Folks, once again, I would appreciate it if anybody can point me in the right direction for the right configuration of my network.
The scenario as I have shown in the diagram below is that of a network where I have internet and local users. I need to achieve a few things with this diagram and will need some suggestions and configuration examples if possible to carry it out.
All users on the network are being handed DHCP through the bridged port of the 450G (WORKS FINE)
All users go through the HOTSPOT on the 450G before accessing the internet or any service on the local server with bandwidth limitations. (WORKS FINE) but not exactly as I want it.
WHAT I WANT TO ACHIEVE
I need to allocate different bandwidth quotas for internet users and local users. What is happening now is that, any bandwidth set in mikrotik for internet users is also applied to local users. Local users need to be allocated different bandwidth limits and internet users different bandwidth limits. Someone suggested some configurations but with my level of mikrotik knowledge I doubt if I can really work my heard around that. I have been thinking if there are other ways to go around the problem.
WHAT I PLAN DOING
I want to use two RBs for individual hotspots. I will then separate the incoming links from my APs and direct them to the corresponding hotspot depending on the request made by a customer to fetch information from internet or local server.
By doing so it will be easy for me to apply bandwidth rules independently and freely.
The question is, how is it possible to separate the links before they hit my 2 RBs?
I will really appreciate it if anyone can point me in the right direction to achieve this.
I have implemented such network setup with mikrotik in wired environment a few years ago in a
public university in my city which still works excellent.
what I did:
i used ip>firewall>mangle and then mark all packet based on source IP & define address list in
ip>firewall>address list.
I mark packet as “local traffic” and “Foreign traffic” which is internet.
I added simple queues for all the ip users group and create 2 simple queues for each IP/subnet.
Hi Litu,
Thanks for the suggestions and will be really interested in knowing more about your design setup and configuration. Am still looking out for ways to go about the design. What I have finally planned to do is to use a VLAN capable switch so that I can separate a group of ports into say VLAN1 and another group into VLAN2, thereby creating two different IP groups or subnet. The VLANs will then be fed into two separate mikrotiks which can then be used to control bandwidth for local and internet users.
Meanwhile, on my mikrotik access points (411ARs) I want to create 2 virtual access points for ssid to reflect signal for LAN users and another for internet users. Users who click on LAN signal will be directly forwarded to the local server through one VLAN and go directly through one mikrotik to access service whilst users who click on the internet link will go through the other VLAN for internet service. Firewal rules can then be easily implemented on the individual mikrotiks.
I have not fully implemented the idea yet but I hope it should work.
