HI, I have several hotspots working fine in android and windows, but I have issues with Ios apple devices, iphones and ipads. The problem is, the splash page is not showing up automatically in apple devices.
I have tried to create a file api.json and trying with dhcp server option 114. But not having luck. Could you help me in the correct configuration for hotspots and ios devices? I'm using v 6.49.10
Best regards
Re: hotspot captive portal landing page not pop up in ios devices
show your configuration
Re: hotspot captive portal landing page not pop up in ios devices
This is my config:
# mar/27/2024 10:52:45 by RouterOS 6.49.10
# software id = L7P8-PESJ
#
# model = 2011iL
# serial number =
/interface pptp-client
add connect-to= disabled=no name=pptp-out1 password=\
"" user=
/interface bridge
add fast-forward=no mtu=1500 name=bridge1 protocol-mode=none
add fast-forward=no name=bridgeEoIP
/interface ethernet
set [ find default-name=ether1 ] name="ether1-Ba\F1osIzquierda" speed=100Mbps
set [ find default-name=ether2 ] name="ether2-Ba\F1osDerecha" speed=100Mbps
set [ find default-name=ether3 ] name=ether3-LKMultiSur speed=100Mbps
set [ find default-name=ether4 ] name=ether4-PowerStation5G speed=100Mbps
set [ find default-name=ether5 ] speed=100Mbps
set [ find default-name=ether6 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether7 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether8 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether9 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether10 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=\
ether10-WAN poe-out=off
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether10-WAN \
keepalive-timeout=60 max-mru=1400 max-mtu=1400 name=pppoe-out1 password=\
econectia use-peer-dns=yes user=/interface l2tp-client
add connect-to= name=l2tp-out1 password=eConectia_l2tp user=\
add connect-to= disabled=no name=l2tp-out3 \
password= user=
/interface eoip
add allow-fast-path=no clamp-tcp-mss=no !keepalive local-address= \
mac-address=02:B1:43:36:89:13 mtu=1500 name=eoip-tunnel1 \
remote-address= tunnel-id=25
/interface list
add exclude=dynamic name=discover
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=
/ip hotspot profile
add dns-name=azahar.info hotspot-address=10.5.50.1 html-directory=hotspot1 \
login-by=cookie,http-chap,https,http-pap name=hsprof1 \
radius-interim-update=1m use-radius=yes
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=3des
/ip pool
add name=hs-pool-13 ranges=10.5.48.1-10.5.50.0,10.5.50.2-10.5.51.254
/ip dhcp-server
add address-pool=hs-pool-13 authoritative=after-2sec-delay disabled=no \
interface=bridge1 lease-time=3h name=dhcp1
/ip hotspot
add address-pool=hs-pool-13 disabled=no interface=bridge1 name=hotspot1 \
profile=hsprof1
/interface l2tp-client
add comment="radius viejo 10.1.5.12" connect-to= name=l2tp-out2 \
password=econectia profile=default user=
/ip hotspot user profile
set [ find default=yes ] keepalive-timeout=10m queue-type=wireless-default \
shared-users=10
add name=MAC_1M/3M queue-type=wireless-default rate-limit=1M/3M \
transparent-proxy=yes
add name=MAC_2M/10M queue-type=wireless-default rate-limit=2M/10M \
shared-users=50 transparent-proxy=yes
add name="2M/10M - 2 shared user" queue-type=wireless-default rate-limit=\
2M/10M shared-users=2 transparent-proxy=yes
add name="2M/10M - 1 shared user" queue-type=wireless-default rate-limit=\
2M/10M transparent-proxy=yes
/queue tree
add max-limit=8M name=Queue_up parent=ether10-WAN queue=default
add name=queue1 packet-mark=Users-packet parent=Queue_up queue=\
pcq-upload-default
add max-limit=16M name=Queue_down parent=bridge1 queue=default
add name=queue2 packet-mark=Users-packet parent=Queue_down queue=\
pcq-download-default
/snmp community
add addresses=0.0.0.0/0 name
/system logging action
set 0 memory-lines=100
set 1 disk-lines-per-file=100
add name=remoteOK remote=10.250.1.4 target=remote
/user group
add name=groupAPI policy="read,write,api,!local,!telnet,!ssh,!ftp,!reboot,!pol\
icy,!test,!winbox,!password,!web,!sniff,!sensitive,!romon,!dude,!tikapp"
/interface bridge port
add bridge=bridge1 hw=no interface="ether2-Ba\F1osDerecha"
add bridge=bridge1 hw=no interface=ether3-LKMultiSur
add bridge=bridge1 hw=no interface=ether4-PowerStation5G
add bridge=bridge1 hw=no interface=ether5
add bridge=bridge1 hw=no interface=ether6
add bridge=bridge1 hw=no interface=ether7
add bridge=bridge1 hw=no interface=ether8
add bridge=bridge1 hw=no interface=ether9
add bridge=bridge1 hw=no interface="ether1-Ba\F1osIzquierda"
add bridge=bridge1 interface=eoip-tunnel1-
/ip neighbor discovery-settings
set discover-interface-list=discover
/interface l2tp-server server
set enabled=yes
/interface list member
add interface="ether1-Ba\F1osIzquierda" list=discover
add interface="ether2-Ba\F1osDerecha" list=discover
add interface=ether3-LKMultiSur list=discover
add interface=ether4-PowerStation5G list=discover
add interface=ether5 list=discover
add interface=ether6 list=discover
add interface=ether7 list=discover
add interface=ether8 list=discover
add interface=ether9 list=discover
add interface=pppoe-out1 list=discover
add interface=bridge1 list=discover
add interface=l2tp-out1 list=discover
add interface=eoip-tunnel1- list=discover
/ip address
add address=10.5.50.1/22 interface=bridge1 network=10.5.48.0
add address=10.10.2.1/24 interface=bridge1 network=10.10.2.0
add address=10.250.1.5/24 disabled=yes interface=ether10-WAN network=\
10.250.1.0
add address=192.168.1.1/24 disabled=yes interface=bridge1 network=192.168.1.0
add address=192.168.1.1/24 disabled=yes interface=bridge1 network=192.168.1.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add add-default-route=no interface=bridge1 use-peer-dns=no use-peer-ntp=no
/ip dhcp-server lease
add address=10.5.48.36 client-id=1:dc:9f:db:68:f2:7a mac-address=\
DC:9F:DB:68:F2:7A server=dhcp1
/ip dhcp-server network
add address=10.5.48.0/22 comment="hotspot network" gateway=10.5.50.1
/ip dns
set servers=8.8.8.8,8.8.4.4
/ip dns static
add address=10.5.50.1 disabled=yes name=captive.apple.com/hotspot-detect.html
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes to-addresses=0.0.0.0
add action=masquerade chain=srcnat comment="masquerade hotspot network " \
src-address=10.5.48.0/22 to-addresses=0.0.0.0
add action=masquerade chain=srcnat comment="Cliente cuota " \
src-address=10.10.2.100
add action=dst-nat chain=dstnat disabled=yes dst-port=1000 in-interface=\
pppoe-out1 protocol=tcp to-addresses=10.10.2.6 to-ports=80
add action=dst-nat chain=dstnat disabled=yes dst-port=5555 in-interface=\
pppoe-out1 protocol=tcp to-addresses=192.168.1.20 to-ports=443
add action=dst-nat chain=dstnat dst-port=5560 in-interface=pppoe-out1 \
protocol=tcp to-addresses=10.10.2.100 to-ports=443
add action=dst-nat chain=dstnat disabled=yes dst-port=5556 in-interface=\
pppoe-out1 protocol=tcp to-addresses=192.168.1.20 to-ports=80
/ip hotspot ip-binding
add address=10.10.2.0/24 type=bypassed
add address=192.168.1.0/24 disabled=yes type=bypassed
/ip hotspot user
add disabled=yes name=instaladores password=instaladores
add name=
add name=add name=
add comment="" name=08:3E:8E:C9:19:2B
add comment="" name=E0:F5:C6:3D:85:EF
add comment="" name=D8:96:95:8F:E7:68
add comment=borrar disabled=yes name=DC:9F:DB:6D:F8:B9
add comment=borrar disabled=yes name=DC:9F:DB:6D:F7:E1
add comment=borrar disabled=yes name=00:27:22:AE:AA:D9
add comment=borrar disabled=yes name=00:27:22:AC:4F:74
add comment=borrar disabled=yes name=00:50:B6:10:D1:F6
add comment=" disabled=yes name=D8:BB:2C:B3:B9:FD
add comment=" name=2C:F0:A2:68:3B:25 profile=MAC_1M/3M
add comment="usuario en caso de emergencia" disabled=yes name= \
password=azahar profile=MAC_2M/10M
add comment="usuario de emergencia" limit-uptime=3w name= password=\
azahar profile=MAC_2M/10M
add comment="usuario de emergencia 20-02-2023" limit-uptime=4w2d name=\
CA14276b password= profile="2M/10M - 2 shared user"
add comment="usuario de emergencia 20-02-2023" limit-uptime=4w2d name=\
CA872046b password= profile="2M/10M - 1 shared user"
add comment="usuario de emergencia 14-03-2023" limit-uptime=1w name=CA500695b \
password= profile="2M/10M - 2 shared user"
add comment="Usuario de emergencia 27-03-2023" name=CA766262 password= \
profile="2M/10M - 2 shared user"
add name= password=profile="2M/10M - 2 shared user"
/ip proxy
set cache-path=web-proxy1 parent-proxy=0.0.0.0
/ip route
add distance=1 dst-address=10.0.0.11/32 gateway=10.1.5.1
add distance=1 dst-address=192.168.10.0/24 gateway=10.1.6.1
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes port=81
set ssh port=
set api address=10.0.0.11/32
set winbox address= port=
set api-ssl disabled=yes
/ip ssh
set allow-none-crypto=yes forwarding-enabled=remote
/ipv6 nd
set [ find default=yes ] advertise-dns=no
/ppp secret
add local-address=10.10.10.14 name=Azahar_eoip password=econectia \
remote-address=10.10.10.15 service=l2tp
/radius
add address=10.0.0.11 disabled=yes secret= service=\
hotspot timeout=2s
add address=disabled=yes secret=jf3a894huiw service=\
login,hotspot,dhcp timeout=3s
add address= disabled=yes secret=jf3a894huiw service=\
login,hotspot,dhcp
add address=127.0.0.1 disabled=yes secret=.crack06 service=\
login,hotspot,wireless
add address=10.0.0.1 secret=.crack06 service=ppp,hotspot timeout=3s
/radius incoming
set accept=yes port=1700
/snmp
set contact= enabled=yes location= trap-community=\
/system clock
set time-zone-autodetect=no time-zone-name=Europe/Madrid
/system identity
set name=
/system logging
add action=remoteOK prefix= topics=critical
add action=remoteOK prefix=- topics=error
add action=remoteOK prefix=- topics=info
add action=remoteOK prefix=- topics=warning
/system ntp client
set enabled=yes primary-ntp=
/system package update
set channel=long-term
/tool graphing interface
add
/tool graphing queue
add
/tool graphing resource
add
# mar/27/2024 10:52:45 by RouterOS 6.49.10
# software id = L7P8-PESJ
#
# model = 2011iL
# serial number =
/interface pptp-client
add connect-to= disabled=no name=pptp-out1 password=\
"" user=
/interface bridge
add fast-forward=no mtu=1500 name=bridge1 protocol-mode=none
add fast-forward=no name=bridgeEoIP
/interface ethernet
set [ find default-name=ether1 ] name="ether1-Ba\F1osIzquierda" speed=100Mbps
set [ find default-name=ether2 ] name="ether2-Ba\F1osDerecha" speed=100Mbps
set [ find default-name=ether3 ] name=ether3-LKMultiSur speed=100Mbps
set [ find default-name=ether4 ] name=ether4-PowerStation5G speed=100Mbps
set [ find default-name=ether5 ] speed=100Mbps
set [ find default-name=ether6 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether7 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether8 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether9 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether10 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=\
ether10-WAN poe-out=off
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether10-WAN \
keepalive-timeout=60 max-mru=1400 max-mtu=1400 name=pppoe-out1 password=\
econectia use-peer-dns=yes user=/interface l2tp-client
add connect-to= name=l2tp-out1 password=eConectia_l2tp user=\
add connect-to= disabled=no name=l2tp-out3 \
password= user=
/interface eoip
add allow-fast-path=no clamp-tcp-mss=no !keepalive local-address= \
mac-address=02:B1:43:36:89:13 mtu=1500 name=eoip-tunnel1 \
remote-address= tunnel-id=25
/interface list
add exclude=dynamic name=discover
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=
/ip hotspot profile
add dns-name=azahar.info hotspot-address=10.5.50.1 html-directory=hotspot1 \
login-by=cookie,http-chap,https,http-pap name=hsprof1 \
radius-interim-update=1m use-radius=yes
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=3des
/ip pool
add name=hs-pool-13 ranges=10.5.48.1-10.5.50.0,10.5.50.2-10.5.51.254
/ip dhcp-server
add address-pool=hs-pool-13 authoritative=after-2sec-delay disabled=no \
interface=bridge1 lease-time=3h name=dhcp1
/ip hotspot
add address-pool=hs-pool-13 disabled=no interface=bridge1 name=hotspot1 \
profile=hsprof1
/interface l2tp-client
add comment="radius viejo 10.1.5.12" connect-to= name=l2tp-out2 \
password=econectia profile=default user=
/ip hotspot user profile
set [ find default=yes ] keepalive-timeout=10m queue-type=wireless-default \
shared-users=10
add name=MAC_1M/3M queue-type=wireless-default rate-limit=1M/3M \
transparent-proxy=yes
add name=MAC_2M/10M queue-type=wireless-default rate-limit=2M/10M \
shared-users=50 transparent-proxy=yes
add name="2M/10M - 2 shared user" queue-type=wireless-default rate-limit=\
2M/10M shared-users=2 transparent-proxy=yes
add name="2M/10M - 1 shared user" queue-type=wireless-default rate-limit=\
2M/10M transparent-proxy=yes
/queue tree
add max-limit=8M name=Queue_up parent=ether10-WAN queue=default
add name=queue1 packet-mark=Users-packet parent=Queue_up queue=\
pcq-upload-default
add max-limit=16M name=Queue_down parent=bridge1 queue=default
add name=queue2 packet-mark=Users-packet parent=Queue_down queue=\
pcq-download-default
/snmp community
add addresses=0.0.0.0/0 name
/system logging action
set 0 memory-lines=100
set 1 disk-lines-per-file=100
add name=remoteOK remote=10.250.1.4 target=remote
/user group
add name=groupAPI policy="read,write,api,!local,!telnet,!ssh,!ftp,!reboot,!pol\
icy,!test,!winbox,!password,!web,!sniff,!sensitive,!romon,!dude,!tikapp"
/interface bridge port
add bridge=bridge1 hw=no interface="ether2-Ba\F1osDerecha"
add bridge=bridge1 hw=no interface=ether3-LKMultiSur
add bridge=bridge1 hw=no interface=ether4-PowerStation5G
add bridge=bridge1 hw=no interface=ether5
add bridge=bridge1 hw=no interface=ether6
add bridge=bridge1 hw=no interface=ether7
add bridge=bridge1 hw=no interface=ether8
add bridge=bridge1 hw=no interface=ether9
add bridge=bridge1 hw=no interface="ether1-Ba\F1osIzquierda"
add bridge=bridge1 interface=eoip-tunnel1-
/ip neighbor discovery-settings
set discover-interface-list=discover
/interface l2tp-server server
set enabled=yes
/interface list member
add interface="ether1-Ba\F1osIzquierda" list=discover
add interface="ether2-Ba\F1osDerecha" list=discover
add interface=ether3-LKMultiSur list=discover
add interface=ether4-PowerStation5G list=discover
add interface=ether5 list=discover
add interface=ether6 list=discover
add interface=ether7 list=discover
add interface=ether8 list=discover
add interface=ether9 list=discover
add interface=pppoe-out1 list=discover
add interface=bridge1 list=discover
add interface=l2tp-out1 list=discover
add interface=eoip-tunnel1- list=discover
/ip address
add address=10.5.50.1/22 interface=bridge1 network=10.5.48.0
add address=10.10.2.1/24 interface=bridge1 network=10.10.2.0
add address=10.250.1.5/24 disabled=yes interface=ether10-WAN network=\
10.250.1.0
add address=192.168.1.1/24 disabled=yes interface=bridge1 network=192.168.1.0
add address=192.168.1.1/24 disabled=yes interface=bridge1 network=192.168.1.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add add-default-route=no interface=bridge1 use-peer-dns=no use-peer-ntp=no
/ip dhcp-server lease
add address=10.5.48.36 client-id=1:dc:9f:db:68:f2:7a mac-address=\
DC:9F:DB:68:F2:7A server=dhcp1
/ip dhcp-server network
add address=10.5.48.0/22 comment="hotspot network" gateway=10.5.50.1
/ip dns
set servers=8.8.8.8,8.8.4.4
/ip dns static
add address=10.5.50.1 disabled=yes name=captive.apple.com/hotspot-detect.html
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes to-addresses=0.0.0.0
add action=masquerade chain=srcnat comment="masquerade hotspot network " \
src-address=10.5.48.0/22 to-addresses=0.0.0.0
add action=masquerade chain=srcnat comment="Cliente cuota " \
src-address=10.10.2.100
add action=dst-nat chain=dstnat disabled=yes dst-port=1000 in-interface=\
pppoe-out1 protocol=tcp to-addresses=10.10.2.6 to-ports=80
add action=dst-nat chain=dstnat disabled=yes dst-port=5555 in-interface=\
pppoe-out1 protocol=tcp to-addresses=192.168.1.20 to-ports=443
add action=dst-nat chain=dstnat dst-port=5560 in-interface=pppoe-out1 \
protocol=tcp to-addresses=10.10.2.100 to-ports=443
add action=dst-nat chain=dstnat disabled=yes dst-port=5556 in-interface=\
pppoe-out1 protocol=tcp to-addresses=192.168.1.20 to-ports=80
/ip hotspot ip-binding
add address=10.10.2.0/24 type=bypassed
add address=192.168.1.0/24 disabled=yes type=bypassed
/ip hotspot user
add disabled=yes name=instaladores password=instaladores
add name=
add name=add name=
add comment="" name=08:3E:8E:C9:19:2B
add comment="" name=E0:F5:C6:3D:85:EF
add comment="" name=D8:96:95:8F:E7:68
add comment=borrar disabled=yes name=DC:9F:DB:6D:F8:B9
add comment=borrar disabled=yes name=DC:9F:DB:6D:F7:E1
add comment=borrar disabled=yes name=00:27:22:AE:AA:D9
add comment=borrar disabled=yes name=00:27:22:AC:4F:74
add comment=borrar disabled=yes name=00:50:B6:10:D1:F6
add comment=" disabled=yes name=D8:BB:2C:B3:B9:FD
add comment=" name=2C:F0:A2:68:3B:25 profile=MAC_1M/3M
add comment="usuario en caso de emergencia" disabled=yes name= \
password=azahar profile=MAC_2M/10M
add comment="usuario de emergencia" limit-uptime=3w name= password=\
azahar profile=MAC_2M/10M
add comment="usuario de emergencia 20-02-2023" limit-uptime=4w2d name=\
CA14276b password= profile="2M/10M - 2 shared user"
add comment="usuario de emergencia 20-02-2023" limit-uptime=4w2d name=\
CA872046b password= profile="2M/10M - 1 shared user"
add comment="usuario de emergencia 14-03-2023" limit-uptime=1w name=CA500695b \
password= profile="2M/10M - 2 shared user"
add comment="Usuario de emergencia 27-03-2023" name=CA766262 password= \
profile="2M/10M - 2 shared user"
add name= password=profile="2M/10M - 2 shared user"
/ip proxy
set cache-path=web-proxy1 parent-proxy=0.0.0.0
/ip route
add distance=1 dst-address=10.0.0.11/32 gateway=10.1.5.1
add distance=1 dst-address=192.168.10.0/24 gateway=10.1.6.1
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes port=81
set ssh port=
set api address=10.0.0.11/32
set winbox address= port=
set api-ssl disabled=yes
/ip ssh
set allow-none-crypto=yes forwarding-enabled=remote
/ipv6 nd
set [ find default=yes ] advertise-dns=no
/ppp secret
add local-address=10.10.10.14 name=Azahar_eoip password=econectia \
remote-address=10.10.10.15 service=l2tp
/radius
add address=10.0.0.11 disabled=yes secret= service=\
hotspot timeout=2s
add address=disabled=yes secret=jf3a894huiw service=\
login,hotspot,dhcp timeout=3s
add address= disabled=yes secret=jf3a894huiw service=\
login,hotspot,dhcp
add address=127.0.0.1 disabled=yes secret=.crack06 service=\
login,hotspot,wireless
add address=10.0.0.1 secret=.crack06 service=ppp,hotspot timeout=3s
/radius incoming
set accept=yes port=1700
/snmp
set contact= enabled=yes location= trap-community=\
/system clock
set time-zone-autodetect=no time-zone-name=Europe/Madrid
/system identity
set name=
/system logging
add action=remoteOK prefix= topics=critical
add action=remoteOK prefix=- topics=error
add action=remoteOK prefix=- topics=info
add action=remoteOK prefix=- topics=warning
/system ntp client
set enabled=yes primary-ntp=
/system package update
set channel=long-term
/tool graphing interface
add
/tool graphing queue
add
/tool graphing resource
add
Re: hotspot captive portal landing page not pop up in ios devices
Please posting config with the code tag.
Ending with
Without the space
Code: Select all
[code]Code: Select all
[/ code]Re: hotspot captive portal landing page not pop up in ios devices
Did you disable Apple hotspot detection and then ask, why it is disabled?
rule is disabled, but still. why even add it?
Code: Select all
/ip dns static
add address=10.5.50.1 disabled=yes name=captive.apple.com/hotspot-detect.htmlRe: hotspot captive portal landing page not pop up in ios devices
I disabled it because the splash page in ios, didn't works although the dns entry was enabled. Do you suggest to enable it? or anything else?
Re: hotspot captive portal landing page not pop up in ios devices
OK, deleted. And which more things I have to review or add for Ios devices?
Re: hotspot captive portal landing page not pop up in ios devices
hello
I have a problem i configure Hotspot Captive portal but page not pop up in ios devices only please can you help me
and this is my configuration
I have a problem i configure Hotspot Captive portal but page not pop up in ios devices only please can you help me
and this is my configuration
Code: Select all
/interface bridge
add ingress-filtering=no name=bridge-trunk protocol-mode=none vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] comment=WAN
/interface vlan
add interface=bridge-trunk name=vlan10_CP vlan-id=10
add interface=bridge-trunk name=vlan30_Private vlan-id=30
add interface=ether1 name=vlan126_B2B_Management vlan-id=126
add interface=ether1 name=vlan127_B2B_Internet vlan-id=127
/caps-man datapath
add bridge=bridge-trunk client-to-client-forwarding=no comment="Hotspot Datapath" local-forwarding=no name=vlan10 vlan-id=10 vlan-mode=use-tag
add bridge=bridge-trunk client-to-client-forwarding=no comment="Private Customer Datapath" local-forwarding=no name=vlan30 vlan-id=30 vlan-mode=use-tag
/caps-man configuration
add channel.band=2ghz-b/g/n .control-channel-width=20mhz .tx-power=30 country=**ELIDED** datapath=vlan10 distance=dynamic installation=any mode=ap name=hotspot-vlan10 rates.basic=1Mbps,2Mbps,5.5Mbps,11Mbps,6Mbps,9Mbps,12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps \
.ht-basic-mcs=mcs-0,mcs-1,mcs-2,mcs-3,mcs-4,mcs-5,mcs-6,mcs-7,mcs-8,mcs-9,mcs-10,mcs-11,mcs-12,mcs-13,mcs-14,mcs-15,mcs-16,mcs-17,mcs-18,mcs-19,mcs-20,mcs-21,mcs-22,mcs-23 .ht-supported-mcs=\
mcs-0,mcs-1,mcs-2,mcs-3,mcs-4,mcs-5,mcs-6,mcs-7,mcs-8,mcs-9,mcs-10,mcs-11,mcs-12,mcs-13,mcs-14,mcs-15,mcs-16,mcs-17,mcs-18,mcs-19,mcs-20,mcs-21,mcs-22,mcs-23 .supported=1Mbps,2Mbps,5.5Mbps,11Mbps,6Mbps,9Mbps,12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps \
.vht-basic-mcs="" ssid=**ELIDED**
add channel.band=2ghz-b/g/n .control-channel-width=20mhz .tx-power=30 country=**ELIDED** datapath=vlan30 distance=dynamic installation=any mode=ap name=private-vlan30 rates.basic=1Mbps,2Mbps,5.5Mbps,11Mbps,6Mbps,9Mbps,12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps \
.ht-basic-mcs=mcs-0,mcs-1,mcs-2,mcs-3,mcs-4,mcs-5,mcs-6,mcs-7,mcs-8,mcs-9,mcs-10,mcs-11,mcs-12,mcs-13,mcs-14,mcs-15,mcs-16,mcs-17,mcs-18,mcs-19,mcs-20,mcs-21,mcs-22,mcs-23 .ht-supported-mcs=\
mcs-0,mcs-1,mcs-2,mcs-3,mcs-4,mcs-5,mcs-6,mcs-7,mcs-8,mcs-9,mcs-10,mcs-11,mcs-12,mcs-13,mcs-14,mcs-15,mcs-16,mcs-17,mcs-18,mcs-19,mcs-20,mcs-21,mcs-22,mcs-23 .supported=1Mbps,2Mbps,5.5Mbps,11Mbps,6Mbps,9Mbps,12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps \
.vht-basic-mcs="" ssid=**ELIDED**
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
add dns-name=**ELIDED** hotspot-address=192.168.150.1 http-cookie-lifetime=1d login-by=cookie,https name=hsprof1 ssl-certificate=**ELIDED**.crt use-radius=yes
/ip pool
add name=pool_portal ranges=192.168.150.5-192.168.151.254
add name=dhcp_pool1 ranges=192.168.20.2-192.168.20.254
add name=dhcp_pool2 ranges=192.168.160.2-192.168.160.254
/ip dhcp-server
add address-pool=pool_portal interface=vlan10_CP lease-time=2h name=dhcp-captive-portal
add address-pool=dhcp_pool1 interface=bridge-trunk lease-time=2h name=dhcp-management
add address-pool=dhcp_pool2 interface=vlan30_Private lease-time=2h name=dhcp-private-lan
/ip hotspot
add address-pool=pool_portal addresses-per-mac=1 disabled=no interface=vlan10_CP name=hotspot1 profile=hsprof1
/port
set 0 name=serial0
/queue type
set 0 pfifo-limit=5000
set 1 pfifo-limit=5000
set 9 pfifo-limit=1000
/caps-man manager
set ca-certificate=auto certificate=auto enabled=no
/caps-man provisioning
add action=create-dynamic-enabled master-configuration=hotspot-vlan10 slave-configurations=private-vlan30
/interface bridge port
add bridge=bridge-trunk interface=ether2
add bridge=bridge-trunk interface=ether3
add bridge=bridge-trunk interface=ether4
add bridge=bridge-trunk interface=ether5
add bridge=bridge-trunk interface=ether6
add bridge=bridge-trunk interface=ether7
add bridge=bridge-trunk interface=ether8
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface bridge vlan
add bridge=bridge-trunk tagged=ether2,ether3,ether4,ether5,ether6,ether7,ether8,bridge-trunk vlan-ids=10
add bridge=bridge-trunk tagged=bridge-trunk,ether2,ether3,ether4,ether5,ether6,ether7,ether8 vlan-ids=30
/interface list member
add interface=bridge-trunk list=LAN
add interface=ether1 list=WAN
/ip address
add address=192.168.88.2/24 interface=ether2 network=192.168.88.0
add address=102.216.175.200/23 interface=vlan127_B2B_Internet network=102.216.174.0
add address=192.168.150.1/23 interface=vlan10_CP network=192.168.150.0
add address=192.168.20.1/24 interface=bridge-trunk network=192.168.20.0
add address=192.168.160.1/24 interface=vlan30_Private network=192.168.160.0
/ip dhcp-client
add add-default-route=no interface=vlan126_B2B_Management
/ip dhcp-server network
add address=192.168.20.0/24 dns-server=10.100.4.2,10.100.4.10 gateway=192.168.20.1 netmask=24
add address=192.168.150.0/23 dns-server=10.100.4.2,10.100.4.10 gateway=192.168.150.1 netmask=23
add address=192.168.160.0/24 dns-server=10.100.4.2,10.100.4.10 gateway=192.168.160.1 netmask=24
/ip dns
set allow-remote-requests=yes cache-max-ttl=1d cache-size=4096KiB servers=10.100.4.2,10.100.4.10
/ip dns static
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
add action=fasttrack-connection chain=forward connection-state=established,related hw-offload=yes
add action=accept chain=forward comment="Allow already established & related connections" connection-state=established,related
add action=accept chain=forward comment="Allow access to router from known network"
add action=accept chain=forward comment="Allow acces to internal machines" dst-address-list=Internal_LAN
add action=drop chain=forward comment="Drop anything else"
add action=accept chain=input comment="Allow Established & related connections" connection-state=established,related
add action=accept chain=input comment="Allow access to router from known network" src-address=192.168.0.0/16
add action=accept chain=input comment="Allow remote ssh & WinBOX" dst-port=18291,32222,443 protocol=tcp src-address=10.100.0.0/16
add action=accept chain=input comment="Allow ping" protocol=icmp
add action=accept chain=input comment="Allow SNMP" dst-port=161 protocol=udp src-address=10.100.0.0/16
add action=accept chain=input comment="Allow pptp connections" disabled=yes dst-port=1723 protocol=tcp
add action=accept chain=input disabled=yes protocol=gre
add action=accept chain=input comment="Allow Web Acces" disabled=yes dst-port=80 protocol=tcp src-address=10.0.0.0/8
add action=drop chain=input comment="Drop anything else"
/ip firewall mangle
add action=mark-connection chain=prerouting comment="VOIP Traffic" connection-type=sip disabled=yes new-connection-mark=VOIP passthrough=yes
add action=mark-connection chain=prerouting comment="VOIP Traffic" disabled=yes dst-address-list=WM-VOIP dst-port=5060-5070,10000-20000 new-connection-mark=VOIP passthrough=yes protocol=udp
add action=set-priority chain=prerouting comment="VOIP Priority" connection-mark=VOIP disabled=yes new-priority=5 passthrough=no
add action=mark-connection chain=prerouting comment="Remaining Traffic" connection-mark=no-mark disabled=yes new-connection-mark=NO-VOIP passthrough=yes
add action=set-priority chain=prerouting comment="Remaining Traffic Priority" connection-mark=NO-VOIP disabled=yes new-priority=3 passthrough=no
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat comment=Private-LAN out-interface=vlan126_B2B_Management src-address=192.168.160.0/24
add action=masquerade chain=srcnat out-interface=vlan127_B2B_Internet src-address=192.168.160.0/24
add action=masquerade chain=srcnat comment=Hotspot-LAN out-interface=vlan126_B2B_Management src-address=192.168.150.0/23
add action=masquerade chain=srcnat out-interface=vlan127_B2B_Internet src-address=192.168.150.0/23
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set h323 disabled=yes
set pptp disabled=yes
/ip hotspot user
set [ find default=yes ] limit-bytes-total=65000000
/ip hotspot walled-garden
add dst-host=**ELIDED** server=hotspot1
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=102.216.174.1 pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10 vrf-interface=vlan126_B2B_Management
add disabled=no distance=1 dst-address=10.100.0.0/16 gateway=10.100.102.1 pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10 vrf-interface=vlan126_B2B_Management
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh address=162.213.64.0/24,162.213.65.0/24,10.100.102.1/32,162.213.66.0/24,162.213.67.0/24,185.132.90.0/24,185.41.96.0/24,185.41.97.0/24,185.41.98.0/24,185.41.99.0/24,45.15.136.0/24,145.224.66.0/24,102.216.172.1/32,41.223.183.25/32 port=32222
set www-ssl address=192.168.150.0/23,192.168.160.0/24 disabled=no
set api disabled=yes
set winbox address="162.213.64.0/24,162.213.65.0/24,162.213.66.0/24,162.213.67.0/24,185.132.90.0/24,185.41.96.0/24,185.41.97.0/24,185.41.98.0/24,185.41.99.0/24,45.15.136.0/24,145.224.66.0/24,102.216.172.1/32,41.223.183.25/32,10.100.10.1/32,192.168.200.0/24,10.100\
.10.15/32,10.100.102.1/32" port=18291
set api-ssl disabled=yes
/radius
add address=10.100.2.200 service=hotspot
/radius incoming
set accept=yes
/system clock
set time-zone-name=**ELIDED**
/system identity
set name=B2B-CP-NAME-FW
/system note
set show-at-login=no
/system routerboard settings
set enter-setup-on=delete-key
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
Last edited by tangent on Thu Apr 25, 2024 6:15 pm, edited 1 time in total.
Reason: wrapped config in "code" block; elided location info, SSDs, etc
Reason: wrapped config in "code" block; elided location info, SSDs, etc
Who is online
Users browsing this forum: Amazon [Bot], Google [Bot] and 27 guests