Hi,
I've created the following config for having a MikroTik router operate WLAN1 as Station Mode and WLAN2 as a Hotspot
I'd like to be able to re-route all clients to a specific IP address on ETH2 as they join the Hotspot. Would the be below config allow that?
I'm getting confused around the Hotspot address and the DHCP Pool it'd need to draw from to enable this:
# oct/05/2022 15:34:13 by RouterOS 6.47.10
# software id = V98M-VUTJ
#
# model = RB952Ui-5ac2nD
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa-psk,wpa2-psk eap-methods="" mode=dynamic-keys \
name=*** supplicant-identity="" wpa-pre-shared-key=***** \
wpa2-pre-shared-key=*****
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \
country="united kingdom" disabled=no distance=indoors frequency=auto \
installation=indoor security-profile=*** ssid=*** wireless-protocol=\
802.11
/interface wireless
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=\
20/40/80mhz-XXXX country="united kingdom" disabled=no distance=indoors \
frequency=auto installation=indoor mode=ap-bridge ssid=QRCodeSEUK \
wireless-protocol=802.11
/interface bridge
add name=bridge
/interface list member
add comment=defconf interface=bridge list=LAN
add interface=ether1 list=WAN
/interface bridge port
add bridge=bridge interface=ether2
add bridge=bridge interface=ether3
add bridge=bridge interface=ether4
add bridge=bridge interface=ether5
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.50
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
add address-pool=dhcp disabled=no interface=wlan2 lease-time=1h name=dhcp1
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=\
192.168.88.0
add address=192.168.88.5/24 comment="hotspot network" interface=wlan2 \
network=192.168.88.0
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
add dns-name=seukqrcode.com hotspot-address=192.168.88.5 html-directory=\
flash/hotspot name=hsprof1
/ip hotspot
add address-pool=dhcp disabled=no interface=wlan2 name=hotspot1 profile=\
hsprof1
/ip hotspot user profile
add add-mac-cookie=no address-pool=dhcp !mac-cookie-timeout name=qrcode
/ip dhcp-client
add disabled=no interface=wlan1
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1 netmask=24
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN
add action=masquerade chain=srcnat out-interface-list=WAN
add action=masquerade chain=srcnat src-address=192.168.88.0/24
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
src-address=192.168.88.0/24
/ip hotspot user
add name=admin password=12345678
add name=qrcodeusr password=qrcodeusr profile=qrcode server=hotspot1
/system clock
set time-zone-name=Europe/London
Re: Hotspot and Station Mode Config
Ok, so now I have tweaked the config to the below:
# oct/05/2022 15:03:17 by RouterOS 6.47.10
# software id = V98M-VUTJ
#
# model = RB952Ui-5ac2nD
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
:delay 5s
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa-psk,wpa2-psk eap-methods="" mode=dynamic-keys \
name=xxx supplicant-identity="" wpa-pre-shared-key=xxx \
wpa2-pre-shared-key=xxx
:delay 5s
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \
country="united kingdom" disabled=no distance=indoors frequency=auto \
installation=indoor security-profile=xxx ssid=xxx wireless-protocol=\
802.11
/interface wireless
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=\
20/40/80mhz-XXXX country="united kingdom" disabled=no distance=indoors \
frequency=auto installation=indoor mode=ap-bridge ssid=QRCode \
wireless-protocol=802.11
/interface bridge
add name=bridge
add name=staticdev
:delay 5s
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=staticdev list=LAN
add interface=ether1 list=WAN
:delay 5s
/interface bridge port
add bridge=staticdev interface=ether2
add bridge=staticdev interface=ether3
add bridge=bridge interface=ether4
add bridge=bridge interface=ether5
add bridge=bridge interface=wlan2
:delay 5s
/ip pool
add name=dhcp ranges=10.0.0.10-10.0.0.50
add name=privdhcp ranges=10.0.1.100-10.0.1.10
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
add address-pool=privpool disabled=no interface=staticdev name=defconf
/ip address
add address=10.0.0.1/24 comment=defconf interface=bridge network=\
10.0.0.0
add address=10.0.1.1/24 comment=defconf interface=staticdev network=\
10.0.1.0
/ip dhcp-client
add disabled=no interface=wlan1
/ip dhcp-server network
add address=10.0.0.0/24 comment=defconf gateway=10.0.0.1 netmask=24
add address=10.0.1.0/24 comment=defconf gateway=10.0.1.1 netmask=24
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=10.0.0.1 comment=defconf name=router.lan
add address=10.0.1.1 comment=defconf name=private.lan
/ip firewall filter
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN
add action=masquerade chain=srcnat out-interface-list=WAN
add action=masquerade chain=srcnat src-address=10.0.0.0/24
add action=masquerade chain=srcnat src-address=10.0.1.0/24
/system clock
set time-zone-name=Europe/London
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
add dns-name=seukqrcode.com hotspot-address=10.0.0.5 html-directory=\
flash/hotspot name=hsprof1
:delay 5s
/ip hotspot
add address-pool=dhcp disabled=no interface=bridge name=hotspot1 profile=\
hsprof1
/ip hotspot user profile
add add-mac-cookie=no address-pool=dhcp !mac-cookie-timeout name=qrcode
/ip hotspot user
add name=admin password=12345678
add name=qrcodeusr password=qrcodeusr profile=qrcode server=hotspot1
While I can browse the internet on both a wired device on eth2 or 3 and I can join the hotspot and browse the internet and send email, I get the attached when trying to browse to a device on eth2
Again, any advice on whether this is possible, or where I am going wrong would be amazing
My alternative is to contract this out to someone on here who can help
Thanks
Dom
# oct/05/2022 15:03:17 by RouterOS 6.47.10
# software id = V98M-VUTJ
#
# model = RB952Ui-5ac2nD
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
:delay 5s
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa-psk,wpa2-psk eap-methods="" mode=dynamic-keys \
name=xxx supplicant-identity="" wpa-pre-shared-key=xxx \
wpa2-pre-shared-key=xxx
:delay 5s
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \
country="united kingdom" disabled=no distance=indoors frequency=auto \
installation=indoor security-profile=xxx ssid=xxx wireless-protocol=\
802.11
/interface wireless
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=\
20/40/80mhz-XXXX country="united kingdom" disabled=no distance=indoors \
frequency=auto installation=indoor mode=ap-bridge ssid=QRCode \
wireless-protocol=802.11
/interface bridge
add name=bridge
add name=staticdev
:delay 5s
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=staticdev list=LAN
add interface=ether1 list=WAN
:delay 5s
/interface bridge port
add bridge=staticdev interface=ether2
add bridge=staticdev interface=ether3
add bridge=bridge interface=ether4
add bridge=bridge interface=ether5
add bridge=bridge interface=wlan2
:delay 5s
/ip pool
add name=dhcp ranges=10.0.0.10-10.0.0.50
add name=privdhcp ranges=10.0.1.100-10.0.1.10
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
add address-pool=privpool disabled=no interface=staticdev name=defconf
/ip address
add address=10.0.0.1/24 comment=defconf interface=bridge network=\
10.0.0.0
add address=10.0.1.1/24 comment=defconf interface=staticdev network=\
10.0.1.0
/ip dhcp-client
add disabled=no interface=wlan1
/ip dhcp-server network
add address=10.0.0.0/24 comment=defconf gateway=10.0.0.1 netmask=24
add address=10.0.1.0/24 comment=defconf gateway=10.0.1.1 netmask=24
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=10.0.0.1 comment=defconf name=router.lan
add address=10.0.1.1 comment=defconf name=private.lan
/ip firewall filter
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN
add action=masquerade chain=srcnat out-interface-list=WAN
add action=masquerade chain=srcnat src-address=10.0.0.0/24
add action=masquerade chain=srcnat src-address=10.0.1.0/24
/system clock
set time-zone-name=Europe/London
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
add dns-name=seukqrcode.com hotspot-address=10.0.0.5 html-directory=\
flash/hotspot name=hsprof1
:delay 5s
/ip hotspot
add address-pool=dhcp disabled=no interface=bridge name=hotspot1 profile=\
hsprof1
/ip hotspot user profile
add add-mac-cookie=no address-pool=dhcp !mac-cookie-timeout name=qrcode
/ip hotspot user
add name=admin password=12345678
add name=qrcodeusr password=qrcodeusr profile=qrcode server=hotspot1
While I can browse the internet on both a wired device on eth2 or 3 and I can join the hotspot and browse the internet and send email, I get the attached when trying to browse to a device on eth2
Again, any advice on whether this is possible, or where I am going wrong would be amazing
My alternative is to contract this out to someone on here who can help
Thanks
Dom
You do not have the required permissions to view the files attached to this post.
Re: Hotspot and Station Mode Config
For anybody wanting to achieve this, the above code worked as expected, it was my phone that was the issue
You can use the above code, but you'll need to amend the "***" for the SSID and Key for your network
I have then edited the HTML to auto re-direct Trial users to the Device page, but ultimately I think this system will not work as I'd like to due to the nature of how phones treat hotspots
On my Android device the auto login works, and I briefly see the "Captive Portal" page before it closes and I am forced to manually open a browser and enter the URL I need
On my iPhone the "Captive Portal" page stays open allowing me to use it as intended
Back to the drawing board
You can use the above code, but you'll need to amend the "***" for the SSID and Key for your network
I have then edited the HTML to auto re-direct Trial users to the Device page, but ultimately I think this system will not work as I'd like to due to the nature of how phones treat hotspots
On my Android device the auto login works, and I briefly see the "Captive Portal" page before it closes and I am forced to manually open a browser and enter the URL I need
On my iPhone the "Captive Portal" page stays open allowing me to use it as intended
Back to the drawing board