Cấu Hình Mikrotik Hotspot_0

CU HNH MIKROTIK HOTSPOT DNG GUI

XY DNG H THNG HOTSPOT GATEWAY CHO DCH V INTERNET LAN-WIFI C CHNG THCGii thiu v ci t chung

Mikrotik Router (www.mikrotik.com) l mt gi phn mm chy trn HDH Linux rt gn nh nhng tch hp rt nhiu chc nng nh: Router (DHCP, NAT, Routing...), Firewall, VPN server, Hotspot gateway, Loadbalancing adsl..., Cache -Proxy server, Banwidth management... rt thch hp ng dng lm gateway cho c quan, doanh nghip v nht l cc dch v internet cng cng, wifiDo qu nhiu chc nng nn trong bi vit ny ti ch hng dn cu hnh c bn xy dng mt Hotspot cho cc im truy cp internet cng cng, cc qun cafe internet. Vi h thng Hotspot ny cho php chng ta c th chng thc

* Ci t phn mm:

Yu cu phn cng: do soft Miktotik ny rt nh nn ch cn mt my tnh Pentium3 l chy tt. Phin bn 2.9x tr v trc ch chy trn cng ata.Download 2 soft sau:

1. Mikrotik OS router: l image cdrom khong 30M

Link: http://www.mikrotik.com/download/mikrotik-2.9.51.iso(Nu nng cp phin bn th c th vo http://www.mikrotik.com/download.html ri chn iso image download

2. Tin ch Winbox dng cu hnh chy trn windows

Link: http://www.mikrotik.com/download/winbox.exeSau khi down image v th ghi ra a cd ri boot t a ny tin hnh ci t, mn hnh xut hin s yu cu chn cc module ci, chng ta chn cc modul c bn sau:

System

DHCP

Hotspot

Proxy

User Manager (optional)

Security (optional - recommended)

Advanced tools (optional)Dng phm spacebar chn cc gi cn ci, sau khi chn xong nhn phm I ci t.

Qu trnh ci t khong 5-10 pht, sau khi ci xong my yu cu reboot li l hon tt

ng nhp dng username: Admin v password trng.

I. Cu hnh Mikrotik hotspot dng lnhSau khi ci t xong OS cho my ch, cu hnh a ch IP cho 2 nic nh sau

1. Cu hnh a ch IP

1.1. Cu hnh IP cho Nic s kt ni vi adsl (Nic Wan hay interface Wan) hay vi router trung gian trn ng ra internet (ADSL, LEASELINE). y IP ca Nic ny l 192.168.1.20/24 v Nic ny s c gn cho interface ether2Ch : y cu trc lnh s c g t ng dn gc l [Admin@Mikrotik]. tr v ng dn gc ny t ng dn bt k ch cn g /(enter)

[Admin@Mikrotik]> ip address add address=192.168.1.20/24 interface=ether2

1.2. Cu hnh IP cho Nic kt ni vi cc AP hay mng Lan ca cc my con. y IP s l 192.168.0.1/24 , Nic ny s c gn cho ether1.[Admin@Mikrotik]> ip address add address=192.168.0.1/24 interface=ether1

* Ch : tin qun l sau khi cu hnh xong nn i tn 2 interface ether1 v ether2 thnh Lan v Wan hay Local v Public cho d nh

1.3. Cu hnh IP default gateway (l a ch adsl modem-router hay router kt ni vo interface Wan trn ng i ra internet.. Trong VD y l 192.168.1.1

[Admin@Mikrotik] > ip route add gateway 192.168.1.1

Sau dng my tnh kt ni vi My Hotspot chy Mikrotik qua Nic Wan ri dng Winbox cu hnh cc thnh phn tip theo

2. Cu hnh Hotspot

Vic cu hnh Hotspot s bao gm cu hnh dch v DHCP server, cc thng tin DNS

G lnh sau:[Admin@Mikrotik] ip hotspot setup (sau ghi g lnh ny s xut hin cc hng yu cu nhp thng tin nh sau

Hotspot interface: ether1

Local address of network: 192.168.0.1/24

Masquerade network: yes

Address pool of network: 192.168.0.2-192.168.0.254 (c th chnh li theo mun, y cng l dy a ch ip m dch v dhcp s cp cho cc my con khi kt ni)

Select certificate: none (ch : mc nh xut hin dng import-other-certificate, chng ta xa dng v nhp vo none)

Ip address of smtp server: 0.0.0.0 (nu trong mng c my ch smtp th g a ch ip vo, cn khng th mc nh 0.0.0.0)

Dns server: 203.168.0.181,203.162.4.190 ( y s nhp a ch my ch dns server, nu trong mng c my ch ny th nhp vo ip my ch , cn khng nhp vo ip primary v secondary dns server ca ISP cch nhau bi du phyDns name: in vo tn ca my Hotspot ny c khai bo trn Dns server ca mng,nu khng c th trng ch khng khai ty .Name of local hotspot user: Admin (to mt account cho h thng test ng nhp hotspot)

Password for the user: mt khu ca account ny.

3. Cu hnh NAT

[Admin@Mikrotik] ip firewall nat add chain=srcnat action=masquerade out-interface=ether2Nh vy c bn cu hnh song h thng Hotspot vi Mikrotik. Lc ny dng mt my con ng nhp web s thy mn hnh ng nhp ca Mikrotik xut hin, nhp vo account to sn bc cu hnh hotspot trn l c th truy xut webVic cu hnh cc thnh phn khc nh to user, tinh chnh hay thay i cc thng s dng giao din gui qua Winbox s tin hn nn s c gii thiu phn sau.

* Nu trong cu hnh b li th c th dng lnh >System/reset xa cu hnh ri ci t li.4. Mt s lnh trn my Hotspot chy MikrotikKhi ng nhp vo my Hospot, ti du nhc lnh [Admin@Mikrotik] ch cn g du ? (enter) chng ta s thy hin th cc u mc vo nh hnh di

Cc u mc vo cng gn ging vi giao din ca Winbox. VD mun vo phn IP chng ta ch cn g IP (enter), sau g ? (enter) s thy cc mc con xut hin

Mun cu hnh thnh phn no chng ta c g lnh theo ng dn hoc vo tng mc ri g tip. VD mun cu hnh IP th g IP address...; Mun xem thng tin a ch IP ca cc Nic th Ip address print; Mun cu hnh Route th: IP route...; Mun cu hnh hotspot th: Ip hotspot setup...; Mun cu hnh firewall, nat th Ip firewall... Mun tt my th System shutdown; Khi ng li my: System reboot; Mun xa tt c cc thng tin cu hnh ci t: System reset...Cng ging nh lnh Dos, nu t ng dn ph mun g lnh n ng dn khc th chng ta dng du / trc lnh ; Mun v ng dn gc th / (enter), mun di lui ng dn mt cp g ..(enter)Mun xem thng tin v cc Nic ang c trong my th t ng dn gc g Interface print hay di chuyn vo mc Interface ri ch g Print (enter)Ti cc mc vo mun xem thng tin thnh phn no ch cn g Print (enter).

Mun backup thng tin mt thnh phn no th g: Export file=(tn file) (enter).Vd ti u mc vo IP hotspot> mun backup thng tin phn user thnh file user (mc nh phn m rng l .rsc) ch cn g: IP HOTSPOT>user export file =user (file user.rsc s c to ra, mun lu li file ny th t my khc kt ni ftp vo Hotspot trn inerface Wan s thy tn file ny xut hin)

Mun backup thng tin cc user trong phn IP-binding g lnh: IP HOTSPOT>ip-binding export file=ip_binding (file ip_binding.rsv s c to ra)...

Sau ny mun import li file no th dng ftp copy file vo my Hotspot ri t du nhc lnh gc g lnh:

[Admin@Mikrotik]> import filename.rsc

Vd mun import file user.rsc th g [Admin@Mikrotik]> import user.rscPhn 2. Cu hnh h thng Hotspot vi giao din Gui thng qua Winbox

Sau khi ci t xong a ci Mikrotik, tin hnh ci t a ch IP cho cc Nic nh cc mc 1.1, 1.2, 1.3 ca phn I chng ta dng my tnh kt ni vi my ch Hotspot qua Nic Wan ri dng Winbox ng nhp v cu hnh cc thnh phn tip theo.

1. Cu hnh DHCP v DNS server

1.1 Cu hnh thng tin DNS

T menu chnh chn IP>DNS, sau click Settings ri in thng tin nh hnh

Ch : Nu c DNS server trong mng lan (c forward ra internet) th in ip ca my ny vo, cn khng th in IP Dns server ca ISP

T menu chnh bn tri chn IP > DHCP-Server ri click Setup v lm theo nh hnh di.

Tip theo click Next v nguyn thng tin IP nh mc nh

Tip theo click Next

Click Next

l dy IP m DHCP s cp cho cc my con khi kt ni, y chng ta khai bo cho ph hp vi h thng mng c sn.

y s khai bo Primary v Secondary DNS server s c cung cp cho cc my con qua DHCP. Tuy nhin do chng ta cu hnh DNS server ri nn y n xut hin sn thng tin, chng ta khng cn khai bo.Tip theo click Next hon tt

3. Cu hnh Hotspot.T menu chnh chn IP>HotspotClick vo Setup ri cu hnh theo th t nh cc hnh di, hu ht l ch vic click Next v mi ci c chn t ng

hnh trn phn DNS Name chng ta in vo tn ca my hotspot(vd: hotspot.congty.com) c khai bo trong dns server nu nh trong h thng mng c dns server, cn khng th trng ch khng c khai ty .

Phn ny l to account u tin cho Hotspot chng ta c th test sau khi ci xong phn ny.

Sau khi hon tt, click vo Hotspot mi to chng ta c cc thng tin sau:

y chng ta ch n phn Profile, chng ta c th to nhiu profile lc no cn thit thay i cho ph hp. Cc profile ny dng qun l ngi truy cp theo cc ch m chng ta t ra.* Cu hnh Profile cho Hotspot

Trn giao din chnh ca hotspot, phn tab Server chng ta click vo ProfileChng ta s thy c 2 profile to sn, mt l default v mt l hsprof1 mi to bc trn, to mi mt profile chng ta click vo du +, tuy nhin chng ta c th xem profile hsprof1 mi to hiu cch to cc profile khc.

HTML Directory: th mc mc nh cha web login, nu chng ta mun t to web login khc th ch nh th mc cha web y

Rate Limit: bng thng gii hn cho mi client truy cp internet

cu hnh thm cc thng s khc chng ta chn tab Login

*Phn Login By:C nhiu giao thc h tr trn web login, mc nh l giao thc chung c chn l HTTP Chap. Nu mun ngi dng mi ln logout xong phi nhp account login li th chng ta b chn phn Cookie.

4. Cu hnh NAT: T menu chnh bn tri chn IP > Firewall, click vo tab NAT ri cu hnh nh hnh. Ch : Chain=srcnat; Src. Address=192.168.0.0/24 (dy IP m DHCP s cp cho cc my con; Phn Out.Interface=ether2 (Nic kt ni WAN)

Tip theo clic vo tab Action ri chn Action=Masquerade nh hnh di, sau Apply v OK.

Nh vy c bn chng ta cu hnh xong h thng hotspot. By gi c th dng my con ng nhp chng ta s thy xut hin mn hnh ng nhp ca Mikrotic, dng account mi to sn bc trn nhp vo chng ta c th s dng internet c ri.

5. Cu hnh gii hn bandwith:

Trong v d ny chng ta cu hnh gii hn bng thng s dng gm download v upload cho mi my con5.1 Cu hnh gii hn bng thng download ti a l 10kbps: T menu chnh chn Queues, vo tab Queue Types, Nu thy c queue no th remove, sau click vo du + add 1 Queue Type mi ri cu hnh nh hnh di.

Tip theo vo tab Settings ri nhp vo Rate= 10000 (tng ng 10kbps), Limit=50, Total Limit=2000 ri click chn vot Dst. Address nh hnh di.

5.2: Cu hnh gii hn bng thng upload:

Lm tng t nh phn trn, to mt Queue tng t , in vo thng s Rate cho ph hp ri chn Src. Address thay v Dst. Address nh trn.

Tip theo trong mn hnh chnh ca Queue List, click tab Simple Queues ri click vo du + to mi mt mt simple queue , nhp vo tn v dy a ch mng Lan nh hnh di.

Tip theo click vo tab Advanced, mc Queue type chng ta chn 2 queue cho download v upload to trn

6. Qun l ngi dng internet6.1 To danh sch ngi dng internet qua Hotspot

- T menu chnh chn IP>HotspotSau click vo tab User. to mt user click vo du +

Nhp tn v mt khu, nu mun khng ch user theo a ch IP hay MAC th nhp vo pha di. Phn quan trng y chnh l Profile s c trnh by phn tip

gii hn thi gian hay dung lng s dng internet cho user ny chng ta click vo tab Limits v khai bo.

Sau click OK hon tt.

Tuy nhin quan trng nht l ta phi cu hnh cc profile cho user c th qun l tng user hay nhm theo cc cch khc nhau

to cc Profile cho mi hay nhiu user chng ta click vo tab Profile trong phn User ca giao din Hotspot.

Chng ta s thy xut hin mt profile c tn Default, profile ny c to khi chng ta cu hnh phn hotspot. to mi mt profile chng ta click vo du +. hiu cc cu hnh profile chng ta click vo profile default xem

y chng ta cc tham s sau:

- Session Timeout: Thi gian user c php s dng, sau khi ht thi gian ny s t ng logout

- Idle Timeout: thi gian nu user khng s dng mng s t ng logout

- Keepalive Timeout: thi gian dng cho user(client) ng nhp mng sau khi kt ni, nu sau thi gian ny user cha ng nhp th a ch IP s c cp cho user khc.

- Share Users: cho php bao nhiu client dng chung mt account

- Incoming Filter/Outgoing Filter: chn cc Chain tng la cho cc gi tin i vo/ra, cc chain ny thng dng trn cc firewall trn nn tng Linux.

- Phn Transparent Proxy nn tt (khng chn du check)* nh hng ngi s dng sau khi ng nhp xong s m mt trang web no (qung co...) chng ta click vo tab Advertise ri nhp a ch website vo.

6.2. Chng thc theo a ch IP hay Mac addressNu chng ta c nhng my tnh c nh v khng mun mi ln i internet phi ng nhp th ch vic cu hnh chng thc cc my ny theo a ch IP hay a ch Mac ca card mng (trng hp ny rt cn thit i vi cc c quan c nhu cu s dng internet). Nh vy cc my c a ch c add vo mi ln truy xut internet s i thng nh bnh thng khng qua chng thc. Tuy nhin cng c th lm iu ngc li cho php cm my no khng c i internet thng qua IP v Mac address nhn bit.

Trong phn giao din chnh Hotspot chng ta click vo tab IP Bindings

Sau nhp a ch Mac vo hay a ch IP

Quan trng nht phn Type, nu chng ta mc nh l regular th khng c tc dng; Nu chn bybassed th ngi dng c add a ch s truy cp internet m khng phi ng nhp, nu chn blocked th li khng c i internet.

6.3. Cho php truy cp mt s trang web m khng cn phi ng nhp (mc ch cho qung co website...)

T giao din chnh Hotspot chn tab Walled Garden

Nhp a ch trang web vo Dst.Host, hoc nhp IP trang web vo Dst. Address. Nu mun cho php ch truy cp mt trang no trn a ch website cho php th g thm ng dn trang vo Path.

7. To account qun tr h thngMc nh khi ci t h thng to sn account admin vi mt khu trng, chng ta c th to thm mt s account vi cc quyn khc nhau qun tr h thng hotspot

T menu chnh bn tri chn User

to mi mt user click vo du +

Nhp tn vo phn Name, gn quyn Group, nu mun cho php user ny ch c ng nhp t my c a ch ip no th nhp vo Allowed Address, mun khai bo mt khu click Password...

Cc ngi dng c th qun tr h thng qua winbox hoc qua web vi a ch IP ca ether1 hoc ether2.

8. Qun tr, gim st h thng

qun tr h thng hotspot chng ta c th thng qua web, trong trng hp ny l http://192.168.0.1 hay http://192.168.1.20

Chng ta xem hoc thay i c nhiu thng tin nh card mng, a ch IP, tng la, cc routes, thng tin v my ang chy Mikrotik

- xem thng tin v bng thng ngi dng, rt quan trng xem ai ang download nhiu hoc l my no ang pht tn virus, ddos... trong winbox, t menu chnh chng ta chn Tools>Torch ri click vo Start...9.Ngoi l:Phn mm Mikrotik c rt nhiu chc nng, n c th xem l mt thit b router cao cp c nhiu chc nng nh Firewall, Routing, VPN, Loadbalancing, Nat, Proxy, Hotspot... ty vo mc ch cu hnh cho ph hp

Vi phn cu hnh h thng hotspot trn nu chng ta kt hp thm h thng Radius server th c th lm c h thng billing dng bn v cho khc truy cp internet nh ti cc khch sn, cc im truy cp internet cng cng. Radius server c th dng bn min ph chy trn my ch Linux l FreeRadius (www.freeradius.org)

Di y l mt s link dng cu hnh Mikrotik vi nhiu ng dng khc nhau:

1. Cu hnh Mikrotik t A-Z

http://www.mikrotik.com/testdocs/ros/2.9/

2. Cu hnh Loadbalancing 2 line adsl vi Mikrotik

http://wiki.mikrotik.com/wiki/Routing

http://wiki.mikrotik.com/wiki/Load_Balancing_over_Multiple_Gateways

3. Cu hnh chn web en vi Mikrotik m hnh proxy

http://wiki.mikrotik.com/wiki/How_to_Block_Websites_%26_Stop_Downloading_Using_Proxy

4. Cu hnh VPN server vi giao thcPPTP

http://www.mikrotik.com/testdocs/ros/2.9/interface/pptp.php

5. Cu hnh gii hn bng thng

http://wiki.mikrotik.com/wiki/PCQ_Examples

6. Cu hnh webproxy

http://www.mikrotik.com/testdocs/ros/2.9/ip/webproxy.php

http://www.mikrotik.com/testdocs/ros/2.9/ip/webproxy_content.php#7.53.7

7.Cu hnh share internet cho Lan vi kt ni adsl theo Pppoe (bridge)

http://wiki.mikrotik.com/wiki/How_to_Connect_your_Home_Network_to_xDSL_Line

8. Cu hnh Mikrotik hotspot vi Free Radius

http://infodotnet.blogspot.com/search/label/Mikrotik

9. Cu hnh Mikrotik lm Firewall cho mng lan c kt ni internet

http://wiki.mikrotik.com/wiki/How_to_Connect_your_Home_Network_to_xDSL_Line

10. Din n trao i, tho lun v Mikrotikwww.forum.mikrotik.com

Phm Minh Trit - [email protected] YM:bootbia

Documents

Cấu Hình Mikrotik Hotspot_0