Scribd Logo
Upload

Welcome to Scribd!

  • PPoE Hotspot

    Uploaded by

    M Shahjehan Shafqat
    200 views3 pages
    This document contains configuration settings for: 1. Interface, IP address, DHCP, DNS, firewall, NAT, and hotspot configurations for a network with Ethernet, wireless, PPPoE client and server interfaces. 2. RADIUS and PPPoA authentication configurations for connecting remote clients. 3. Queue shaping and firewall rules for traffic prioritization and basic security. 4. System settings like clock, identity and logging configurations.

    Original Description:

    hotspot and ppoe

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document contains configuration settings for: 1. Interface, IP address, DHCP, DNS, firewall, NAT, and hotspot configurations for a network with Ethernet, wireless, PPPoE client and server interfaces. 2. RADIUS and PPPoA authentication configurations for connecting remote clients. 3. Queue shaping and firewall rules for traffic prioritization and basic security. 4. System settings like clock, identity and logging configurations.

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    200 views3 pages

    PPoE Hotspot

    Uploaded by

    M Shahjehan Shafqat
    This document contains configuration settings for: 1. Interface, IP address, DHCP, DNS, firewall, NAT, and hotspot configurations for a network with Ethernet, wireless, PPPoE client and server interfaces. 2. RADIUS and PPPoA authentication configurations for connecting remote clients. 3. Queue shaping and firewall rules for traffic prioritization and basic security. 4. System settings like clock, identity and logging configurations.

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 3

    /interface ethernet

    set [ find default-name=ether4 ] arp=reply-only name=AP-OUT


    set [ find default-name=ether1 ] name=Local
    set [ find default-name=ether2 ] arp=proxy-arp name=internet1
    set [ find default-name=ether5 ] disabled=yes name=wan-world
    set [ find default-name=ether3 ] arp=proxy-arp disabled=yes name=wlan
    /interface wireless security-profiles
    set [ find default=yes ] supplicant-identity=MikroTik
    /ip hotspot profile
    set [ find default=yes ] login-by=http-chap,https,http-pap
    add hotspot-address=10.5.50.1 login-by=http-chap name=hsprof1 nas-port-type=ethe
    rnet use-radius=yes
    /ip hotspot user profile
    set [ find default=yes ] name="1am users" rate-limit=256000/1024000
    add name=512 open-status-page=http-login rate-limit=84k/512k transparent-proxy=y
    es
    add name=350 rate-limit=64k/350k transparent-proxy=yes
    add name=1.7MB rate-limit=256k/1750k
    add name=128/1350 rate-limit=128k/1350k transparent-proxy=yes
    add name=128/650 open-status-page=http-login rate-limit=100k/612k transparent-pr
    oxy=yes
    add name=1.5 open-status-page=http-login rate-limit=256k/1500k transparent-proxy
    =yes
    add name=3MB open-status-page=http-login rate-limit=256k/2772k transparent-proxy
    =yes
    add name=4mb open-status-page=http-login rate-limit=256k/3796k transparent-proxy
    =yes
    add name=1.4 rate-limit=200k/1350k transparent-proxy=yes
    /ip ipsec proposal
    set [ find default=yes ] enc-algorithms=3des
    /ip pool
    add name=hs-pool-6 ranges=10.5.50.10-10.5.50.100
    /ip dhcp-server
    add add-arp=yes address-pool=hs-pool-6 authoritative=yes disabled=no interface=A
    P-OUT lease-time=1h name=dhcp2
    /ip hotspot
    add address-pool=hs-pool-6 addresses-per-mac=1 disabled=no interface=AP-OUT name
    =hotspot1 profile=hsprof1
    /ppp profile
    set 0 dns-server=8.8.8.8,4.2.2.4,208.67.222.222 use-compression=no use-vj-compre
    ssion=no
    /interface pppoe-client
    add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2 dial-on-deman
    d=no disabled=yes interface=wlan keepalive-timeout=60 max-mru=1480 max-mtu=\
    1480 mrru=disabled name=pppoe-out1 password=3335 profile=default service-name=""
    use-peer-dns=no user=a1umairgill
    /ip neighbor discovery
    set pppoe-out1 discover=no
    /queue simple
    add max-limit=128k/1M name="Umair - OFFICE" target=10.0.0.2/32
    add max-limit=512k/4M name="umer 202032421" target=10.0.0.3/32
    /system logging action
    set 0 memory-lines=100
    set 1 disk-lines-per-file=100
    /interface bridge filter
    add action=log chain=input comment="Block DHCP servers on 192.168.0.0/16" disabl
    ed=yes dst-address=255.255.255.255/32 ip-protocol=udp log-prefix=\
    "ALERT ROGUE DHCP (BLOCKED)" mac-protocol=ip src-address=192.168.0.0/16 src-port
    =67-68
    add action=drop chain=input comment="Block DHCP servers on 192.168.0.0/16" disab
    led=yes dst-address=255.255.255.255/32 ip-protocol=udp mac-protocol=ip \
    src-address=192.168.0.0/16 src-port=67-68
    /interface bridge settings
    set use-ip-firewall=yes use-ip-firewall-for-vlan=yes
    /interface pppoe-server server
    add authentication=pap disabled=no interface=Local max-mru=1500 max-mtu=1500 one
    -session-per-host=yes service-name=pppoe
    /interface pptp-server server
    set authentication=pap,chap,mschap1,mschap2 enabled=yes max-mru=1460 max-mtu=146
    0
    /ip address
    add address=7.7.7.1/32 interface=Local network=7.7.7.0
    add address=192.168.1.25/24 interface=internet1 network=192.168.1.0
    add address=10.5.50.1/24 comment="hotspot network" interface=AP-OUT network=10.5
    .50.0
    /ip arp
    add address=10.5.50.33 interface=AP-OUT mac-address=00:1C:C0:C2:D0:DF
    /ip dhcp-server network
    add address=10.5.50.0/24 comment="hotspot network" gateway=10.5.50.1
    /ip dns
    set allow-remote-requests=yes max-udp-packet-size=512 servers=8.8.8.8,8.8.4.4
    /ip firewall filter
    add action=passthrough chain=unused-hs-chain comment="place hotspot rules here"
    disabled=yes
    add action=drop chain=input dst-port=80 protocol=tcp
    add action=drop chain=input dst-port=22-23 protocol=tcp
    add action=drop chain=forward dst-port=25 limit=1,5 protocol=tcp src-address-lis
    t=Worm-Infected-p25
    add action=drop chain=forward dst-port=445 limit=1,5 protocol=tcp src-address-li
    st=Worm-Infected-p445
    /ip firewall mangle
    add action=add-src-to-address-list address-list=Worm-Infected-p445 address-list-
    timeout=1h chain=prerouting connection-state=new dst-port=445 limit=5,10 \
    protocol=tcp
    add action=add-src-to-address-list address-list=Worm-Infected-p25 address-list-t
    imeout=1h chain=prerouting connection-state=new dst-port=25 limit=5,10 \
    protocol=tcp
    add action=change-mss chain=forward disabled=yes new-mss=1440 out-interface=inte
    rnet1 protocol=tcp tcp-flags=syn tcp-mss=1441-65535
    /ip firewall nat
    add action=passthrough chain=unused-hs-chain comment="place hotspot rules here"
    disabled=yes to-addresses=0.0.0.0
    add action=masquerade chain=srcnat comment="masquerade hotspot network" src-addr
    ess=10.5.50.0/24 to-addresses=0.0.0.0
    add action=masquerade chain=srcnat out-interface=internet1
    /ip hotspot user
    add name=rebel password=rebel profile=3MB server=hotspot1
    add name=umer password=umer server=hotspot1
    /ip proxy
    set always-from-cache=yes max-cache-size=none parent-proxy=0.0.0.0 port=3128
    /ip route
    add check-gateway=ping distance=2 gateway=192.168.1.1
    /ip route rule
    add disabled=yes dst-address=192.168.2.0/24 interface=Local src-address=192.168.
    2.0/24
    /ip service
    set api disabled=yes
    /ip upnp
    set allow-disable-external-interface=no
    /ppp aaa
    set use-radius=yes
    /ppp secret
    add local-address=10.0.0.1 name=umair password=7249 remote-address=10.0.0.2 serv
    ice=pppoe
    add local-address=10.0.0.1 name=umer password=umer remote-address=10.0.0.3 servi
    ce=pppoe
    /radius incoming
    set port=1700
    /system clock
    set time-zone-name=WET
    /system identity
    set name="WIFI"

    You might also like