I hope you are having great holidays so far.
Recently, I purchased a Chateau LTE 12 to install in my house. The problem is that the hotspot is not working at all. I tried various different setups but still doesn't work. The main issue is that the devices connected to the network are getting DHCP from the server without triggering the hotspot server neither portal and authentication. Moreover, the devices get full access to the internet with the proper assigned IPs.
The main configuration for the hotspot runs on a VLAN with assigned interface on the main network bridge. Also the DHCP Server for hotspot, the static address of the hotspot network and hotspot server are assigned to the VLAN interface. The devices are connected on a virtual ap network that uses the tag of the VLAN and they get correct ip addresses but not through the hotspot.
Things that I tried so far:
- Inspected firewall rules.
- Ran the hotspot setup wizard.
- Ran the hotspot setup on terminal.
- Changed Hotspot Server and / DHCP Server to a different interface.
- Removed VLAN and assigned it directly to a bridge and/ or wlan interface.
- Tried to access the local hotspot ip port from the devices when I am connected (with full access) but it returned with 404 error.
- Added DNS of 8.8.8.8 and the local ip from the router.
- Reset configuration with / without default configuration and set it up again.
- I even upgraded the router os version from 7.0 to 7.1beta3 with no luck of getting different results.
I have posted the configuration of the router at the bottom of this post.
Please bear in mind that I am experienced with mikrotik equipment and I set up several hotspots in the past.
However, I am not sure if it anything new with the os 7.++ that I may have missed.
Is anyone aware about this issue or knows what I am doing wrong?
Thank you.
Code: Select all
# jan/03/2021 10:47:55 by RouterOS 7.0
# software id = xxxxxxxx
#
# model = RBD53G-5HacD2HnD
# serial number = xxxxxxxxxxx
/interface bridge
add name=main_bridge
/interface lte
set [ find ] allow-roaming=no name=lte1
/interface vlan
add interface=main_bridge name=Hotspot_VLAN vlan-id=200
/interface list
add comment="WAN interface" name=wan
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add eap-methods="" name=open supplicant-identity=""
add authentication-types=wpa2-psk eap-methods="" mode=dynamic-keys name=\
main-wifi supplicant-identity="" wpa2-pre-shared-key=password
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n country=switzerland disabled=\
no installation=indoor mode=ap-bridge security-profile=main-wifi ssid=\
"wifi_mikrotik wmm-support=enabled
set [ find default-name=wlan2 ] band=5ghz-a/n/ac country=switzerland \
disabled=no mode=ap-bridge security-profile=main-wifi ssid=\
"wifi_mikrotik" wmm-support=enabled
add disabled=no keepalive-frames=disabled mac-address=4A:8F:5A:B5:D0:XX \
master-interface=wlan1 multicast-buffering=disabled name=\
"guests wifi" security-profile=open ssid="guests" \
vlan-id=200 vlan-mode=use-tag wds-cost-range=0 wds-default-cost=0 \
wmm-support=enabled wps-mode=disabled
add disabled=no keepalive-frames=disabled mac-address=02:00:00:XX:00:00 \
master-interface=wlan2 multicast-buffering=disabled name=hs-5ghz \
security-profile=open ssid=test vlan-id=2 wds-cost-range=0 \
wds-default-cost=0 wmm-support=enabled wps-mode=disabled
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
add dns-name=myhotspotmikrotik.com hotspot-address=10.5.50.1 \
html-directory=flash/hotspot login-by=cookie,http-chap,http-pap name=\
hsprof1
/ip hotspot user profile
set [ find default=yes ] insert-queue-before=first shared-users=30
/ip pool
add name=mainpool ranges=192.168.4.0-192.168.4.250
add name=hs-pool-11 ranges=10.5.50.2-10.5.50.254
/ip dhcp-server
add address-pool=mainpool disabled=no interface=main_bridge name=mainDHCP
add address-pool=hs-pool-11 disabled=no interface=Hotspot_VLAN lease-time=1h \
name=dhcp1
/ip hotspot
add address-pool=hs-pool-11 disabled=no interface=Hotspot_VLAN name=hotspot1 \
profile=hsprof1
/ip vrf
add list=all name=main
/interface bridge port
add bridge=main_bridge interface=ether1
add bridge=main_bridge interface=wlan2
add bridge=main_bridge interface=wlan1
add bridge=main_bridge interface="guests wifi"
add bridge=main_bridge disabled=yes interface=hs-5ghz
/interface bridge settings
set use-ip-firewall-for-vlan=yes
/interface list member
add interface=lte1 list=wan
/interface lte settings
set external-antenna=auto
/ip address
add address=192.168.4.254/24 interface=ether1 network=192.168.4.0
add address=10.5.50.1/24 comment="hotspot network" interface=Hotspot_VLAN \
network=10.5.50.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-server network
add address=10.5.50.0/24 comment="hotspot network" gateway=10.5.50.1
add address=10.100.0.0/24 comment="hotspot network" dns-server=10.100.0.254 \
gateway=10.100.0.254
add address=192.168.4.0/24 dns-server=192.168.4.254 gateway=192.168.4.254
/ip dns
set allow-remote-requests=yes
/ip firewall address-list
add address=192.168.4.0/24 list=safe
/ip firewall filter
add action=passthrough chain=input comment="Input from WAN Start" \
in-interface-list=wan
add action=accept chain=input connection-nat-state="" connection-state=\
established,related in-interface-list=wan
add action=accept chain=input comment="L2TP with IPSec Ports" \
connection-nat-state="" connection-state=established,related dst-port=\
1701 protocol=udp
add action=accept chain=input connection-nat-state="" connection-state=\
established,related dst-port=500 protocol=udp
add action=accept chain=input connection-mark="" connection-nat-state="" \
connection-state=established,related dst-port=4500 protocol=udp
add action=accept chain=input connection-mark="" connection-nat-state="" \
connection-state=established,related protocol=ipsec-esp
add action=accept chain=input connection-nat-state="" connection-state=\
established,related protocol=ipsec-ah
add action=accept chain=input connection-nat-state="" connection-state="" \
dst-port=8291 in-interface-list=wan protocol=tcp
add action=accept chain=input connection-nat-state="" connection-state="" \
dst-port=443 in-interface-list=wan protocol=tcp
add action=accept chain=input connection-nat-state="" connection-state="" \
in-interface-list=wan protocol=icmp
add action=drop chain=input in-interface-list=wan
add action=passthrough chain=input comment="Input from WAN Stop" \
in-interface-list=wan
add action=passthrough chain=forward comment="Forward from WAN Start" \
in-interface-list=wan
add action=accept chain=forward connection-state=established,related \
in-interface-list=wan
add action=drop chain=forward connection-nat-state="" connection-state=\
invalid in-interface-list=wan
add action=passthrough chain=forward comment="Forward from WAN Stop" \
in-interface-list=wan
add action=passthrough chain=forward comment="Forward from LAN Start" \
in-interface-list=wan
add action=accept chain=forward connection-state=established,related
add action=drop chain=forward connection-state=invalid
add action=passthrough chain=forward comment="Forward from LAN Stop" \
in-interface-list=wan
add action=drop chain=forward dst-address-list=safe src-address=10.100.0.0/24
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here"
/ip firewall mangle
add action=accept chain=prerouting dst-address-list=safe src-address-list=\
safe
/ip firewall nat
add action=accept chain=dstnat disabled=yes
add action=dst-nat chain=dstnat dst-port=8000 in-interface=lte1 protocol=tcp \
to-ports=8000
add action=dst-nat chain=dstnat dst-port=8000 in-interface-list=wan protocol=\
udp to-ports=8000
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here"
add action=masquerade chain=srcnat out-interface=lte1
add action=masquerade chain=srcnat
add action=redirect chain=hs-unauth disabled=yes dst-port=443 in-interface=\
Hotspot_VLAN protocol=tcp to-ports=64875
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
src-address=10.5.50.0/24
/ip hotspot user
add name=admin
/ip service
set telnet disabled=yes
set ftp disabled=yes
set ssh disabled=yes
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=main_bridge type=internal
/system clock
set time-zone-name=Europe/xxx
/system logging
add topics=hotspot,debug