Mikrotik - create another network (SSID) for direct Internet access

In some cases, you may request to connect devices to the Internet bypassing SOCIFI by using the same equipment. So if you can not use the IP Bindings hotspot feature, for example, due to the larger number of devices or because of the dynamic connection a large number of indefinable devices, you can set Mikrotik so that in addition to running network with SOCIFI service there is also a separate network with access with a simple authentication out of SOCIFI.
The basis is the creation of a separate network (bridge) with running services such as DHCP, DNS, NAT, etc. ... and then connect to this network devices via dedicated ports or dedicated (virtual) wifi.

Bridge - separate network

We create a separate network called Bridge-Private in the menu - Bridge tab - option Add.
On the tab STP remember to turn SpaningTree function on by option
  • Protocol mode = rstp
Subsequently add all Ethernet ports (e.g. Ether3) from the required private network.

Supporting network services - DHCP server, DNS server, NAT


For successful operation we need to configure some support services for this separate network. For an example, we configure the network IP address 192.168.89.0/24. IP address of the gateway, DHCP server and DNS server set as 192.168.89.1 and allocation dedicating 244 IP addresses.
First, we assign an IP address to the created bridge in the Menu - option Addresses. Here we create a new address with the following parameters:
  • Address = 192.168.89.1/24
  • Network = 192.168.89.0
  • Interface = bridge-Private
Furthermore, we create a DHCP server IP address range for assignment. In the tab IP / Pool we create a new range, we call it e.g. "Pool_private" and choose the range by entering values into variable:
  • Addresses = 192.168.89.10-192.168.89.254
Now we define the network parameters for the DHCP server to pass. In the menu - option IP / DHCP server we open the DHCP server settings. In the tab Networks we will create a new network with the following parameters:
  • Address = 192.168.89.0/24
  • Gateway = 192.168.89.1
  • DNS Servers = 192.168.89.1
We complete the DHCP Server Configuration in the tab DHCP Server by adding a new server with the following values:
  • Name = server-private
  • Interface = bridge-Private
  • Address Pool = pool_private
We have DNS server already functional by configuration of the hotspot, so we move on to the firewall settings. This setting can be found under the menu - option IP / Firewall. First, we add the NAT service for our network on the NAT tab. Here we create a new rule and set it as follows:
  • tab General
    • Chain = srcnat
    • Src. Address = 192.168.89.0/24
    • Out. Interface = ether1-gateway (in our case, the port is connected towards the internet)
  • tab Action
    • Action = masquerade
In the firewall rules there we restrict mutual access between the hotspot network (bridge-HS) and a separate private network (bridge-Private) by adding two rules to the tab Filter Rules. We enter the rules rules to the "forward" field before the final banning rule. We create two rules with the following settings:
first rule:
  • tab General
    • Chain = forward
    • In. Interface = bridge-HS
    • Out. Interface = bridge-Private
  • tab Action
    • Action = Drop
second rule:
  • tab General
    • Chain = forward
    • In. Interface = bridge-Private
    • Out. Interface = bridge-HS
  • tab Action
    • Action = Drop

Setting the wifi interface (if present)

If the device has a WiFi interface and we also want to create an access WiFi network for private use, then we need to create a virtual AP with relevant parameters and add its interface to the settings Bridge / Port to our separate private network (bridge-Private), the same as we have defined port Ether3.


Comments

Post a Comment

Popular posts from this blog

How to Install Windows 7 {Beginners}

Image
Are you installing Windows 7..? You don't need to be a professional or refer to a confusing manual in order to do so. Just follow this guide, and you'll have Windows 7 installed on that computer in no time... rt 1 Installing Using a Windows installation DVD Clean Install A clean install is intended for users who want to freshly install Windows on their computer (by deleting all of the data on the hard disk and then installing Windows) or computers that do not have an operating system yet. 1 Enter your computer's BIOS.  Turn off the computer on which you want to install Windows 7 and then turn it back on. When the BIOS screen appears or you are prompted to do so, press  Del ,  Esc ,  F2 ,  F10 , or  F9  (depending on your computer’s motherboard) to enter the system BIOS. The key to enter the BIOS is usually shown on the screen. 2 Find your BIOS's boot options menu.  The boot options menu of your BIOS may vary in locat...
Read more

Install and Tuning Squid Proxy Server for Windows........

Image
The earlier discussion on the basic of bandwidth management that only uses masquerading on firewall nat to share the internet connection to each client for our network. And then we classify into the various kinds of  connection packets  and give different priorities to them. It depends on how much you want to classify and get your desired priority. One step further more about bandwidth management, using proxy server on the network is going to be very dramatic role in obtaining the satisfaction of our clients in use of the internet connection. Actually, the browser itself has been using this method, but the ability is still limited by making the cache inside. The static data from any sites that have been accessed, the browser will make the cache that stored inside, so if sometimes we access it again the static data from the sites is not requested again except the dynamic data, the result is the loading of the site will be faster compared with the first time ...
Read more