Community discussions

MikroTik App
  4. RouterOS
  5. Wireless Networking

Hotpspot Connected But No Internet

Post Reply
 
paulkiarie
just joined
Topic Author
Posts: 12
Joined: Wed Oct 18, 2023 7:56 am

Hotpspot Connected But No Internet

Tue Jan 30, 2024 12:55 pm

I have a mikrotik router model = RB951Ui-2HnD
I have created a hotspot and extended the wifi hotspot via a tenda router.

My issue is that, some devices connects to the hotspots once and when logged out and try to login again it says connected but no internet.

Some give the error, No internet.

What could be the issue.

Find my config file below
Code: Select all
export compact
# 2024-01-30 13:38:52 by RouterOS 7.12.1
# software id = MZAP-W4TZ
#
# model = RB951Ui-2HnD
# serial number = HEW09AVYHYA
/interface bridge
add admin-mac=78:9A:18:32:E9:4C auto-mac=no comment=defconf name=bridge
add name=hotspot
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa2-psk name="Tana Garden" supplicant-identity=""
/interface wireless
set [ find default-name=wlan1 ] disabled=no distance=indoors frequency=auto installation=indoor mode=ap-bridge \
    security-profile="Tana Garden" ssid="Tana Garden" wireless-protocol=802.11
/ip hotspot profile
add dns-name=tananet.com hotspot-address=192.168.88.10 login-by=cookie,http-pap name=hsprof1
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
add name=hs-pool-8 ranges=192.168.88.1-192.168.88.9,192.168.88.11-192.168.88.254
/ip dhcp-server
add address-pool=default-dhcp interface=bridge lease-time=10m name=defconf
add address-pool=hs-pool-8 interface=hotspot name=dhcp1
/ip hotspot
add address-pool=hs-pool-8 addresses-per-mac=unlimited disabled=no interface=hotspot name=hotspot1 profile=hsprof1
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=hotspot comment=defconf interface=wlan1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=192.168.88.0
add address=192.168.88.1/24 interface=hotspot network=192.168.88.0
/ip dhcp-client
add comment=defconf interface=ether1
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf dns-server=192.168.88.1 gateway=192.168.88.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=8.8.8.8
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related hw-offload=\
    yes
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface=ether1 \
    out-interface-list=WAN src-address=192.168.88.1
add action=masquerade chain=srcnat comment="masquerade hotspot network" src-address=192.168.88.0/24
/ip hotspot user
add name=admin
add name=TEST31
add name=HLK525
add name=GT564T
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" port=33434-33534 protocol=udp
add action=accept chain=input comment="defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=udp \
    src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=ipsec-esp
add action=accept chain=input comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=ipsec-esp
add action=accept chain=forward comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN
/radius
add address=192.168.88.1 service=hotspot
/radius incoming
set accept=yes
/system clock
set time-zone-name=Africa/Nairobi
/system note
set show-at-login=no
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
[admin@MikroTik] > [code]
[/code]
Top
 
User avatar
vingjfg
Member Candidate
Member Candidate
Posts: 291
Joined: Fri Oct 20, 2023 1:45 pm

Re: Hotpspot Connected But No Internet

Tue Jan 30, 2024 1:57 pm

You have two bridges, could you rework the configuration to have a single bridge with vlan-filtering and VLANs to separate the hotspot?
Top
 
paulkiarie
just joined
Topic Author
Posts: 12
Joined: Wed Oct 18, 2023 7:56 am

Re: Hotpspot Connected But No Internet

Tue Jan 30, 2024 2:07 pm

You have two bridges, could you rework the configuration to have a single bridge with vlan-filtering and VLANs to separate the hotspot?
I have the default bridge for the LAN network and the hotspot bridge for wireless.

Can I remove the port for wireless on the first bridge.
Top
 
User avatar
vingjfg
Member Candidate
Member Candidate
Posts: 291
Joined: Fri Oct 20, 2023 1:45 pm

Re: Hotpspot Connected But No Internet

Tue Jan 30, 2024 2:21 pm

The point is that having two bridges is not needed and creates unneeded complexity. However that is not the problem. At least not the main one. Or ones.

One of the problems is ... that you have twice the same IP on different interfaces.
Code: Select all
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=192.168.88.0
add address=192.168.88.1/24 interface=hotspot network=192.168.88.0
Something like this should fix a few issues. Also, keep in mind: this is a test so I am not going to fully separate things. And please review before applying.
Code: Select all
# Change the IP on the hotspot interface
/ip address
set [find interface=hotspot] address=192.168.89.1/24
set [find interface=hotspot] network=192.168.89.0
# Add the hotspot to the LAN interface - Adapt later if this is for guests as this is absolutely insecure
/interface list member
add comment=Hotspot interface=hotspot list=LAN
# Create the pool and network for the hotspot users
/ip pool
add name=hotspot-users ranges=192.168.89.5-192.168.89.254
/ip dhcp-server network
add address=192.168.89.0/24 comment=hotspot-net dns-server=192.168.89.1 gateway=192.168.89.1 netmask=24
# Enable the DHCP server on the hotspot interface
/ip dhcp-server 
add address-pool=hotspot-users interface=hotspot lease-time=10m name=hotspot-dhcp
Top
 
paulkiarie
just joined
Topic Author
Posts: 12
Joined: Wed Oct 18, 2023 7:56 am

Re: Hotpspot Connected But No Internet

Tue Jan 30, 2024 2:46 pm

The point is that having two bridges is not needed and creates unneeded complexity. However that is not the problem. At least not the main one. Or ones.

One of the problems is ... that you have twice the same IP on different interfaces.
Code: Select all
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=192.168.88.0
add address=192.168.88.1/24 interface=hotspot network=192.168.88.0
Something like this should fix a few issues. Also, keep in mind: this is a test so I am not going to fully separate things. And please review before applying.
Code: Select all
# Change the IP on the hotspot interface
/ip address
set [find interface=hotspot] address=192.168.89.1/24
set [find interface=hotspot] network=192.168.89.0
# Add the hotspot to the LAN interface - Adapt later if this is for guests as this is absolutely insecure
/interface list member
add comment=Hotspot interface=hotspot list=LAN
# Create the pool and network for the hotspot users
/ip pool
add name=hotspot-users ranges=192.168.89.5-192.168.89.254
/ip dhcp-server network
add address=192.168.89.0/24 comment=hotspot-net dns-server=192.168.89.1 gateway=192.168.89.1 netmask=24
# Enable the DHCP server on the hotspot interface
/ip dhcp-server 
add address-pool=hotspot-users interface=hotspot lease-time=10m name=hotspot-dhcp
This sounds cool. I am going to test this and see. I appreciate.
Top
Post Reply

Who is online

Users browsing this forum: robmaltsystems, tangent and 14 guests
  4. RouterOS
  5. Wireless Networking