I received many emails regarding hotspot not working with PCC. Its very simple to run hotspot and PCC together on same Mikrotik Server.
(Personally I don’t like hotspot due to various security reasons, but still its useful in many environment)
First configure your mikrotik with PCC and HOTSPOT. Then Just add hotspot=auth in every pcc rules and it will work like a charm.
For example . . .
/ip fi man
add action=mark-connection chain=prerouting disabled=no dst-address-type=!local hotspot=auth in-interface=LAN new-connection-mark=WAN1_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:2/0
add action=mark-connection chain=prerouting disabled=no dst-address-type=!local hotspot=auth in-interface=LAN new-connection-mark=WAN2_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:2/1
Cheer’s
Syed Jahanzaib
Syed Jahanzaib - Personal Blog to Share Knowledge ! 
جزاك اللهُ خيراً
Sir Agar Pcc+Hotspot Key Saat Enternal Web proxy Enable karny ka Bata deh?
LikeLike
Comment by Manzor — February 13, 2012 @ 12:06 PM
Just add proxy with mikrotik, and in squid, give default gw pointing to mikrotik, and create nat rule for squid.
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — February 14, 2012 @ 8:56 AM
Dear sir i have learned much knowledge from your blogs please help me in this seniario. i have 9 wan configured with pcc load balancing and its working fine but when i connect by pppoe authentication all traffic goes only one wan. sir please help me
Nadeem
LikeLike
Comment by nadeem — December 28, 2013 @ 12:34 PM
aur dhcp main kiakare ge
LikeLike
Comment by MANI — February 15, 2012 @ 9:39 AM
I tried this it working with 2 Lines but i cant get it work with 3&4 Adsl Lines,
i Added the hotspot auth to the 16 code in mangle(with pcc load balancing for 4 lines ).
LikeLike
Comment by Ahmed Fathi — February 24, 2012 @ 4:27 PM
Add hotspot=auth in PCC rules only.
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — February 25, 2012 @ 12:49 PM
I guess the article was very clear about where to add the rules.
Add hotspot=auth in PCC rules
for example.
/ip firewall mangle
add action=mark-connection chain=prerouting disabled=no dst-address-type=!local hotspot=auth in-interface=LAN new-connection-mark=WAN1_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:2/0
add action=mark-connection chain=prerouting disabled=no dst-address-type=!local hotspot=auth in-interface=LAN new-connection-mark=WAN2_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:2/1
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — February 25, 2012 @ 12:44 PM
Dear Sir
I am using wan1 ,wan2 with PCC method with Hotspot .i want to add wan 3 & wan 4 …please advice .
Regards
LikeLike
Comment by faisalmirzapk — May 20, 2012 @ 10:06 PM
Just add more mangle n pcc rules 🙂
Follow below guide for some idea on howto merge 4 wan.
https://aacable.wordpress.com/2011/06/04/mikrotik-4-wan-load-balance-pcc-complete-script-by-zaib/
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — May 22, 2012 @ 8:48 AM
Aoa bhai mere pss 2 modem hain 4 4 mb k main un ko ik karna chata hoon loadblasing se ager app k pass koi script pari hai plz send me mujay hotspot pe chilne hain app ka comment parha iss liye app se help mng raha hoon p bhai help kar dain
LikeLike
Comment by sadaq — July 28, 2012 @ 8:27 AM
Ok thanks it works after a few tries ,btw idk what wrong i did before , i just did a fresh set up and everything looks find,
Thanks for your help.
LikeLike
Comment by Ahmed Fathi — February 25, 2012 @ 4:57 PM
everything looks fine **
LikeLike
Comment by Ahmed Fathi — February 25, 2012 @ 4:59 PM
pcc method working well for me thanks jahanzaib bhai…
LikeLike
Comment by waqar — February 29, 2012 @ 9:03 AM
I am glad it worked for you.
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — February 29, 2012 @ 12:04 PM
ASSLAM-0-ALIKUM sir aek pc main lodblasing aor hotspot chla sakty hain? kia aek sath sahi kam kareen gy agar han to plz is ki seting b bta deen very very thanxxxx.
LikeLike
Comment by Ijaz Marhal — March 13, 2012 @ 10:24 AM
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — March 13, 2012 @ 10:29 AM
Asalam o alakum.. bro you done excellent job of writing these tut…
i have a problem with hotspot login page
i use Vmware 7 workstation for test purpose and config hotspot on mikrotik 2.97, 3.2, 3.3, 5.8
but all of these fail to show the login page of hotsopt
i tried by giving ip http://10.10.10.1/login
but browser show page cant not be displayed
what is problem
thax in adv
LikeLike
Comment by Abdur Rehman — March 21, 2012 @ 6:05 PM
Make sure your Mikrotik can resolve DNS query, otherwise user will not get the login page.
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — March 22, 2012 @ 8:47 AM
jahanzaib bhae DNS setting main primary DNS 10.10.10.1 dia hai. kia ye tek nahi hai?? ya koi aur setting karni hai.?
2nd kia main VMware se physical network ko mikrotik se serve kar sakta ho?? aur ye kia stable hoga?
LikeLike
Comment by Abdur Rehman — March 24, 2012 @ 10:31 PM
If you are using hotspot, then primary dns of client MUST be pointing to Mikrotik server.
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — March 25, 2012 @ 4:46 PM
i want to serve physical network from mikrotik install on vmware workstastion 7 (host OS is XP pro). would it be stable for this purpose?? like this
Internet —> LAN1 (Host OS XP pro) vmware 7 –> Mikrotik –> Physical AP on (LAN2) –> Client/user
Sys Spac (DELL GX 620, 3.6 GHz HT, 2 GB RAM, 500 GB HDD)
LikeLike
Comment by Abdur Rehman — March 26, 2012 @ 3:15 PM
Yes Mikrotik / TMG and other servers are successfully working in Virtual’ized environment. I my self using TMG and many other servers in Microsoft HYPER-V and VMWARE ESXi 4
But you have to read a lot to consider some security related concepts in order to secure and protect the virtual’ized environment from outer world. use separate Network interfaces for LAN / WAN . Make sure your concepts are clear on how things works in virtual world 🙂
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — March 27, 2012 @ 10:41 PM
Thank you so much jahanzaib bhae for your kind support…
now i want to know about Wifi Mini ISP setup
which devices/equipment would be required for covrage of 1.5 – 2 Km radius area and
approximate cost of the setup???
LikeLike
Comment by Abdur Rehman — March 29, 2012 @ 10:41 PM
Sorry I don’t have any idea o wireless field.
You can contact Following for WIFI related equipments.
Dreams Network Technology
Karachi , Pakistan
Asia
Office : A-1349 Gulshan-e-Hadeed Phase-1 Karachi
Contact No: +923132118237 , +923332828526
Email: info@dreamnw.com
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — March 31, 2012 @ 3:34 PM
sir main nay mikrotik install kiya hua hai.. Main nay load balancing karne hai… Ap mujhay yay bata dain k main sirf yay do lines mikrotik mian dalnay say load balancing ho jae ge ya nahi… Ap nay yay jo script de hai wo mukamal hai? agr nahi do mukamal bata dain…. Plzzz
LikeLike
Comment by Owais Malik — March 26, 2012 @ 7:45 PM
It’s complete, just don’t go blindly for it, read it and try to understand it, once you get it, then modify it as per your network scheme, then deploy it.
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — March 27, 2012 @ 10:34 PM
salam. pcc rules kahan par hotay hain and 2 WAN k liye jo ooper ap nay example di hai /ip fi man
add action=mark-connection chain=prerouting disabled=no dst-address-type=!local hotspot=auth in-interface=LAN new-connection-mark=WAN1_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:2/0
add action=mark-connection chain=prerouting disabled=no dst-address-type=!local hotspot=auth in-interface=LAN new-connection-mark=WAN2_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:2/1
yahi buhat hai ya aur b rules hotay hain jin main yay add krna paray ga ??
LikeLike
Comment by Shafqat Farhan — April 5, 2012 @ 4:50 PM
add hotspot=auth syntax in every PCC rules. Means Every rule which contains per-connection-classifier line.
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — April 6, 2012 @ 9:07 AM
jahanzaib bahi kya yeh userman hum use ker saktay hain wifi network per
aur mainay pochana tha k yeh kis tarha se apply ker saktay hain
tareqa bata dain plz
LikeLike
Comment by Taher Ahmed Ghouri — May 7, 2012 @ 2:08 AM
USERMAN is a small radius server builtin in mikrotik. It does not rely on any medium, its upto you to use wires or wireless connectivity. It will work with any type of network.
For its configuration guide you can read the following tutorial.
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — May 8, 2012 @ 3:20 PM
Hi Jahanzaib thanks for sharing the knowledge about the PCC load balancing and mikrotik hotspot. I tested it with 3 WAN, 1 broadband and 2 PPOE, the load balancing works well. But when I login to hotspot I cannot browse to internet but can use skype plus some of the client sometimes can browse and download. I don’t know the problem.
Did you ever see the problem like this ?
LikeLike
Comment by djemmy — May 25, 2012 @ 8:06 AM
Try not to make mix plate by putting every service on single box, Use separate mikrotik for PCC , and other for hotspot, this way you will have more control and balanced network.
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — May 25, 2012 @ 8:46 AM
I saw the at your example that PCC can be used with hostspot=auth so I think i dont need to use another router box to utilize one box x86 PC Router as load balancer and Hotspot.
Regards,
Djemmy
LikeLike
Comment by djemmy — May 25, 2012 @ 8:58 AM
Sorry I already know what’s wron, it is because of my user profile that used transparent proxy… Thanks again Jahanzaib…..
Your tutorials are very helpfull and make me learn a lot… ^_^
With Best Regards,
Djemmy
LikeLike
Comment by djemmy — May 26, 2012 @ 10:39 AM
Hi ,
I applied 4 wan PCC +Hotspot with your directions on RB450 today for a student dormitory building witch has aprx. 120 students and it is working like a charm.
But I figured out hotspot transparent proxy does not work. Even I tried NAT forwarding rule but it didn’t work also. (NAT forwarding works only when I disable hotspot)
I am trying to avoid users to download illegal copyrighted content from web. I have no chance to use external proxy. Do you have any suggestion?
Thank you.
LikeLike
Comment by nacer — June 5, 2012 @ 12:56 AM
Aoa Bhai Plz mere b help kar dain mere pass 2 modem hain 4 4 mb k main un ko loadbalasing me tabdeel karna chta hoon plz mujay koi script ya setting karwa dain or kia who load balasing 5.18 pe chalay gi or mujay hotspot pe use karna hai kyun mere aksay user mobile use kartay hain wahan dialup nahee chalta plz mujay hotspot wali setting karwa de koi
LikeLike
Comment by sadaq — July 28, 2012 @ 8:32 AM
for load balancing , following link may help you.
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — July 28, 2012 @ 12:46 PM
thankx jahanzaib bhai main try karta hoon phir app ko batayoo ga filhaal ik dost ne seting kar di hai next time k liye app ki post main save kar raha hoon thankx again bhai
LikeLike
Comment by sadaq — July 30, 2012 @ 8:01 AM
bhai yea link jo app ne diya hai yea hotspot pe work karti hai mujay hotspot pe jo script kaam karti hai who chiye
LikeLike
Comment by sadaq — July 30, 2012 @ 8:03 AM
Hello Syed, your works have been so helpful and I am saying thank you.
I have followed your step by step instructions on load balancing with hotspot but it seems am getting a wrong result.
Traffic only flows through WAN1 no matter the heavy loads added I don’t exceed 2Mb which is the size of WAN1 while WAN2 is 1Mb.
If I plug WAN1 I could browse through WAN2 it seem to me it acts as a failover.
I help your help
Regards
LikeLike
Comment by Timi — August 19, 2012 @ 8:49 PM
This usually occurs due to mangle rules order, try messing with it.
Also if nothing works, reset mikrotik to default, and then re.configure using script, hopefully it will work.
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — August 20, 2012 @ 3:57 PM
Many Thanks Syed, I see the load balancing on hotspot seems to be working just fine. I appreciate
LikeLike
Comment by Timi — August 22, 2012 @ 8:56 AM
glad it helped.
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — August 22, 2012 @ 9:22 AM
Many Thanks Syed, the load balancing seems to be working and my next project will be building a Squid server “I noticed you have instructions on adding and redirecting Squid to Mikrotik but do you have a step by step instruction on the Squid setup?
another question:
Is it possible to allow free users access one or two website only for a given time period say 1hour daily.
Regards
LikeLike
Comment by Timi — August 22, 2012 @ 9:23 AM
Dear sir Aslamualikum and EID MUBARAK.
Sir muje aap se aik question puchna han agar kisi company ke 10000 user hon or wo pptp use kare mikrotik per tu kya wo itne users ko support karega ya koi limit han users ki agar han tu please define kardain or agar ye itne users ko support nai karega tu muje koi dosra solution batadain kunke maine isper 3000 user allow kye tu is main user ki ids stuck hogai yani user disconnect hone ke baad bhee is main connected show karta tha jiswaja se wo user dobara connect nai ho sakta tha please help me.
JAZAKALLAH
LikeLike
Comment by farhan khan — August 22, 2012 @ 1:41 PM
can i use webproxy for hotspot network we are using mikrotik 5.18 and radius manager 4.0
LikeLike
Comment by arunkumar — September 13, 2012 @ 9:21 PM
Yes you can.
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — September 16, 2012 @ 12:56 PM
sir g skype sahi nahi chal raha off ho gata hay mikrotik pr
LikeLike
Comment by tahir — October 8, 2012 @ 9:19 PM
use src-address as classifier.
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — October 9, 2012 @ 4:29 PM
why this method don’t work well on mikrotik 5.18
LikeLike
Comment by Ausso — September 19, 2012 @ 5:11 PM
pcc with hotspot when I return 2 3.30 work good
LikeLike
Comment by Ausso — September 20, 2012 @ 2:01 PM
why the code is not work for me? my version is 5.20..
here is my code..
/ ip address
add address=192.168.0.1/24 network=192.168.0.0 broadcast=192.168.0.255 interface=LAN
add address=192.168.1.2/24 network=192.168.1.0 broadcast=192.168.1.255 interface=ISP1
add address=192.168.2.2/24 network=192.168.2.0 broadcast=192.168.2.255 interface=ISP2
/ ip firewall mangle
add chain=prerouting dst-address=192.168.1.0/24 action=accept in-interface=LAN
add chain=prerouting dst-address=192.168.2.0/24 action=accept in-interface=LAN
add chain=prerouting in-interface=ISP1 connection-mark=no-mark action=mark-connection \
new-connection-mark=ISP1_conn
add chain=prerouting in-interface=ISP2 connection-mark=no-mark action=mark-connection \
new-connection-mark=ISP2_conn
add chain=prerouting in-interface=LAN connection-mark=no-mark dst-address-type=!local hotspot=auth \
per-connection-classifier=both-addresses:2/0 action=mark-connection new-connection-mark=ISP1_conn
add chain=prerouting in-interface=LAN connection-mark=no-mark dst-address-type=!local hotspot=auth \
per-connection-classifier=both-addresses:2/1 action=mark-connection new-connection-mark=ISP2_conn
add chain=prerouting connection-mark=ISP1_conn in-interface=LAN action=mark-routing \
new-routing-mark=to_ISP1
add chain=prerouting connection-mark=ISP2_conn in-interface=LAN action=mark-routing \
new-routing-mark=to_ISP2
add chain=output connection-mark=ISP1_conn action=mark-routing new-routing-mark=to_ISP1
add chain=output connection-mark=ISP2_conn action=mark-routing new-routing-mark=to_ISP2
/ ip route
add dst-address=0.0.0.0/0 gateway=192.168.1.1 routing-mark=to_ISP1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.2.1 routing-mark=to_ISP2 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.1.1 distance=1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.2.1 distance=2 check-gateway=ping
/ ip firewall nat
add chain=srcnat out-interface=ISP1 action=masquerade
add chain=srcnat out-interface=ISP2 action=masquerade
LikeLike
Comment by Nelson — November 11, 2012 @ 1:40 AM
What exactly is not working ?
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — November 12, 2012 @ 10:25 AM
dear sir
I have problem and hope that you can give me some pointers.Just installed radiusmanager4 and it can authenticate mikrotik cpe fine but cannot authenticate ubiquity cpe.
mikrotik log says cannot determine remote ip address.
Les
LikeLike
Comment by Lascel Staal — November 24, 2012 @ 12:14 AM
Assalam-O-Alaikum, sir maine 2 ptcl cloud nitro 9.3mbps ko merge kerna hai “RB2011UAS-2HnD-IN” se karo ya phir kisi bhi wifi router se pehle in lekr “rb450g” p out ker k wan se merge ker lu? aur kya se setup 60-70 users k liye kafi hoga? agr 1-2mbps tak packages hoo? please reply asap
LikeLike
Comment by Zeeshan — November 25, 2012 @ 12:39 PM
Assalam-O-Alaikum, bhai kya me aik hi system me mikrotik+squid+local server bna skta hon?
LikeLike
Comment by zeeshan — February 2, 2013 @ 8:25 AM
By using Virtualization technology , Yes you can and it works pretty much good. BUT it requires good modern hardware also capable of 64bit architecture.
Read more about it.
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — February 3, 2013 @ 11:25 AM
Hello Mr.Sayed,
My name is Ahmed from Egypt , and you have my brother name
I’ve configured mikrotik PCC method with Hotspot, and everything working fine tested on many Server
but I configured port forward from ADSL router to mikrotik winbox (8291) but it give me “connection refused”, if I disabled WAN1 I can connect through WAN2
can you help me ?? I need to access through any WAN Interface with full PCC WAN wokring
LikeLike
Comment by Ahmed Morgan — February 26, 2013 @ 3:59 AM
Hello,
my first mikrotik conf is using single WAN and also used as proxy.
now I am change the conf become 2 WANs
but the proxy is not working (no cache, no traffic on NAT redirect)
here is my NAT
add action=passthrough chain=unused-hs-chain comment=\
“place hotspot rules here” disabled=yes
add action=redirect chain=dstnat comment=”” disabled=no dst-port=80 protocol=\
tcp to-ports=8080
add action=accept chain=pre-hotspot comment=”” disabled=no dst-address-type=\
!local hotspot=auth
add action=masquerade chain=srcnat comment=”” disabled=no out-interface=\
ether1
add action=masquerade chain=srcnat comment=”” disabled=no out-interface=\
ether5
please note :
eth1 WAN1
eth5 WAN2
LikeLike
Comment by Choirul Dimyati — June 23, 2013 @ 8:03 PM
dear sir i have rb 750 gl and 8mb loadbalcing+hss everything is good but skype have call problems????? any help with detail…
LikeLike
Comment by naeem — December 14, 2013 @ 12:59 PM
try with src-address.
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — December 16, 2013 @ 10:38 AM
Dear Syed,
I have done pcc load balancing with wan1, wan2, wan3.
works fine but i have also added one more wan4 which i have not clubbed with classifier and want to make use for 4 ips or workstations but it gets routed to wan1 or wan2 or wan3.
have tried packet marking but does not works the lan ping gets rto however pcc works and does not gets routed to desired wan4.
any solution would be appreciated.
Regards,
LikeLike
Comment by Jaydeep — December 23, 2013 @ 9:32 PM
sir wan 3 ke script lagi our inter face mai wan3 ker deyea our addres mai add keyeea conn mai add keyea skype on hota hy brosing nahi ker raha hy plz help sir syed jahanzaib
LikeLike
Comment by faisal — January 11, 2015 @ 4:41 AM
Sir kindly help me
main mikrotik main hotspot chala raha ho mujay aik issue aaraha hai wo hai k main jab kisi user to 2 user allow karta ho to us ko speed 1 mb 1mb jati hai jab k us ko agar 1 user chalay to 1mb or agar 2 chalay to 512 k jani chahiya
request hai k mujay is ko koi sulution bata de
LikeLike
Comment by Ilyas — February 2, 2015 @ 7:03 PM
This is by default that every user will get its own queue.
if you want to share bandwidth with 2 users, you have to make your own queue which will be shared among two users ip addresses. but its lot of manual work, search mikrotik forum for more information.
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — February 3, 2015 @ 8:52 AM
Hello Syed, please I have been trying to implement 2 wan fail-over with hotpsot, but to no avail so i need a help. My setup is this way, Wan1=192.168.2.2/24, wan2 =dhcp, lan ip= 172.20.20.1/22. I have the hotpsot working already but I want to implement the fail over so that my primary wan is wan1, while secondary is wan2. Please i need a detailed configuration on the failover with hotspot so that I can copy and paste to test it in another router (rb950-5ports)
LikeLike
Comment by sapanda Dunga — April 8, 2015 @ 1:40 PM
Jaime
LikeLike
Comment by Code Free Wifi — September 26, 2015 @ 9:57 PM
my config load balancing mangle hotspot http://pastebin.com/jN1riP3u
LikeLike
Comment by eko azza — March 24, 2016 @ 10:45 PM
Hello Mr.Sayed,
My name is tafa from Indonesia.
I’ve configured loadbalancing PCC with 2 WAN and 2 LAN, and everything working fine.
here is my Ip..
WAN1 (ether1) : 192.168.1.2/24
WAN2 (ether2): 192.168.2.2/24
LAN1 (ether4): 172.16.1.1/24 >>Local Server
LAN2 (ether5): 172.16.2.1/24 >> PC Client
I have a local server on ether4 with ip : 172.16.1.10
when I try to ping/access from pc client to 172.16.1.10, server was “Request Time Out”.
please help???
LikeLike
Comment by tafa — September 30, 2016 @ 6:13 PM
in mangle, create a ACCEPT rule and in destination, add the ip 172.16.1.10, this way you will be able to access it.
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — October 1, 2016 @ 10:48 AM
What about bypass ip’s? where is going the traffic? in my case is going only on wan1 and wont get inside loadbalance, maybe you have solution?
LikeLike
Comment by Thomas — February 19, 2019 @ 1:24 PM
with hotspot things gets messy. ake address list and include desired ip pool in it, and include in src-address list under pcc.
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — March 3, 2019 @ 11:05 AM
Assalamu alaikum, Zaib Sir my pcc with hotspot is not working perfectly. the problem is “hotspot login page doesnt open by default” i added hotspot=auth in pcc rules, then hotspot page problem resolved and page was opening at http login but my load balancer is not working now (only 1 wan is working at a time) however when i remove hotspot=auth from pcc rules then my load balancer working fine but hotspot page problem again (not opening hs page bydefault). Your Experties needed Sir.
LikeLike
Comment by Muhammad Rameez — May 18, 2019 @ 10:25 AM