Hi
I have a situation where I have two interfaces connecting to 2 different ISP’s. Ether1 is a high speed but capped satelite connection and Ether2 is a low speed but unlimited connection. What I would like to setup is that users will access the hotspot and if they authenticate they will be able to access the high speed connection, but if they don’t want to pay then they can have the low speed connection.
How would I go about this?
Sounds easy enough. But first just an outline. If you need help with individual settings, then ask.
I will presume:
ether1 = high speed
ether2 = low speed
Set up the hotspot. If only one radio, it would be wlan1.
Then add a virtual access point to that radio with no hotspot:
/int wireless add name=vap1
/int wireless set vap1 master-interface=wlan1
/int wireless set vap1 ssid=freeconnect (or whatever ssid you want)
Set up ip address and dhcp server on vap1
The routing mark:
/ip firewall mangle add chain=prerouting action=mark-routing new-routing-mark=ether2out in-interface=vap1
Nat (in this order!):
/ip firewall nat add chain=srcnat action=masquerade routing-mark=ether2out out-interface=ether2
/ip firewall nat add chain=srcnat action=masquerade out-interface=ether1
Routes:
/ip route add gateway=xxx.xxx.xxx.xxx
gateway for ether1
/ip route add gateway=yyy.yyy.yyy.yyy routing-mark=ether2out
gateway for ether2
The paid connections from the hotspot (wlan1) go out ether1, and free connectios from vap1 go out ether2.
Is that what you wanted?
Not exactly, but I guess I didn’t explain it correctly. So let me try and do it now.
Physical layout is a 4 story apartment block with a Wireless AP on each story hardwired into a switch with is then connected to ether4 on the mikrotik router. On ether3 ithe is a internal wireless network for the office only. On ether2 I have a connected to a ISP, slow but unlimited. On ether1 is connected to a high speed satellite connection.
At present there is only high speed internet in the office, but we would like to offer it to anyone in the apartments.
Now I have setup the router to do a routing mark for any connection coming from ether3 and route it to the default gateway of the satellite connection (ether1). Anything on ether4 by default goes through ether2.
What I would like to setup is to put a hotspot on ether4. Where if they authenticate they will be routed to ether1 (high speed), but if they fail authentication then they will be routed to ether2 (low speed). (Or setup that if they authenticate with a basic username (eg guest) then they will be routed to ether2)
What do you think? Is this possible?