Scribd
Upload
68 views2 pages

Full LB PCC Hotspot

This document configures a router to provide a WiFi hotspot with DHCP and NAT services using two IP pools and profiles. Traffic is marked and routed to one of two ISPs based on the hotspot authentication and connection marks. Basic firewall rules are added for the hotspot interface.

Uploaded by

Yudie Pv
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
68 views2 pages

Full LB PCC Hotspot

This document configures a router to provide a WiFi hotspot with DHCP and NAT services using two IP pools and profiles. Traffic is marked and routed to one of two ISPs based on the hotspot authentication and connection marks. Basic firewall rules are added for the hotspot interface.

Uploaded by

Yudie Pv
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 2

/ip hotspot profile

add hotspot-address=172.16.100.254 name=hsprof1


/ip pool
add name=hs-pool-6 ranges=172.16.100.10-172.16.100.20
/ip dhcp-server
add address-pool=hs-pool-6 disabled=no interface=wlan1 lease-time=1h name=\
dhcp1
/ip hotspot
add address-pool=hs-pool-6 disabled=no interface=wlan1 name=hotspot1 profile=\
hsprof1
/tool user-manager customer
set admin access=\
own-routers,own-users,own-profiles,own-limits,config-payment-gw
/tool user-manager profile
add name=test name-for-users="" override-shared-users=off owner=admin price=0 \
starts-at=logon validity=0s
/ip address
add address=192.168.40.1/24 interface=ether4 network=192.168.40.0
add address=192.168.50.1/24 interface=ether5 network=192.168.50.0
add address=172.16.100.254/24 interface=wlan1 network=172.16.100.0
/ip dhcp-server network
add address=172.16.100.0/24 comment="hotspot network" dns-server=\
8.8.8.8 gateway=172.16.100.254
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
/ip firewall mangle
add action=accept chain=prerouting dst-address=192.168.40.0/24 in-interface=\
wlan1
add action=accept chain=prerouting dst-address=192.168.50.0/24 in-interface=\
wlan1
add action=mark-connection chain=prerouting connection-mark=no-mark \
in-interface=ether4 new-connection-mark=ISP1_conn
add action=mark-connection chain=prerouting connection-mark=no-mark \
in-interface=ether5 new-connection-mark=ISP2_conn
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-type=!local hotspot=auth in-interface=wlan1 \
new-connection-mark=ISP1_conn passthrough=yes per-connection-classifier=\
both-addresses:2/0
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-type=!local hotspot=auth in-interface=wlan1 \
new-connection-mark=ISP2_conn passthrough=yes per-connection-classifier=\
both-addresses:2/1
add action=mark-routing chain=prerouting connection-mark=ISP1_conn \
in-interface=wlan1 new-routing-mark=to_ISP1
add action=mark-routing chain=prerouting connection-mark=ISP2_conn \
in-interface=wlan1 new-routing-mark=to_ISP2
add action=mark-routing chain=output connection-mark=ISP1_conn \
new-routing-mark=to_ISP1
add action=mark-routing chain=output connection-mark=ISP2_conn \
new-routing-mark=to_ISP2
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat out-interface=ether4
add action=masquerade chain=srcnat out-interface=ether5
/ip hotspot user
add name=admin
/ip route
add check-gateway=ping distance=1 gateway=192.168.40.254 routing-mark=to_ISP1
add check-gateway=ping distance=1 gateway=192.168.50.254 routing-mark=to_ISP2
add check-gateway=ping distance=1 gateway=192.168.40.254
add check-gateway=ping distance=2 gateway=192.168.50.254

You might also like