im newbie with mikrotik, so if one could help me i appreciate a lot
i have running hotspot in rb133 no wireless just using for authenticate users, but want to block some clients to have internet acces but want to give lan access cus they have some printers and files to work with
if someone could advice me
thanks
Greetings from Miramar Beach, Florida!
That should be easy. Set the MT box up with ether1 on the internet and ether2 (or whatever hotspot interface you selected) on your local net. Use an IP/netmask to match your local net on the hotspot. Set the IP address of your MT box as the gateway for your IP network in all your networked computers. Anyone trying to access the net will try to go through the gateway for access. Those with user/passwords go thru, others stopped.
For example, if ether2 is your hotspot interface, then set ether2 as 192.168.0.1/255.255.255.0
All computers on the local net should be in the IP 192.168.0.x range and use 192.168.0.1 as the gateway IP address.
good point , u can add me to your messenger if tomorrow have trouble thanks
this is mine gonzalezhugo@hotmail.com
use walled-garden.
Add the following rule,
‘ip hotspot walled-garden ip add dst-address=local_network action=accept’
Hi sergejs,
Is the walled garden necessary? Does the default ethernet port setup restrict inter-client communications on the local net like a wireless setup? I have not tried it, but one never knows!
but want to block some clients to have internet acces but want to give lan access cus they have some printers and files to work with
Walled-garden is required for access to printers and local network files WITHOUT HotSpot authentication.
I thought the walled-garden was for traffic THROUGH the router, not on the localnet side. I can “talk to” my access points on the localnet, so it isn’t blocking that traffic. I’m going to have to try this one someday…
SurferTim,
IP traffic is going over the router, between clients connected to the same network.
There is no difference for HotSpot, either it is to neighbor PC or to PC from remote network.
Maybe I have presumed too much here. I am presuming that all computers, printers, file servers, are localnet. The only thing that goes “over” the hotspot port is traffic outside the local netmask.
Why would localnet machines check with the hotspot ethernet port if the IP address it is requesting is in its netmask? I use this to block internet access to some computers on one of my customer’s network. I use two different gateway IP addresses. One gateway allows access to the internet, the other does not, but both allow access to the web-based WiFi controller.