used, otherwise (in case RADIUS reply did not contain the group for that user) the default profile is
used to set default values for parameters, which are not set in RADIUS access-accept message. For
more information on how the interaction with a RADIUS server works, see the respective manual
section.
The HTTP PAP method also makes it possible to authenticate by requesting the page
/login?username=username&password=password . In case you want to log in using telnet connection,
the exact HTTP request would look like that: GET
/login?username=username&password=password HTTP/1.0 (note that the request is
case-sensitive)
Authorization
After authentication, user gets access to the Internet, and receives some limitations (which are user
profile specific). HotSpot may also perform a one-to-one NAT for the client, so that a particular
user would always receive the same IP address regardless of what PC is he/she working at.
The system will automatically detect and redirect requests to a proxy server a client is using (if any;
it may be set in his/her settings to use an unknown to us proxy server) to the proxy server embedded
in the router.
Authorization may be delegated to a RADIUS server, which delivers similar configuration options
as the local database. For any user requiring authorization, a RADIUS server gets queried first, and
if no reply received, the local database is examined. RADIUS server may send a Change of
Authorization request according to standards to alter the previously accepted parameters.
Advertisement
The same proxy used for unauthorized clients to provide Walled-Garden facility, may also be used
for authorized users to show them advertisement popups. Transparent proxy for authorized users
allows to monitor http requests of the clients and to take some action if required. It enables the
possibility to open status page even if client is logged in by mac address, as well as to show
advertisements time after time
When time has come to show an advertisement, the server redirects client's web browser to the
status page. Only requests, which provide html content, are redirected (images and other content
will not be affected). The status page displays the advertisement and next advertise-interval is used
to schedule next advertisement. If status page is unable to display an advertisement for configured
timeout starting from moment, when it is scheduled to be shown, client access is blocked within
walled-garden (as unauthorized clients are). Client is unblocked when the scheduled page is finally
shown. Note that if popup windows are blocked in the browser, the link on the status page may be
used to open the advertisement manually.
While client is blocked, FTP and other services will not be allowed. Thus requiring client to open
an advertisement for any Internet activity not especially allowed by the Walled-Garden.
Accounting
The HotSpot system implement accounting internally, you are not required to do anything special
for it to work. The accounting information for each user may be sent to a RADIUS server.
Page 507 of 695
Copyright 1999-2007, MikroTik. All rights reserved. Mikrotik, RouterOS and RouterBOARD are trademarks of Mikrotikls SIA.
Other trademarks and registred trademarks mentioned herein are properties of their respective owners.
To Next Page
Loading...
General