What can be done is when creating the hotspot, indicate the Network segment that is going to be used for the hotspot and once configured, then go to IP Bindings and set the entire other segment to be Bypassed to that does not go through the Hotspot.
When configuring a HotSpot on a MikroTik device, especially when multiple IP address ranges are being handled on the same interface, it is important to take care to ensure that network policies and routes are correctly established to avoid conflicts or unwanted behavior such as What do you mention. Here are some steps and recommendations to address the problem:
Network Segmentation
Make sure the two IP address ranges are clearly segmented. This means properly configuring subnets so that traffic between the LAN networks and the HotSpot is handled efficiently. You can use VLANs to physically segment traffic between your local network and HotSpot users.
HotSpot Settings
When you configure the HotSpot, you specify the IP address pool to use. This is done in the HotSpot configuration under the menu IP > HotSpot > Servers > [your_hotspot]. Here, make sure that the IP address range assigned to the HotSpot does not overlap with the range used by your local network.
Firewall Rules
Review your firewall rules to make sure they are not incorrectly blocking or redirecting traffic on your local network. You will need specific rules that allow traffic from your LAN without going through the HotSpot authentication process. This usually involves creating rules in the IP > Firewall > Filter Rules and/or IP > Firewall > NAT section, that explicitly allow LAN traffic before rules that capture traffic for HotSpot authentication.
DHCP Configuration
Your local network and the HotSpot share the same interface, make sure the DHCP services are properly configured to serve the correct IP addresses to the correct devices. This may require configuring multiple DHCP servers or adjusting address mappings to ensure that devices on the LAN get IP addresses from the correct subnet and are not directed to the HotSpot authentication portal.
Test and Diagnosis
After making the settings, it is crucial to test the configuration to ensure that devices on your LAN have uninterrupted access to the Internet without being redirected to the HotSpot portal, and that only HotSpot users receive the authentication request.
If after following these steps you are still facing problems, it may be helpful to review the specific MikroTik documentation or consider consulting with a professional experienced in advanced MikroTik configurations.
Each network has its peculiarities, and sometimes specific settings are needed for everything to work as desired.
There are no tags for this post.