MikroTik RouterOS v2.9 Reference Manual page 525

/ip proxy. If that is absent too, the request will be resolved by the local proxy
login-by ( multiple choice: cookie | http-chap | http-pap | https | mac | trial ; default:
cookie,http-chap ) - which authentication methods to use
• cookie - use HTTP cookies to authenticate, without asking user credentials. Other method will
be used in case the client does not have cookie, or the stored username and password pair are
not valid anymore since the last authentication. May only be used together with other HTTP
authentication methods (HTTP-PAP, HTTP-CHAP or HTTPS), as in the other case there would
be no way for the cookies to be generated in the first place
• http-chap - use CHAP challenge-response method with MD5 hashing algorithm for hashing
passwords. This way it is possible to avoid sending clear-text passwords over an insecure
network. This is the default authentication method
• http-pap - use plain-text authentication over the network. Please note that in case this method
will be used, your user passwords will be exposed on the local networks, so it will be possible
to intercept them
• https - use encrypted SSL tunnel to transfer user communications with the HotSpot server.
Note that in order this to work, a valid certificate must be imported into the router (see a
separate manual on certificate management)
• mac - try to use client's MAC address first as its username. If the matching MAC address exists
in the local user database or on the RADIUS server, the client will be authenticated without
asking to fill the login form
• trial - does not require authentication for a certain amount of time
radius-accounting ( yes | no ; default: yes ) - whether to send RADIUS server accounting
information on each user once in a while (the "while" is defined in the radius-interim-update
property)
radius-default-domain ( text ; default: "" ) - default domain to use for RADIUS requests. It
allows to select different RADIUS servers depending on HotSpot server profile, but may be handful
for single RADIUS server as well.
radius-interim-update ( time | received ; default: received ) - how often to sent cumulative
accounting reports.
• 0s - same as received
• received - use whatever value received from the RADIUS server
rate-limit ( text
[rx-burst-rate[/tx-burst-rate] [rx-burst-threshold[/tx-burst-threshold] [rx-burst-time[/tx-burst-time]]]]
from the point of view of the router (so "rx" is client upload, and "tx" is client download). All rates
should be numbers with optional 'k' (1,000s) or 'M' (1,000,000s). If tx-rate is not specified, rx-rate is
as tx-rate too. Same goes for tx-burst-rate and tx-burst-threshold and tx-burst-time. If both
rx-burst-threshold and tx-burst-threshold are not specified (but burst-rate is specified), rx-rate and
tx-rate is used as burst thresholds. If both rx-burst-time and tx-burst-time are not specified, 1s is
used as default
smtp-server ( IP address ; default: 0.0.0.0 ) - default SMTP server to be used to redirect
unconditionally all user SMTP requests to
split-user-domain ( yes | no ; default: no ) - whether to split username from domain name when
the username is given in "user@domain" or in "domain\user" format
ssl-certificate ( name | none ; default: none ) - name of the SSL certificate to use for HTTPS
authentication. Not used for other authentication methods
Copyright 1999-2007, MikroTik. All rights reserved. Mikrotik, RouterOS and RouterBOARD are trademarks of Mikrotikls SIA.
Other trademarks and registred trademarks mentioned herein are properties of their respective owners.
; default: "" ) - Rate limitation in form of rx-rate[/tx-rate]
Page 511 of 695