1-541-955-6900

success@visp.net

Login

Documentation Series

Learn About VISP App Dashboard

Help Documentations / Networks / Mikrotik DHCP Configuration

Mikrotik DHCP Configuration

Step 1: Configure RADIUS Servers

Follow the instructions on this page to configure the RADIUS servers.

Step 2: Configure IP Addresses

  1. Add the IP addresses on the customer-facing interface that will be used as the gateway IP for active subscribers (probably the bridge named ‘Customers`).
    • Address: Ex: 100.64.1.1/24. 
  2. Optional: Add  Subscriber Management IP addresses on the appropriate VLAN interface.
    • Address: Ex: 10.2.1.1/24

Note: It is also best practice to document the subnet with meaningful comments.

Step 3: DHCP server setup

  1. Open winbox, navigate to IP > DHCP Server on the router
  2. Click on the DHCP Setup button
  3. Select the interface where you want to configure the DHCP server from the drop-down menu and proceed.
  4. Configure the following parameters:
  5. Put your LAN network block in the DHCP address space input box, then click the Next button.  

      • LAN Network Block: Input the network block for the DHCP server.

      • Gateway Address: Specify the gateway IP for the network.

      • IP Address Pool: Define the IP range to allocate to clients.

      • Preferred DNS Server: Provide the DNS server’s IP address.

      • IP Lease Time: Suggested value is 10 minutes.

  6. Set the RADIUS option to “Yes”.
  7. Lastly, rename the DHCP server, and add a  “-VISPv4(case sensitive) suffix to it. IE: “Lastmile-VISPv4

Mikrotik DHCP Configuration - Visp App

Critical Note: When using UBNT devices, the radio acts as a DHCP relay when option-82 is enabled. Because of this, we have to set a DHCP relay (255.255.255.255) on the server to process all incoming requests from any radio.

Step 4: Optional – Enable ARP Payment Enforcement Protection

This step ensures that only clients with IP addresses assigned by the DHCP server can access the network, preventing unauthorized static IP configurations.

  1. Set ARP to Reply-Only on the customer-facing interface (bridge or physical).
  2. Enable the Add ARP for Leases option on the customer access DHCP server.

Step 5: Configure NAT for Active Subscribers

If using private IP addresses, configure NAT either at the tower or core.

  • General / Chain: srcnat
  • General / Src Address: 100.64.1.0/24 (adjust based on your customer IP pool)
  • Action / Action: masquerade or src-nat (recommended for resource efficiency) with a specified to-address.

Step 6: Configure Firewall and Redirection Page for Suspended Subscribers.

  1. Generate Firewall rules by clicking the button below.
  2. After downloading the file, upload it to the Mikrotik router by dragging it to the file directory.
  3. Open the terminal window and run the following command:

/import verbose=yes file-name=firewall.cfg.rsc

 

Step 7: Configure Queues

  1. Navigate to the Queue Types tab.
  2. Double-click default-small and change the Kind value to sfq.

Important Reminder: When using Option-82 authentication, ensure the multi-mac option is enabled in the VISP package.

1. Allow Pre-signup Authentication

Let’s say you have a building that buys internet access from you that it supplies free and anonymously for all tenants. You earn revenue from the main connection but also when tenants upgrade to faster packages. Before, each of those tenants could not connect their…

2. Set-up SmartSession Authentication

VISP’s HyperRadius has many unique powerful features, one of which is SmartSession. SmartSession will allow you to make changes to your subscribers that are authenticated on Mikrotik devices, on the fly, including disconnects and package speed changes, right from…

3. Assigning a Static IP Address

When assigning static IP addresses through Visp.net, we recommend setting the IP into static if it is not included in the DHCP server’s address pool. Visp can’t tell Mikrotik which IP is not available for leases. When the static option is enabled, the RADIUS will…

4. Location ID

Setting up a location ID for your internet package allows you to: Restrict the location where the package is displayed on the signup page. Apply location-based authentications. Use the location ID of the customer’s subscribed package to filter the upgrade package list…

5. RADIUS Configuration

This section configures your Mikrotik router to communicate with the Visp.net HyperRADIUS servers. Critical Note: For the Multi-ISP setup, you must use these proxy servers: 52.37.68.81 and 52.11.17.135. Primary Click Radius (left) and click (+) symbol to add a radius…

6. Mikrotik DHCP Configuration

Client Isolation Recommendations AP’s should use Client-Isolation. This reduces load and improves reliability. Repeating broadcast messages between subscribers increases network load and can allow for rogue DHCP servers or other broadcast services to exist on the…

7. PPPoE Configuration

These instructions assume that you have a new Mikrotik with little to no existing configuration. It specifies certain IP ranges which are commonly used; however, you can replace the IP ranges referenced below with your own custom ranges if you wish. Likewise, if you…

8. Mikrotik Hotspot Configuration

Initial Setup If you’re using a new Mikrotik router, we recommend resetting the device to remove the preinstalled configuration as it contains settings you will probably not need. You may also need to upgrade your RouterOS to the latest stable version, from…

9. Automation Profile: Low Stock Notification or Reordering

If you’re running low on certain equipment or devices, set up an automation profile to refill your stocks. This feature will either alert you when inventory drops below a certain level or it can automatically create a purchase order in Visp to the supplier. Follow…
?