MikroTikRouterSetupGuide

Page2of14

GlobalReachTechnologyLtdCommercialinConfidence

DisclaimerTHISDOCUMENTATIONANDALLINFORMATIONCONTAINEDHEREIN(“MATERIAL”)ISPROVIDEDFORGENERALINFORMATIONPURPOSESONLY.GLOBALREACHANDITSLICENSORSMAKENOWARRANTYOFANYKIND,EXPRESSORIMPLIED,WITHREGARDTOTHEMATERIAL,INCLUDING,BUTNOTLIMITEDTO,THEIMPLIEDWARRANTIESOFMERCHANTABILITY,NON-INFRINGEMENTANDFITNESSFORAPARTICULARPURPOSE,ORTHATTHEMATERIALISERROR-FREE,ACCURATEORRELIABLE.GLOBALREACHRESERVESTHERIGHTTOMAKECHANGESORUPDATESTOTHEMATERIALATANYTIME.LimitationofLiabilityINNOEVENTSHALLGLOBALREACHBELIABLEFORANYDIRECT,INDIRECT,INCIDENTAL,SPECIALORCONSEQUENTIALDAMAGES,ORDAMAGESFORLOSSOFPROFITS,REVENUE,DATAORUSE,INCURREDBYYOUORANYTHIRDPARTY,WHETHERINANACTIONINCONTRACTORTORT,ARISINGFROMYOURACCESSTO,ORUSEOF,THEMATERIAL.VERSION1.2PUBLISHEDAUGUST2016

Page3of14

GlobalReachTechnologyLtdCommercialinConfidence

IMPORTANT-BEFOREYOUSTARTBeforeattemptingtointegrateyourhardwarecontrollerintoOdyssys,pleaseensurethatALLofthefollowingrequirementsareinplace;• YouhaveacontrollerinstalledinanenvironmentwherecompatibleAccessPointsareconfiguredtoworkwiththecontroller,i.e-DNS,DHCPoptionsconfiguredcorrectlyYourclientenvironmentisconfiguredtoallownetworkclientsto;• AssociatetoanAccessPoint• ObtainanIPaddress• AccesstotheinternetThefollowingcomponentsarerequiredtobeconfiguredandworkinginyourenvironmentbeforeattemptingintegrationwithOdyssys;• DHCPServer• DNSServer• FirewallNATPLEASENOTE-Thisisatechnicaldocumentandassuch,integrationofyourhardwarewithOdyssysshouldonlybehandledbytrainedindividuals.

TECHNOTEOdyssysdoesnotusestandardRADIUSports,thereforepleasemakesureyouallowtheportsinyourfirewall,definedinyourmanager.odyssys.netCaptivePortalsettings.

Page4of14

GlobalReachTechnologyLtdCommercialinConfidence

GETTINGSTARTEDWITHODYSSYSBeforeconfiguringtheMikrotikRouterforusewithOdyssys,youwillfirstneedtocreateaCaptivePortaltoobtainkeysettingsforyourMikrotikRouter.1.WithinyourInternetbrowser,navigatetohttp://manage.odyssys.net2.LogintoOdyssys,usingyourCustomerID,UsernameandPassword

3.UsingthenavigationpanelonthelefthandsideoftheOdyssysDashboard,select"CaptivePortals"then"CaptivePortals"andfinally"CreateCaptivePortal"

4.EnterthefollowingdetailstocreateanewCaptivePortalName:<NameofyourCaptivePortal>Description:<DescriptionofyourCaptivePortal(OPTIONAL)>RADIUSSharedSecret:<Eitherkeepthecurrentsharedsecretorcreateyourown>HardwareVendor:MikrotikGatewayAddress:<LANIPaddressofyourdevice(OPTIONAL)>

Page5of14

GlobalReachTechnologyLtdCommercialinConfidence

5.Click"Create"tosavethesettingsandcompleteinitialsetupoftheCaptivePortalSelectthenewlycreatedCaptivePortalanditwilldisplaytheinformationrequiredtoconfiguretheMikrotikRouter-Pleasenoteyoumayneedtoscrolldowntoseetheinformation.

TECHNOTETheinformationwilldifferforeachCaptivePortalcreatedandisuniquetoeachCaptivePortal.

Page6of14

GlobalReachTechnologyLtdCommercialinConfidence

CONFIGURINGODYSSYSWITHINMIKROTIK1.DownloadtheCloudCaptivePortalconfigurationfilesforMikroTik/RouterOSfromtheOdyssysManager:

2.UnzipthesefilestoadirectoryonyourcomputerandtransfertheunzippeddirectorytotheMikroTikrouterusinganftpclient.FormoreinformationonhowtouploadfilestoyourMikroTikrouter,pleaserefertoyourMikroTikusermanual.3.ConnecttoyourMikroTikRouterviaitswebuserinterface.4.Select“IP”then“Hotspot”fromtheleft-handsidemenu.5.Selectthe“ServerProfiles”tab,click“AddNew”andconfigurewiththebelowsettings

Name:<Chooseanameforthehotspotserverprofile>HTMLDirectory:<Settothenameofuploadedhotspotdirectoryfortheportal,forexample:1234567ifdownloadedzipfilenameis1234567.zip>LoginBy:HTTPCHAPSplitUserDomain:UncheckedUseRADIUS:CheckedDefaultDomain:<CaptivePortalIDnumber(samenameasthehotspotdirectoryfortheportal–HTMLdirectory)>LocationID:LeaveblankLocationName:LeaveblankMACFormat:XX:XX:XX:XX:XX:XXAccounting:CheckedInterimUpdate:00:10:00NASPortType:19(wireless-802.11)Click“OK”tosaveconfiguration.

Page7of14

GlobalReachTechnologyLtdCommercialinConfidence

Exampleconfiguration

Page8of14

GlobalReachTechnologyLtdCommercialinConfidence

6.Underthe“Servers”tab,click“AddNew”andconfigurewiththebelowsettings

Enabled:CheckedName:<MACAddressofyourMikroTikRouterinformat‘xx:xx:xx:xx:xx:xx’>(IfyoudonotuseaMACaddress,youwillnotreceiveanalyticaldataforyourWi-FiusersinOdyssys)Interface:<Interfacetoregisterforhotspotservices>(usuallythebridgewhichincludesalltheportswhichtheAPsareconnectedto–bearinmindthatyoumaylosethemanagementaccesstotheMikroTikrouter;wesuggestconfiguringaportformanagementinadifferentbridge).AddressPool:NoneProfile:<SelecttheServerProfilecreatedinpreviousstep>Click“OK”tosaveconfiguration.Exampleconfiguration

Page9of14

GlobalReachTechnologyLtdCommercialinConfidence

7.Underthe“WalledGarden”tab,click“AddNew”andconfigurewiththefollowingdetails.RepeatforeachWalledGardenentryyouhavebeenprovidedwith(foundonpage11ofthisdocument)andadd*.odyssys.netentryaswell.

Enabled:CheckedAction:AllowServer:<Selectthehotspotserveryoucreatedinthepreviousstep>Dst.Host:<Foundonpage11ofthisdocument>Click“OK”tosaveconfiguration.

Page10of14

GlobalReachTechnologyLtdCommercialinConfidence

8.ClickonRadiusfromthelefthandmenuandclickon“AddNew”andconfigurewiththefollowingdetails.RepeatforeachRADIUSserveryouhavebeenprovided.

Enabled:CheckedService:HotspotCalledID:LeaveblankDomain:<CaptivePortalIDnumber>(samenameasthehotspotdirectoryfortheportal–HTMLdirectory)Address:<RadiusIPaddressprovidedinyourOdyssysCaptivePortalConfiguration>Secret:<ProvidedinyourOdyssysCaptivePortalConfiguration>AuthenticationPort:<ProvidedinyourOdyssysCaptivePortalConfiguration>AccountingPort:<ProvidedinyourOdyssysCaptivePortalConfiguration>Timeout:3000msAccountingBackup:UncheckedClick“OK”tosaveconfigurationandcompletesetup.

Page11of14

GlobalReachTechnologyLtdCommercialinConfidence

ACCESSCONTROLLISTADDRESSESOdyssys52.31.81.5154.243.42.24154.246.86.10754.246.87.6454.75.232.4554.75.236.9054.247.65.132Twitterapi.twitter.com*.twimg.comGoogle74.125.29.8474.125.226.24374.125.228.1074.125.228.7474.125.228.111130.111.19.240173.194.74.95Facebook*.facebook.com*.akamaihd.net*.fbcdn.netconnect.facebook.comLinkedIn8.247.88.22523.202.203.12064.94.107.57138.108.7.20216.52.242.80216.52.242.86PayPalExpressCheckout173.0.82.77/3292.122.246.85/3266.117.29.34/32216.113.188.89/3266.235.147.113/32IfyouwishtodisableApple'sCaptiveAssistantpleaseaddthefollowingtoyourwalledgardenwww.apple.comwww.airport.uswww.ibook.infowww.thinkdifferent.uswww.itools.infowww.appleiphonecell.comcaptive.apple.com

Page12of14

GlobalReachTechnologyLtdCommercialinConfidence

FREQUENTLYASKEDQUESTIONS

Q.Iwanttoadddifferentauthenticationprovidertypes,howdoIdothis?A.PleaseseeourOdyssysAuthenticationguideforfurtherinformation.

Q.IneedmoreinformationonhowtosetupOdyssysA.PleaseseeourOdyssyssetupguide.

Page13of14

GlobalReachTechnologyLtdCommercialinConfidence

GLOSSARY

ACL-AccessControlListAAA-Authentication,Authorization,andAccountingDHCP-DynamicHostConfigurationProtocolDNS-DomainNameServiceNAT-NetworkAddressTranslationPORT-Aprocess-specificoranapplication-specificsoftwareconstructservingasacommunicationendpoint,whichisusedbytheTransportLayerprotocolsofInternetProtocolsuite,suchasUserDiagramProtocol(UDP)andTransmissionControlProtocol(TCP)RADIUS-RemoteAuthenticationDialInUserService(RADIUS)SHAREDSECRET-AsinglepasswordsharedbetweentwodevicesSSID-ServiceSetIdentifier-AuniqueidentifierforyourWi-FiserviceWLAN-WirelessLocalAreaNetworkWLC-WirelessLocalAreaNetworkController

GlobalReachTechnologyLtdCravenHouse,121KingswayLondonWC2B6PAT+44(0)2078315630info@globalreachtech.comCopyright©GlobalReachTechnologyLimitedAllrightsreserved.GlobalReachandtheGlobalReachlogoareregisteredtrademarks.