MikroTik Hotspot Setup Step by Step (Café & Hotel WiFi 2026

MikroTik Hotspot Setup Step by Step (Café & Hotel WiFi 2026)

Quick Answer: To set up a MikroTik hotspot, open Winbox → go to IP → Hotspot → Hotspot Setup → select your LAN interface → configure IP pool and DNS → create user profiles with bandwidth limits → add user accounts. Done in under 15 minutes on any RouterOS 6.x or 7.x router.

Whether you run a café in Kathmandu or a hotel in Pokhara, MikroTik’s built-in Hotspot feature gives you a professional WiFi login system — completely free. Your customers see a branded login page, you control their speed, and you decide how long each session lasts.

This guide is the most complete MikroTik hotspot setup walkthrough you will find. Every step is tested on real hardware. No fluff.

Applies to: MikroTik hAP ac², hAP lite, RB450Gx4, RB3011, CCR series, CHR — running RouterOS 6.49+ or 7.x.

What You Need Before You Start

• ✅ Any MikroTik router (hAP ac², RB450Gx4, CCR, RB3011, etc.)
• ✅ Winbox installed on your Windows PC (or use WebFig in browser)
• ✅ Internet working on your WAN port (ether1)
• ✅ A LAN interface ready for hotspot clients (ether2, bridge, or wlan1)
• ✅ RouterOS 6.49 or newer (RouterOS 7.x fully supported)

MikroTik Hotspot vs Simple Queue — Which Do You Need?

If you need login control → use Hotspot. For a simple home or office bandwidth limiter, Simple Queue is enough.

MikroTik Hotspot Setup at a Glance

Step-by-Step MikroTik Hotspot Setup Guide

Step 1: Connect to Your MikroTik Router via Winbox

1. Open Winbox on your PC.
2. Click the Neighbors tab. Your MikroTik router will appear in the list.
3. Click the MAC address (not the IP) to connect — this works even if IP is not configured yet.
4. Login credentials:
   • Username: admin
   • Password: blank (press Enter) — unless you already set one
5. Click Connect.

[Screenshot: Winbox Neighbors tab showing MikroTik router with MAC address]
Alt text: Winbox neighbor discovery showing MikroTik router MAC address for login

Step 2: Assign a LAN IP Address to Your Interface

Your hotspot clients need a local IP range. Let’s assign one.

1. Go to IP → Addresses.
2. Click + (Add).
3. Fill in:
   • Address: 192.168.88.1/24
   • Interface: ether2 (or your LAN bridge name)
4. Click OK.

Or run this terminal command:

/ip address add address=192.168.88.1/24 interface=ether2

[Screenshot: IP Addresses window — 192.168.88.1/24 added on ether2, status R (running)]
Alt text: MikroTik IP Addresses window showing 192.168.88.1/24 on ether2 interface

Step 3: Run the MikroTik Hotspot Setup Wizard

The setup wizard handles the complex configuration automatically — DHCP, DNS redirect, firewall rules, and more.

1. Go to IP → Hotspot.
2. Click the Hotspot Setup button at the top.
3. A wizard window opens. Follow each screen:

Complete Wizard Walkthrough:

4. Click Next on each screen.
5. Click OK on the final confirmation screen.

✅ Your hotspot is now active. MikroTik has automatically created a DHCP server, DNS redirect, and firewall rules for the hotspot to work.

[Screenshot: Hotspot Setup Wizard — interface selection screen with ether2 selected]
Alt text: MikroTik Hotspot Setup Wizard showing LAN interface selection in Winbox

/ip firewall nat add chain=srcnat out-interface=ether1 action=masquerade

Step 4: Create User Profiles (Bandwidth & Session Limits)

User profiles are the heart of the hotspot. They define how fast each user can browse and how long their session lasts.

1. Go to IP → Hotspot → User Profiles tab.
2. Click + to add a new profile.
3. Configure the fields:
   • Name: Give it a clear name, e.g., free, basic, premium
   • Rate Limit (rx/tx): download/upload in Mbps — e.g., 3M/3M
   • Session Timeout: e.g., 2h = 2 hours, 1d = 1 day, 00:00:00 = unlimited
   • Idle Timeout: e.g., 10m — kicks user if idle for 10 minutes
   • Shared Users: 1 — prevents the same account being shared on multiple devices
4. Click OK.

Recommended Profiles for Cafés and Hotels:

Terminal commands for quick setup:

/ip hotspot user profile
add name=free rate-limit=1M/512k session-timeout=30m idle-timeout=5m shared-users=1
add name=basic rate-limit=3M/3M session-timeout=2h idle-timeout=15m shared-users=1
add name=premium rate-limit=10M/10M session-timeout=24h idle-timeout=1h shared-users=2
add name=staff rate-limit=50M/50M session-timeout=0s idle-timeout=0s shared-users=1

[Screenshot: IP → Hotspot → User Profiles tab showing basic and premium profiles with rate limit fields]
Alt text: MikroTik Winbox User Profiles window showing rate limit and session timeout settings

Step 5: Add Hotspot Users

1. Go to IP → Hotspot → Users tab.
2. Click + to add a user.
3. Fill in:
   • Name: username, e.g., guest1, room101, table5
   • Password: e.g., cafe2026
   • Profile: choose from your profiles — basic, premium, etc.
   • Limit Uptime: (optional) e.g., 5h total usage per account
   • Limit Bytes Total: (optional) data cap in bytes, e.g., 1073741824 = 1 GB
4. Click OK.

/ip hotspot user
add name=guest1 password=cafe2026 profile=basic
add name=room101 password=hotel@101 profile=premium
add name=staff password=myadmin99 profile=staff

[Screenshot: IP → Hotspot → Users tab showing guest1 and room101 with profile assigned]
Alt text: MikroTik hotspot users list in Winbox showing usernames, profiles, and uptime

Step 6: Test the Hotspot Login Page

1. Connect a phone or laptop to your hotspot WiFi (or plug into the LAN port).
2. Open a browser and visit http://neverssl.com — this forces an HTTP request.
3. You should be automatically redirected to the MikroTik hotspot login page.
4. Enter the username and password you created in Step 5.
5. Click Log In.
6. You now have internet access. ✅

[Screenshot: MikroTik default hotspot login page on mobile Chrome browser]
Alt text: MikroTik hotspot login page showing username and password fields on mobile

Step 7: Customize the Hotspot Login Page (Captive Portal) — Optional

Replace the plain MikroTik login page with your own branded design — café name, logo, custom colors.

1. In Winbox, go to Files.
2. You will see a folder called hotspot. Click on it.
3. Right-click login.html → Download.
4. Open the file in VS Code, Notepad++, or any HTML editor.
5. Customize the HTML: add your logo, brand colors, and business name.
6. Keep these required variables exactly as they are:
   • $(username) — login username input field
   • $(password) — password input field
   • $(error) — error message display area
   • $(chap-id) and $(chap-challenge) — for CHAP authentication
7. Save the file and drag it back into the hotspot folder in Winbox Files.
8. Test on a client device — your custom page should appear immediately.

Advanced Hotspot Features

Walled Garden — Allow Sites Without Login

Walled Garden lets specific websites work before the user logs in. Use this for your business website, a payment page, or a menu/QR code page.

1. Go to IP → Hotspot → Walled Garden tab.
2. Click +.
3. Enter the domain in Dst. Host, e.g., menu.yourcafe.com.np.
4. Click OK.

/ip hotspot walled-garden
add dst-host=menu.yourcafe.com.np
add dst-host=*.yourhotel.com.np

MAC Address Bypass — Skip Login for Trusted Devices

Let your POS system, CCTV, or staff laptop connect without entering credentials:

/ip hotspot user add name=pos-system mac-address=AA:BB:CC:DD:EE:FF profile=staff password=""

The device connects automatically — no login page shown.

Auto Reset Hotspot Users Daily (Scheduler)

Ideal for hotels — automatically remove all guest accounts at midnight and start fresh:

/system scheduler add \
  name="daily-hotspot-reset" \
  interval=1d \
  start-time=00:00:00 \
  on-event="/ip hotspot user remove [find where profile!=staff]"

Voucher System with User Manager

For paid WiFi (like printing vouchers for café customers), MikroTik’s User Manager package adds a full voucher generation and management system. You can print codes on paper slips and hand them to customers.

User Manager requires the user-manager RouterOS package. Install it via System → Packages → Check for Updates.

Full guide: [Internal Link] MikroTik User Manager Setup Guide

Enable HTTPS on Hotspot Login Page

Modern browsers block HTTP pages by default. Enable HTTPS for the login page:

1. Go to System → Certificates.
2. Click + → Generate a self-signed certificate for your hotspot domain.
3. Go to IP → Hotspot → Server Profiles.
4. Open your hotspot server profile and set SSL Certificate to the generated cert.

/certificate add name=hotspot-cert common-name=wifi.cafe days-valid=3650 key-size=2048
/certificate sign hotspot-cert
/ip hotspot profile set [find] ssl-certificate=hotspot-cert login-by=http-chap,https

MikroTik Hotspot Troubleshooting

These are the most common problems and their exact fixes:

7 Common Mistakes When Setting Up MikroTik Hotspot

These are the real mistakes we see most often — not found in official docs:

1. Running hotspot on ether1 (WAN) instead of ether2 (LAN).
   Always run hotspot on the LAN-facing interface. Running it on WAN exposes your login page to the internet.
2. Forgetting to enable masquerade after setup.
   The wizard should add it automatically, but always verify in IP → Firewall → NAT. Without it, logged-in users get no internet.
3. Not setting Idle Timeout on user profiles.
   Without idle timeout, one customer can occupy a hotspot slot indefinitely while sitting idle. Set it to 10–15 minutes for cafés.
4. Setting Shared Users to 0 (unlimited) by accident.
   In RouterOS, Shared Users = 0 means unlimited simultaneous logins. Set it to 1 to prevent account sharing.
5. Using the same IP range as an existing DHCP server.
   If you already have 192.168.88.0/24 in use elsewhere, use a different subnet for hotspot (e.g., 192.168.100.0/24).
6. Not testing on both Android and iOS.
   iOS handles captive portal detection differently. Always test the login page on an iPhone before going live.
7. Skipping HTTPS for the login page.
   Modern browsers default to HTTPS. Without an SSL cert on your hotspot, many users (especially on Chrome/Safari) will see certificate errors or simply not get redirected.

MikroTik Hotspot for Nepal — Practical Advice

• ISP fiber setup (PPPoE): Most Nepal ISPs use PPPoE authentication. Set up PPPoE client on ether1 first → then run hotspot on ether2 or bridge. See: MikroTik PPPoE Setup Guide.
• Load shedding: Connect your MikroTik + ONU to a UPS (even a small 12V/7Ah battery UPS). Hotspot sessions disconnect on power cut and users must re-login.
• Multi-floor hotels: Use a managed switch + multiple WiFi APs (TP-Link EAP, Ubiquiti, or MikroTik cAP) all connected to the same bridge. One hotspot instance on the MikroTik covers all floors and all APs.
• Free trial for café customers: Create a free profile (1M/512k, 30 minutes). Print the WiFi name on receipts or tables with the shared password. Customers can connect once per visit.
• NTA compliance: Nepal’s NTA regulations require ISPs and public WiFi operators to log user sessions. Enable hotspot logging: IP → Hotspot → Active logs all sessions. For longer retention, send logs to a syslog server.

Key Takeaways

• ✅ The Hotspot Setup Wizard (IP → Hotspot → Hotspot Setup) does 90% of the work in under 5 minutes.
• ✅ User Profiles are how you control bandwidth (Rate Limit) and session duration (Session Timeout).
• ✅ Always verify the masquerade NAT rule exists on your WAN interface after setup.
• ✅ Use http://neverssl.com to test hotspot redirect — modern browsers use HTTPS by default.
• ✅ Shared Users = 1 in the profile prevents one account being used on multiple devices.
• ✅ Walled Garden allows your business website to load before login.
• ✅ For iOS devices, add captive.apple.com to Walled Garden or enable HTTPS on the login page.
• ✅ MAC address bypass is the cleanest way to give staff or devices internet without login.

Frequently Asked Questions

Related MikroTik Guides on Madankc.com.np

• 📌 MikroTik Guides — Full Hub Page
• 📌 MikroTik PPPoE Setup for Nepal ISP (Winbox Guide)
• 📌 MikroTik Simple Queue — Bandwidth Limit Per User
• 📌 MikroTik Firewall Rules for Beginners
• 📌 192.168.88.1 — MikroTik Default Login Guide
• 📌 ONU LOS Blinking Fix — Nepal ISP Fiber Guide
• 📌 Fiber Internet Not Working in Nepal — Full Fix Guide

External reference: Official MikroTik Hotspot Documentation — help.mikrotik.com