Over the next couple of weeks, we’ll be featuring a number of articles to serve as a crash course into MikroTik – MikroTik 101. This week we’ll be focusing on MikroTik’s HotSpot Gateway! 

First thing first, what does the MikroTik HotSpot Gateway do?

The MikroTik HotSpot Gateway enables providing of public network access for clients using wireless or wired network connections.

How does the MikroTik Hotspot Gateway work?

The user will be presented a login screen when first opening his web browser. Once a login and password are provided, the user will be allowed internet access. This is ideal for hotels, schools, airports, internet cafes or any other public place where the administration doesn’t have control over the user’s computer. 

What does that mean for you as the hotspot provider?

Plug-n-Play access to the Network: HotSpot is a way to authorize users to access some network resources, but does not provide traffic encryption. To log in, users may use almost any web browser (either HTTP or HTTPS protocol), so they are not required to install additional software.

Authentication of local Network Clients: The HotSpot system is targeted to provide authentication within a local network (for the local network users to access the Internet), but may as well be used to authorize access from outer networks to access local resources (like an authentication gateway for the outside world to access your network)

User Accounting: The HotSpot system implement accounting internally, you are not required to do anything special for it to work. The accounting information for each user may be sent to a RADIUS server.

RADIUS support for Authentication and Accounting: Hotspot also supports authentication against standard RADIUS servers and MikroTik’s own User Manager which will give you centralized management of all users in your networks.

Configurable bypass for non-interactive devices: No software installation or network configuration is needed, the hotspot will direct any connection request to the login form!

Walled garden for browsing exceptions: It is possible to allow users to access some web pages without authentication using the Walled Garden feature. When a not-logged-in user requests a service allowed in the Walled Garden configuration, the HotSpot gateway does not intercept it, or in the case of HTTP, simply redirects the request to the original destination. Other requests are redirected to the HotSpot servlet (login page infrastructure). When a user is logged in, there is no effect of this table on him/her.

Trial user and Advertisement modes: Extensive user management is possible by making different user profiles, each of which can allow certain uptime, upload and download speed limitation, transfer amount limitation and more. Also, the same proxy used for unauthorized clients to provide Walled-Garden facility may also be used for authorized users to show them advertisement popups. Transparent proxy for authorized users allows to monitor HTTP requests of the clients and to take some action if required. It enables the possibility to open a status page even if the client is logged in by mac address, as well as to show advertisements time after time.

(source: wiki.mikrotik.com)