🏢

0

Sites

🎫

0

Active Vouchers

📦

0

Unused Vouchers

📊

0 GB

Data Used (Total)

Network Overview

Loading site data...

Recent Voucher Activity

No recent activity

Code Site Usage Status Assigned Created Actions
Loading vouchers...

Daily Data Consumption

Select a site or view all sites to load daily consumption data.

Per-Voucher Daily Breakdown

Site Management

🌐
Each site has its own internet plan. Users get data access via the voucher system. Equipment on management LAN (192.168.88.x) bypasses the voucher system.

Loading sites...

Usage Analytics

📊

0 GB

Total Data Used

🛰️

Starlink 1TB Used

🎫

0

Total Vouchers

📈

0%

Avg Usage per Voucher

📊 Usage by Site

Loading analytics...

🏆 Top Data Consumers

# Voucher Code Site Assigned To Used (GB) Quota (GB) Usage % Status
Loading...

📋 Voucher Status Distribution

Loading...

Cycle Reset History

⚠️
Cycle Reset will expire all active/unused vouchers for the selected site and generate fresh vouchers. Use this when starting a new billing cycle.
Site Location Date Expired Data Used New Vouchers
Loading cycle reset history...

User Management

🔒
Role-Based Access: Admin — full access to all sites, configuration, and user management. User — can only view/manage vouchers for assigned sites.
Username Display Name Role Company Assigned Sites Status Last Login Actions
Loading users...

Deployment Guide & Reference

📥 Download Blank Template

New Site Deployment

Step-by-step:
1. Factory reset router (hold reset 5s)
2. Install User Manager package: run /system resource print on the router to find your exact RouterOS version and architecture (e.g. 7.16.2, arm). Go to mikrotik.com/download/archive → select your version → download "Extra packages" for your architecture → extract user-manager-<version>-<arch>.npk. Version AND architecture must match exactly or the package is silently discarded on reboot. Upload via WinBox → Files → Reboot
3. After reboot, verify: /user-manager print (should show "enabled: no")
4. Connect laptop to ether2, Starlink to ether1
5. Open WinBox → connect to 192.168.88.1
6. On this dashboard: Sites → Add Site (auto-creates 30GB + 40GB profiles)
7. Click 🔗 Sync Key on the site card to generate the API key
8. (Optional) Click Manage in site detail → Profiles to add/remove quota tiers
9. Click 📥 Config on the site card — downloads an .rsc with all profiles + API key baked in
10. Load the config into MikroTik (use /import — do NOT paste):
    a. Open WinBox → Files
    b. Drag the downloaded .rsc file from your computer into the WinBox Files window
    c. Open WinBox → New Terminal and run: /import file-name=filename.rsc (replace with actual filename)
    d. Wait for it to finish — you will see each command echoed
    ⚠️ Do NOT paste the script into the terminal. WinBox terminal silently truncates long pastes, which causes the fleet-sync script (~130 lines at the end of the file) to be cut off. The /import method reads the file from disk and has no character limit.
11. Verify: /system script print (must show "fleet-sync"), then /system script run fleet-sync and /log print where message~"FleetSync"
12. Upload custom login page: drag login.html and logo into the router's hotspot/ folder via WinBox Files
13. (If using U7 Pro AP) Set up the UniFi AP — see the UniFi U7 Pro Setup section below
14. Go to Vouchers → Generate, pick the site & profile — vouchers auto-provision within 5 min
Router: MikroTik RB4011iGS+5HacQ2HnD | RouterOS 7.16+
Management: ether2-5 (192.168.88.x, unrestricted, no voucher)
Guest: ether6-10 + WiFi → VLAN 10, voucher required via boat.wifi
Profiles: Configured per-site (default: 30GB + 40GB, 30-day) | FastTrack disabled
Sync: Every 5 min, single HTTP round-trip, auto-provisioning

Network Architecture

  Starlink Dish (1TB Marine) → ether1 (WAN)
           │
  MikroTik RB4011 (VLAN Filtering ON)
           │
  ├── Management (VLAN 1) ─ ether2-5
  │   192.168.88.0/24 │ No voucher
  │   Equipment, Admin, GPS, CCTV
  │
  └── Guest Hotspot (VLAN 10) ─ ether6-10 + WiFi
      10.0.0.0/24 │ boat.wifi │ dns-server=10.0.0.1
      Open WiFi → Voucher Login (multiple quota tiers)
      User Manager + RADIUS + Fleet Sync (5min)
           │
           └── ether6 → PoE → UniFi U7 Pro (Bridge Mode)
               Same SSID │ Open │ No DHCP │ No Guest Portal
               Hotspot IP binding: bypass AP by MAC address

MikroTik Quick Commands

Run sync: /system script run fleet-sync
Sync log: /log print where message~"FleetSync"
Hotspot users: /ip hotspot active print
Voucher users: /user-manager user print
RADIUS / VLAN: /radius print   /interface bridge vlan print
Import config file: /import file-name=vessel-config.rsc
Bypass AP (hotspot): /ip hotspot ip-binding add mac-address=AA:BB:CC:DD:EE:FF type=bypassed comment="U7 Pro AP"
Factory reset: Hold reset 5+ sec. Vouchers survive reset.

UniFi U7 Pro AP Setup

📡
Overview: The U7 Pro extends WiFi coverage (e.g. to cabins/galley). It connects to ether6 (Guest VLAN 10) via PoE and must operate as a transparent bridge — all authentication, DHCP, and routing is handled by the MikroTik.
⚠️
Prerequisites: The MikroTik config must be fully loaded first (hotspot, VLAN 10, DHCP on 10.0.0.x). You need the UniFi controller software installed on your laptop.
Step 1 — MikroTik: Bypass the AP in hotspot
The AP needs unrestricted network access (no captive portal). On the MikroTik terminal, add a hotspot IP binding using the AP's MAC address:
/ip hotspot ip-binding add mac-address=AA:BB:CC:DD:EE:FF type=bypassed comment="U7 Pro AP"
Replace AA:BB:CC:DD:EE:FF with the actual MAC (printed on the AP label or found via UniFi controller).
Step 2 — Connect laptop to a guest port for adoption
Your laptop (with UniFi controller) must be on the same network as the AP.
1. Plug your laptop into ether7, 8, 9, or 10 (any guest port, same VLAN as the AP on ether6)
2. Also bypass your laptop temporarily: /ip hotspot ip-binding add address=YOUR_LAPTOP_IP type=bypassed comment="Temp laptop"
3. Open the UniFi controller — the AP should appear in the device list
Step 3 — Adopt the AP
1. If the AP was previously managed, factory reset it first (hold reset button ~10 sec until LED changes)
2. Click Adopt in the UniFi controller and wait 1-2 minutes for provisioning
3. The AP should show status "Up to date" with a GbE uplink
Step 4 — Create WiFi network
Go to Settings → WiFi → Create New and configure:
Name (SSID): Same as MikroTik hotspot WiFi (e.g. "MV D8")
Security: Open / None (under Advanced → Manual to find this option)
Network: Native Network (default)
Application: Standard (do NOT select "Hotspot" — that enables UniFi's portal which conflicts with MikroTik)
Radio Band: Enable 2.4 GHz, 5 GHz, and 6 GHz
VLAN: Leave empty / untagged (MikroTik assigns VLAN at port level)
Step 5 — Verify network settings
Go to Settings → Networks and confirm:
• Router type shows "Third-party Gateway"
DHCP server is disabled (MikroTik handles DHCP)
Guest Portal is OFF everywhere in UniFi settings
Step 6 — Test and clean up
1. Connect a phone to the WiFi SSID
2. Confirm it gets a 10.0.0.x IP address
3. Browser should redirect to boat.wifi captive portal
4. Enter a voucher code — internet should work
5. Move laptop back to a management port (ether2-5)
6. Remove ALL temp laptop/IP bypasses, keep only MAC-based AP bypasses (see cleanup section below)
7. Keep the AP MAC bypass — it must remain permanent
🔧
Troubleshooting: AP Stuck at "Adopting"
If the U7 Pro shows "Adopting" in the UniFi controller for more than 5 minutes after a factory reset, the AP has lost the controller's address and needs to be told manually.

Step 1 — Verify the AP is reachable. From the laptop (on the guest network), open Command Prompt:
ping <AP_IP>   (e.g. ping 10.0.0.249)

Step 2 — SSH into the AP and set the inform URL manually:
ssh ubnt@<AP_IP>   (default password after reset: ubnt)
Once logged in, run:
set-inform http://<LAPTOP_IP>:8080/inform
Replace <LAPTOP_IP> with the laptop's current IP on the 10.0.0.x subnet (check with ipconfig).

Step 3 — Wait 1–2 minutes. Status should change to "Provisioning" then "Connected". If it reverts, run set-inform again — UniFi sometimes requires it twice.

Step 4 — If SSH is refused: Add temporary firewall pass-through rules on the MikroTik terminal:
/ip firewall filter add chain=forward action=accept src-address=<AP_IP> place-before=0 comment="Temp AP adopt"
/ip firewall filter add chain=forward action=accept dst-address=<AP_IP> place-before=0 comment="Temp AP adopt"
After adoption completes, remove them:
/ip firewall filter remove [find comment="Temp AP adopt"]
🧹
Cleanup: Remove all temporary IP bindings
During adoption, you add temporary IP bypasses for laptops. These should be removed once done. The correct permanent bypasses are MAC-address based (for the U7 Pro and TP-Link) and should never be removed.

Remove all IP-only (temporary) bypasses — keeps MAC bypasses intact:
/ip hotspot ip-binding remove [find type=bypassed and mac-address=""]

This safely removes entries like "Temp laptop", "Temp Laptop2" etc. while preserving the U7 Pro MAC bypass (84:78:...) and TP-Link MAC bypass.

Verify what remains:
/ip hotspot ip-binding print

You should only see MAC-address based entries. If any old IP entries remain with wrong comments, remove by comment:
/ip hotspot ip-binding remove [find comment~"Temp"]