Note: This article is written by Colin, all rights Reserved! Reprint please specify the original address, thank you for your cooperation!
Note: Due to the more steps of the Hotspot setting, this document only explains how to set the Hotspot method, the configuration of the Ros installation and routing Internet is to be consulted by Baidu.
First, you will ROS Soft route configuration complete and can be assigned normally IP after surfing the internet.
Hotspot setting:
1. Open Winbox, click File, and drag the files from the Hotspot certification page to the Hotspot directory, such as.
(Note: This step is very critical, if the authentication page file has not been placed in the Hotspot directory, when the Hotspot authentication service is turned on, the machine will not be able to access the authentication screen, not the Internet and access to the router interface. If the hotspot service has been turned on in advance and the route cannot be accessed, you can use a network cable to connect the computer to the Ros extranet, and then use the MAC address to access the network. )
2, click Ip-hotspot-servers, click Hotspot Setup, run the Hotspot Settings Wizard,
2.1 Select the LAN interface (that is, the interface that assigns the IP to the client) and click "Next" to proceed to the next step.
Such as:
2.2 Click "Next", normally will display the LAN card you have set the IP, directly click "Next" next.
(If not set, can be entered manually, such as 192.168.1.1)
2.3 If DHCP has been configured previously, the DHCP scope you have set will be displayed, click "Next" directly.
(If you have not established DHCP before, you can manually enter such as 192.168.1.50-192.168.1.150, click Next, the system will automatically create a DHCP service.) )
2.4 Use default, click "Next" directly.
2.5 default, click "Next".
2.6 Fill in the correct DNS server IP address and click "Next".
2.7 Use default, click "Next" directly.
3, at this point, the hotspot service is already set up and running automatically. At this point the computer will be dropped and need to be authenticated before you can access the network.
————————————-
User authentication:
1, verify the way:
First open the browser to access the http://192.168.18.1 (Ros LAN port IP) or access any Internet site, it will automatically jump to the following verification screen. (in the case of not manually set up to verify the online authentication account, you can first use the default Admin account login, login and then set the thread.) )
2, the authentication interface is as follows:
3, after landing, will display the user login status information, the computer can access the network.
You can also enter in the browser: http://192.168.18.1/status Access User Login status screen.
————————————-
Enable Internet authentication for subsequent actions:
1, after the login verification, we first cancel or set the hotspot certification validity period of the cookie time.
(Open the Hotspot Settings page (ip-hotspot), click the Server Profiles tab, double-click the server template you just created, cancel the cookie in the Login tab, or the HTTP cookie for the cookie The lifetime is set to the right time. (Default to 3D/3 days without duplicate validation)
If a user is required to authenticate on a daily basis, the cookie can be set to 10:00:00/10 hours or the cookie is canceled directly, and the session time is set later.
2. Create a User template:
2.1 First, we need to create a user template rule.
Click Ip–hotspot–user Profiles Click the "+" sign to add the user profile template. Such as:
2.2, click "+" after adding the User Configuration template, the name of the input template, select the establishment of a good IP address pool. The total time of the login session can be set in session timeout, that is, the authentication will be broken after that time, and the keepalive timeout option can set the time of the session timeout, and the administrator can set it according to the actual situation.
Shared users can limit the maximum number of simultaneous logins by default of 1 (that is, a user can only have one device at a time. If set to NULL, the user will be able to log on to countless devices at the same time. )
Rate Limit (RX/TX) can limit the user's upload download speed, the user who created this template will follow this standard.
3, create User:
Click the Users tab, click the "+" sign, enter your account password, and select just create a User Configuration template in profile. Click OK to save.
At this point the user has been added successfully, you can find a computer to use the user just created to see if it can be verified properly.
4, set some IP can not be verified to the Internet.
Click the IP Bindings tab, specify an IP address or address segment in address that you don't need to verify (you can also create a rule by MAC address), select bypassed in the Type option, and click OK.
5, specify that some sites can be accessed without verification.
Open the Walled Garden IP List tab, click the "+" sign, and the action option is set to Accept,server select your hotspot server name, dst.address enter the IP address of the website that does not need to be verified. Protocol Select the TCP protocol, Dst.port fill in the rules of the port number, such as 80,25,110 and other common ports, if the trust IP, can be set to 0-65535 (that is, all ports).
6, click on the active tab, you can see the connected active users, double-click the corresponding user name, you can see his activity details, such as online time, total traffic, current traffic and so on.
Select any active user, click on the "-" sign in the upper left corner, you can forcibly disconnect the user, the user will need to re-verify to log on the Internet.
Such as:
At this point, the Hotspot authentication server is even set up.
————————————-
Use RADIUS USER Mans Billing server for co-management:
The above is built a hotspot server, but the above user management is not perfect, such as users can not change their own password, or the user's total use of time, traffic and so on. So, let me explain how to manage with radius.
1, first, enable the RADIUS service.
Open the Radius tab, click on the "+" sign, tick the hotspot service in the popup screen, enter the IP address of the ROS server, and enter the password for the Raduis docking in secret. Click OK to save.
1.1 Click Incoming, tick accept, and remember the current port number. (The port number here is 3799).
2. Radius is enabled in the Hotspot service configuration file.
First open the Hotspot Settings screen, open the Server Profiles tab, double click on the Hotspot service profile you just created, click Radius, tick use Raduis, and click OK. (this means that the hotspot is already allowed to be managed using RADIUS)
3. After confirming the error, enter the external network management address of ROS, such as Http://192.168.18.1/userman into the radius interface. (Use default password: Admin/admin login)
4, after entering the RADIUS management interface, click "Router"-"add", set the corresponding information in Ros, click "Save"
Note: The key must be the same as set in Winbox, be sure to check the COA support, set the same port, such as 3799.
5, create a profile for the user (the benefit is to select a profile when creating a user, and to make it easy to change later).
Click "Profile" to set the relevant information and save it.
6, click Add New Limit (set the time limit and limit the total traffic or online time, bandwidth and other information. )
7, set the rules of restrictions,
8, add the authenticated user.
9, specify the configuration file when creating the user.
User status information view:
1, can be viewed directly in Userman, you can also use Winbox to view user status, connections and other information, such as:
2. Check the user speed limit rules (these rules are automatically generated according to the settings in Userman. )
By:colin
ROS Hotspot Server Setup and Setup! (Internet Authentication)