two interface into 1 switch

sohongratana · March 29, 2011, 6:54am

Please help to configure?add give some advice.

jtroybailey · March 29, 2011, 9:12am

cant do that without managed switches

sohongratana · March 29, 2011, 10:13am

there 2 interface:
1.LAN: no dhcp. gateway:192.168.10.1
2. Hotspot dhcp server. gateway:192.168.100.xxx
we connect 2 interface into 1 switch.
all client in lan who want to use internet without login hotspot fix ip 192.168.10.xxx
and who use dhcp client must be login to use hotspot to use internet.
can or can’t? and what’s happen if we do this?
thz for your reply

jtroybailey · March 29, 2011, 10:25am

well to yes, would work, but whats stopping someone from using a packet sniffer like wireshark and setting their ip manually, also not very secure what so ever. In my opinion it would be better to spend a little more and get managed switches and setup vlans, please correct me if i am wrong

sohongratana · March 29, 2011, 3:31pm

Thanks for your advices friend. but this structure depend on budget also .
i will upgrade it step by step.
Anyway do u think in this structure if no someone using packet sniffer it working stable or not?

fewi · March 29, 2011, 4:03pm

It’s an ugly hack and you shouldn’t deploy it (budget is no excuse to do a bad job), but it would work. It would overlay two broadcast domains on one physical network, which is fairly bad practice.

sohongratana · March 30, 2011, 2:01am

[admin@MikroTik] > interface print detail
Flags: D - dynamic, X - disabled, R - running, S - slave
0 name="WAN" type="ether" mtu=1500 l2mtu=1524
1 R name="LAN" type="ether" mtu=1500 l2mtu=1524
2 name="HotSpot" type="ether" mtu=1500 l2mtu=1524
3 name="ether4" type="ether" mtu=1500 l2mtu=1524
4 name="ether5" type="ether" mtu=1500 l2mtu=1524
5 name="internet" type="pppoe-out

admin@MikroTik] > ip firewall export

jan/02/1970 00:04:12 by RouterOS 4.5

software id = CX4H-CKWA

/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s
tcp-close-wait-timeout=10s tcp-established-timeout=1d tcp-fin-wait-timeout=10s
tcp-last-ack-timeout=10s tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s
tcp-syncookie=no tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=
10s
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here"
disabled=yes
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here"
disabled=yes
add action=masquerade chain=srcnat comment="" disabled=no src-address=
192.168.10.0/24
add action=masquerade chain=srcnat comment="masquerade hotspot network" disabled=no
src-address=192.168.100.0/24
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061
set pptp disabled=no
[admin@MikroTik] > ip address print detail
Flags: X - disabled, I - invalid, D - dynamic
0 address=192.168.10.1/24 network=192.168.10.0 broadcast=192.168.10.255
interface=LAN actual-interface=LAN
1 address=192.168.100.1/24 network=192.168.100.0 broadcast=192.168.100.255
interface=HotSpot actual-interface=HotSpot
[admin@MikroTik] > ip route print detail
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
0 ADC dst-address=192.168.10.0/24 pref-src=192.168.10.1 gateway=LAN
gateway-status=LAN reachable distance=0 scope=10
1 ADC dst-address=192.168.100.0/24 pref-src=192.168.100.1 gateway=HotSpot
gateway-status=HotSpot unreachable distance=0 scope=200

not yet configure wan