Access Point Instructions for MikroTik

This page explains the Captive Portal configuration for MikroTik Router OS and authentication with IronWiFi.

IronWiFi Console Configuration

  1. Log into the IronWiFi console or register for free
  2. Create a new network
  3. After that, create a new captive portal, with vendor Mikrotik
  4. Download the mikrotik_login.html file. Rename the downloaded file to login.html

Access Point Configuration

to your MikroTik configuration interface, usually

  1. Navigate to Hotspot -> Users and add a temporary user called user1 and set a password for this new user
  2. Navigate to Hotspot -> Servers and click the Hotspot Setup button. Configure with:
  • Hotspot Interface - bridge
  • The local address of network -
  • Masquerade Network - On
  • Address Pool of Network - -
  • Select Certificate - none

The access point will redirect you to the default Hotspot Authentication page. Sign in as "user1" and return to the Mikrotik configuration interface

Now, the newly created server was assigned the name "hotspot1", which you need to change for the mac address of your access point. Navigate to the quick set (main dashboard) to copy the mac address.


  1. After you have copied the mac address, return to the hotspot settings and click on the server named "hotspot1". Then just paste the mac address to the name field and click apply
  2. Navigate to Hotspot -> Server Profiles and click the newly created profile called hsprof1
  3. In the Login by section, configure with the following values:
  • HTTP CHAP - un-check
  • Cookie - un-check
  • HTTP PAP - check
  • Use RADIUS - check
  1. Navigate to IP -> Hotspot -> Walled Garden IP List and allow access to the IronWiFi global load-balancer -
  • Enabled - check
  • Action - accept
  • Server - hotspot1
  • Dst. Address -
  • Protocol - (6) tcp
  • Dst. Port - 443
  1. In the MikroTik configuration menu, navigate down to the Radius and click Add New to add RADIUS server. In the Service section, configure with:
  • Service - hotspot
  • Address - get this value from the IronWiFi console
  • Secret - get this value from the IronWiFi console
  • Authentication Port - get this value from the IronWiFi console
  • Accounting Port - get this value from the IronWiFi console
  • Timeout - 1000ms

Use an FTP client to connect to the access point and navigate to /flash/hotspot (or /hotspot). Create a copy of the login.html file and upload the previously downloaded file login.html to the access point.

$ ftp
(username admin, empty password)
$ cd /hotspot

$ get login.html login.html-backup

$ put mikrotik_login.html login.html

! You must also install a valid SSL certificate on your controller/AP, in order to avoid authentication issues !