Community discussions

MikroTik App
 
remonboonstra
just joined
Topic Author
Posts: 17
Joined: Sun Aug 30, 2015 12:08 am

Hotspot setup failing

Tue May 21, 2019 11:13 pm

Hi all,

I'm trying to setup a hotspot (second Mikrotik setup I'm doing - first is still working :-) ), but I'm currently lost in all the possibilities.

What I'm trying to achieve:
- Port 9 and 10 --> bridge-hotspot (will contain 2 ports, 1 for all hotspot users, one for admin usage)
- Port 6,7,8 --> bridge-admin (will contain an 'open' connection to the internet -- aka no hotspot).
- Port 1 --> Internet - DHCP client.

As soon as I activate the hotspot which is on bridge-hotspot it stops all the flow on these ports.

I tried stripping almost everything, even no bridges (I thought this was the cause). But even that didn't work out.

I must be overseeing something which is wrongly configured and I don't see it (anymore).

Any help is welcome, if you need more info let me know!

Remon
# may/21/2019 21:07:03 by RouterOS 6.44.2
# model = RB4011iGS+

/interface bridge
add admin-mac=74:4D:28:64:94:B2 auto-mac=no name=bridge-admin
add admin-mac=74:4D:28:64:94:B1 auto-mac=no name=bridge-hotspot

/interface ethernet
set [ find default-name=ether1 ] name=ether1-internet-dhcp
set [ find default-name=ether2 ] name=ether2-not-used
set [ find default-name=ether3 ] name=ether3-not-used
set [ find default-name=ether4 ] name=ether4-not-used
set [ find default-name=ether5 ] name=ether5-not-used
set [ find default-name=sfp-sfpplus1 ] disabled=yes

/interface list
add name=WAN
add name=LAN-HOTSPOT
add name=LAN-ADMIN

/ip hotspot profile
set [ find default=yes ] dns-name=hotspot.nl hotspot-address=192.168.4.1 html-directory="" login-by=http-chap,mac-cookie name=hotspot-server-profile

/ip pool
add name=dhcp-pool-hotspot ranges=192.168.4.10-192.168.5.254
add name=ipsec-pool-local ranges=172.168.0.1-172.168.0.100
add name=ipsec-pool-remote ranges=172.168.0.101-172.168.0.200
add name=dhcp-pool-admin ranges=192.168.88.10-192.168.88.254

/ip dhcp-server
add address-pool=dhcp-pool-hotspot disabled=no interface=bridge-hotspot lease-script="/system script run corinex-bypass" name=dhcp-server-hotspot
add address-pool=dhcp-pool-admin   disabled=no interface=bridge-admin name=dhcp-server-admin

/ip hotspot
add address-pool=dhcp-pool-hotspot idle-timeout=none interface=bridge-hotspot name=hotspot-server

/ip hotspot user profile
set [ find default=yes ] address-pool=dhcp-pool-hotspot mac-cookie-timeout=128w4d name=5mbit-4users on-login=":log info \"Login\";" on-logout=":log info \"Logout\";" shared-users=4
add address-pool=dhcp-pool-hotspot !idle-timeout mac-cookie-timeout=142w5d name=unlimited on-login=":log info \"Login\";" on-logout=":log info \"Logout\";" shared-users=unlimited

/ppp profile
set *FFFFFFFE local-address=ipsec-pool-local remote-address=ipsec-pool-remote

/interface bridge port
add bridge=bridge-admin interface=ether6
add bridge=bridge-admin interface=ether7
add bridge=bridge-hotspot interface=ether8
add bridge=bridge-hotspot interface=ether9
add bridge=bridge-hotspot interface=ether10

/interface bridge settings
set use-ip-firewall=yes

/ip neighbor discovery-settings
set discover-interface-list=LAN-ADMIN

/interface list member
add interface=bridge-hotspot list=LAN-HOTSPOT
add interface=ether1-internet-dhcp list=WAN
add interface=bridge-admin list=LAN-ADMIN

/ip address
add address=192.168.88.1/24 interface=bridge-admin network=192.168.88.0
add address=192.168.4.1/23 interface=bridge-hotspot network=192.168.4.0

/ip cloud
set ddns-enabled=yes ddns-update-interval=5m

/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=ether1-internet-dhcp

/ip dhcp-server alert
add disabled=no interface=bridge-hotspot on-alert=":log error \"Other DHCP Server found on hotspot network!\";"

/ip dhcp-server network
add address=192.168.4.0/23 dns-server=1.1.1.1,8.8.8.8 domain=lan.hotspot gateway=192.168.4.1
add address=192.168.88.0/24 dns-server=1.1.1.1,8.8.8.8 domain=lan.admin gateway=192.168.88.1

/ip dns
set allow-remote-requests=yes servers=1.1.1.1,8.8.8.8

/ip firewall filter
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf:  drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat src-address=192.168.4.0/23
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN

/ip hotspot user
add name=remon password=somepassword server=hotspot-server

/ip hotspot walled-garden
add dst-host=www.mysite.nl

/ip service
set telnet disabled=yes
set ftp disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ip upnp
set show-dummy-rule=no
/ppp aaa
set accounting=no
/system clock
set time-zone-name=Europe/Amsterdam
/system identity
set name=hotspot
/system ntp client
set enabled=yes server-dns-names=pool.ntp.org
/tool mac-server
set allowed-interface-list=LAN-HOTSPOT
/tool mac-server mac-winbox
set allowed-interface-list=LAN-HOTSPOT
/tool romon port
add disabled=no forbid=yes interface=ether1-internet-dhcp

Who is online

Users browsing this forum: Ahrefs [Bot], Bing [Bot] and 95 guests