Talk:User/Routing

From MikroTik Wiki
Revision as of 12:04, 11 March 2010 by Marisb (talk | contribs) (moved Talk:Routing to Talk:User/Routing)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Connection Sharing in a Single MAC-Address Restricted Service Access

Some ISP may impose a rule on which only a single pre-registered device is able to get service connection.
This restricts service to a registered single MAC Address of the client’s device. IP Address may be static or dynamic.

File:Netconfig01.jpg

With the above scenario, we can use a MikroTik RouterBoard to enable us to provide multiple connections,
over the restrictions indicated above as shown below.

File:Netconfig02.jpg

Here’s how it’s done. First, get the MAC Address and IP address of the connected interface of the registered device.

For PC running Windows, type ipconfig /all in the DOS prompt terminal to get these informations.

File:Ipconfig command.jpg

Portion of the ipconfig /all command result File:Ipconfig result.jpg

IP Address = 203.84.100.100/24  ; MAC Address = 00:16:D3:CA:BB:6D

Configure the following in your MikroTik Router

Assumptions:

Interface facing ISP = Ether1.To_Internet
Interface facing LAN = Ether2.To_LAN


1. Create a Bridge interface with the registered MAC Address inputted to the Admin. MAC Address field.

  /interface bridge
  add name=BR.Internet disabled=no admin-mac=00:16:D3:CA:BB:6D auto-mac=no

2. Add the port facing the ISP to the Bridge Interface.

  /interface bridge port
  add bridge=BR.Internet disabled=no interface=Ether1.To_Internet

3. Assign the registered IP Address to the Bridge interface.

3.1 If Static, Add also default route.
  /ip address
  add address=203.84.100.100/24 disabled=no interface=BR.Internet
  /ip route
  add dst-address=0.0.0.0/0 gateway=203.84.100.254 disabled=no distance=1
3.2 If Dynamic,
  /ip dhcp-client
  add interface=BR.Internet disabled=no add-default-route=yes use-peer-dns=yes

4. Create Source NAT, SRCNAT, rule with Masquerading; use the Bridge interface as Output interface.

  /ip firewall nat
  add chain=srcnat disabled=no out-interface=BR.Internet action=masquerade

5. Run DHCP Server for your LAN-side,Ether2.To_LAN interface, with correct DNS settings for your ISP.

  /ip address
  add address=192.168.0.254/24 disabled=no interface=Ether2.To_LAN
  /ip pool
  add name=dhcp_pool1 ranges=192.168.0.1-192.168.0.253
  /ip dhcp-server
  add name=dhcp1 address-pool=dhcp_pool1 disabled=no interface=Ether2.To_LAN lease-time=3d
  /ip dhcp-server network
  add address=192.168.0.0/24 dns-server=203.84.191.216,203.84.216.3 gateway=192.168.0.254

You should be able now to share your single-MAC Address restricted service to multiple terminal
devices in your LAN.





'amdg'
'...opportunity favors a prepared mind...'