This question has been list before, but still have not got an solution yet, please us~!
The customer will kill me, if i can’t solve this
I have setted up mikrotik 2.9.18 boxes for an Hotel that wanted hotspot access(for Plug & Play purpose that the guest don’t need change the ip settings), simple configuration nothing fancy, but we are experiencing a weird behaviour on the LAN shares, we lost comunications on windows mapped drives, shares and shared printer (this only happens when we enable the hotspot)
This is the scenario:
Internet <------> Mikrotik <-------> LAN
Mikrotik doing DHCP w/IP pool 192.168.0.1 - 192.168.0.200
LAN IP’s 192.168.0.0/24, mikrotik LAN IP 192.168.0.254 and is the gateway for the LAN.
192.168.0.0/24 masquerade
Some IP’s on the LAN are fixed in the range 192.168.0.201 thru 253
Mikrotik doing hotspot for the ip pool 192.168.0.1 thru 200, profile with transparent web-proxy enabled.
No firewall rules at all (yet)
Everything works just perfect with the hotspot disabled, after we enable the hotspot, the users have the hotspot login screen, they login without a problem and they can browse the internet, but after a little while around a couple of minutes all the windows shares and mapped drives in the LAN start to dissconnect, sometimes we are not able to ping, even in the same network… this happens both when user is logged or not logged in to the hotspot.
There are any firewall rules, only the ones that hotspot dynamically makes.
Is it possible to separate the Hotspot users (and IP scope) from the local LAN machines? This is really something you should be doing anyway…do you want unknown hotspot users to be on the same (private) LAN anyway?
Add an additional IP/subnet to your inside interface (the hotspot interface) and either switch the Hotspot to that or change your local machines to that subnet. For example, 1982.168.2.1/24. Then, in the Hotspot Walled Garden, under IP list, add the src address scope for the LAN machines to allow so that they are bypassed from the Hotspot completely. Finally, add a src-nat rule for the new subnet with action=masq. Should do what you need unless I’m missing something.
The other alternative is to add each LAN machine’s IP in the Walled Garden (under the IP list). As I said before, you really should separate these machines from random users if you can.
If address-pool is specified for hotspot server, all (direct) communication
between hotspot clients is forbidden. Only bypassed hotspot hosts are allowed to communicate directly. Add all fixed IP’s (with their MAC as well) to hotspot bypassed binding list:
These 2 days , i have noticed that when the user try to print to network printer, sometimes will failure , and after retry several time , the printer work property, and the share floder has the same trouble.
And i have upgraded the RouterOS to version 2.9.19
Following is my setttings
192.168.0.x for access internet for hotspot & dhcp user (hs_pool1)
192.168.8.x fix ip for Local user witch have share resources
also i have setup the masq
Try to specify to-address and server for all bypassed ip-binding entries:
/ip hotspot ip-binding set 0 to-address=192.168.8.42 server=hs-LAN
…
/ip hotspot ip-binding set 10 to-address=192.168.8.135 server=hs-LAN
It will make those entries to appear in host list right away as Static
Bypassed hosts. It should fix that problem
