Talk:User/Routing

From MikroTik Wiki
Revision as of 10:04, 11 March 2010 by Marisb (talk | contribs) (moved Talk:Routing to Talk:User/Routing)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Connection Sharing in a Single MAC-Address Restricted Service Access

Some ISP may impose a rule on which only a single pre-registered device is able to get service connection.
This restricts service to a registered single MAC Address of the client’s device. IP Address may be static or dynamic.

File:Netconfig01.jpg

With the above scenario, we can use a MikroTik RouterBoard to enable us to provide multiple connections,
over the restrictions indicated above as shown below.

File:Netconfig02.jpg

Here’s how it’s done. First, get the MAC Address and IP address of the connected interface of the registered device.

For PC running Windows, type ipconfig /all in the DOS prompt terminal to get these informations.

File:Ipconfig command.jpg

Portion of the ipconfig /all command result File:Ipconfig result.jpg

IP Address = 203.84.100.100/24  ; MAC Address = 00:16:D3:CA:BB:6D

Configure the following in your MikroTik Router

Assumptions:

Interface facing ISP = Ether1.To_Internet
Interface facing LAN = Ether2.To_LAN


1. Create a Bridge interface with the registered MAC Address inputted to the Admin. MAC Address field.

  /interface bridge
  add name=BR.Internet disabled=no admin-mac=00:16:D3:CA:BB:6D auto-mac=no

2. Add the port facing the ISP to the Bridge Interface.

  /interface bridge port
  add bridge=BR.Internet disabled=no interface=Ether1.To_Internet

3. Assign the registered IP Address to the Bridge interface.

3.1 If Static, Add also default route.
  /ip address
  add address=203.84.100.100/24 disabled=no interface=BR.Internet
  /ip route
  add dst-address=0.0.0.0/0 gateway=203.84.100.254 disabled=no distance=1
3.2 If Dynamic,
  /ip dhcp-client
  add interface=BR.Internet disabled=no add-default-route=yes use-peer-dns=yes

4. Create Source NAT, SRCNAT, rule with Masquerading; use the Bridge interface as Output interface.

  /ip firewall nat
  add chain=srcnat disabled=no out-interface=BR.Internet action=masquerade

5. Run DHCP Server for your LAN-side,Ether2.To_LAN interface, with correct DNS settings for your ISP.

  /ip address
  add address=192.168.0.254/24 disabled=no interface=Ether2.To_LAN
  /ip pool
  add name=dhcp_pool1 ranges=192.168.0.1-192.168.0.253
  /ip dhcp-server
  add name=dhcp1 address-pool=dhcp_pool1 disabled=no interface=Ether2.To_LAN lease-time=3d
  /ip dhcp-server network
  add address=192.168.0.0/24 dns-server=203.84.191.216,203.84.216.3 gateway=192.168.0.254

You should be able now to share your single-MAC Address restricted service to multiple terminal
devices in your LAN.





'amdg'
'...opportunity favors a prepared mind...'