I have to class C’s 192.168.1.x and 192.168.2.x
I want 192.168.1.x to alway use the hotspot to authenticate, but I want 192.168.2.x to be router thru the hotspot without the need to authenicate.
I see from the posts that in to 2.8 you create a mangle rule to mark the packets, then a firewall rule Is it the same in 2.9 or is there a easy way to do it. But some poeple are saying you just need mangle rule.
I have tried the rule below with no luck.
ip firewall mangle add src-address=192.168.2.0/24 mark-flow=hs-auth chain=input
In 2.9 hotspot is working completely differently. either “/ip hotspot ip-binding” or “ip hotspot walled-garden ip” is your friend, I suppose. There is a manual for the new hotspot if you want some weekend reading.
Looking at the manual,
/ip hotspot ip-binding seems to be aim at client IP’s and not a whole subnet.
I need to allow the user thru based on there src-address ( being the whole class c)
/ip hotspot walled-garden ip allows for src-address but when i try
ip hotspot walled-garden add src-address=192.168.2.0/24 action=allow server=hs-Internal it doesn’t work
You mean that those from 192.168.2.0/24 are still required to authenticate? Did you put this rule to “ip hotspot walled-garden” or to “ip hotspot walled-garden ip”?
I put then to “ip hotspot walled-garden” , and it works on the test router, but not on the production router it’s not. Here is the configure’s
Test
[admin@MikroTik] > ip hotspot walled-garden print
Flags: X - disabled, D - dynamic
0 src-address=192.168.2.0/24 action=allow
Production
[admin@HOTSPOT-GW] > ip hotspot walled-garden print
Flags: X - disabled, D - dynamic
0 src-address=210.x.xx.0/23 action=allow
1 src-address=203.xx.xx.0/24 action=allow
2 src-address=203.xx.xx.0/23 action=allow