Hi
i am an isp and i have about 100 customers, all their address are from 192.168.2.3 to 192.168.2.249.
Part of them have fixed ip stored in their cpe, part of them need dynamic ip via dhcp.
I want to know how to set mikrotik to give dynamic adress via dhcp only from 192.168.2.3 to 192.168.2.80 so i can use other adresses for fixed ip.
Thank you
Re: DHCP pool
Just create a pool with that particular IP range. The DHCP server will then in turn only distribute IPs based on that pool.
Re: DHCP pool
i did it but it doesn't work, initially dhcp assign proper ip but after some days it assigns ip out of range.
I have to set proper pool only in dhcp server or also in user profile server page or other sections?
I have to set proper pool only in dhcp server or also in user profile server page or other sections?
Re: DHCP pool
Post your config so we can take a look.
What version of RouterOS are you running?
What version of RouterOS are you running?
Re: DHCP pool
dhcp pool2 is my desired range:
[admin@MikroTik] /ip> export
# may/18/2009 14:41:03 by RouterOS 3.20
# software id = HXGM-8MT
#
/ip hotspot profile
set default dns-name="" hotspot-address=0.0.0.0 html-directory=hotspot \
http-cookie-lifetime=2d http-proxy=0.0.0.0:0 login-by=\
mac,cookie,http-chap,http-pap mac-auth-password="" name=default \
rate-limit="" smtp-server=0.0.0.0 split-user-domain=no use-radius=no
add dns-name=login.mesagnenet.it hotspot-address=192.168.2.2 html-directory=\
hotspot http-cookie-lifetime=3h http-proxy=0.0.0.0:0 login-by=\
mac,cookie,http-chap,http-pap mac-auth-password="" name=hsprof1 \
nas-port-type=wireless-802.11 radius-accounting=yes \
radius-default-domain="" radius-interim-update=received \
radius-location-id="" radius-location-name="" radius-mac-format=\
XX:XX:XX:XX:XX:XX rate-limit="" smtp-server=0.0.0.0 split-user-domain=no \
use-radius=yes
/ip ipsec manual-sa
add ah-algorithm=null ah-key="" ah-spi=0x100 disabled=no esp-auth-algorithm=\
null esp-auth-key="" esp-enc-algorithm=null esp-enc-key="" esp-spi=0x100 \
lifetime=0s name=sa1
/ip ipsec proposal
set default auth-algorithms=sha1 disabled=no enc-algorithms=3des lifetime=30m \
name=default pfs-group=modp1024
/ip pool
add name=hs-pool-4 ranges=192.168.2.1,192.168.2.3-192.168.2.254
add name=dhcp_pool1 ranges=192.168.2.1,192.168.2.210-192.168.2.240
add name=dhcp_pool2 ranges=\
192.168.2.220-192.168.2.240,192.168.2.1,192.168.2.3-192.168.2.70
add name=pooldhcp ranges=192.168.2.210-192.168.2.240
/ip dhcp-server
add address-pool=dhcp_pool2 authoritative=after-2sec-delay bootp-support=\
static disabled=no interface=ether1 lease-time=6m name=dhcp1
add address-pool=dhcp_pool2 authoritative=after-2sec-delay bootp-support=\
static disabled=no interface=ether2 lease-time=6m name=dhcp2
/ip hotspot
add address-pool=hs-pool-4 addresses-per-mac=2 disabled=no idle-timeout=30m \
interface=ether2 keepalive-timeout=none name=hotspot1 profile=hsprof1
/ip hotspot user profile
set default address-pool=hs-pool-4 advertise=no idle-timeout=40m \
keepalive-timeout=2m name=default open-status-page=always rate-limit=\
170k/15000k shared-users=unlimited status-autorefresh=30m \
transparent-proxy=yes
/ip accounting
set account-local-traffic=no enabled=no threshold=256
/ip accounting web-access
set accessible-via-web=no address=0.0.0.0/0
/ip address
add address=192.168.1.2/24 broadcast=192.168.1.255 comment="" disabled=no \
interface=ether1 network=192.168.1.0
add address=192.168.2.2/24 broadcast=192.168.2.255 comment="" disabled=no \
interface=ether2 network=192.168.2.0
add address=192.168.4.2/24 broadcast=192.168.4.255 comment="" disabled=yes \
network=192.168.4.0
add address=192.168.3.2/24 broadcast=192.168.3.255 comment="" disabled=yes \
network=192.168.3.0
/ip dhcp-server config
set store-leases-disk=5m
/ip dhcp-server network
add address=192.168.2.0/24 comment="hotspot network" gateway=192.168.2.2
/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB \
max-udp-packet-size=512 primary-dns=208.67.222.222 secondary-dns=\
208.67.220.220
/ip dns static
add address=192.168.2.2 disabled=no name=login.mesagnenet.it ttl=5m
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
tcp-close-wait-timeout=10s tcp-established-timeout=1d \
tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s \
tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no \
tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall filter
add action=log chain=forward comment="" disabled=no log-prefix=FW_LOG
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
add action=accept chain=forward comment="" disabled=no
add action=drop chain=input comment="DROP INVALID CONNECTIONS" \
connection-state=invalid disabled=yes
add action=accept chain=input comment="Allow established connections" \
connection-state=established disabled=yes
add action=accept chain=input comment="Allow udp dns" disabled=yes protocol=\
udp src-port=53
add action=accept chain=input comment="allow icmp" disabled=yes protocol=icmp
add action=accept chain=input comment="allow ibound ssh" disabled=yes \
dst-port=22 protocol=tcp
add action=accept chain=forward comment=emule disabled=yes dst-port=4662 \
in-interface="(unknown)" protocol=tcp
add action=accept chain=forward comment="emule udp" disabled=yes dst-port=\
4672 in-interface="(unknown)" protocol=udp
add action=accept chain=forward comment=mstsc disabled=yes dst-port=7777 \
in-interface="(unknown)" protocol=tcp
add action=drop chain=input comment="" disabled=yes in-interface="(unknown)"
add action=drop chain=forward comment="drop invalid connections" \
connection-state=invalid disabled=yes protocol=tcp
add action=accept chain=forward comment="allow already estab connections" \
connection-state=established disabled=yes
add action=accept chain=forward comment="allow related connections" \
connection-state=related disabled=yes
add action=drop chain=forward comment="" disabled=yes in-interface=\
"(unknown)"
add action=accept chain=forward comment="" disabled=no dst-address=\
192.168.2.106 dst-port=3478 in-interface="(unknown)" out-interface=\
"(unknown)" p2p=all-p2p protocol=tcp src-address=192.168.2.106 src-port=\
3478
add action=accept chain=forward comment="" disabled=no dst-address=\
192.168.2.106 dst-port=3478 in-interface="(unknown)" out-interface=\
"(unknown)" p2p=all-p2p protocol=udp src-address=192.168.2.106 src-port=\
3478
/ip firewall mangle
add action=mark-routing chain=prerouting comment="adsl1 load balance" \
disabled=yes new-routing-mark=adsl1 passthrough=no src-address=\
192.168.2.0-192.168.2.154
add action=mark-routing chain=prerouting comment="adsl2 load balance" \
disabled=yes new-routing-mark=adsl2 passthrough=no src-address=\
192.168.2.155-192.168.2.255
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
disabled=no src-address=192.168.2.0/24
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
disabled=no src-address=192.168.2.0/24
add action=dst-nat chain=dstnat comment="emule tcp" disabled=yes dst-port=\
4662 in-interface="(unknown)" protocol=tcp to-addresses=\
192.168.2.0-192.168.2.255 to-ports=4662
add action=dst-nat chain=dstnat comment="emule udp" disabled=yes dst-port=\
4672 in-interface="(unknown)" protocol=udp to-addresses=\
192.168.2.0-192.168.2.255 to-ports=4672
add action=dst-nat chain=dstnat comment=MSTSC disabled=yes dst-port=7777 \
in-interface="(unknown)" protocol=tcp to-addresses=\
192.168.2.0-192.168.2.255 to-ports=3389
add action=dst-nat chain=dstnat comment="videosorveglianza accesso da fuori" \
disabled=yes dst-port=9988 in-interface="(unknown)" protocol=tcp \
to-addresses=192.168.2.210 to-ports=9988
add action=dst-nat chain=dstnat comment="" disabled=yes dst-address=\
212.199.212.5 dst-port=9988 protocol=tcp to-addresses=192.168.2.210 \
to-ports=9988
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061
set pptp disabled=no
/ip hotspot ip-binding
add address=192.168.2.250 comment="" disabled=no mac-address=\
00:92:58:00:63:3A server=hotspot1 type=bypassed
add comment="" disabled=no mac-address=00:13:D4:C9:F7:94 server=hotspot1 \
type=bypassed
add comment="" disabled=no mac-address=00:17:BD:00:55:40 server=hotspot1 \
type=bypassed
/ip hotspot service-port
set ftp disabled=no ports=21
/ip hotspot user
add comment="" disabled=no name=admin password=******* profile=default
add comment="" disabled=yes mac-address=02:00:54:55:4E:01 name=user1 \
password=*** profile=default
add comment="" disabled=yes mac-address=00:1E:68:69:E6:A6 name=*** \
password="" profile=default
add comment="" disabled=yes name=00:E0:18:06:D6:AF password="" profile=\
default server=hotspot1
add comment="" disabled=yes name=00:90:FB:11:F0:65 password="" profile=\
default server=hotspot1
add comment="" disabled=yes mac-address=00:90:FB:11:F0:65 name=*** \
password="" profile=default
/ip hotspot walled-garden
add action=allow comment="place hotspot rules here" disabled=yes
add action=allow comment="" disabled=yes dst-host=www.cicileo.it server=\
hotspot1
add action=allow comment="" disabled=yes method="" server=hotspot1 \
src-address=192.168.2.210
/ip hotspot walled-garden ip
add action=accept comment="" disabled=yes dst-address=192.168.1.2 dst-port=\
0-65535 server=hotspot1 src-address=192.168.2.210
add action=accept comment="" disabled=yes dst-address=192.168.1.254 dst-port=\
0-65535 protocol=udp server=hotspot1 src-address=192.168.2.85
/ip neighbor discovery
set pppoe1 discover=no
set pppoe2 discover=no
set ether1 discover=yes
set ether2 discover=yes
set ether3 discover=yes
set ether4 discover=yes
/ip proxy
set always-from-cache=no cache-administrator=webmaster cache-hit-dscp=4 \
cache-on-disk=no enabled=no max-cache-size=unlimited \
max-client-connections=600 max-fresh-time=3d max-server-connections=600 \
parent-proxy=0.0.0.0 parent-proxy-port=0 port=8080 serialize-connections=\
no src-address=0.0.0.0
/ip route
add comment="" disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=\
192.168.4.254 routing-mark=adsl2 scope=30 target-scope=10
add comment="" disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=\
192.168.4.254 scope=255 target-scope=10
add comment="" disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=\
192.168.1.254 routing-mark=adsl1 scope=30 target-scope=10
add comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
192.168.1.254 scope=255 target-scope=10
/ip service
set telnet address=0.0.0.0/0 disabled=yes port=23
set ftp address=0.0.0.0/0 disabled=yes port=21
set www address=0.0.0.0/0 disabled=no port=80
set ssh address=0.0.0.0/0 disabled=no port=22
set www-ssl address=0.0.0.0/0 certificate=none disabled=no port=443
set api address=0.0.0.0/0 disabled=no port=8728
set winbox address=0.0.0.0/0 disabled=no port=8291
/ip socks
set connection-idle-timeout=2m enabled=no max-connections=200 port=1080
/ip traffic-flow
set active-flow-timeout=30m cache-entries=4k enabled=no \
inactive-flow-timeout=15s interfaces=all
/ip upnp
set allow-disable-external-interface=yes enabled=no show-dummy-rule=yes
[admin@MikroTik] /ip> hotspot
[admin@MikroTik] /ip hotspot> print
Flags: X - disabled, I - invalid, S - HTTPS
# NAME INTERFACE ADDRESS-POOL PROFILE IDLE-TIMEOUT
0 hotspot1 ether2 hs-pool-4 hsprof1 30m
[admin@MikroTik] /ip hotspot> export
# may/18/2009 14:41:30 by RouterOS 3.20
# software id = HXGM-8MT
#
/ip hotspot profile
set default dns-name="" hotspot-address=0.0.0.0 html-directory=hotspot \
http-cookie-lifetime=2d http-proxy=0.0.0.0:0 login-by=\
mac,cookie,http-chap,http-pap mac-auth-password="" name=default \
rate-limit="" smtp-server=0.0.0.0 split-user-domain=no use-radius=no
add dns-name=login.mesagnenet.it hotspot-address=192.168.2.2 html-directory=\
hotspot http-cookie-lifetime=3h http-proxy=0.0.0.0:0 login-by=\
mac,cookie,http-chap,http-pap mac-auth-password="" name=hsprof1 \
nas-port-type=wireless-802.11 radius-accounting=yes \
radius-default-domain="" radius-interim-update=received \
radius-location-id="" radius-location-name="" radius-mac-format=\
XX:XX:XX:XX:XX:XX rate-limit="" smtp-server=0.0.0.0 split-user-domain=no \
use-radius=yes
/ip hotspot
add address-pool=hs-pool-4 addresses-per-mac=2 disabled=no idle-timeout=30m \
interface=ether2 keepalive-timeout=none name=hotspot1 profile=hsprof1
/ip hotspot user profile
set default address-pool=hs-pool-4 advertise=no idle-timeout=40m \
keepalive-timeout=2m name=default open-status-page=always rate-limit=\
170k/15000k shared-users=unlimited status-autorefresh=30m \
transparent-proxy=yes
/ip hotspot ip-binding
add address=192.168.2.250 comment="" disabled=no mac-address=\
00:92:58:00:63:3A server=hotspot1 type=bypassed
add comment="" disabled=no mac-address=00:13:D4:C9:F7:94 server=hotspot1 \
type=bypassed
add comment="" disabled=no mac-address=00:17:BD:00:55:40 server=hotspot1 \
type=bypassed
/ip hotspot service-port
set ftp disabled=no ports=21
/ip hotspot user
add comment="" disabled=no name=admin password=**** profile=default
add comment="" disabled=yes mac-address=02:00:54:55:4E:01 name=user1 \
password=**** profile=default
add comment="" disabled=yes mac-address=00:1E:68:69:E6:A6 name=*** \
password="" profile=default
add comment="" disabled=yes name=00:E0:18:06:D6:AF password="" profile=\
default server=hotspot1
add comment="" disabled=yes name=00:90:FB:11:F0:65 password="" profile=\
default server=hotspot1
add comment="" disabled=yes mac-address=00:90:FB:11:F0:65 name=*** \
password="" profile=default
/ip hotspot walled-garden
add action=allow comment="place hotspot rules here" disabled=yes
add action=allow comment="" disabled=yes dst-host=www.cicileo.it server=\
hotspot1
add action=allow comment="" disabled=yes method="" server=hotspot1 \
src-address=192.168.2.210
/ip hotspot walled-garden ip
add action=accept comment="" disabled=yes dst-address=192.168.1.2 dst-port=\
0-65535 server=hotspot1 src-address=192.168.2.210
add action=accept comment="" disabled=yes dst-address=192.168.1.254 dst-port=\
0-65535 protocol=udp server=hotspot1 src-address=192.168.2.85
[admin@MikroTik] /ip hotspot>
[admin@MikroTik] /ip> export
# may/18/2009 14:41:03 by RouterOS 3.20
# software id = HXGM-8MT
#
/ip hotspot profile
set default dns-name="" hotspot-address=0.0.0.0 html-directory=hotspot \
http-cookie-lifetime=2d http-proxy=0.0.0.0:0 login-by=\
mac,cookie,http-chap,http-pap mac-auth-password="" name=default \
rate-limit="" smtp-server=0.0.0.0 split-user-domain=no use-radius=no
add dns-name=login.mesagnenet.it hotspot-address=192.168.2.2 html-directory=\
hotspot http-cookie-lifetime=3h http-proxy=0.0.0.0:0 login-by=\
mac,cookie,http-chap,http-pap mac-auth-password="" name=hsprof1 \
nas-port-type=wireless-802.11 radius-accounting=yes \
radius-default-domain="" radius-interim-update=received \
radius-location-id="" radius-location-name="" radius-mac-format=\
XX:XX:XX:XX:XX:XX rate-limit="" smtp-server=0.0.0.0 split-user-domain=no \
use-radius=yes
/ip ipsec manual-sa
add ah-algorithm=null ah-key="" ah-spi=0x100 disabled=no esp-auth-algorithm=\
null esp-auth-key="" esp-enc-algorithm=null esp-enc-key="" esp-spi=0x100 \
lifetime=0s name=sa1
/ip ipsec proposal
set default auth-algorithms=sha1 disabled=no enc-algorithms=3des lifetime=30m \
name=default pfs-group=modp1024
/ip pool
add name=hs-pool-4 ranges=192.168.2.1,192.168.2.3-192.168.2.254
add name=dhcp_pool1 ranges=192.168.2.1,192.168.2.210-192.168.2.240
add name=dhcp_pool2 ranges=\
192.168.2.220-192.168.2.240,192.168.2.1,192.168.2.3-192.168.2.70
add name=pooldhcp ranges=192.168.2.210-192.168.2.240
/ip dhcp-server
add address-pool=dhcp_pool2 authoritative=after-2sec-delay bootp-support=\
static disabled=no interface=ether1 lease-time=6m name=dhcp1
add address-pool=dhcp_pool2 authoritative=after-2sec-delay bootp-support=\
static disabled=no interface=ether2 lease-time=6m name=dhcp2
/ip hotspot
add address-pool=hs-pool-4 addresses-per-mac=2 disabled=no idle-timeout=30m \
interface=ether2 keepalive-timeout=none name=hotspot1 profile=hsprof1
/ip hotspot user profile
set default address-pool=hs-pool-4 advertise=no idle-timeout=40m \
keepalive-timeout=2m name=default open-status-page=always rate-limit=\
170k/15000k shared-users=unlimited status-autorefresh=30m \
transparent-proxy=yes
/ip accounting
set account-local-traffic=no enabled=no threshold=256
/ip accounting web-access
set accessible-via-web=no address=0.0.0.0/0
/ip address
add address=192.168.1.2/24 broadcast=192.168.1.255 comment="" disabled=no \
interface=ether1 network=192.168.1.0
add address=192.168.2.2/24 broadcast=192.168.2.255 comment="" disabled=no \
interface=ether2 network=192.168.2.0
add address=192.168.4.2/24 broadcast=192.168.4.255 comment="" disabled=yes \
network=192.168.4.0
add address=192.168.3.2/24 broadcast=192.168.3.255 comment="" disabled=yes \
network=192.168.3.0
/ip dhcp-server config
set store-leases-disk=5m
/ip dhcp-server network
add address=192.168.2.0/24 comment="hotspot network" gateway=192.168.2.2
/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB \
max-udp-packet-size=512 primary-dns=208.67.222.222 secondary-dns=\
208.67.220.220
/ip dns static
add address=192.168.2.2 disabled=no name=login.mesagnenet.it ttl=5m
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
tcp-close-wait-timeout=10s tcp-established-timeout=1d \
tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s \
tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no \
tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall filter
add action=log chain=forward comment="" disabled=no log-prefix=FW_LOG
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
add action=accept chain=forward comment="" disabled=no
add action=drop chain=input comment="DROP INVALID CONNECTIONS" \
connection-state=invalid disabled=yes
add action=accept chain=input comment="Allow established connections" \
connection-state=established disabled=yes
add action=accept chain=input comment="Allow udp dns" disabled=yes protocol=\
udp src-port=53
add action=accept chain=input comment="allow icmp" disabled=yes protocol=icmp
add action=accept chain=input comment="allow ibound ssh" disabled=yes \
dst-port=22 protocol=tcp
add action=accept chain=forward comment=emule disabled=yes dst-port=4662 \
in-interface="(unknown)" protocol=tcp
add action=accept chain=forward comment="emule udp" disabled=yes dst-port=\
4672 in-interface="(unknown)" protocol=udp
add action=accept chain=forward comment=mstsc disabled=yes dst-port=7777 \
in-interface="(unknown)" protocol=tcp
add action=drop chain=input comment="" disabled=yes in-interface="(unknown)"
add action=drop chain=forward comment="drop invalid connections" \
connection-state=invalid disabled=yes protocol=tcp
add action=accept chain=forward comment="allow already estab connections" \
connection-state=established disabled=yes
add action=accept chain=forward comment="allow related connections" \
connection-state=related disabled=yes
add action=drop chain=forward comment="" disabled=yes in-interface=\
"(unknown)"
add action=accept chain=forward comment="" disabled=no dst-address=\
192.168.2.106 dst-port=3478 in-interface="(unknown)" out-interface=\
"(unknown)" p2p=all-p2p protocol=tcp src-address=192.168.2.106 src-port=\
3478
add action=accept chain=forward comment="" disabled=no dst-address=\
192.168.2.106 dst-port=3478 in-interface="(unknown)" out-interface=\
"(unknown)" p2p=all-p2p protocol=udp src-address=192.168.2.106 src-port=\
3478
/ip firewall mangle
add action=mark-routing chain=prerouting comment="adsl1 load balance" \
disabled=yes new-routing-mark=adsl1 passthrough=no src-address=\
192.168.2.0-192.168.2.154
add action=mark-routing chain=prerouting comment="adsl2 load balance" \
disabled=yes new-routing-mark=adsl2 passthrough=no src-address=\
192.168.2.155-192.168.2.255
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
disabled=no src-address=192.168.2.0/24
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
disabled=no src-address=192.168.2.0/24
add action=dst-nat chain=dstnat comment="emule tcp" disabled=yes dst-port=\
4662 in-interface="(unknown)" protocol=tcp to-addresses=\
192.168.2.0-192.168.2.255 to-ports=4662
add action=dst-nat chain=dstnat comment="emule udp" disabled=yes dst-port=\
4672 in-interface="(unknown)" protocol=udp to-addresses=\
192.168.2.0-192.168.2.255 to-ports=4672
add action=dst-nat chain=dstnat comment=MSTSC disabled=yes dst-port=7777 \
in-interface="(unknown)" protocol=tcp to-addresses=\
192.168.2.0-192.168.2.255 to-ports=3389
add action=dst-nat chain=dstnat comment="videosorveglianza accesso da fuori" \
disabled=yes dst-port=9988 in-interface="(unknown)" protocol=tcp \
to-addresses=192.168.2.210 to-ports=9988
add action=dst-nat chain=dstnat comment="" disabled=yes dst-address=\
212.199.212.5 dst-port=9988 protocol=tcp to-addresses=192.168.2.210 \
to-ports=9988
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061
set pptp disabled=no
/ip hotspot ip-binding
add address=192.168.2.250 comment="" disabled=no mac-address=\
00:92:58:00:63:3A server=hotspot1 type=bypassed
add comment="" disabled=no mac-address=00:13:D4:C9:F7:94 server=hotspot1 \
type=bypassed
add comment="" disabled=no mac-address=00:17:BD:00:55:40 server=hotspot1 \
type=bypassed
/ip hotspot service-port
set ftp disabled=no ports=21
/ip hotspot user
add comment="" disabled=no name=admin password=******* profile=default
add comment="" disabled=yes mac-address=02:00:54:55:4E:01 name=user1 \
password=*** profile=default
add comment="" disabled=yes mac-address=00:1E:68:69:E6:A6 name=*** \
password="" profile=default
add comment="" disabled=yes name=00:E0:18:06:D6:AF password="" profile=\
default server=hotspot1
add comment="" disabled=yes name=00:90:FB:11:F0:65 password="" profile=\
default server=hotspot1
add comment="" disabled=yes mac-address=00:90:FB:11:F0:65 name=*** \
password="" profile=default
/ip hotspot walled-garden
add action=allow comment="place hotspot rules here" disabled=yes
add action=allow comment="" disabled=yes dst-host=www.cicileo.it server=\
hotspot1
add action=allow comment="" disabled=yes method="" server=hotspot1 \
src-address=192.168.2.210
/ip hotspot walled-garden ip
add action=accept comment="" disabled=yes dst-address=192.168.1.2 dst-port=\
0-65535 server=hotspot1 src-address=192.168.2.210
add action=accept comment="" disabled=yes dst-address=192.168.1.254 dst-port=\
0-65535 protocol=udp server=hotspot1 src-address=192.168.2.85
/ip neighbor discovery
set pppoe1 discover=no
set pppoe2 discover=no
set ether1 discover=yes
set ether2 discover=yes
set ether3 discover=yes
set ether4 discover=yes
/ip proxy
set always-from-cache=no cache-administrator=webmaster cache-hit-dscp=4 \
cache-on-disk=no enabled=no max-cache-size=unlimited \
max-client-connections=600 max-fresh-time=3d max-server-connections=600 \
parent-proxy=0.0.0.0 parent-proxy-port=0 port=8080 serialize-connections=\
no src-address=0.0.0.0
/ip route
add comment="" disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=\
192.168.4.254 routing-mark=adsl2 scope=30 target-scope=10
add comment="" disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=\
192.168.4.254 scope=255 target-scope=10
add comment="" disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=\
192.168.1.254 routing-mark=adsl1 scope=30 target-scope=10
add comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
192.168.1.254 scope=255 target-scope=10
/ip service
set telnet address=0.0.0.0/0 disabled=yes port=23
set ftp address=0.0.0.0/0 disabled=yes port=21
set www address=0.0.0.0/0 disabled=no port=80
set ssh address=0.0.0.0/0 disabled=no port=22
set www-ssl address=0.0.0.0/0 certificate=none disabled=no port=443
set api address=0.0.0.0/0 disabled=no port=8728
set winbox address=0.0.0.0/0 disabled=no port=8291
/ip socks
set connection-idle-timeout=2m enabled=no max-connections=200 port=1080
/ip traffic-flow
set active-flow-timeout=30m cache-entries=4k enabled=no \
inactive-flow-timeout=15s interfaces=all
/ip upnp
set allow-disable-external-interface=yes enabled=no show-dummy-rule=yes
[admin@MikroTik] /ip> hotspot
[admin@MikroTik] /ip hotspot> print
Flags: X - disabled, I - invalid, S - HTTPS
# NAME INTERFACE ADDRESS-POOL PROFILE IDLE-TIMEOUT
0 hotspot1 ether2 hs-pool-4 hsprof1 30m
[admin@MikroTik] /ip hotspot> export
# may/18/2009 14:41:30 by RouterOS 3.20
# software id = HXGM-8MT
#
/ip hotspot profile
set default dns-name="" hotspot-address=0.0.0.0 html-directory=hotspot \
http-cookie-lifetime=2d http-proxy=0.0.0.0:0 login-by=\
mac,cookie,http-chap,http-pap mac-auth-password="" name=default \
rate-limit="" smtp-server=0.0.0.0 split-user-domain=no use-radius=no
add dns-name=login.mesagnenet.it hotspot-address=192.168.2.2 html-directory=\
hotspot http-cookie-lifetime=3h http-proxy=0.0.0.0:0 login-by=\
mac,cookie,http-chap,http-pap mac-auth-password="" name=hsprof1 \
nas-port-type=wireless-802.11 radius-accounting=yes \
radius-default-domain="" radius-interim-update=received \
radius-location-id="" radius-location-name="" radius-mac-format=\
XX:XX:XX:XX:XX:XX rate-limit="" smtp-server=0.0.0.0 split-user-domain=no \
use-radius=yes
/ip hotspot
add address-pool=hs-pool-4 addresses-per-mac=2 disabled=no idle-timeout=30m \
interface=ether2 keepalive-timeout=none name=hotspot1 profile=hsprof1
/ip hotspot user profile
set default address-pool=hs-pool-4 advertise=no idle-timeout=40m \
keepalive-timeout=2m name=default open-status-page=always rate-limit=\
170k/15000k shared-users=unlimited status-autorefresh=30m \
transparent-proxy=yes
/ip hotspot ip-binding
add address=192.168.2.250 comment="" disabled=no mac-address=\
00:92:58:00:63:3A server=hotspot1 type=bypassed
add comment="" disabled=no mac-address=00:13:D4:C9:F7:94 server=hotspot1 \
type=bypassed
add comment="" disabled=no mac-address=00:17:BD:00:55:40 server=hotspot1 \
type=bypassed
/ip hotspot service-port
set ftp disabled=no ports=21
/ip hotspot user
add comment="" disabled=no name=admin password=**** profile=default
add comment="" disabled=yes mac-address=02:00:54:55:4E:01 name=user1 \
password=**** profile=default
add comment="" disabled=yes mac-address=00:1E:68:69:E6:A6 name=*** \
password="" profile=default
add comment="" disabled=yes name=00:E0:18:06:D6:AF password="" profile=\
default server=hotspot1
add comment="" disabled=yes name=00:90:FB:11:F0:65 password="" profile=\
default server=hotspot1
add comment="" disabled=yes mac-address=00:90:FB:11:F0:65 name=*** \
password="" profile=default
/ip hotspot walled-garden
add action=allow comment="place hotspot rules here" disabled=yes
add action=allow comment="" disabled=yes dst-host=www.cicileo.it server=\
hotspot1
add action=allow comment="" disabled=yes method="" server=hotspot1 \
src-address=192.168.2.210
/ip hotspot walled-garden ip
add action=accept comment="" disabled=yes dst-address=192.168.1.2 dst-port=\
0-65535 server=hotspot1 src-address=192.168.2.210
add action=accept comment="" disabled=yes dst-address=192.168.1.254 dst-port=\
0-65535 protocol=udp server=hotspot1 src-address=192.168.2.85
[admin@MikroTik] /ip hotspot>
Re: DHCP pool
I'm not following this. There appears to be overlapping address ranges. Why don't you just have one subnet for pool1 and another for pool2?/ip pool
add name=hs-pool-4 ranges=192.168.2.1,192.168.2.3-192.168.2.254
add name=dhcp_pool1 ranges=192.168.2.1,192.168.2.210-192.168.2.240
add name=dhcp_pool2 ranges=\
192.168.2.220-192.168.2.240,192.168.2.1,192.168.2.3-192.168.2.70
add name=pooldhcp ranges=192.168.2.210-192.168.2.240
Re: DHCP pool
i am using only hs-pool4 for all users ip in hotspot "users profile" and "servers"
and dhcp-pool2 for users in dhcp mode (ip dhcp server).
do not consider other pool.
have i to use dhcp_pool2 only in ip/dhcp server or also in other sections?
thak you for your help.
and dhcp-pool2 for users in dhcp mode (ip dhcp server).
do not consider other pool.
have i to use dhcp_pool2 only in ip/dhcp server or also in other sections?
thak you for your help.
Re: DHCP pool
What I mean is use a contiguous IP pool.
Re: DHCP pool
Ok, but tell me: in hotspot "users profile" and "servers" i have to insert a pool with all possible ip of my users or only of users with dhcp?
Re: DHCP pool
Sorry but I haven't used hotspot before.Ok, but tell me: in hotspot "users profile" and "servers" i have to insert a pool with all possible ip of my users or only of users with dhcp?
Re: DHCP pool
enjoy, let's start afresh - clear your ip pool list.
I assume you've assigned an ip to your hotspot interface (ether2= 192.168.2.2/24).
Now create a dhcp server using setup - ensure the ether2 interface and the 192.168.2.2/24 address space are specified.
Automatically an ip pool will be created using the 192.168.2.2/24 address space. Now go to address pool list and edit that list to contain only the ip range you want available for the hotspot (e.g instead of 192.168.2.1,192.168.2.3-192.168.2.254 you can edit it to 192.168.2.200-192.168.2.254).
Now create a hotspot server using setup - confirm the ether2 interface, confirm the interface address (192.168.2.2) and importantly, confirm the address pool to use for the hotspot (ie the one you edited previously).
That's it - dhcp clients will automatically get ip addresses from the pool and other clients will use the static ip you assign, outside the pool.
Cheers.
I assume you've assigned an ip to your hotspot interface (ether2= 192.168.2.2/24).
Now create a dhcp server using setup - ensure the ether2 interface and the 192.168.2.2/24 address space are specified.
Automatically an ip pool will be created using the 192.168.2.2/24 address space. Now go to address pool list and edit that list to contain only the ip range you want available for the hotspot (e.g instead of 192.168.2.1,192.168.2.3-192.168.2.254 you can edit it to 192.168.2.200-192.168.2.254).
Now create a hotspot server using setup - confirm the ether2 interface, confirm the interface address (192.168.2.2) and importantly, confirm the address pool to use for the hotspot (ie the one you edited previously).
That's it - dhcp clients will automatically get ip addresses from the pool and other clients will use the static ip you assign, outside the pool.
Cheers.
Re: DHCP pool
thank you very much!
can you explain me the difference between the address pool in "servers" and "user profiles" of hotspot ?
thanks again
can you explain me the difference between the address pool in "servers" and "user profiles" of hotspot ?
thanks again
Re: DHCP pool
The address-pool in hotspot server refers to the pools we have just created and is the primary pool used for one-to-one nat (translates any client ip address to an address within our pool).
As far as i know the address-pool in hotspot user profile is largely redundant for most configurations. But it can be used to perform another layer of nat if a different ip pool (from server address-pool) is specified. I haven't had cause to use it so mine is set to the default - none.
Cheers.
As far as i know the address-pool in hotspot user profile is largely redundant for most configurations. But it can be used to perform another layer of nat if a different ip pool (from server address-pool) is specified. I haven't had cause to use it so mine is set to the default - none.
Cheers.
Re: DHCP pool
you can read from this http://mikrotik.unimedcenter.org/mikrot ... hcp-server