Two hotspot networks on one Mikrotik router

RouterOS Wireless Networking
1

Hello,

I already have a hotspot WiFi network which has been configured using Hotspot Setup Wizard. This network uses a separate VLAN 12 (inside VLAN 12 there are TP-LINK APs that use this hotspot network – Mikrotik isn’t an AP). Now I would like to add another WiFi hotspot network on VLAN 13 but I’m not sure if I can again use Hotspot Setup Wizard or should I create this new WiFi Hotspot network manually (and how – I’m confused about the jump, redirect etc. firewall rules). Mostly I’m confused about firewall/NAT rules (if wizard will create new rules and still keep the old one so that both hotspot networks can work normally). I would also like to use a different outbound interface for this new hotspot network (another WAN link). Is this possible and how?

Thank you!

Best wishes,
Marko

2

I’m not really a pro at vlans, but I have multiple hotspots on one router. I even have two hotspots on the same radio using VAPs.

Use the hotspot setup wizard. It keeps both networks separate. Specify the new interface when it asks.

3

Add a VLAN13 to your router interface
Add an address/network to your VLAN13 (different from the VLAN12 network)
Add a new hotspot on VLAN13 - no worries, your second hotspot won’t disturb the first one as it is in separate network
Plug your APs and test, you should be fine with the VLAN13 hotspot

If you want/need, prevent VLAN12/VLAN13 routing (i think Routerboard does inter VLAN routing this by default)

/ip firewall filter 
add chain=forward src-address=[VLAN 12 NETWORK] dst-address=[VLAN 13 NETWORK] action=drop
add chain=forward src-address=[VLAN 13 NETWORK] dst-address=[VLAN 12 NETWORK] action=drop

And if you want to use a different WAN for the VLAN13 network, use mangle to mark packets

/ip firewall mangle
add action=mark-routing chain=prerouting disabled=yes new-routing-mark=isp12 passthrough=no src-address=[VLAN 12 NETWORK]
add action=mark-routing chain=prerouting disabled=yes new-routing-mark=isp13 passthrough=no src-address=[VLAN 13 NETWORK]

and alter your routing table to send packets where you want to

/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=[GATEWAY 12] routing-mark=isp12 scope=30 target-scope=10
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=[GATEWAY 13] routing-mark=isp13 scope=30 target-scope=10

However, this configuration will not work if you have a local proxy (for logging hotspot activity), as far as i understand the proxy will initiate new connections, therefore the packet marking/routing won’t be taken in account.

4

Hi,

thank you both, this worked great!

Now I have another question about hotspot and vouchers. I would like to create a hotspot on which users could authenticate using RADIUS authentication (using Active Directory users) if they have a RADIUS account, if not they could authenticate using captive portal with a voucher.

My question is how should I configure hotspot authentication to support both methods and if there is any free software for managing vouchers and creating bulk vouchers to print for the users. What should be configured in my captive portal HTML file so that users can enter their voucher (I would like to issue only 6 digit code, no username) and access the internet.

Thank you!

Best wishes,
Marko

5

MT itself have Userman
you can download it from mt site & install
configur as you want , it also support paypal for online support
more you can get support form mt support to add your own payment option if any

6

I will try this.

Thank you!

Best wishes,
Marko