Hotspot settings for more address pool

st3ph4n3 · Fri Dec 10, 2010 7:32 pm

Hello,

I have a RB configured as Hotspot router.
It has 3 NIC:
- eth1 configured as WAN
- eth2 configures as LAN1 with 3 differents networks (192.168.0.0/24, 192.168.1.0/24, 195.95.130.0/0)
- eth3 configures as LAN2 with only one network (192.168.2.0/24)

So, i have 2 interfaces configured as LAN for customers.

1. My first question is about how configuring hotspot on LAN1 that have 3 address pool :

should i configure only one instance of hotspot server for that interface, where parameter "address-pool" has for value "none" or
should i for that interface, configure three instances of hotspot for each of 3 address pool ?

2. The second question is:
I would like all customers, no matters from what hotspot they connect, use same hotspot dns name (/ip hotspot profile dns-name) when they try to connect/disconnect.

As i will get at least 2 hotspots instances, is it possible to get only one dns name for thoses hotspot profile ?

Thanks to all.....

Feklar · Mon Dec 13, 2010 5:03 pm

Well first let me ask you this. Is there any good reason why you want to use two /24 addresses instead of one /23? You can always increase the subnet size to gain more address space. By having two /24's on your LAN you just make things harder on yourself and don't really gain any functionality. Also your 3rd address on that LAN is a public IP, is there any reason why you want it there?

The DNS name for the hotspot doesn't really matter, that's just a local DNS record that users are redirected to. If you are going to have two hotspots on two different interfaces, I'm fairly sure you can't use the same DNS name since the DNS record is going to be tied to the IP of the local interface and the firewall will probably block them from getting to a different interface, but I could be wrong.

fewi · Mon Dec 13, 2010 5:30 pm

If you are going to have two hotspots on two different interfaces, I'm fairly sure you can't use the same DNS name since the DNS record is going to be tied to the IP of the local interface and the firewall will probably block them from getting to a different interface, but I could be wrong.

You can work around that. When there already is a static DNS entry for the A record the Hotspot server profiles do not insert dynamic entries.

I usually have several VLANs with Hotspots stacked on a physical interface. I assign the physical interface 10.1.0.1 and statically map hotspot.mydomain.com to 10.1.0.1. That then works fine on all VLANs. As long as it resolves to a router owned IP address things appear to work - it doesn't have to be the IP address of the interface facing the Hotspot client.
Since all that is undocumented behavior that may stop working in the future, though.

Absolutely agree to only use one IP address per Hotspot network. Public IPs work fine for Hotspots - just make sure you remove any NAT rules created by the wizard if you use the wizard, and to turn off universal NAT. But the public IPs should be on their dedicated Hotspot interface.

st3ph4n3 · Mon Dec 13, 2010 5:56 pm

Well first let me ask you this. Is there any good reason why you want to use two /24 addresses instead of one /23? You can always increase the subnet size to gain more address space. By having two /24's on your LAN you just make things harder on yourself and don't really gain any functionality. Also your 3rd address on that LAN is a public IP, is there any reason why you want it there?

Ok for subnetting privates ip's.
About the public one, the reason is i have on that Lan two kind of customers, and some need public IP.

st3ph4n3 · Mon Dec 13, 2010 6:07 pm

Absolutely agree to only use one IP address per Hotspot network. Public IPs work fine for Hotspots - just make sure you remove any NAT rules created by the wizard if you use the wizard, and to turn off universal NAT. But the public IPs should be on their dedicated Hotspot interface.

Do you mean in my case, I should use two hotspot servers on the LAN having 2 networks (private and public one) ?
Actually, I just have one hotspot server on that LAN, with address pool to "none" (supposed to cover any ip network).

fewi · Mon Dec 13, 2010 6:10 pm

Depends on what you mean by "Hotspot server". If you mean two physical devices - no, that is not necessary. If you mean "two instances of Hotspot servers on the same physical router, but tied to two different interfaces (be they VLANs or physical interfaces on the same router)" - yes, that is exactly what we mean.

Basically make a LAN3 with the public IP address and run the Hotspot wizard again and set it up on LAN3 - and make sure you set the address pool to 'none' like you have been.

ojeysky · Sun Sep 18, 2011 3:06 pm

I usually have several VLANs with Hotspots stacked on a physical interface. I assign the physical interface 10.1.0.1 and statically map hotspot.mydomain.com to 10.1.0.1. That then works fine on all VLANs. As long as it resolves to a router owned IP address things appear to work - it doesn't have to be the IP address of the interface facing the Hotspot client.
Since all that is undocumented behavior that may stop working in the future, though.
Hotspot interface.[/quote]

I also have the senerio above, just that my VLAN gateways are the ip address on the switch. However, i tried your suggestion and it still seem not to be working. I can not even get a login page on any of the Vlans again after putting the static A record by mapping the dns name with the physical interface ip address. Just incase it helps others with similar senerio, The 2 thing that works currently are:

1  using the ip address on the router VLAN interfaces as the gateways for the clients(dhcp clients). (this defeats my purpose as i want intervlan to happen on my switch, however i have a single dns entry for all vlans)

2  Using the ip address on the switch as gateway and creating different domain entry for each hotspot vlan (this achieves my aim of intervlan routing on switch, however i now don't have a single dns entry for all vlans)

How can i make hotspot run properly on all my VLANs with just one DNS entry, while still maintaining intervlan on the switch.

Cheers

ojeysky · Sun Sep 18, 2011 3:07 pm

I usually have several VLANs with Hotspots stacked on a physical interface. I assign the physical interface 10.1.0.1 and statically map hotspot.mydomain.com to 10.1.0.1. That then works fine on all VLANs. As long as it resolves to a router owned IP address things appear to work - it doesn't have to be the IP address of the interface facing the Hotspot client.
Since all that is undocumented behavior that may stop working in the future, though.
Hotspot interface.[/quote]

I also have a similar senerio, just that my VLAN gateways are the ip addresses on the switch. Nevertheless, i tried your suggestion and it still seem not to be working. I can not even get a login page on any of the Vlans again after putting the static A record by mapping the dns name with the physical interface ip address. Just incase it helps others with similar senerio, The 2 thing that works currently are:

1  using the ip address on the router VLAN interfaces as the gateways for the clients(dhcp clients). (this defeats my purpose as i want intervlan to happen on my switch, however i have a single dns entry for all vlans)

2  Using the ip address on the switch as gateway and creating different domain entry for each hotspot vlan (this achieves my aim of intervlan routing on switch, however i now don't have a single dns entry for all vlans)

How can i make hotspot run properly on all my VLANs with just one DNS entry, while still maintaining intervlan on the switch.

Cheers

fewi · Sun Sep 18, 2011 7:00 pm

You cannot. The Mikrotik router has to be the default gateway of a network in order to serve it as a hotspot router on that network.

ojeysky · Tue Sep 20, 2011 10:24 am

You cannot. The Mikrotik router has to be the default gateway of a network in order to serve it as a hotspot router on that network.

Like i said earlier, i was actually able to work around this by creating a dns for each VLAN; doing this, allow me to be able to use the gateway of the switch for the clients which enables intervlan on the switch and not on the router(i have lots of local traffic and don't want those to go through the router). Will still keep trying to see how to have a dns name for all Vlans on hotspot.

Thanks for your response fewi.

cheers

abdonetwork · Tue Sep 20, 2011 12:25 pm

[admin@Hotspot-Server] /ip pool> print 
 # NAME                                                                                                                                    RANGES                         
 0 PPPOE                                                                                                                                   10.0.0.1-10.0.0.254            
 1 hs-pool-1                                                                                                                               192.168.30.2-192.168.30.254    
 2 hs-pool-2                                                                                                                               192.168.32.2-192.168.32.254

----------------

[admin@Hotspot-Server] /ip dhcp-server> print 
Flags: X - disabled, I - invalid 
 #   NAME                                    INTERFACE                                   RELAY           ADDRESS-POOL                                   LEASE-TIME ADD-ARP
 0   dhcp1                                   Users                                                       hs-pool-1                                      3d        
 1   dhcp2                                   Userss                                                      hs-pool-2                                      3d

----------------------

[admin@Hotspot-Server] /ip dhcp-server network> print 
 # ADDRESS            GATEWAY         DNS-SERVER      WINS-SERVER     DOMAIN                                                                                              
 0 ;;; hotspot network
   192.168.30.0/24    10.100.0.1      212.14.224.1                    www.skynet.com                                                                                      
                                      195.68.208.230 
 1 192.168.32.0/24    10.100.0.1      212.14.224.1                    www.skynet.com                                                                                      
                                      195.68.208.230

[admin@Hotspot-Server] /ip firewall nat> print 
Flags: X - disabled, I - invalid, D - dynamic 
 0   ;;; place hotspot rules here
     chain=unused-hs-chain action=passthrough 

 1   ;;; masquerade hotspot network
     chain=srcnat action=masquerade src-address=192.168.30.0/24 

 2   ;;; masquerade hotspot network
     chain=srcnat action=masquerade src-address=192.168.32.0/24 

 3   ;;; PPPoE
     chain=srcnat action=masquerade src-address=10.0.0.0/24

use tow LAN with tow ranges

ojeysky · Tue Sep 20, 2011 1:27 pm

@abdonetwork what you posted works perfectly. But when you want to change the gateway of your "ip dhcp-server network print" to that of the switch(like in my case), hotspot won't work with a single domain such as your www.skynet.com. The current option which works for me is to create each domain per physical interface (vlan in my case)on the "ip hotspot profile"..say www.skynet.com and www.skynet1.com. ofcourse the ip address on ip hotspot profile print will remain the gateway(s) of the router interfaces

Hope this is clear

Regards

abdonetwork · Tue Sep 20, 2011 3:56 pm

thank you ojeysky
if I'm understand you
you are right
but i'm using virtual gateway it's 10.100.0.1 it's working with dhcp options
-----

 #   ADDRESS            NETWORK         BROADCAST       INTERFACE                                                                                                         
 0   192.168.60.1/31    192.168.60.0    192.168.60.1    Internet                                                                                                          
 1   192.168.30.1/24    192.168.30.0    192.168.30.255  Users                                                                                                             
 2   10.100.0.1/32      10.100.0.1      10.100.0.1      Users                                                                                                             
 3   192.168.32.1/24    192.168.32.0    192.168.32.255  Userss                                                                                                            
 4 D 10.0.0.253/32      10.0.0.254      0.0.0.0         HOT-SPOT-SERVER

192.168.60.1/31 & 10.0.0.253/32 it's the same card=WAN
------------

/ip dhcp-server
add address-pool=hs-pool-1 authoritative=after-2sec-delay bootp-support=\
    static disabled=no interface=Users lease-time=3d name=dhcp1
add address-pool=hs-pool-2 authoritative=after-2sec-delay bootp-support=\
    static disabled=no interface=Userss lease-time=3d name=dhcp2
/ip dhcp-server option
add code=249 name=nocut value=0x1CAC10B8000A6401FE000A640001
/ip dhcp-server config
set store-leases-disk=5m
/ip dhcp-server network
add address=192.168.30.0/24 comment="hotspot network" dhcp-option=nocut \
    dns-server=212.14.224.1,195.68.208.230 domain=www.skynet.com gateway=\
    10.100.0.1 netmask=24
add address=192.168.32.0/24 comment="" dhcp-option=nocut dns-server=\
    212.14.224.1,195.68.208.230 domain=www.skynet.com gateway=10.100.0.1 \
    netmask=24

and you can see in the pic's - both dhcp servers work in same virtual gateway with tow Lan cards

so im using one gateway one domain:::::in tow LAN's tow dhcp servers tow ip's ranges
---

abdonetwork · Wed Sep 28, 2011 10:27 pm

hey

i found the best Solution to be can have more than one range each one Lan card

Well
if we have one Lan card and need to use the max IP's range
just add it when you enter the Lan ip
e.g if you have the lan range 192.168.0.1/24 it will give the ip's range 192.168.0.0-192.168.0.255
but if we need 4 ranges in same lan card we can add the address with /22 e.g= 192.168.0.1/22
this will give: 192.168.0.0-192.168.3.255
then go to ip pool edit your pool to be hs-pool-1 ranges=192.168.0.2-192.168.3.254
then go to ip firewall nat add a new ranges
===============================================================
/ip firewall nat
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
disabled=no src-address=192.168.0.0/24
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
disabled=no src-address=192.168.1.0/24
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
disabled=no src-address=192.168.2.0/24
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
disabled=no src-address=192.168.3.0/24
===============================================================
Then .....go to
/ip dhcp-server network
to add the 4 networks ranges like this
---------

add address=192.168.0.0/24 comment="hotspot network" dhcp-option=nocut \
dns-server=212.14.224.1,195.68.208.230 domain=www.skynet.com gateway=\
10.100.0.1 netmask=24
add address=192.168.1.0/24 comment="hotspot network" dhcp-option=nocut \
dns-server=212.14.224.1,195.68.208.230 domain=www.skynet.com gateway=\
10.100.0.1 netmask=24
add address=192.168.2.0/24 comment="hotspot network" dhcp-option=nocut \
dns-server=212.14.224.1,195.68.208.230 domain=www.skynet.com gateway=\
10.100.0.1 netmask=24
add address=192.168.3.0/24 comment="hotspot network" dhcp-option=nocut \
dns-server=212.14.224.1,195.68.208.230 domain=www.skynet.com gateway=\
10.100.0.1 netmask=24
============================================================

it's working ok 100%

-------
This answer should get me to sign registration

abdonetwork · Thu Sep 29, 2011 9:49 am

Someone give their opinion