Scribd
Upload
294 views3 pages

PPoE Hotspot

This document contains configuration settings for: 1. Interface, IP address, DHCP, DNS, firewall, NAT, and hotspot configurations for a network with Ethernet, wireless, PPPoE client and server interfaces. 2. RADIUS and PPPoA authentication configurations for connecting remote clients. 3. Queue shaping and firewall rules for traffic prioritization and basic security. 4. System settings like clock, identity and logging configurations.

Uploaded by

M Shahjehan Shafqat
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
294 views3 pages

PPoE Hotspot

This document contains configuration settings for: 1. Interface, IP address, DHCP, DNS, firewall, NAT, and hotspot configurations for a network with Ethernet, wireless, PPPoE client and server interfaces. 2. RADIUS and PPPoA authentication configurations for connecting remote clients. 3. Queue shaping and firewall rules for traffic prioritization and basic security. 4. System settings like clock, identity and logging configurations.

Uploaded by

M Shahjehan Shafqat
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 3

/interface ethernet

set [ find default-name=ether4 ] arp=reply-only name=AP-OUT


set [ find default-name=ether1 ] name=Local
set [ find default-name=ether2 ] arp=proxy-arp name=internet1
set [ find default-name=ether5 ] disabled=yes name=wan-world
set [ find default-name=ether3 ] arp=proxy-arp disabled=yes name=wlan
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] login-by=http-chap,https,http-pap
add hotspot-address=10.5.50.1 login-by=http-chap name=hsprof1 nas-port-type=ethe
rnet use-radius=yes
/ip hotspot user profile
set [ find default=yes ] name="1am users" rate-limit=256000/1024000
add name=512 open-status-page=http-login rate-limit=84k/512k transparent-proxy=y
es
add name=350 rate-limit=64k/350k transparent-proxy=yes
add name=1.7MB rate-limit=256k/1750k
add name=128/1350 rate-limit=128k/1350k transparent-proxy=yes
add name=128/650 open-status-page=http-login rate-limit=100k/612k transparent-pr
oxy=yes
add name=1.5 open-status-page=http-login rate-limit=256k/1500k transparent-proxy
=yes
add name=3MB open-status-page=http-login rate-limit=256k/2772k transparent-proxy
=yes
add name=4mb open-status-page=http-login rate-limit=256k/3796k transparent-proxy
=yes
add name=1.4 rate-limit=200k/1350k transparent-proxy=yes
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=3des
/ip pool
add name=hs-pool-6 ranges=10.5.50.10-10.5.50.100
/ip dhcp-server
add add-arp=yes address-pool=hs-pool-6 authoritative=yes disabled=no interface=A
P-OUT lease-time=1h name=dhcp2
/ip hotspot
add address-pool=hs-pool-6 addresses-per-mac=1 disabled=no interface=AP-OUT name
=hotspot1 profile=hsprof1
/ppp profile
set 0 dns-server=8.8.8.8,4.2.2.4,208.67.222.222 use-compression=no use-vj-compre
ssion=no
/interface pppoe-client
add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2 dial-on-deman
d=no disabled=yes interface=wlan keepalive-timeout=60 max-mru=1480 max-mtu=\
1480 mrru=disabled name=pppoe-out1 password=3335 profile=default service-name=""
use-peer-dns=no user=a1umairgill
/ip neighbor discovery
set pppoe-out1 discover=no
/queue simple
add max-limit=128k/1M name="Umair - OFFICE" target=10.0.0.2/32
add max-limit=512k/4M name="umer 202032421" target=10.0.0.3/32
/system logging action
set 0 memory-lines=100
set 1 disk-lines-per-file=100
/interface bridge filter
add action=log chain=input comment="Block DHCP servers on 192.168.0.0/16" disabl
ed=yes dst-address=255.255.255.255/32 ip-protocol=udp log-prefix=\
"ALERT ROGUE DHCP (BLOCKED)" mac-protocol=ip src-address=192.168.0.0/16 src-port
=67-68
add action=drop chain=input comment="Block DHCP servers on 192.168.0.0/16" disab
led=yes dst-address=255.255.255.255/32 ip-protocol=udp mac-protocol=ip \
src-address=192.168.0.0/16 src-port=67-68
/interface bridge settings
set use-ip-firewall=yes use-ip-firewall-for-vlan=yes
/interface pppoe-server server
add authentication=pap disabled=no interface=Local max-mru=1500 max-mtu=1500 one
-session-per-host=yes service-name=pppoe
/interface pptp-server server
set authentication=pap,chap,mschap1,mschap2 enabled=yes max-mru=1460 max-mtu=146
0
/ip address
add address=7.7.7.1/32 interface=Local network=7.7.7.0
add address=192.168.1.25/24 interface=internet1 network=192.168.1.0
add address=10.5.50.1/24 comment="hotspot network" interface=AP-OUT network=10.5
.50.0
/ip arp
add address=10.5.50.33 interface=AP-OUT mac-address=00:1C:C0:C2:D0:DF
/ip dhcp-server network
add address=10.5.50.0/24 comment="hotspot network" gateway=10.5.50.1
/ip dns
set allow-remote-requests=yes max-udp-packet-size=512 servers=8.8.8.8,8.8.4.4
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here"
disabled=yes
add action=drop chain=input dst-port=80 protocol=tcp
add action=drop chain=input dst-port=22-23 protocol=tcp
add action=drop chain=forward dst-port=25 limit=1,5 protocol=tcp src-address-lis
t=Worm-Infected-p25
add action=drop chain=forward dst-port=445 limit=1,5 protocol=tcp src-address-li
st=Worm-Infected-p445
/ip firewall mangle
add action=add-src-to-address-list address-list=Worm-Infected-p445 address-list-
timeout=1h chain=prerouting connection-state=new dst-port=445 limit=5,10 \
protocol=tcp
add action=add-src-to-address-list address-list=Worm-Infected-p25 address-list-t
imeout=1h chain=prerouting connection-state=new dst-port=25 limit=5,10 \
protocol=tcp
add action=change-mss chain=forward disabled=yes new-mss=1440 out-interface=inte
rnet1 protocol=tcp tcp-flags=syn tcp-mss=1441-65535
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here"
disabled=yes to-addresses=0.0.0.0
add action=masquerade chain=srcnat comment="masquerade hotspot network" src-addr
ess=10.5.50.0/24 to-addresses=0.0.0.0
add action=masquerade chain=srcnat out-interface=internet1
/ip hotspot user
add name=rebel password=rebel profile=3MB server=hotspot1
add name=umer password=umer server=hotspot1
/ip proxy
set always-from-cache=yes max-cache-size=none parent-proxy=0.0.0.0 port=3128
/ip route
add check-gateway=ping distance=2 gateway=192.168.1.1
/ip route rule
add disabled=yes dst-address=192.168.2.0/24 interface=Local src-address=192.168.
2.0/24
/ip service
set api disabled=yes
/ip upnp
set allow-disable-external-interface=no
/ppp aaa
set use-radius=yes
/ppp secret
add local-address=10.0.0.1 name=umair password=7249 remote-address=10.0.0.2 serv
ice=pppoe
add local-address=10.0.0.1 name=umer password=umer remote-address=10.0.0.3 servi
ce=pppoe
/radius incoming
set port=1700
/system clock
set time-zone-name=WET
/system identity
set name="WIFI"

You might also like