a name
  • Enter your desired IP for the Hotspot portal.  This is where Fydelia will communicate locally in order to authenticate devices
  • In DNS enter: “login.fydelia.com”.  This allows you to assign the Fydelia SSL certificate, allowing full SSL login for your guests

Here is an example:

mceclip1.png
  • On the login tab choose HTTP CHAP 
  • Do not select MAC Cookie
  • If you are installing an SSL Certificate, choose HTTPS and HTTPS Redirect
mceclip0.png

 

Creating the Hotspot Server

Click on the Servers tab:

mceclip7.png
  • Click ADD New
  • Give it a meaningful name (guests will not see this) such as FydeliaHS
  • Assign the Interface (the new bridge, in our case) and Address Pool settings to those we created in the previous steps
  • If you created your own profile, that can be chosen here too
mceclip13.png
  • Click Apply

A default MikroTik Hotspot is now enabled on ETH Port 10

Walled Garden Entries

Click on the Walled Garden tab

Add a new host entry for: ondemand.fydelia.com

mceclip2.png

Click Apply and OK

IMPORTANT:  If you’re using the Facebook login widget, also add a domain entry for: ondemand.fydeliawifi.com

Click on the Walled Garden IP List tab

Add a new IP entry with IP: 144.76.195.139

Click Apply and OK
Add another for the Fydelia host name: ondemand.fydelia.com

mceclip1.png

Click Apply and OK

IMPORTANT:  As before, if you’re using the Facebook login widget, also add a domain entry for: ondemand.fydeliawifi.com

STEP 4 – Using Fydelia as an External Captive Portal

Now that you have set up your Hotspot, you will need to modify the “login.html” file in order to redirect to Fydelia.

An example file is attached to this article.

IMPORTANT: Be sure to change the form action URL to your Fydelia splash page URL

The file system can be browsed by clicking on the FILES menu:

mceclip14.png

IMPORTANT: We recommend that you replace the login.html file using FTP.  In this guide we use FileZilla

  • Connect via FTP to your RouterBoard
  • In this example our RouterBoard is available on 192.168.88.1
mceclip16.png
  • In the default configuration you will not need a password
  • Replace the login file with the one attached to this article
mceclip17.png

Your hotspot will now redirect automatically to your Fydelia splash page.  The final step is to configure Fydelia to be able to authenticate devices against your RouterBoard.

IMPORTANT: you may need to restart the Routerboard in order to apply changes

STEP 3 –  Authenticating devices onto the network with Fydelia

For this final step we will need to:

  • Add a new username and password to the Hotspot profile
  • Edit the settings on our Fydelia splash page to include the new username and password 

Adding a local user to the Hotspot

  • In the IP section click Hotspot
  • Choose the Users tab
mceclip18.png
  • Click Add New
  • Choose Server (the Hotspot you created)
  • Enter a Name (the Fydelia username you desire) and a password
  • If you created a profile earlier, be sure to select it here
mceclip19.png
  • Click Apply

Fydelia splash page configuration

We now need to add this username and password to your splash page

mceclip20.png
  • Enter the username and password that you chose in the previous step
mceclip0.png
  • Click SAVE CHANGES (bottom left)
mceclip1.png
  • And then PUBLISH (top right)
mceclip2.png

You’re all set!  You can now authenticate users with your MikroTik External Captive portal.

Table of Contents