Hey there! Emmanuel Corels here again, the face behind Emmanuel Corels Creatives. We’ve been cruising through various MikroTik features—firewalls, VPNs, VLANs, QoS, and more. Now, let’s dive into something that often makes people say, “Wow, I didn’t know my router could do that!” That’s right: MikroTik Hotspot. It’s the magic behind those pop-up login pages you see at cafés, hotels, and airports.
Why a Hotspot?
Imagine you’re running a small business or a café, and you want customers to see a welcome page and agree to your terms before using the Wi-Fi. Or maybe you’re a network admin who wants employees to log in with personal credentials. A Hotspot does exactly that: it intercepts traffic and directs it to a captive portal where users must sign in or accept your conditions before they get real internet access.
Beyond that, you can customize the login page, set up usage limits, create vouchers, or integrate with third-party payment systems. It’s a powerful system that can be as simple or elaborate as you want.
First Steps and Basic Setup
Open WinBox and go to IP → Hotspot. There’s a handy “Hotspot Setup” button that walks you through the essentials:
- Pick the interface that’ll serve as your Hotspot network (like a dedicated Wi-Fi interface or a VLAN).
- Assign or confirm the IP address (this is usually the default gateway for your Hotspot clients).
- Define the IP pool that will be used to hand out addresses (unless you already have a DHCP server set up).
- Set up a DNS name for your Hotspot if you want, or just keep it simple for now.
- Specify a Hotspot admin username and password at the end.
Click OK and let the wizard do its thing. Behind the scenes, it’ll generate some firewall rules and create a default “hotspot” folder in Files that holds the HTML pages for the captive portal.
Checking Out the Default Configuration
After running the setup, you’ll see a new entry under IP → Hotspot → Servers. This is your newly created Hotspot instance. There are also auto-generated Hotspot Users (including that admin account you just created).
If you hop over to IP → Firewall, you’ll find rules that reference “hotspot” in the chain or the comment. These rules intercept any device that tries to browse the web without being authenticated and redirect it to the captive portal. MikroTik does that redirection by messing with DNS requests and firewall NAT rules in the background.
Customizing the Hotspot Page
Under Files in WinBox, there should be a folder named hotspot (or something similar). Inside, you’ll see HTML files like login.html. That’s the default login page presented to your guests. Feel free to edit these files (download them, tweak them in your favorite text editor, re-upload) to add branding, disclaimers, or instructions. If you’re comfortable with HTML, you can build a pretty snazzy captive portal in no time.
Managing Hotspot Users
Hop into IP → Hotspot → Users and you’ll see some entries. You can create new users by clicking “+.” Each user has a username/password, and you can also apply time or data limits if you want. For instance, let’s say you want a user named guest1 with a password secretpass:
/ip hotspot user add name=guest1 password=secretpass
If you need more advanced controls (like bandwidth throttling), look under IP → Hotspot → User Profiles. You can define a profile that sets a rate limit (for example, 2M/2M) or idle timeouts. Then assign that profile to any user.
Walled Garden (Allowing Certain Sites Without Login)
Sometimes you need to let users hit specific pages—like a payment portal or your official website—before they authenticate. That’s where the Walled Garden comes in. Under IP → Hotspot → Walled Garden, you can add entries to allow traffic to particular destinations without forcing a login. For instance:
/ip hotspot walled-garden add dst-host=www.mybusinesssite.com action=allow
Your visitors can now access that domain freely, even if they haven’t gone through the login process yet.
Vouchers and External Billing
If you’re feeling fancy, you can integrate third-party billing or create voucher codes in bulk. This often involves external scripts or RADIUS servers, but the basic idea remains the same. Users enter a code or pay a fee on the Hotspot page, and the system grants them access accordingly. The possibilities are endless, but that’s a deeper dive for another day.
Common Pitfalls and Tips
- DNS Confusion: If the Hotspot isn’t intercepting user traffic, make sure your users are using the router as their DNS server (or that the traffic goes through the router).
- Firewall Conflicts: The Hotspot wizard auto-creates rules, so double-check you’re not blocking or bypassing them with your own.
- SSL Certificate: If you need secure login pages (HTTPS), consider importing a valid certificate in System → Certificates and applying it to your Hotspot. Otherwise, browsers might display warnings.
- Performance Considerations: Hotspot can add overhead, especially with large user counts. Keep an eye on CPU usage if you run a bustling environment.
Wrapping It Up
Congrats! You now have a working MikroTik Hotspot, complete with a captive portal that gently requests (or demands) user login. It’s a game-changer for cafés, guest Wi-Fi, small businesses, and even enterprise setups that need a friendly (and secure) way to handle visitors.
Feel free to tinker with the HTML splash page, user profiles, vouchers, or RADIUS integration. There’s a whole world of customization awaiting you—so keep experimenting until it’s just the way you like. As always, I’m right here if you run into snags or have burning questions.
Typed from the heart by:
Emmanuel Corels, Admin, Emmanuel Corels Creatives
(Stay tuned for more MikroTik adventures—because we both know we can’t get enough!)
