How to Share Wi-Fi for a Fee: From Router Setup to Billing

Setting up commercial internet access is a complex process that requires not only technical equipment but also proper software configuration. Owners of hotels, cafes, hostels, and coworking spaces often wonder how to turn a simple connection into a source of revenue, or at least a means of traffic control. Simply distributing the signal through a standard router is not an option, as it doesn't allow for user tracking, session time limits, or automated payment processing.

There are several proven ways to accomplish this task, each with its own advantages and disadvantages depending on the scale of your business. You can use specialized hotspot gateways, set up complex authorization systems based on Linux servers Or use cloud solutions that handle all client management. The choice of a specific method directly depends on the number of simultaneous connections and the desired functionality.

In this article, we'll take a detailed look at the technical aspects of creating a paid hotspot, including the necessary hardware and software. You'll learn how to set it up. captive portal (authorization page), which protocols are best for data security, and how to integrate the system with payment gateways. Proper network organization will protect you from abuse and ensure the stable operation of the service.

Selecting equipment for organizing commercial Wi-Fi

The first step to creating a paid network is selecting the hardware base. Regular consumer routers, available at any electronics store, rarely have built-in functionality for user authorization and billing. For these purposes, enterprise- or provider-grade equipment that supports the following protocols is required. RADIUS And Captive Portal.

The most popular solution on the market is the company's equipment MikroTikThese devices are renowned for their flexibility and powerful operating system. RouterOS, which allows you to implement virtually any network logic. Access points from Ubiquiti UniFi or TP-Link Omada, which often require a separate controller (hardware or software) to manage users.

⚠️ Attention: When choosing a router, be sure to pay attention to the "number of simultaneous connections" rating. Cheaper models may crash when attempting to connect more than 10-15 devices, which is critical for high-traffic establishments.

Channel bandwidth and frequency support are also important to consider. Modern standards require equipment operating in both the 2.4 GHz and 5 GHz bands. Dual-band access points allow for load balancing: older devices can operate on 2.4 GHz, while modern smartphones and laptops can use the faster and less noisy 5 GHz band.

πŸ“Š What equipment do you plan to use?
MikroTik
Ubiquiti
TP-Link
Cisco
Other

How the user authorization system works

The core of paid Wi-Fi is a mechanism that intercepts requests from unauthorized users and redirects them to a special page. This process is called Captive PortalWhen a client connects to the network, it technically receives an IP address, but all its HTTP traffic is redirected to the local gateway address, where the login or payment form is displayed.

There are several methods for identifying clients. The simplest is authorization using voucher codes, which the administrator generates in advance and sells to users. A more complex and modern method is integration with SMS gateways, where the user enters a phone number, receives a code in a message, and enters it to access. Authorization via social media is also popular, allowing for the collection of marketing data.

To implement these functions, a combination of hardware and an external server is often used. The router acts as a gateway that sends requests to RADIUS serverThe server verifies credentials (login/password or code), checks the balance, and instructs the router to open access for a specific MAC address. This architecture allows the network to scale across multiple access points without losing centralized management.

What is MAC filtering in the context of a hotspot?

In paid access systems, after successful authorization, the client's device's MAC address is whitelisted. The router remembers the device and doesn't require the user to re-enter the password for a certain period of time (session), even if the user leaves the Wi-Fi range and returns.

MikroTik HotSpot Setup: Step-by-Step Instructions

System setup HotSpot on equipment MikroTik is the gold standard for small and medium businesses. The process begins with preparing the interfaces: a separate interface (physical port or VLAN) must be allocated for the Wi-Fi zone. A DHCP server is configured on this interface to assign addresses to guests.

Next, activate the HotSpot service. In the menu IP β†’ HotSpot The setup wizard launches, asking you to select the interface, address pool, and user profile. A critical step is uploading the authorization page files. The default files can be replaced with custom ones, adding your establishment's logo, terms of use, and payment methods.

β˜‘οΈ HotSpot setup checklist

Completed: 0 / 5

After the basic setup, you need to create user profiles. Profiles set limits on speed (upload/download), traffic volume, and session duration. For example, you can create a "1 Hour," "1 Day," or "Unlimited Monthly" profile. These profiles are then linked to the users or vouchers you create.

⚠️ Attention: Setting interface RouterOS This may vary depending on the firmware version. Before starting work, it is strongly recommended to back up the current configuration so that in the event of an error, you can quickly roll back to a working state.

Integration with payment systems and billing

Automated payment acceptance is a key factor in the success of commercial Wi-Fi. Manually generating codes for each client is inconvenient and time-consuming. Billing systems, which act as an intermediary between the user, the router, and the payment gateway (acquiring), are used for automation.

Popular solutions such as Wi-Fi Monster, HotspotSystem Or custom PHP/Python scripts, they allow the following scenario: the user selects a plan on the login page, pays by card or e-wallet, and the billing system instantly sends a command to the router to activate access. This eliminates the need for administrators.

When integrating, it's important to ensure secure data transfer. All payment pages must use the protocol. HTTPSto prevent card data from being intercepted. Furthermore, the billing system must have a reliable API for interacting with the equipment. A protocol often used is CoA (Change of Authorization), which allows changing user session parameters on the fly without reconnecting.

Comparison of authentication methods: Vouchers, SMS, Social networks

The choice of authorization method depends on the target audience and business model. Each method has its advantages in terms of convenience for the client and the value of the collected data for the network owner. Below is a comparison of the main methods.

Method Difficulty of implementation Cost to the client Marketing value
Vouchers (codes) Low Low (cash payment) Low (anonymity)
SMS authorization Average Medium/High (operator rates) High (phone number)
Social media High Free (exchange for data) Maximum (profile, likes)
Payment card High Depends on the tariff Average (email for receipt)

Vouchers are ideal for high-traffic areas where anonymity and speed are important, such as transport hubs or parks. SMS authentication is popular in countries with cheap mobile data or as a backup method, but is often discouraged by tourists due to the cost of incoming and outgoing messages while roaming.

Authorization via social networks (Facebook, VK, Google) is becoming the standard for cafes and hotels. Customers receive free internet in exchange for liking a page or simply logging into a profile. For the owner, this allows them to build a customer base, repost content, and increase loyalty. However, this method requires more complex technical implementation and compliance with platform rules.

Legal aspects and data security

By offering paid internet access, you assume responsibility for the actions of users on your network. According to the laws of many countries, the access provider (in this case, the establishment owner) is required to store connection logs and ensure user identification. This is necessary for law enforcement agencies in the event of cybercrime.

It's important to ensure isolation of the client network from the business's internal network. Guests should not have access to point-of-sale terminals, accounting servers, or CCTV cameras. This is achieved using technology VLAN (Virtual LAN), which logically separates traffic even when using the same physical equipment.

⚠️ Attention: User data storage (logging) rules and identification requirements are subject to change. Always check the current laws in your country and the requirements of telecommunications regulators before launching a commercial hotspot.

You should also consider protecting against DDoS attacks and abuse. Paid access is often a target for botnets. Configuring proper firewall rules on your router, limiting the number of connections from a single IP, and blocking known ports help minimize risks. Don't forget to regularly update your equipment firmware.

Why is VLAN isolation important?

Without network separation, a hacker connected to your guest Wi-Fi could attempt to attack the cash register computer or introduce ransomware into the establishment's internal network, resulting in financial losses.

Network optimization and support

The work doesn't stop once the system is up and running. Network status, channel load, and user satisfaction must be constantly monitored. Regular log analysis helps identify problems: who is consuming the most traffic, which sites are causing errors, and whether there are any hacking attempts.

Optimization also includes QoS (Quality of Service) settings. This feature allows you to prioritize specific traffic. For example, you can guarantee a minimum speed for browsing traffic, even if someone is downloading large files, so that other users don't experience internet lag.

Technical support for users is an inevitable part of the process. Customers will forget passwords, encounter payment issues, or encounter device incompatibility. Having clear instructions on the login page and the administrator's contact information will significantly reduce the burden on the establishment's staff.

What is the minimum equipment needed to get started?

To start with, one router of the level is enough MikroTik hAP ac2 or RB750Gr3 With HotSpot and one access point support, this will support up to 50 concurrent users. Larger scale deployments will require a separate billing server and professional access points.

Is it possible to create a paid Wi-Fi without programming?

Yes, there are cloud services (SaaS) that provide a ready-made login page and control panel. You simply configure your router to work with their server. This is simpler, but requires a monthly subscription.

What should I do if my internet provider prohibits sharing?

Many plans for individuals prohibit commercial use. You must sign a contract with your provider for internet access for businesses or use a dedicated line to avoid blocking and fines.