MikroTik

Hi

Is it possible to mention ip pool in CIDR Notation ?

For example , to specify a pool 192.168.1.1-192.168.1.254 , is it syntactically correct in Mikrotik to specify 192.168.1.0/24 ?

Abhishek

Obviously, if the pool are not correct, winbox/cli do not accept value.

Thanks.

Hi

Is it possible to mention ip pool in CIDR Notation ?

For example , to specify a pool 192.168.1.1-192.168.1.254 , is it syntactically correct in Mikrotik to specify 192.168.1.0/24 ?

That would not be correct 192.168.1.0/24 would include 192.168.1.0 and 192.168.1.255 in addition to 192.168.1.1-192.168.1.254. It is a small but critical difference. You probably don't want them in the pool, unless your subnet is 192.168.0.0/22 or some shorter prefix. In 192.168.0.0/23 and 192.168.1.0/24, 192.168.1.255 is your broadcast address. In 192.168.1.0/24, 192.168.1.0 is your network address. Hosts are not supposed to be using as their IP address the network or broadcast address of any subnet.

If you specify an IP pool as a range of IPs which can be converted to CIDR notation, RouterOS will automatically do that for you, at least on recent versions of RouterOS 6.x. I usually keep my workstations in a longer prefix of the actual subnet. VPN users are in another longer prefix. Servers in another. It makes writing firewall and proxy rules simpler to be able to group those different devices with prefix notation rather than specifying ranges or address-lists.

Hi

Is it possible to mention ip pool in CIDR Notation ?

For example , to specify a pool 192.168.1.1-192.168.1.254 , is it syntactically correct in Mikrotik to specify 192.168.1.0/24 ?

That would not be correct 192.168.1.0/24 would include 192.168.1.0 and 192.168.1.255 in addition to 192.168.1.1-192.168.1.254. It is a small but critical difference. You probably don't want them in the pool, unless your subnet is 192.168.0.0/22 or some shorter prefix. In 192.168.0.0/23 and 192.168.1.0/24, 192.168.1.255 is your broadcast address. In 192.168.1.0/24, 192.168.1.0 is your network address. Hosts are not supposed to be using as their IP address the network or broadcast address of any subnet.

If you specify an IP pool as a range of IPs which can be converted to CIDR notation, RouterOS will automatically do that for you, at least on recent versions of RouterOS 6.x. I usually keep my workstations in a longer prefix of the actual subnet. VPN users are in another longer prefix. Servers in another. It makes writing firewall and proxy rules simpler to be able to group those different devices with prefix notation rather than specifying ranges or address-lists.

Bravo!

Hi Lambert

Thanks for your reply.

In my case the ip pool is specifically used for running Hotspot for subscribers who are using static ip address ( ip pool not used for dhcp server etc) , so in my case I believe it would not be a problem to mention the pool in CIDR format.

Abhishek

If they have static IPs, what is the point of having an IP pool? I do not use hotspot, so maybe there is some point I do not know about.

What is the IP address which is configured on the hotspot facing interface?

If they have static IPs, what is the point of having an IP pool? I do not use hotspot, so maybe there is some point I do not know about.

What is the IP address which is configured on the hotspot facing interface?

If the hotspot is still using the universal 1:1 NAT, the hotspot interface on the client side of the interface answers requests addressed to all addresses. Same as 0.0.0.0/0

The hotspot uses arp poisoning to intercept any packets sent from devices on the hotspot interface to any other device.

The hotspot will translate the static ips on the client side of the hotspot interface into a ip range assigned to the router side of the hotspot interface using the ip pool in "/ip hotspot".

Okay, that sounds logical then. As long as the mikrotik 1:1 NAT can handle hosts on the network and broadcast addresses of the /24, he should be okay. Is the 1:1 pool subnet usually configured in /ip addresses? Or is it just a logical range and the Tik intercepts traffic to those addresses on the forward chain? Bah, I should just go read the wiki...

My Network Diagram -

Cloud
|
|
Cisco ASA ( used for Dynamic NAT purpose )
|
|
Layer 3 Switch
|
|
Layer 3 Switch --------> P2P & HTTP Acceleration Engine
| IP- 172.30.1.165/30
|
| IP- 172.30.1.166/30
Mikrotik Hotspot ( CCR1036 )------------> AAA and Policy Application ( Walled Garden)
| IP- 172.30.1.169/30
|
| IP- 172.30.1.170
Layer 3 Switch ( Access Switch )
|
|
172.18.0.0/16 , 172.16.0.0/16 ( Subscriber Network )

I have created ip pool mentioning 172.18.0.0/16 & 172.16.0.0/16 for the hotspot in Mikrotik and customers are using statically assigned IP addresses. But I really think mentioning an ip pool for hotspot server in my case is of no use.

Abhishek