Hi all,
I want to give internet access to our guest by limited time per day . The same MAC can access internet for two hours per same day.
What is easyest way to implement this by mikrotik ?
Regards,
Linas
Re: Limit WiFi client internet access by limited time per da
Set up hotspot and auth/accounting to a radius server (linux+freeradius) which can handle that kind of limitation (and many many more).
Maybe embedded Mikrotik usermanager can handle this, i don't know it very well.
Maybe embedded Mikrotik usermanager can handle this, i don't know it very well.
Re: Limit WiFi client internet access by limited time per da
Or, even simpler, the hotspot "trial" mode might do the trick.
Re: Limit WiFi client internet access by limited time per da
It'l be better do not use HotSpot . Is it possible to use Address List for time limiting ?
Re: Limit WiFi client internet access by limited time per da
if you don't want to use hotspot, then.. maybe via DHCP
Link the mikrotik DHCP server with a Radius with a 2 hour lease, and configure the radius to respond "no" when the DHCP client tries to renew his lease.
Link the mikrotik DHCP server with a Radius with a 2 hour lease, and configure the radius to respond "no" when the DHCP client tries to renew his lease.
Re: Limit WiFi client internet access by limited time per da
Testing this configuration , seems to be working :
General idea : DHCP lease for 12h , add arp for lease. WIFI interface arp-reply only. New IP is added into two lists : one for Internet access , second for ban
General idea : DHCP lease for 12h , add arp for lease. WIFI interface arp-reply only. New IP is added into two lists : one for Internet access , second for ban
Code: Select all
/interface wireless
set [ find default-name=wlan1 ] arp=reply-only band=2ghz-b/g/n channel-width=\
20/40mhz-Ce disabled=no distance=indoors l2mtu=1600 mode=ap-bridge \
tx-power=4 tx-power-mode=all-rates-fixed
/ip pool
add name=WiFI ranges=192.168.10.10-192.168.10.100
/ip dhcp-server
add add-arp=yes address-pool=WiFI disabled=no interface=wlan1 lease-time=12h \
name=WiFi
/system logging action
set 3 src-address=0.0.0.0
/ip address
add address=192.168.10.1/24 interface=wlan1 network=192.168.10.0
/ip dhcp-client
add default-route-distance=0 dhcp-options=hostname,clientid disabled=no \
interface=ether1
/ip dhcp-server network
add address=192.168.10.0/24 dns-server=8.8.8.8 gateway=192.168.10.1 netmask=\
24
/ip firewall filter
add action=add-src-to-address-list address-list=NewIp address-list-timeout=5m \
chain=forward out-interface=ether1 src-address=192.168.10.0/24 \
src-address-list=!TimeOut
add action=add-src-to-address-list address-list=TimeOut address-list-timeout=\
10m chain=forward out-interface=ether1 src-address=192.168.10.0/24
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1 src-address=\
192.168.10.0/24 src-address-list=NewIp
Re: Limit WiFi client internet access by limited time per da
Is it possible to serve simple html page with miktotik ?
I want to publish a simpe page , that is "You have no internet" .
Then time is out i can make redirect rule to that page.
Regards,
I want to publish a simpe page , that is "You have no internet
" .Then time is out i can make redirect rule to that page.
Regards,
Re: Limit WiFi client internet access by limited time per da
You can use the built in HotSpot. Use HTTP CHAP for the login profile. Give each user their own account. For each user account you can set Uptime limits - for example 2 hours. You can set up a task in the scheduler to turn off and on the hotspot (or even the wifi) at specified time of day- for example you might want to allow access between 10:00-21:00.
If you use the Hotspot you can edit the welcome/log in page to tell users your rules and that they have a time limit. Once they accept the rules and log in they get a popup that will display their time remaining. If they block popups they probably wont see it though.
If you use the Hotspot you can edit the welcome/log in page to tell users your rules and that they have a time limit. Once they accept the rules and log in they get a popup that will display their time remaining. If they block popups they probably wont see it though.
Re: Limit WiFi client internet access by limited time per da
Can you please help me?Testing this configuration , seems to be working :
General idea : DHCP lease for 12h , add arp for lease. WIFI interface arp-reply only. New IP is added into two lists : one for Internet access , second for ban
Code: Select all/interface wireless set [ find default-name=wlan1 ] arp=reply-only band=2ghz-b/g/n channel-width=\ 20/40mhz-Ce disabled=no distance=indoors l2mtu=1600 mode=ap-bridge \ tx-power=4 tx-power-mode=all-rates-fixed /ip pool add name=WiFI ranges=192.168.10.10-192.168.10.100 /ip dhcp-server add add-arp=yes address-pool=WiFI disabled=no interface=wlan1 lease-time=12h \ name=WiFi /system logging action set 3 src-address=0.0.0.0 /ip address add address=192.168.10.1/24 interface=wlan1 network=192.168.10.0 /ip dhcp-client add default-route-distance=0 dhcp-options=hostname,clientid disabled=no \ interface=ether1 /ip dhcp-server network add address=192.168.10.0/24 dns-server=8.8.8.8 gateway=192.168.10.1 netmask=\ 24 /ip firewall filter add action=add-src-to-address-list address-list=NewIp address-list-timeout=5m \ chain=forward out-interface=ether1 src-address=192.168.10.0/24 \ src-address-list=!TimeOut add action=add-src-to-address-list address-list=TimeOut address-list-timeout=\ 10m chain=forward out-interface=ether1 src-address=192.168.10.0/24 /ip firewall nat add action=masquerade chain=srcnat out-interface=ether1 src-address=\ 192.168.10.0/24 src-address-list=NewIp
Sincerely,
Jason.C
Re: Limit WiFi client internet access by limited time per da
Спасибо, работает, избавился от мозго*** с Hotspot+HTTPS
PS: @blyumazeiko 
Code: Select all
/interface bridge
add arp=reply-only comment=hotspot name=br1
#
#
/ip address
add address=10.1.30.1/24 comment=hotspot interface=br1 network=10.1.30.0
#
#
/ip pool
add name=dhcp_pool2 ranges=10.1.30.2-10.1.30.254
#
/ip dhcp-server
add add-arp=yes address-pool=dhcp_pool2 disabled=no interface=br1 name=dhcp2
/ip dhcp-server network
add address=10.1.30.0/24 dns-server=10.1.30.1 gateway=10.1.30.1
#
#
/ip firewall filter
add chain=forward connection-state=established,related
add chain=forward connection-state=new src-address-list=hotspot_permit
add action=reject chain=forward connection-state=new protocol=tcp reject-with=tcp-reset src-address-list=hotspot_deny
add action=add-src-to-address-list address-list=hotspot_permit address-list-timeout=1m chain=forward connection-state=new \
src-address=10.1.30.0/24 src-address-list=!hotspot_deny
add action=add-src-to-address-list address-list=hotspot_deny address-list-timeout=2m chain=forward connection-state=new \
src-address=10.1.30.0/24
/
#
#
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1 src-address-list=hotspot_permit
/
#
#
Testing this configuration , seems to be working :
General idea : DHCP lease for 12h , add arp for lease. WIFI interface arp-reply only. New IP is added into two lists : one for Internet access , second for ban
Code: Select all/interface wireless set [ find default-name=wlan1 ] arp=reply-only band=2ghz-b/g/n channel-width=\ 20/40mhz-Ce disabled=no distance=indoors l2mtu=1600 mode=ap-bridge \ tx-power=4 tx-power-mode=all-rates-fixed /ip pool add name=WiFI ranges=192.168.10.10-192.168.10.100 /ip dhcp-server add add-arp=yes address-pool=WiFI disabled=no interface=wlan1 lease-time=12h \ name=WiFi /system logging action set 3 src-address=0.0.0.0 /ip address add address=192.168.10.1/24 interface=wlan1 network=192.168.10.0 /ip dhcp-client add default-route-distance=0 dhcp-options=hostname,clientid disabled=no \ interface=ether1 /ip dhcp-server network add address=192.168.10.0/24 dns-server=8.8.8.8 gateway=192.168.10.1 netmask=\ 24 /ip firewall filter add action=add-src-to-address-list address-list=NewIp address-list-timeout=5m \ chain=forward out-interface=ether1 src-address=192.168.10.0/24 \ src-address-list=!TimeOut add action=add-src-to-address-list address-list=TimeOut address-list-timeout=\ 10m chain=forward out-interface=ether1 src-address=192.168.10.0/24 /ip firewall nat add action=masquerade chain=srcnat out-interface=ether1 src-address=\ 192.168.10.0/24 src-address-list=NewIp
Re: Limit WiFi client internet access by limited time per day
Is there a solution for this request?
The address-list=TimeOut continously refreshing timeout interval and never timed out, so no connection after address-list=NewIp timed out.
The address-list=TimeOut continously refreshing timeout interval and never timed out, so no connection after address-list=NewIp timed out.