centralized hotspot control - mikrotikmum.mikrotik.com/presentations/id11/id-herry.pdf · herry...
TRANSCRIPT
![Page 1: Centralized Hotspot Control - MikroTikmum.mikrotik.com/presentations/ID11/id-herry.pdf · herry darmawan spectrum indonesia centralized hotspot control mum 2011 - indonesia](https://reader030.vdocuments.mx/reader030/viewer/2022011723/5aa550f67f8b9a1d728cf764/html5/thumbnails/1.jpg)
H E R R Y D A R M AWA N S P E C T R U M I N D O N E S I A
CENTRALIZED HOTSPOT CONTROL
M U M 2 0 1 1 - I N D O N E S I A
![Page 2: Centralized Hotspot Control - MikroTikmum.mikrotik.com/presentations/ID11/id-herry.pdf · herry darmawan spectrum indonesia centralized hotspot control mum 2011 - indonesia](https://reader030.vdocuments.mx/reader030/viewer/2022011723/5aa550f67f8b9a1d728cf764/html5/thumbnails/2.jpg)
ABOUT ME
• Herry Darmawan • Working for : Spectrum Indonesia • Title : Technical & Operational Manager
• Start using MikroTik since 2004 • MikroTik Certified Consultant • MikroTik Certified Trainer • MTCWE, MTCTCE, MTCUME, MTCRE
![Page 3: Centralized Hotspot Control - MikroTikmum.mikrotik.com/presentations/ID11/id-herry.pdf · herry darmawan spectrum indonesia centralized hotspot control mum 2011 - indonesia](https://reader030.vdocuments.mx/reader030/viewer/2022011723/5aa550f67f8b9a1d728cf764/html5/thumbnails/3.jpg)
ABOUT SPECTRUM INDONESIA
• HeadQuarter • Surabaya (Graha Bumi Modern 2nd and 6th Floor)
• Branch • Malang • Bali • Jakarta
• History • Prior to be Wireless Division of D~Net Surabaya (till 2005) • Selling MikroTik since 2005 • MikroTik Reseller since 2006 • MikroTik Certified Training Partner since 2007
![Page 4: Centralized Hotspot Control - MikroTikmum.mikrotik.com/presentations/ID11/id-herry.pdf · herry darmawan spectrum indonesia centralized hotspot control mum 2011 - indonesia](https://reader030.vdocuments.mx/reader030/viewer/2022011723/5aa550f67f8b9a1d728cf764/html5/thumbnails/4.jpg)
MIKROTIK TRAINING @ SPECTRUM
• Various class • Regular Class • Bootcamp Class • Combo Class • Class conducted in English (once a year)
• Currently 4 of 6 MikroTik Training has been taught • MTCNA • MTCTCE • MTCWE • MTCUME
![Page 5: Centralized Hotspot Control - MikroTikmum.mikrotik.com/presentations/ID11/id-herry.pdf · herry darmawan spectrum indonesia centralized hotspot control mum 2011 - indonesia](https://reader030.vdocuments.mx/reader030/viewer/2022011723/5aa550f67f8b9a1d728cf764/html5/thumbnails/5.jpg)
HOTSPOT USAGE
• Functionality • Easy Plug-and-Play Internet Usage • Authenticated Internet Usage • Promotional Internet Usage • Limited Internet Usage
• Location • Café • Hotel • Airport • School / University / Campus • Another Public Service Areas
![Page 6: Centralized Hotspot Control - MikroTikmum.mikrotik.com/presentations/ID11/id-herry.pdf · herry darmawan spectrum indonesia centralized hotspot control mum 2011 - indonesia](https://reader030.vdocuments.mx/reader030/viewer/2022011723/5aa550f67f8b9a1d728cf764/html5/thumbnails/6.jpg)
HOTSPOT SITES
![Page 7: Centralized Hotspot Control - MikroTikmum.mikrotik.com/presentations/ID11/id-herry.pdf · herry darmawan spectrum indonesia centralized hotspot control mum 2011 - indonesia](https://reader030.vdocuments.mx/reader030/viewer/2022011723/5aa550f67f8b9a1d728cf764/html5/thumbnails/7.jpg)
HOTSPOT CONFIG - TYPICALLY
![Page 8: Centralized Hotspot Control - MikroTikmum.mikrotik.com/presentations/ID11/id-herry.pdf · herry darmawan spectrum indonesia centralized hotspot control mum 2011 - indonesia](https://reader030.vdocuments.mx/reader030/viewer/2022011723/5aa550f67f8b9a1d728cf764/html5/thumbnails/8.jpg)
LOT'S OF LOCATIONS
• Distributed Hotspot Controller • All locations has one Hotspot Controller
• Problems • Changing webpage for promotional (login page or status
page) has to be executed in all controllers • Changing of rules has to be executed one-by-one in all
controllers • Troubleshoot has to be checked site-to-site
• Solution • Develop programs to manage all controllers via API • Build an External Captive Portal • Use Tunnel to connect them all
![Page 9: Centralized Hotspot Control - MikroTikmum.mikrotik.com/presentations/ID11/id-herry.pdf · herry darmawan spectrum indonesia centralized hotspot control mum 2011 - indonesia](https://reader030.vdocuments.mx/reader030/viewer/2022011723/5aa550f67f8b9a1d728cf764/html5/thumbnails/9.jpg)
WORKSHOP SCENARIO
![Page 10: Centralized Hotspot Control - MikroTikmum.mikrotik.com/presentations/ID11/id-herry.pdf · herry darmawan spectrum indonesia centralized hotspot control mum 2011 - indonesia](https://reader030.vdocuments.mx/reader030/viewer/2022011723/5aa550f67f8b9a1d728cf764/html5/thumbnails/10.jpg)
EXTERNAL CAPTIVE PORTAL
• External Captive Portal will solve problems with centralized webpage/login appearance
• Complex server-side processing is possible
External Web Server shows the
login page
Internal Hotspot Portal redirect the
login page to External Web
Server
![Page 11: Centralized Hotspot Control - MikroTikmum.mikrotik.com/presentations/ID11/id-herry.pdf · herry darmawan spectrum indonesia centralized hotspot control mum 2011 - indonesia](https://reader030.vdocuments.mx/reader030/viewer/2022011723/5aa550f67f8b9a1d728cf764/html5/thumbnails/11.jpg)
CONCEPT
Client request to connect to any
websites
Hotspot Server redirect the login page to outside
webserver
External Webserver then show the login
page
The login page then submit the form back to original Hotspot Server
The hotspot server then authenticate
the username/password
![Page 12: Centralized Hotspot Control - MikroTikmum.mikrotik.com/presentations/ID11/id-herry.pdf · herry darmawan spectrum indonesia centralized hotspot control mum 2011 - indonesia](https://reader030.vdocuments.mx/reader030/viewer/2022011723/5aa550f67f8b9a1d728cf764/html5/thumbnails/12.jpg)
HOTSPOT CONFIG - REDIRECT
<body> <form name="redirect" action="http://10.50.50.2/cp/login.php" method="post"> <input type="hidden" name="mac" value="$(mac)" /> <input type="hidden" name="username" value="$(username)" /> <input type="hidden" name="error" value="$(error)" /> <input type="hidden" name="link-login" value="$(link-login)" /> <input type="hidden" name="link-orig" value="$(link-orig)" /> </form> <script type="text/javascript"> document.redirect.submit(); </script> </body>
![Page 13: Centralized Hotspot Control - MikroTikmum.mikrotik.com/presentations/ID11/id-herry.pdf · herry darmawan spectrum indonesia centralized hotspot control mum 2011 - indonesia](https://reader030.vdocuments.mx/reader030/viewer/2022011723/5aa550f67f8b9a1d728cf764/html5/thumbnails/13.jpg)
HOTSPOT CONFIG - REDIRECT
<body> <form name="redirect" action="http://10.50.50.2/cp/login.php" method="post"> <input type="hidden" name="mac" value="$(mac)" /> <input type="hidden" name="username" value="$(username)" /> <input type="hidden" name="error" value="$(error)" /> <input type="hidden" name="link-login" value="$(link-login)" /> <input type="hidden" name="link-orig" value="$(link-orig)" /> </form> </body>
Form and some internal-variable that we are going to passed to the Webserver
Location of the Web Server
![Page 14: Centralized Hotspot Control - MikroTikmum.mikrotik.com/presentations/ID11/id-herry.pdf · herry darmawan spectrum indonesia centralized hotspot control mum 2011 - indonesia](https://reader030.vdocuments.mx/reader030/viewer/2022011723/5aa550f67f8b9a1d728cf764/html5/thumbnails/14.jpg)
HOTSPOT CONFIG - REDIRECT
<body> <script type="text/javascript"> document.redirect.submit(); </script> </body>
Simple script to make the form submitted as soon as the page is opened
Don't forget to allow WalledGarden for the
Captive Server
![Page 15: Centralized Hotspot Control - MikroTikmum.mikrotik.com/presentations/ID11/id-herry.pdf · herry darmawan spectrum indonesia centralized hotspot control mum 2011 - indonesia](https://reader030.vdocuments.mx/reader030/viewer/2022011723/5aa550f67f8b9a1d728cf764/html5/thumbnails/15.jpg)
WEB SERVER CONFIG
<?php $mac = $_POST['mac']; $username = $_POST['username']; $linklogin = $_POST['link-login']; $linkorig = $_POST['link-orig']; $error = $_POST['error']; ?> <form name="login" action="<?php echo $linklogin; ?>" method="post" > <input type="hidden" name="dst" value="<?php echo $linkorig; ?>" /> <input type="hidden" name="popup" value="true" /> Username :<input name="username" type="text" /><br> Password : <input name="password" type="password" /><br> <input type="submit" value="Login" /> </form> <?php if ($error) { echo $error; } ?>
![Page 16: Centralized Hotspot Control - MikroTikmum.mikrotik.com/presentations/ID11/id-herry.pdf · herry darmawan spectrum indonesia centralized hotspot control mum 2011 - indonesia](https://reader030.vdocuments.mx/reader030/viewer/2022011723/5aa550f67f8b9a1d728cf764/html5/thumbnails/16.jpg)
WEB SERVER CONFIG
<?php $mac = $_POST['mac']; $username = $_POST['username']; $linklogin = $_POST['link-login']; $linkorig = $_POST['link-orig']; $error = $_POST['error']; ?>
Get the parameter sent by the redirect form from the original Hotspot Server. There are still lots of parameters can be pass, this is only some of them
![Page 17: Centralized Hotspot Control - MikroTikmum.mikrotik.com/presentations/ID11/id-herry.pdf · herry darmawan spectrum indonesia centralized hotspot control mum 2011 - indonesia](https://reader030.vdocuments.mx/reader030/viewer/2022011723/5aa550f67f8b9a1d728cf764/html5/thumbnails/17.jpg)
WEB SERVER CONFIG
<form name="login" action="<?php echo $linklogin; ?>" method="post" > <input type="hidden" name="dst" value="<?php echo $linkorig; ?>" /> <input type="hidden" name="popup" value="true" /> Username :<input name="username" type="text" /><br> Password : <input name="password" type="password" /><br> <input type="submit" value="Login" /> </form> <?php if ($error) { echo $error; } ?>
Submit the form back to "link-login", which is the url of the Hotspot Gateway
Show the error message (in case error occurred)
![Page 18: Centralized Hotspot Control - MikroTikmum.mikrotik.com/presentations/ID11/id-herry.pdf · herry darmawan spectrum indonesia centralized hotspot control mum 2011 - indonesia](https://reader030.vdocuments.mx/reader030/viewer/2022011723/5aa550f67f8b9a1d728cf764/html5/thumbnails/18.jpg)
DRAWBACKS
• Only solved problems with centralized webpage apperance/login control
• Still need to build and maintain a webserver to store the portal files
• Useful only for rapid changed in promotional webpage but less change in configuration
• Problems • As we have rapid configuration change as well, how do we
get it centralized?
![Page 19: Centralized Hotspot Control - MikroTikmum.mikrotik.com/presentations/ID11/id-herry.pdf · herry darmawan spectrum indonesia centralized hotspot control mum 2011 - indonesia](https://reader030.vdocuments.mx/reader030/viewer/2022011723/5aa550f67f8b9a1d728cf764/html5/thumbnails/19.jpg)
TUNNEL
• Tunnel mechanism can help us to manage lots of Hotspots area in one single Hotspot Controller
Hotspot Interface is located in HERE
Interface Wireless is bridged to
Tunnel
![Page 20: Centralized Hotspot Control - MikroTikmum.mikrotik.com/presentations/ID11/id-herry.pdf · herry darmawan spectrum indonesia centralized hotspot control mum 2011 - indonesia](https://reader030.vdocuments.mx/reader030/viewer/2022011723/5aa550f67f8b9a1d728cf764/html5/thumbnails/20.jpg)
TUNNEL
• What type of Tunnel can be used • EoIP • PPTP/L2TP with BCP • OpenVPN with TAP interface • SSTP • MPLS/VPLS
• Basically - every kind of Tunnel that can be bridged • Beware of the MTU problems
![Page 21: Centralized Hotspot Control - MikroTikmum.mikrotik.com/presentations/ID11/id-herry.pdf · herry darmawan spectrum indonesia centralized hotspot control mum 2011 - indonesia](https://reader030.vdocuments.mx/reader030/viewer/2022011723/5aa550f67f8b9a1d728cf764/html5/thumbnails/21.jpg)
TUNNEL – CLIENT SIDE
10.60.60.1
![Page 22: Centralized Hotspot Control - MikroTikmum.mikrotik.com/presentations/ID11/id-herry.pdf · herry darmawan spectrum indonesia centralized hotspot control mum 2011 - indonesia](https://reader030.vdocuments.mx/reader030/viewer/2022011723/5aa550f67f8b9a1d728cf764/html5/thumbnails/22.jpg)
TUNNEL – CLIENT SIDE
10.60.60.1
![Page 23: Centralized Hotspot Control - MikroTikmum.mikrotik.com/presentations/ID11/id-herry.pdf · herry darmawan spectrum indonesia centralized hotspot control mum 2011 - indonesia](https://reader030.vdocuments.mx/reader030/viewer/2022011723/5aa550f67f8b9a1d728cf764/html5/thumbnails/23.jpg)
10.20.20.254
TUNNEL – SERVER SIDE
![Page 24: Centralized Hotspot Control - MikroTikmum.mikrotik.com/presentations/ID11/id-herry.pdf · herry darmawan spectrum indonesia centralized hotspot control mum 2011 - indonesia](https://reader030.vdocuments.mx/reader030/viewer/2022011723/5aa550f67f8b9a1d728cf764/html5/thumbnails/24.jpg)
HOTSPOT CONTROLLER
![Page 25: Centralized Hotspot Control - MikroTikmum.mikrotik.com/presentations/ID11/id-herry.pdf · herry darmawan spectrum indonesia centralized hotspot control mum 2011 - indonesia](https://reader030.vdocuments.mx/reader030/viewer/2022011723/5aa550f67f8b9a1d728cf764/html5/thumbnails/25.jpg)
OTHER THAN EOIP?
• EoIP is an "ethernet-like" interfaces • It means, you can consider them as Ethernet • Thus, Hotspot can be made on those interfaces
• Other than that, you must make a bridge to be able to make hotspot feasible to those tunnels • You can always make the tunnel connect to a bridge
automatically
![Page 26: Centralized Hotspot Control - MikroTikmum.mikrotik.com/presentations/ID11/id-herry.pdf · herry darmawan spectrum indonesia centralized hotspot control mum 2011 - indonesia](https://reader030.vdocuments.mx/reader030/viewer/2022011723/5aa550f67f8b9a1d728cf764/html5/thumbnails/26.jpg)
CONTROLLER – PROFILE/SECRET
![Page 27: Centralized Hotspot Control - MikroTikmum.mikrotik.com/presentations/ID11/id-herry.pdf · herry darmawan spectrum indonesia centralized hotspot control mum 2011 - indonesia](https://reader030.vdocuments.mx/reader030/viewer/2022011723/5aa550f67f8b9a1d728cf764/html5/thumbnails/27.jpg)
CONTROLLER – HOTSPOT
![Page 28: Centralized Hotspot Control - MikroTikmum.mikrotik.com/presentations/ID11/id-herry.pdf · herry darmawan spectrum indonesia centralized hotspot control mum 2011 - indonesia](https://reader030.vdocuments.mx/reader030/viewer/2022011723/5aa550f67f8b9a1d728cf764/html5/thumbnails/28.jpg)
TUNNEL – CLIENT SIDE
10.60.60.1
![Page 29: Centralized Hotspot Control - MikroTikmum.mikrotik.com/presentations/ID11/id-herry.pdf · herry darmawan spectrum indonesia centralized hotspot control mum 2011 - indonesia](https://reader030.vdocuments.mx/reader030/viewer/2022011723/5aa550f67f8b9a1d728cf764/html5/thumbnails/29.jpg)
TUNNEL – BRIDGE STATUS
![Page 30: Centralized Hotspot Control - MikroTikmum.mikrotik.com/presentations/ID11/id-herry.pdf · herry darmawan spectrum indonesia centralized hotspot control mum 2011 - indonesia](https://reader030.vdocuments.mx/reader030/viewer/2022011723/5aa550f67f8b9a1d728cf764/html5/thumbnails/30.jpg)
BENEFIT
• Centralized management • Easy to test the config over the controller (rather
than on-site) • Possible to have a redundant backup/fail-over
Controller
• Improvement for this method • Using tunnel to make a MultiProvider Hotspot System
![Page 31: Centralized Hotspot Control - MikroTikmum.mikrotik.com/presentations/ID11/id-herry.pdf · herry darmawan spectrum indonesia centralized hotspot control mum 2011 - indonesia](https://reader030.vdocuments.mx/reader030/viewer/2022011723/5aa550f67f8b9a1d728cf764/html5/thumbnails/31.jpg)
MULTIPROVIDER HOTSPOT
• It's possible to use an AP to broadcast multiple SSID using Virtual AP
• These Virtual-AP will separate the traffic
Sandal-Net WiFi Zone
Kelinci-Net WiFi Zone
Xpress-Net WiFi Zone
![Page 32: Centralized Hotspot Control - MikroTikmum.mikrotik.com/presentations/ID11/id-herry.pdf · herry darmawan spectrum indonesia centralized hotspot control mum 2011 - indonesia](https://reader030.vdocuments.mx/reader030/viewer/2022011723/5aa550f67f8b9a1d728cf764/html5/thumbnails/32.jpg)
MULTIPROVIDER HOTSPOT
• Using Tunnel, it's possible to send their traffic and goes to another Controller Outside
Sandal-Net Kelinci-Net Xpress-Net
![Page 33: Centralized Hotspot Control - MikroTikmum.mikrotik.com/presentations/ID11/id-herry.pdf · herry darmawan spectrum indonesia centralized hotspot control mum 2011 - indonesia](https://reader030.vdocuments.mx/reader030/viewer/2022011723/5aa550f67f8b9a1d728cf764/html5/thumbnails/33.jpg)
AP CONFIG - VAP
![Page 34: Centralized Hotspot Control - MikroTikmum.mikrotik.com/presentations/ID11/id-herry.pdf · herry darmawan spectrum indonesia centralized hotspot control mum 2011 - indonesia](https://reader030.vdocuments.mx/reader030/viewer/2022011723/5aa550f67f8b9a1d728cf764/html5/thumbnails/34.jpg)
AP CONFIG - TUNNEL
![Page 35: Centralized Hotspot Control - MikroTikmum.mikrotik.com/presentations/ID11/id-herry.pdf · herry darmawan spectrum indonesia centralized hotspot control mum 2011 - indonesia](https://reader030.vdocuments.mx/reader030/viewer/2022011723/5aa550f67f8b9a1d728cf764/html5/thumbnails/35.jpg)
AP CONFIG – DIAL TUNNEL
![Page 36: Centralized Hotspot Control - MikroTikmum.mikrotik.com/presentations/ID11/id-herry.pdf · herry darmawan spectrum indonesia centralized hotspot control mum 2011 - indonesia](https://reader030.vdocuments.mx/reader030/viewer/2022011723/5aa550f67f8b9a1d728cf764/html5/thumbnails/36.jpg)
AP CONFIG – BRIDGE STATUS
![Page 37: Centralized Hotspot Control - MikroTikmum.mikrotik.com/presentations/ID11/id-herry.pdf · herry darmawan spectrum indonesia centralized hotspot control mum 2011 - indonesia](https://reader030.vdocuments.mx/reader030/viewer/2022011723/5aa550f67f8b9a1d728cf764/html5/thumbnails/37.jpg)
HOTSPOT CONTROLLER
![Page 38: Centralized Hotspot Control - MikroTikmum.mikrotik.com/presentations/ID11/id-herry.pdf · herry darmawan spectrum indonesia centralized hotspot control mum 2011 - indonesia](https://reader030.vdocuments.mx/reader030/viewer/2022011723/5aa550f67f8b9a1d728cf764/html5/thumbnails/38.jpg)
H E R R Y @ S P E C T R U M I N D O . C O M H T T P : / / W W W . T R A I N I N G M I K R O T I K . C O . I D
THANK YOU