228
AT-WR4500 Series - IEEE 802.11abgh Outdoor Wireless Routers
RouterOS v3 Configuration and User Guide
10.1.4
HotSpot Server Profiles
Submenu level:
/ip hotspot profile
Property Description
dns-name
(
text
) - DNS name of the HotSpot server. This is the DNS name used as the name of the
HotSpot server (i.e., it appears as the location of the login page). This name will automatically be added as
a static DNS entry in the DNS cache
hotspot-address
(
IP address
; default:
0.0.0.0
) - IP address for HotSpot service
html-directory
(
text
; default:
hotspot
) - name of the directory (accessible with FTP), which stores the
HTML servlet pages (when changed, the default pages are automatically copied into specified directory if
it does not exist already)
http-cookie-lifetime
(
time
; default:
3d
) - validity time of HTTP cookies
http-proxy
(
IP address
; default:
0.0.0.0
) - address of the proxy server the HotSpot service will use as a
[parent] proxy server for all those requests intercepted by Universal Proxy system and not defined in the
/ip proxy direct
list. If not specified, the address defined in
parent-proxy
parameter of
/ip proxy
. If
that is absent as well, the request will be resolved by the local proxy
login-by
(
multiple choice:
cookie | http-chap | http-pap | https | mac | trial; default:
cookie,http-chap
) -
which authentication methods to use
cookie
- use HTTP cookies to authenticate, without asking user credentials. Other method will be used
in case the client does not have cookie, or the stored username and password pair are not valid anymore
since the last authentication. May only be used together with other HTTP authentication methods
(HTTP-PAP, HTTP-CHAP or HTTPS), as in the other case there would be no way for the cookies to be
generated in the first place
http-chap
- use CHAP challenge-response method with MD5 hashing algorithm for hashing passwords.
This way it is possible to avoid sending clear-text passwords over an insecure network. This is the default
authentication method
http-pap
- use plain-text authentication over the network. Please note that in case this method will be
used, your user passwords will be exposed on the local networks, so it will be possible to intercept them
https
- use encrypted SSL tunnel to transfer user communications with the HotSpot server. Note that in
order this to work, a valid certificate must be imported into the router (see a separate manual on
certificate management)
mac
- try to use client's MAC address first as its username. If the matching MAC address exists in the
local user database or on the RADIUS server, the client will be authenticated without asking to fill the
login form
trial
- does not require authentication for a certain amount of time
mac-auth-password
(
text
) - if MAC authentication is used, this field can be used to specify password for
the users to be authenticated by their MAC addresses
nas-port-type
(
text
; default:
wireless-802.11
) - NAS-Port-Type attribute value to be sent to the
RADIUS server
radius-accounting
(yes | no; default:
yes
) - whether to send RADIUS server accounting information on
each user once in a while (the "while" is defined in the
radius-interim-update
property)
radius-default-domain
(
text
; default:
""
) - default domain to use for RADIUS requests. It allows to
select different RADIUS servers depending on HotSpot server profile, but may be handful for single
RADIUS server as well.
radius-interim-update
(
time
| received; default:
received
) - how often to sent cumulative accounting
reports.
0s
- same as
received
received
- use whatever value received from the RADIUS server
radius-location-id
(
text
) - Raduis-Location-Id attribute value to be sent to the RADIUS server
radius-location-name
(
text
) - Raduis-Location-Name attribute value to be sent to the RADIUS server
rate-limit
(
text
; default:
""
) - Rate limitation in form of
rx-rate[/tx-rate] [rx-burst-rate[/tx-burst-
rate] [rx-burst-threshold[/tx-burst-threshold] [rx-burst-time[/tx-burst-time]]]] [priority]
[rx-rate-min[/tx-rate-min]]
from the point of view of the router (so "rx" is client upload, and "tx" is
client download). All rates should be numbers with optional 'k' (1,000s) or 'M' (1,000,000s). If tx-rate is
not specified, rx-rate is as tx-rate too. Same goes for tx-burst-rate and tx-burst-threshold and tx-burst-
time. If both rx-burst-threshold and tx-burst-threshold are not specified (but burst-rate is specified), rx-
rate and tx-rate is used as burst thresholds. If both rx-burst-time and tx-burst-time are not specified, 1s is
used as default. rx-rate-min and tx-rate min are the values of limit-at properties