Community discussions

MUM Europe 2020
just joined
Topic Author
Posts: 1
Joined: Thu Aug 29, 2019 9:21 pm

hotspot for kids, need help

Thu Aug 29, 2019 9:55 pm

Here is what I want to achieve
1) I want to setup HotSpot on mikrotik but without authentication (and without any kind of redirection to some login page and having to selecting a trial session).
2) every user would be defaul-trial restricted based on MAC for 1 hour of unrestricted internet in 24 hours, after 24hrs user counter is reset (or removed?)
3) after 1hrs of unrestricted Internet, the speed is limited to 256k/256k (not blocked) and facebook and youtube is blocked.

I have managed to do something similar (1hrs in 8hrs), but when someone is connected it start a timer for one hour even if the user disconnects the timer is counting....

I think hotspot is the right approach, but don't undestand how to do it and can't find some example to begin with...
/interface bridge
add name=switch
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce country=canada disabled=no frequency=auto mode=ap-bridge name=wlan1-lan ssid=KIDS wireless-protocol=802.11 wps-mode=disabled
/interface ethernet
set [ find default-name=ether1 ] name=ether1-inet
set [ find default-name=ether2 ] name=ether2-lan
set [ find default-name=ether3 ] name=ether3-lan
/ip firewall layer7-protocol
add name=Facebook regexp="^.+(*\$"
add name=Youtube regexp="^.+(|*\$"
/ip pool
add name=pool-lan ranges=
# lease time for 1day
/ip dhcp-server
add address-pool=pool-lan disabled=no interface=switch lease-time=1d name=dhcp-lan
/queue type
add kind=pcq name=pcq-download pcq-classifier=dst-address
add kind=pcq name=pcq-upload pcq-classifier=src-address
# queue for speed limied access
/queue tree
add max-limit=256k name=Download packet-mark=users parent=switch queue=pcq-download
add max-limit=256k name=Upload packet-mark=users parent=ether1-inet queue=pcq-upload
/interface bridge port
add bridge=switch interface=wlan1-lan
add bridge=switch interface=ether3-lan
add bridge=switch interface=ether2-lan
/ip address
add address= interface=switch network=
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=ether1-inet use-peer-dns=no
/ip dhcp-server network
add address= dns-server= domain=workstation gateway= ntp-server=,
# OpenDNS Family Protection FREE
/ip dns
set allow-remote-requests=yes servers=,
# force safesearch
/ip dns static
add address=
add address=
add address=
add address=
add address=
/ip firewall filter
# dont allow others DNS
add action=reject chain=forward dst-port=53 protocol=udp reject-with=icmp-network-unreachable src-address=
# drop facebook and youtube if not in NewIP list
add action=drop chain=forward dst-port=80,443 layer7-protocol=Facebook protocol=tcp src-address= src-address-list=!NewIp
add action=drop chain=forward dst-port=80,443 layer7-protocol=Youtube protocol=tcp src-address= src-address-list=!NewIp
# add IP to NewIp list if not in TimeOut list and add IP to TimeOut list
add action=add-src-to-address-list address-list=NewIp address-list-timeout=1h chain=forward out-interface=ether1-inet src-address= src-address-list=!TimeOut
add action=add-src-to-address-list address-list=TimeOut address-list-timeout=8h chain=forward out-interface=ether1-inet src-address=
# mark IP to limited queue id IP not in NewIp list
/ip firewall mangle
add action=mark-connection chain=forward new-connection-mark=users-con passthrough=yes src-address= src-address-list=!NewIp
add action=mark-packet chain=forward connection-mark=users-con new-packet-mark=users passthrough=yes src-address-list=!NewIp
# NAT to iNet
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1-inet

Who is online

Users browsing this forum: Google [Bot], MSN [Bot] and 87 guests