To manage a mikrotik router using Jaze ISP Manager, the following steps are to be followed:


On Mikrotik Winbox/Webfig

Step 1

Setup the initial configuration of Mikrotik following the steps from here. Make sure that you are able to connect to the internet via any port in the Mikrotik router. 

In winbox click IP > DHCP Client and Add DHCP Client to port ether1  (IP through DHCP)

(or)

In winbox click IP > Addresses and Add Address. Assign a static IP to the interface ether1 (Static IP) 

If you are able to access the internet then we are ready to integrate with Jaze ISP Manager.

Now you will have two interfaces. One is the ether1(WAN) which you had setup and the other would be the ether2(LAN) which is your local network where guests connect. Let us assume for this tutorial that the LAN IP address is 192.168.88.1/24

Step 2

Go to Quick Set. Click on Check for Updates. Click on "Download & Upgrade"  button if it appears. Make sure the version is the latest in 6.X. For more details visit http://wiki.mikrotik.com/wiki/Manual:Upgrading_RouterOS

Step 3

  • Go to System -> NTP Client

    • Check the Enable checkbox.

    • Leave the mode as unicast

    • Enter NTP server IP. Example -> Primary NTP server - 103.224.117.98, Secondary NTP server - 204.2.134.162

  • Go to System -> Clock

    • Choose the correct Time Zone Name.

Step 4

  • You can see the MAC address of the WAN interface by clicking on interfaces in the winbox. Copy the MAC address.

  • Open System -> Identity. Set the value as the MAC address of the WAN interface copied above.

Step 5

  • Download the files cloudwifi-bundle.crt and cloudwifi.jazenetworks.com.key
  • On Mikrotik, go to Files and upload these 2 files (or) drag-and-drop the files in the Files window of winbox to upload
  • On Mikrotik terminal (accessible through SSH or New Terminal on winbox), enter the following commands

    > /certificate
    import file-name=cloudwifi-bundle.crt

    Leave the pass-phrase empty and press Enter

    import file-name=cloudwifi.jazenetworks.com.key

    Leave the pass-phrase empty and press Enter

    > print

    Note down the NAME of the certificate entry whose COMMON-NAME is cloudwifi.jazenetworks.com

 

Step 6

  • Download  jaze_hotspot.zip from here
  • Unzip the file
  • Drag and drop the jaze_hotspot folder to Files as a root directory. You can also FTP the files in your Mikrotik router with the admin username and password.


Step 7

Setup DHCP for hotspot users.

  • Go to IP -> Pool
    • On the Server tab, click on + button to add a new IP pool. In the dialog which appears, enter the following values -
      • Name - dhcp_pool
      • Addresses - 192.168.88.10-192.168.88.250 <Enter IP in the range of the LAN IP>
      • Next Pool - none
    • Click Ok

  • Go to IP -> DHCP Server
    • On the Server tab, click on + button to add a new dhcp server. In the dialog which appears, enter the following values -
      • Name - dhcp_hotspot
      • Interface - ether2 <LAN interface>
      • Address Pool - dhcp_pool
      • Leave rest of the values as it is

    • On the Networks tab, click on + button to add a new DHCP networks
      • Address - 192.168.88.0/24
      • Gateway - 192.168.88.1
      • Leave the rest of the value at the defaults

Step 8

Now we can add a hotspot to the LAN interface. 

  • Go to IP -> HotSpot

  • On the Server tab, click on + button to add a new hotspot server. In the dialog which appears, enter the following values -
    • Name - <MAC address of WAN interface/same as System->Identity value>

    • Interface - ether2 <LAN interface>

    • Address Pool - <Choose address pool created in previous step>

    • Profile - default

    • Idle Timeout - <empty>

    • Keepalive Timeout - 00:02:00

  • On the Server Profiles, edit the default profile
    • On General tab,  set the DNS name as www.cloudwifi.jazenetworks.com. Set the rest of the values at its defaults.
    • On Login tab, set the following values
      • Login By - Check HTTP PAP, HTTPS, MAC cookie. 
        • Also check "MAC" if required. Set MAC Auth. Password as jazenetworks
      • SSL Certificate - cert_1 <Certificate corresponding to the common-name cloudwifi.jazenetworks.com>
    • On RADIUS tab, set the following values -
      • Check Use RADIUS
      • Check Accounting
      • Leave the rest as it is

  • On User Profiles tab, edit the default profile
    • On General tab,
      • Address Pool - dhcp_pool
      • Shared Users - 1000
      • Leave rest at defaults
    • On Queue tab, set queue type as default

  • On Walled Garden, click on the + button to add an entry
    • Action -  allow
    • Dst. Host - *.jazenetworks.com
    • Leave the rest as it is

Step 9

Configure the radius server.

Primary Radius

  • Open Radius from the sidebar
  • On the General tab, click on + button to add a new radius server. In the dialog which appears, enter the following values -
    • Service - hotspot
    • Address - 180.179.56.164
    • Secret - jazenetworks
    • Timeout - 5000 ms
    • Leave the rest of the values at their defaults.
  • Click Ok
  • Accept Radius Incoming. Then, Click Ok

 Secondary Radius

  • Open Radius from the sidebar
  • On the General tab, click on + button to add a new radius server. In the dialog which appears, enter the following values -
    • Service - hotspot
    • Address - 180.179.56.165
    • Secret - jazenetworks
    • Timeout - 5000 ms
    • Leave the rest of the values at their defaults.
  • Click Ok
  • Accept Radius Incoming. Then, Click Ok

Step 10

Setup scheduler

If MAC authentication is enabled in System -> Scheduler,then add another scheduler with the following values -


    • Name - removeUnauthorizedHosts
    • Start Date - <Leave as it is>
    • Start Time - <Leave as it is>
    • Interval - 00:10:00
    • On Event -
      :foreach HOST in=[/ip hotspot host find authorized=no bypassed=no] do={/ip hotspot host remove $HOST}
    • Policy - <Leave all checkboxes enabled>

Step 11

To enable Per-user MRTG graphs, do the following - 

  • Open IP -> SNMP
    • Check the Enabled checkbox
    • Click on the Communites button on the right
    • In the SNMP Communities dialog, open the entry with value Public. Set the following values -
      • Name - jaze
      • Addresses - 180.179.56.164
    • Leave the rest at their default

Step 12

To enable NAT logging, do the following - 

  • Open System -> Logging
    • Go to the Actions tab
      • Click on the + button to create a new logging action with the following values -
        • Name - jaze
        • Type - remote 
        • Remote Address - 128.199.230.45
        • Remote Port - 514
        • Src. Address - <empty>
        • BSD syslog - <unchecked>

    • Go to the Rules tab
      • Click on the + button to create a new rule with the following values -
        • Topics - firewall
        • Prefix - nat-<System identity value from step 4>
        • Action - jaze



      • Open the default logging rule with Topic as info. Add the topic value !firewall and click Ok



  • Open the terminal and execute the following command, replacing 8.8.8.8 with the IP address of the primary DNS server -

    > /ip firewall nat add chain=srcnat action=log dst-address=!8.8.8.8 log=no place-before=0

On Jaze ISP Manager admin dashboard

  • Go to https://isp.jazenetworks.com/routers
  • Click on Add Router
  • In the page which appears enter the following values - 
    • Model - Mikrotik
    • MAC Address - <Set as the Identity set in Step 4 above>
    • Name - <Give the router some name>
    • Group - <Select a group from the dropdown>
    • CoA Port - 3799

      If you want per-user MRTG graphs and the Mikrotik router is on a public IP, enter the following values as well. Else leave the rest empty and clickAdd

    • Router IP - <Public IP of Mikrotik router>
    • Username - <Mikrotik login username>
    • Password - <Mikrotik login password>
    • Port - 8728
    • IP Auth - <If MAC Login type is enabled, and you want clients to be authorized if they just have the same static IP set as in the user created in Jaze ISP Manager, enable this checkbox>
    • Community String - jaze
  • Click Add