Hi
i am an isp and i have about 100 customers, all their address are from 192.168.2.3 to 192.168.2.249.
Part of them have fixed ip stored in their cpe, part of them need dynamic ip via dhcp.
我想知道如何设置mikrotik给动态雷竞技网站adress via dhcp only from 192.168.2.3 to 192.168.2.80 so i can use other adresses for fixed ip.
Thank you
Re: DHCP pool
Just create a pool with that particular IP range. The DHCP server will then in turn only distribute IPs based on that pool.
Re: DHCP pool
i did it but it doesn't work, initially dhcp assign proper ip but after some days it assigns ip out of range.
I have to set proper pool only in dhcp server or also in user profile server page or other sections?
I have to set proper pool only in dhcp server or also in user profile server page or other sections?
Re: DHCP pool
Post your config so we can take a look.
What version of RouterOS are you running?
What version of RouterOS are you running?
Re: DHCP pool
dhcp pool2 is my desired range:
[admin@MikroTik] /ip> export
# may/18/2009 14:41:03 by RouterOS 3.20
# software id = HXGM-8MT
#
/ip hotspot profile
set default dns-name="" hotspot-address=0.0.0.0 html-directory=hotspot \
http-cookie-lifetime=2d http-proxy=0.0.0.0:0 login-by=\
mac,cookie,http-chap,http-pap mac-auth-password="" name=default \
rate-limit="" smtp-server=0.0.0.0 split-user-domain=no use-radius=no
add dns-name=login.mesagnenet.it hotspot-address=192.168.2.2 html-directory=\
hotspot http-cookie-lifetime=3h http-proxy=0.0.0.0:0 login-by=\
mac,cookie,http-chap,http-pap mac-auth-password="" name=hsprof1 \
nas-port-type=wireless-802.11 radius-accounting=yes \
radius-default-domain="" radius-interim-update=received \
radius-location-id="" radius-location-name="" radius-mac-format=\
XX:XX:XX:XX:XX:XX rate-limit="" smtp-server=0.0.0.0 split-user-domain=no \
use-radius=yes
/ip ipsec manual-sa
add ah-algorithm=null ah-key="" ah-spi=0x100 disabled=no esp-auth-algorithm=\
null esp-auth-key="" esp-enc-algorithm=null esp-enc-key="" esp-spi=0x100 \
lifetime=0s name=sa1
/ip ipsec proposal
set default auth-algorithms=sha1 disabled=no enc-algorithms=3des lifetime=30m \
name=default pfs-group=modp1024
/ip pool
add name=hs-pool-4 ranges=192.168.2.1,192.168.2.3-192.168.2.254
add name=dhcp_pool1 ranges=192.168.2.1,192.168.2.210-192.168.2.240
add name=dhcp_pool2 ranges=\
192.168.2.220-192.168.2.240,192.168.2.1,192.168.2.3-192.168.2.70
add name=pooldhcp ranges=192.168.2.210-192.168.2.240
/ip dhcp-server
添加地址ss-pool=dhcp_pool2 authoritative=after-2sec-delay bootp-support=\
static disabled=no interface=ether1 lease-time=6m name=dhcp1
添加地址ss-pool=dhcp_pool2 authoritative=after-2sec-delay bootp-support=\
static disabled=no interface=ether2 lease-time=6m name=dhcp2
/ip hotspot
添加地址ss-pool=hs-pool-4 addresses-per-mac=2 disabled=no idle-timeout=30m \
interface=ether2 keepalive-timeout=none name=hotspot1 profile=hsprof1
/ip hotspot user profile
set default address-pool=hs-pool-4 advertise=no idle-timeout=40m \
keepalive-timeout=2m name=default open-status-page=always rate-limit=\
170k/15000k shared-users=unlimited status-autorefresh=30m \
transparent-proxy=yes
/ip accounting
set account-local-traffic=no enabled=no threshold=256
/ip accounting web-access
set accessible-via-web=no address=0.0.0.0/0
/ip address
添加地址ss=192.168.1.2/24 broadcast=192.168.1.255 comment="" disabled=no \
interface=ether1 network=192.168.1.0
添加地址ss=192.168.2.2/24 broadcast=192.168.2.255 comment="" disabled=no \
interface=ether2 network=192.168.2.0
添加地址ss=192.168.4.2/24 broadcast=192.168.4.255 comment="" disabled=yes \
network=192.168.4.0
添加地址ss=192.168.3.2/24 broadcast=192.168.3.255 comment="" disabled=yes \
network=192.168.3.0
/ip dhcp-server config
set store-leases-disk=5m
/ip dhcp-server network
添加地址ss=192.168.2.0/24 comment="hotspot network" gateway=192.168.2.2
/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB \
max-udp-packet-size=512 primary-dns=208.67.222.222 secondary-dns=\
208.67.220.220
/ip dns static
添加地址ss=192.168.2.2 disabled=no name=login.mesagnenet.it ttl=5m
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
tcp-close-wait-timeout=10s tcp-established-timeout=1d \
tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s \
tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no \
tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall filter
add action=log chain=forward comment="" disabled=no log-prefix=FW_LOG
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
add action=accept chain=forward comment="" disabled=no
add action=drop chain=input comment="DROP INVALID CONNECTIONS" \
connection-state=invalid disabled=yes
add action=accept chain=input comment="Allow established connections" \
connection-state=established disabled=yes
add action=accept chain=input comment="Allow udp dns" disabled=yes protocol=\
udp src-port=53
add action=accept chain=input comment="allow icmp" disabled=yes protocol=icmp
add action=accept chain=input comment="allow ibound ssh" disabled=yes \
dst-port=22 protocol=tcp
add action=accept chain=forward comment=emule disabled=yes dst-port=4662 \
in-interface="(unknown)" protocol=tcp
add action=accept chain=forward comment="emule udp" disabled=yes dst-port=\
4672 in-interface="(unknown)" protocol=udp
add action=accept chain=forward comment=mstsc disabled=yes dst-port=7777 \
in-interface="(unknown)" protocol=tcp
add action=drop chain=input comment="" disabled=yes in-interface="(unknown)"
add action=drop chain=forward comment="drop invalid connections" \
连接状态=无效禁用=是的= tcp协议
add action=accept chain=forward comment="allow already estab connections" \
connection-state=established disabled=yes
add action=accept chain=forward comment="allow related connections" \
connection-state=related disabled=yes
add action=drop chain=forward comment="" disabled=yes in-interface=\
"(unknown)"
add action=accept chain=forward comment="" disabled=no dst-address=\
192.168.2.106 dst-port=3478 in-interface="(unknown)" out-interface=\
"(unknown)" p2p=all-p2p protocol=tcp src-address=192.168.2.106 src-port=\
3478
add action=accept chain=forward comment="" disabled=no dst-address=\
192.168.2.106 dst-port=3478 in-interface="(unknown)" out-interface=\
"(unknown)" p2p=all-p2p protocol=udp src-address=192.168.2.106 src-port=\
3478
/ip firewall mangle
add action=mark-routing chain=prerouting comment="adsl1 load balance" \
disabled=yes new-routing-mark=adsl1 passthrough=no src-address=\
192.168.2.0-192.168.2.154
add action=mark-routing chain=prerouting comment="adsl2 load balance" \
disabled=yes new-routing-mark=adsl2 passthrough=no src-address=\
192.168.2.155-192.168.2.255
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
disabled=no src-address=192.168.2.0/24
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
disabled=no src-address=192.168.2.0/24
add action=dst-nat chain=dstnat comment="emule tcp" disabled=yes dst-port=\
4662 in-interface="(unknown)" protocol=tcp to-addresses=\
192.168.2.0-192.168.2.255 to-ports=4662
add action=dst-nat chain=dstnat comment="emule udp" disabled=yes dst-port=\
4672 in-interface="(unknown)" protocol=udp to-addresses=\
192.168.2.0-192.168.2.255 to-ports=4672
add action=dst-nat chain=dstnat comment=MSTSC disabled=yes dst-port=7777 \
in-interface="(unknown)" protocol=tcp to-addresses=\
192.168.2.0-192.168.2.255 to-ports=3389
add action=dst-nat chain=dstnat comment="videosorveglianza accesso da fuori" \
disabled=yes dst-port=9988 in-interface="(unknown)" protocol=tcp \
to-addresses=192.168.2.210 to-ports=9988
add action=dst-nat chain=dstnat comment="" disabled=yes dst-address=\
212.199.212.5 dst-port=9988 protocol=tcp to-addresses=192.168.2.210 \
to-ports=9988
/ ip防火墙服务端口
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061
set pptp disabled=no
/ip hotspot ip-binding
添加地址ss=192.168.2.250 comment="" disabled=no mac-address=\
00:92:58:00:63:3A server=hotspot1 type=bypassed
add comment="" disabled=no mac-address=00:13:D4:C9:F7:94 server=hotspot1 \
type=bypassed
add comment="" disabled=no mac-address=00:17:BD:00:55:40 server=hotspot1 \
type=bypassed
/ip hotspot service-port
set ftp disabled=no ports=21
/ip hotspot user
add comment="" disabled=no name=admin password=******* profile=default
add comment="" disabled=yes mac-address=02:00:54:55:4E:01 name=user1 \
password=*** profile=default
add comment="" disabled=yes mac-address=00:1E:68:69:E6:A6 name=*** \
password="" profile=default
add comment="" disabled=yes name=00:E0:18:06:D6:AF password="" profile=\
default server=hotspot1
add comment="" disabled=yes name=00:90:FB:11:F0:65 password="" profile=\
default server=hotspot1
add comment="" disabled=yes mac-address=00:90:FB:11:F0:65 name=*** \
password="" profile=default
/ip hotspot walled-garden
add action=allow comment="place hotspot rules here" disabled=yes
add action=allow comment="" disabled=yes dst-host=www.cicileo.itserver=\
hotspot1
add action=allow comment="" disabled=yes method="" server=hotspot1 \
src-address=192.168.2.210
/ip hotspot walled-garden ip
add action=accept comment="" disabled=yes dst-address=192.168.1.2 dst-port=\
0-65535 server=hotspot1 src-address=192.168.2.210
add action=accept comment="" disabled=yes dst-address=192.168.1.254 dst-port=\
0-65535 protocol=udp server=hotspot1 src-address=192.168.2.85
/ip neighbor discovery
set pppoe1 discover=no
set pppoe2 discover=no
set ether1 discover=yes
set ether2 discover=yes
set ether3 discover=yes
set ether4 discover=yes
/ip proxy
set always-from-cache=no cache-administrator=webmaster cache-hit-dscp=4 \
cache-on-disk=no enabled=no max-cache-size=unlimited \
max-client-connections=600 max-fresh-time=3d max-server-connections=600 \
parent-proxy = 0.0.0.0不相上下ent-proxy-port=0 port=8080 serialize-connections=\
no src-address=0.0.0.0
/ip route
add comment="" disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=\
192.168.4.254 routing-mark=adsl2 scope=30 target-scope=10
add comment="" disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=\
192.168.4.254 scope=255 target-scope=10
add comment="" disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=\
192.168.1.254 routing-mark=adsl1 scope=30 target-scope=10
add comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
192.168.1.254 scope=255 target-scope=10
/ip service
set telnet address=0.0.0.0/0 disabled=yes port=23
set ftp address=0.0.0.0/0 disabled=yes port=21
set www address=0.0.0.0/0 disabled=no port=80
set ssh address=0.0.0.0/0 disabled=no port=22
set www-ssl address=0.0.0.0/0 certificate=none disabled=no port=443
set api address=0.0.0.0/0 disabled=no port=8728
set winbox address=0.0.0.0/0 disabled=no port=8291
/ip socks
set connection-idle-timeout=2m enabled=no max-connections=200 port=1080
/ip traffic-flow
set active-flow-timeout=30m cache-entries=4k enabled=no \
inactive-flow-timeout=15s interfaces=all
/ip upnp
set allow-disable-external-interface=yes enabled=no show-dummy-rule=yes
[admin@MikroTik] /ip> hotspot
[admin@MikroTik] /ip hotspot> print
Flags: X - disabled, I - invalid, S - HTTPS
# NAME INTERFACE ADDRESS-POOL PROFILE IDLE-TIMEOUT
0 hotspot1 ether2 hs-pool-4 hsprof1 30m
[admin@MikroTik] /ip hotspot> export
# may/18/2009 14:41:30 by RouterOS 3.20
# software id = HXGM-8MT
#
/ip hotspot profile
set default dns-name="" hotspot-address=0.0.0.0 html-directory=hotspot \
http-cookie-lifetime=2d http-proxy=0.0.0.0:0 login-by=\
mac,cookie,http-chap,http-pap mac-auth-password="" name=default \
rate-limit="" smtp-server=0.0.0.0 split-user-domain=no use-radius=no
add dns-name=login.mesagnenet.it hotspot-address=192.168.2.2 html-directory=\
hotspot http-cookie-lifetime=3h http-proxy=0.0.0.0:0 login-by=\
mac,cookie,http-chap,http-pap mac-auth-password="" name=hsprof1 \
nas-port-type=wireless-802.11 radius-accounting=yes \
radius-default-domain="" radius-interim-update=received \
radius-location-id="" radius-location-name="" radius-mac-format=\
XX:XX:XX:XX:XX:XX rate-limit="" smtp-server=0.0.0.0 split-user-domain=no \
use-radius=yes
/ip hotspot
添加地址ss-pool=hs-pool-4 addresses-per-mac=2 disabled=no idle-timeout=30m \
interface=ether2 keepalive-timeout=none name=hotspot1 profile=hsprof1
/ip hotspot user profile
set default address-pool=hs-pool-4 advertise=no idle-timeout=40m \
keepalive-timeout=2m name=default open-status-page=always rate-limit=\
170k/15000k shared-users=unlimited status-autorefresh=30m \
transparent-proxy=yes
/ip hotspot ip-binding
添加地址ss=192.168.2.250 comment="" disabled=no mac-address=\
00:92:58:00:63:3A server=hotspot1 type=bypassed
add comment="" disabled=no mac-address=00:13:D4:C9:F7:94 server=hotspot1 \
type=bypassed
add comment="" disabled=no mac-address=00:17:BD:00:55:40 server=hotspot1 \
type=bypassed
/ip hotspot service-port
set ftp disabled=no ports=21
/ip hotspot user
add comment="" disabled=no name=admin password=**** profile=default
add comment="" disabled=yes mac-address=02:00:54:55:4E:01 name=user1 \
password=**** profile=default
add comment="" disabled=yes mac-address=00:1E:68:69:E6:A6 name=*** \
password="" profile=default
add comment="" disabled=yes name=00:E0:18:06:D6:AF password="" profile=\
default server=hotspot1
add comment="" disabled=yes name=00:90:FB:11:F0:65 password="" profile=\
default server=hotspot1
add comment="" disabled=yes mac-address=00:90:FB:11:F0:65 name=*** \
password="" profile=default
/ip hotspot walled-garden
add action=allow comment="place hotspot rules here" disabled=yes
add action=allow comment="" disabled=yes dst-host=www.cicileo.itserver=\
hotspot1
add action=allow comment="" disabled=yes method="" server=hotspot1 \
src-address=192.168.2.210
/ip hotspot walled-garden ip
add action=accept comment="" disabled=yes dst-address=192.168.1.2 dst-port=\
0-65535 server=hotspot1 src-address=192.168.2.210
add action=accept comment="" disabled=yes dst-address=192.168.1.254 dst-port=\
0-65535 protocol=udp server=hotspot1 src-address=192.168.2.85
[admin@MikroTik] /ip hotspot>
[admin@MikroTik] /ip> export
# may/18/2009 14:41:03 by RouterOS 3.20
# software id = HXGM-8MT
#
/ip hotspot profile
set default dns-name="" hotspot-address=0.0.0.0 html-directory=hotspot \
http-cookie-lifetime=2d http-proxy=0.0.0.0:0 login-by=\
mac,cookie,http-chap,http-pap mac-auth-password="" name=default \
rate-limit="" smtp-server=0.0.0.0 split-user-domain=no use-radius=no
add dns-name=login.mesagnenet.it hotspot-address=192.168.2.2 html-directory=\
hotspot http-cookie-lifetime=3h http-proxy=0.0.0.0:0 login-by=\
mac,cookie,http-chap,http-pap mac-auth-password="" name=hsprof1 \
nas-port-type=wireless-802.11 radius-accounting=yes \
radius-default-domain="" radius-interim-update=received \
radius-location-id="" radius-location-name="" radius-mac-format=\
XX:XX:XX:XX:XX:XX rate-limit="" smtp-server=0.0.0.0 split-user-domain=no \
use-radius=yes
/ip ipsec manual-sa
add ah-algorithm=null ah-key="" ah-spi=0x100 disabled=no esp-auth-algorithm=\
null esp-auth-key="" esp-enc-algorithm=null esp-enc-key="" esp-spi=0x100 \
lifetime=0s name=sa1
/ip ipsec proposal
set default auth-algorithms=sha1 disabled=no enc-algorithms=3des lifetime=30m \
name=default pfs-group=modp1024
/ip pool
add name=hs-pool-4 ranges=192.168.2.1,192.168.2.3-192.168.2.254
add name=dhcp_pool1 ranges=192.168.2.1,192.168.2.210-192.168.2.240
add name=dhcp_pool2 ranges=\
192.168.2.220-192.168.2.240,192.168.2.1,192.168.2.3-192.168.2.70
add name=pooldhcp ranges=192.168.2.210-192.168.2.240
/ip dhcp-server
添加地址ss-pool=dhcp_pool2 authoritative=after-2sec-delay bootp-support=\
static disabled=no interface=ether1 lease-time=6m name=dhcp1
添加地址ss-pool=dhcp_pool2 authoritative=after-2sec-delay bootp-support=\
static disabled=no interface=ether2 lease-time=6m name=dhcp2
/ip hotspot
添加地址ss-pool=hs-pool-4 addresses-per-mac=2 disabled=no idle-timeout=30m \
interface=ether2 keepalive-timeout=none name=hotspot1 profile=hsprof1
/ip hotspot user profile
set default address-pool=hs-pool-4 advertise=no idle-timeout=40m \
keepalive-timeout=2m name=default open-status-page=always rate-limit=\
170k/15000k shared-users=unlimited status-autorefresh=30m \
transparent-proxy=yes
/ip accounting
set account-local-traffic=no enabled=no threshold=256
/ip accounting web-access
set accessible-via-web=no address=0.0.0.0/0
/ip address
添加地址ss=192.168.1.2/24 broadcast=192.168.1.255 comment="" disabled=no \
interface=ether1 network=192.168.1.0
添加地址ss=192.168.2.2/24 broadcast=192.168.2.255 comment="" disabled=no \
interface=ether2 network=192.168.2.0
添加地址ss=192.168.4.2/24 broadcast=192.168.4.255 comment="" disabled=yes \
network=192.168.4.0
添加地址ss=192.168.3.2/24 broadcast=192.168.3.255 comment="" disabled=yes \
network=192.168.3.0
/ip dhcp-server config
set store-leases-disk=5m
/ip dhcp-server network
添加地址ss=192.168.2.0/24 comment="hotspot network" gateway=192.168.2.2
/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB \
max-udp-packet-size=512 primary-dns=208.67.222.222 secondary-dns=\
208.67.220.220
/ip dns static
添加地址ss=192.168.2.2 disabled=no name=login.mesagnenet.it ttl=5m
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
tcp-close-wait-timeout=10s tcp-established-timeout=1d \
tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s \
tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no \
tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall filter
add action=log chain=forward comment="" disabled=no log-prefix=FW_LOG
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
add action=accept chain=forward comment="" disabled=no
add action=drop chain=input comment="DROP INVALID CONNECTIONS" \
connection-state=invalid disabled=yes
add action=accept chain=input comment="Allow established connections" \
connection-state=established disabled=yes
add action=accept chain=input comment="Allow udp dns" disabled=yes protocol=\
udp src-port=53
add action=accept chain=input comment="allow icmp" disabled=yes protocol=icmp
add action=accept chain=input comment="allow ibound ssh" disabled=yes \
dst-port=22 protocol=tcp
add action=accept chain=forward comment=emule disabled=yes dst-port=4662 \
in-interface="(unknown)" protocol=tcp
add action=accept chain=forward comment="emule udp" disabled=yes dst-port=\
4672 in-interface="(unknown)" protocol=udp
add action=accept chain=forward comment=mstsc disabled=yes dst-port=7777 \
in-interface="(unknown)" protocol=tcp
add action=drop chain=input comment="" disabled=yes in-interface="(unknown)"
add action=drop chain=forward comment="drop invalid connections" \
连接状态=无效禁用=是的= tcp协议
add action=accept chain=forward comment="allow already estab connections" \
connection-state=established disabled=yes
add action=accept chain=forward comment="allow related connections" \
connection-state=related disabled=yes
add action=drop chain=forward comment="" disabled=yes in-interface=\
"(unknown)"
add action=accept chain=forward comment="" disabled=no dst-address=\
192.168.2.106 dst-port=3478 in-interface="(unknown)" out-interface=\
"(unknown)" p2p=all-p2p protocol=tcp src-address=192.168.2.106 src-port=\
3478
add action=accept chain=forward comment="" disabled=no dst-address=\
192.168.2.106 dst-port=3478 in-interface="(unknown)" out-interface=\
"(unknown)" p2p=all-p2p protocol=udp src-address=192.168.2.106 src-port=\
3478
/ip firewall mangle
add action=mark-routing chain=prerouting comment="adsl1 load balance" \
disabled=yes new-routing-mark=adsl1 passthrough=no src-address=\
192.168.2.0-192.168.2.154
add action=mark-routing chain=prerouting comment="adsl2 load balance" \
disabled=yes new-routing-mark=adsl2 passthrough=no src-address=\
192.168.2.155-192.168.2.255
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
disabled=no src-address=192.168.2.0/24
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
disabled=no src-address=192.168.2.0/24
add action=dst-nat chain=dstnat comment="emule tcp" disabled=yes dst-port=\
4662 in-interface="(unknown)" protocol=tcp to-addresses=\
192.168.2.0-192.168.2.255 to-ports=4662
add action=dst-nat chain=dstnat comment="emule udp" disabled=yes dst-port=\
4672 in-interface="(unknown)" protocol=udp to-addresses=\
192.168.2.0-192.168.2.255 to-ports=4672
add action=dst-nat chain=dstnat comment=MSTSC disabled=yes dst-port=7777 \
in-interface="(unknown)" protocol=tcp to-addresses=\
192.168.2.0-192.168.2.255 to-ports=3389
add action=dst-nat chain=dstnat comment="videosorveglianza accesso da fuori" \
disabled=yes dst-port=9988 in-interface="(unknown)" protocol=tcp \
to-addresses=192.168.2.210 to-ports=9988
add action=dst-nat chain=dstnat comment="" disabled=yes dst-address=\
212.199.212.5 dst-port=9988 protocol=tcp to-addresses=192.168.2.210 \
to-ports=9988
/ ip防火墙服务端口
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061
set pptp disabled=no
/ip hotspot ip-binding
添加地址ss=192.168.2.250 comment="" disabled=no mac-address=\
00:92:58:00:63:3A server=hotspot1 type=bypassed
add comment="" disabled=no mac-address=00:13:D4:C9:F7:94 server=hotspot1 \
type=bypassed
add comment="" disabled=no mac-address=00:17:BD:00:55:40 server=hotspot1 \
type=bypassed
/ip hotspot service-port
set ftp disabled=no ports=21
/ip hotspot user
add comment="" disabled=no name=admin password=******* profile=default
add comment="" disabled=yes mac-address=02:00:54:55:4E:01 name=user1 \
password=*** profile=default
add comment="" disabled=yes mac-address=00:1E:68:69:E6:A6 name=*** \
password="" profile=default
add comment="" disabled=yes name=00:E0:18:06:D6:AF password="" profile=\
default server=hotspot1
add comment="" disabled=yes name=00:90:FB:11:F0:65 password="" profile=\
default server=hotspot1
add comment="" disabled=yes mac-address=00:90:FB:11:F0:65 name=*** \
password="" profile=default
/ip hotspot walled-garden
add action=allow comment="place hotspot rules here" disabled=yes
add action=allow comment="" disabled=yes dst-host=www.cicileo.itserver=\
hotspot1
add action=allow comment="" disabled=yes method="" server=hotspot1 \
src-address=192.168.2.210
/ip hotspot walled-garden ip
add action=accept comment="" disabled=yes dst-address=192.168.1.2 dst-port=\
0-65535 server=hotspot1 src-address=192.168.2.210
add action=accept comment="" disabled=yes dst-address=192.168.1.254 dst-port=\
0-65535 protocol=udp server=hotspot1 src-address=192.168.2.85
/ip neighbor discovery
set pppoe1 discover=no
set pppoe2 discover=no
set ether1 discover=yes
set ether2 discover=yes
set ether3 discover=yes
set ether4 discover=yes
/ip proxy
set always-from-cache=no cache-administrator=webmaster cache-hit-dscp=4 \
cache-on-disk=no enabled=no max-cache-size=unlimited \
max-client-connections=600 max-fresh-time=3d max-server-connections=600 \
parent-proxy = 0.0.0.0不相上下ent-proxy-port=0 port=8080 serialize-connections=\
no src-address=0.0.0.0
/ip route
add comment="" disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=\
192.168.4.254 routing-mark=adsl2 scope=30 target-scope=10
add comment="" disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=\
192.168.4.254 scope=255 target-scope=10
add comment="" disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=\
192.168.1.254 routing-mark=adsl1 scope=30 target-scope=10
add comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
192.168.1.254 scope=255 target-scope=10
/ip service
set telnet address=0.0.0.0/0 disabled=yes port=23
set ftp address=0.0.0.0/0 disabled=yes port=21
set www address=0.0.0.0/0 disabled=no port=80
set ssh address=0.0.0.0/0 disabled=no port=22
set www-ssl address=0.0.0.0/0 certificate=none disabled=no port=443
set api address=0.0.0.0/0 disabled=no port=8728
set winbox address=0.0.0.0/0 disabled=no port=8291
/ip socks
set connection-idle-timeout=2m enabled=no max-connections=200 port=1080
/ip traffic-flow
set active-flow-timeout=30m cache-entries=4k enabled=no \
inactive-flow-timeout=15s interfaces=all
/ip upnp
set allow-disable-external-interface=yes enabled=no show-dummy-rule=yes
[admin@MikroTik] /ip> hotspot
[admin@MikroTik] /ip hotspot> print
Flags: X - disabled, I - invalid, S - HTTPS
# NAME INTERFACE ADDRESS-POOL PROFILE IDLE-TIMEOUT
0 hotspot1 ether2 hs-pool-4 hsprof1 30m
[admin@MikroTik] /ip hotspot> export
# may/18/2009 14:41:30 by RouterOS 3.20
# software id = HXGM-8MT
#
/ip hotspot profile
set default dns-name="" hotspot-address=0.0.0.0 html-directory=hotspot \
http-cookie-lifetime=2d http-proxy=0.0.0.0:0 login-by=\
mac,cookie,http-chap,http-pap mac-auth-password="" name=default \
rate-limit="" smtp-server=0.0.0.0 split-user-domain=no use-radius=no
add dns-name=login.mesagnenet.it hotspot-address=192.168.2.2 html-directory=\
hotspot http-cookie-lifetime=3h http-proxy=0.0.0.0:0 login-by=\
mac,cookie,http-chap,http-pap mac-auth-password="" name=hsprof1 \
nas-port-type=wireless-802.11 radius-accounting=yes \
radius-default-domain="" radius-interim-update=received \
radius-location-id="" radius-location-name="" radius-mac-format=\
XX:XX:XX:XX:XX:XX rate-limit="" smtp-server=0.0.0.0 split-user-domain=no \
use-radius=yes
/ip hotspot
添加地址ss-pool=hs-pool-4 addresses-per-mac=2 disabled=no idle-timeout=30m \
interface=ether2 keepalive-timeout=none name=hotspot1 profile=hsprof1
/ip hotspot user profile
set default address-pool=hs-pool-4 advertise=no idle-timeout=40m \
keepalive-timeout=2m name=default open-status-page=always rate-limit=\
170k/15000k shared-users=unlimited status-autorefresh=30m \
transparent-proxy=yes
/ip hotspot ip-binding
添加地址ss=192.168.2.250 comment="" disabled=no mac-address=\
00:92:58:00:63:3A server=hotspot1 type=bypassed
add comment="" disabled=no mac-address=00:13:D4:C9:F7:94 server=hotspot1 \
type=bypassed
add comment="" disabled=no mac-address=00:17:BD:00:55:40 server=hotspot1 \
type=bypassed
/ip hotspot service-port
set ftp disabled=no ports=21
/ip hotspot user
add comment="" disabled=no name=admin password=**** profile=default
add comment="" disabled=yes mac-address=02:00:54:55:4E:01 name=user1 \
password=**** profile=default
add comment="" disabled=yes mac-address=00:1E:68:69:E6:A6 name=*** \
password="" profile=default
add comment="" disabled=yes name=00:E0:18:06:D6:AF password="" profile=\
default server=hotspot1
add comment="" disabled=yes name=00:90:FB:11:F0:65 password="" profile=\
default server=hotspot1
add comment="" disabled=yes mac-address=00:90:FB:11:F0:65 name=*** \
password="" profile=default
/ip hotspot walled-garden
add action=allow comment="place hotspot rules here" disabled=yes
add action=allow comment="" disabled=yes dst-host=www.cicileo.itserver=\
hotspot1
add action=allow comment="" disabled=yes method="" server=hotspot1 \
src-address=192.168.2.210
/ip hotspot walled-garden ip
add action=accept comment="" disabled=yes dst-address=192.168.1.2 dst-port=\
0-65535 server=hotspot1 src-address=192.168.2.210
add action=accept comment="" disabled=yes dst-address=192.168.1.254 dst-port=\
0-65535 protocol=udp server=hotspot1 src-address=192.168.2.85
[admin@MikroTik] /ip hotspot>
Re: DHCP pool
I'm not following this. There appears to be overlapping address ranges. Why don't you just have one subnet for pool1 and another for pool2?/ip pool
add name=hs-pool-4 ranges=192.168.2.1,192.168.2.3-192.168.2.254
add name=dhcp_pool1 ranges=192.168.2.1,192.168.2.210-192.168.2.240
add name=dhcp_pool2 ranges=\
192.168.2.220-192.168.2.240,192.168.2.1,192.168.2.3-192.168.2.70
add name=pooldhcp ranges=192.168.2.210-192.168.2.240
Re: DHCP pool
i am using only hs-pool4 for all users ip in hotspot "users profile" and "servers"
and dhcp-pool2 for users in dhcp mode (ip dhcp server).
do not consider other pool.
have i to use dhcp_pool2 only in ip/dhcp server or also in other sections?
thak you for your help.
and dhcp-pool2 for users in dhcp mode (ip dhcp server).
do not consider other pool.
have i to use dhcp_pool2 only in ip/dhcp server or also in other sections?
thak you for your help.
Re: DHCP pool
What I mean is use a contiguous IP pool.
Re: DHCP pool
Ok, but tell me: in hotspot "users profile" and "servers" i have to insert a pool with all possible ip of my users or only of users with dhcp?
Re: DHCP pool
Sorry but I haven't used hotspot before.Ok, but tell me: in hotspot "users profile" and "servers" i have to insert a pool with all possible ip of my users or only of users with dhcp?
Re: DHCP pool
enjoy, let's start afresh - clear your ip pool list.
I assume you've assigned an ip to your hotspot interface (ether2= 192.168.2.2/24).
Now create a dhcp server using setup - ensure the ether2 interface and the 192.168.2.2/24 address space are specified.
Automatically an ip pool will be created using the 192.168.2.2/24 address space. Now go to address pool list and edit that list to contain only the ip range you want available for the hotspot (e.g instead of 192.168.2.1,192.168.2.3-192.168.2.254 you can edit it to 192.168.2.200-192.168.2.254).
Now create a hotspot server using setup - confirm the ether2 interface, confirm the interface address (192.168.2.2) and importantly, confirm the address pool to use for the hotspot (ie the one you edited previously).
That's it - dhcp clients will automatically get ip addresses from the pool and other clients will use the static ip you assign, outside the pool.
Cheers.
I assume you've assigned an ip to your hotspot interface (ether2= 192.168.2.2/24).
Now create a dhcp server using setup - ensure the ether2 interface and the 192.168.2.2/24 address space are specified.
Automatically an ip pool will be created using the 192.168.2.2/24 address space. Now go to address pool list and edit that list to contain only the ip range you want available for the hotspot (e.g instead of 192.168.2.1,192.168.2.3-192.168.2.254 you can edit it to 192.168.2.200-192.168.2.254).
Now create a hotspot server using setup - confirm the ether2 interface, confirm the interface address (192.168.2.2) and importantly, confirm the address pool to use for the hotspot (ie the one you edited previously).
That's it - dhcp clients will automatically get ip addresses from the pool and other clients will use the static ip you assign, outside the pool.
Cheers.
Re: DHCP pool
thank you very much!
can you explain me the difference between the address pool in "servers" and "user profiles" of hotspot ?
thanks again
can you explain me the difference between the address pool in "servers" and "user profiles" of hotspot ?
thanks again
Re: DHCP pool
The address-pool in hotspot server refers to the pools we have just created and is the primary pool used for one-to-one nat (translates any client ip address to an address within our pool).
As far as i know the address-pool in hotspot user profile is largely redundant for most configurations. But it can be used to perform another layer of nat if a different ip pool (from server address-pool) is specified. I haven't had cause to use it so mine is set to the default - none.
Cheers.
As far as i know the address-pool in hotspot user profile is largely redundant for most configurations. But it can be used to perform another layer of nat if a different ip pool (from server address-pool) is specified. I haven't had cause to use it so mine is set to the default - none.
Cheers.
Re: DHCP pool
you can read from thishttp://mikrotik.unimedcenter.org/mikrot ... hcp-server