Community discussions

 
harjeetv
just joined
Topic Author
Posts: 8
Joined: Tue Jan 23, 2018 2:40 pm
Location: India
Contact:

Hotspot allow addresslist and drop rest

Mon Oct 07, 2019 2:29 pm

Hi,

I have been trying to allow only certain ip pool for hotspot authentication and drop all other for single ethernet port.

configuration is as follows:
/ip firewall address-list
add address=172.16.118.64/26 comment="Ether 5 Allowed Client IP's" list="ether5 allowed ip"

/ip firewall filter (this rule is in position 0)
add action=drop chain=input in-interface=ether5 log=yes log-prefix="Dropped " src-address-list="!ether5 allowed ip"

still i can see other IP address being authenticated from ether5 for hotspot. i had tried changing the chain to forward, hs-input but still does not work.
 
dmitris
newbie
Posts: 42
Joined: Mon Oct 09, 2017 1:08 pm

Re: Hotspot allow addresslist and drop rest

Mon Oct 07, 2019 2:45 pm

Try in mangle on prerouting chain...
/ip firewall mangle
add action=drop chain=prerouting in-interface=ether5 log=yes log-prefix="Dropped " src-address-list="!ether5 allowed ip"
 
harjeetv
just joined
Topic Author
Posts: 8
Joined: Tue Jan 23, 2018 2:40 pm
Location: India
Contact:

Re: Hotspot allow addresslist and drop rest

Mon Oct 07, 2019 2:51 pm

Try in mangle on prerouting chain...
/ip firewall mangle
add action=drop chain=prerouting in-interface=ether5 log=yes log-prefix="Dropped " src-address-list="!ether5 allowed ip"
But Firewall Mangle does not have action=drop
 
dmitris
newbie
Posts: 42
Joined: Mon Oct 09, 2017 1:08 pm

Re: Hotspot allow addresslist and drop rest

Mon Oct 07, 2019 4:59 pm

Sorry my fault..

Look at mikrotik packet flow diagramm:
https://wiki.mikrotik.com/wiki/Manual:Packet_Flow

"hotspot-in" on prerouting chain and it's first stage where packet goes this is why u can't block others ip. I think you should setup ip blocking in hotspot itself....
 
harjeetv
just joined
Topic Author
Posts: 8
Joined: Tue Jan 23, 2018 2:40 pm
Location: India
Contact:

Re: Hotspot allow addresslist and drop rest

Tue Oct 08, 2019 5:56 am

There must be a way. I don't want the Client IP's to pass through router and then reject with radius server. Instead i want to reject in the router interface itself.
 
User avatar
laxmimikrotik
Frequent Visitor
Frequent Visitor
Posts: 58
Joined: Tue Apr 25, 2017 1:44 pm

Re: Hotspot allow addresslist and drop rest  [SOLVED]

Tue Oct 08, 2019 6:16 am

HI,

You can do it in IP>>Hotspot>IP-Binding.

In this section you can achieve your requirement.

let me know.!!

http://laxmidharnetworking.blogspot.com ... tspot.html
Thanks.
-------------------------------
Every problem Has Solution .
ip-noc Team.
MTCNA ,MTCRE,
 
harjeetv
just joined
Topic Author
Posts: 8
Joined: Tue Jan 23, 2018 2:40 pm
Location: India
Contact:

Re: Hotspot allow addresslist and drop rest

Tue Oct 08, 2019 8:01 am

Great, didn't knew there was a regular(not bypass) option too, will test using this. Thanks

HI,

You can do it in IP>>Hotspot>IP-Binding.

In this section you can achieve your requirement.

let me know.!!

http://laxmidharnetworking.blogspot.com ... tspot.html

Who is online

Users browsing this forum: No registered users and 107 guests