Is it possible to run two or more hotspot on different interfaces of a single router OS? Yes, but how can this be configured to authenticat users using diffrent customer’s Id on the user man?
For Example, I have two group of people on the network charged seperately and would like them to see different login page and authenticate users in the user manager created at their different customer area.
I want to avoid running another router os so many reasons, how can i configure the different hotspots on the same router os (if possible) to do this authentication since they both share some things like radius attribute?
I run two hotspots on the same radio. I add a VAP to the wlan interface and set up a hotspot on it. Then you can use the radius settings to split the login requests.
At my company, we create virtual gateways on our radius system based on IP address. I don’t know all the coding behind it, but basically, the redirect page will report the client IP address and we will assign their radius and login page based on their IP.
I use mine to split radius servers. Hope that is what you are looking to do. I presume you can set up the VAP. And set up the hotspot on that interface? If so, then there should be three profiles (0 is default, usually not used):
/ip hotspot profile
set 1 use-radius=yes radius-default-domain=domain1
set 2 use-radius=yes radius-default-domain=domain2
Then
/radius
set 0 domain=domain1
add service=hotspot domain=domain2 address=xx.xx.xx.xx secret=radiussecret2
xx.xx.xx.xx is the ip of the second radius server.
ADD: You can set a different set of login pages in hotspot profile 2.
/ip hotspot profile
set 2 html-directory=mydir
then ftp into the router and create a new folder called “mydir” on the router and upload the second hotspot’s pages there.
Pls i have done evrything exactly the same as you did and mine is still not working. The 1st hotspot (domain1) works fine but the second hotspot (domain2) keep saying “Radius Server not Found” I have gone over to see what is wrong but everything is correct.
IP Address is 127.0.0.1 for the 1st one
120.0.0.2 for the second one both with different shared secret, I changed /ip hotspot profile domain2 to domain1 and it was able to authenticate users creayted for domain1 but when i change it back to authenticate users on domain2, no way. Radius server will not be reacheable.
The only different between my setup and urs is i use x86 based pc with three network card. so hotspot1 on ether1 and hotspot2 on ether3.
Yes same local machine for the hotspot1 and 2 on diffrent interface, and userman on the same machine
whether the ip is active: I dont know but try pinging it and timed out, but since they are all on the same machine, is’t it ok to use these class of ip? How do I activate or know which is active or not?
I am not a userman specialist, so I don’t know how much help I can be from here on out. You must set the routers in each customer setup, or it won’t accept requests from that router. Did you do that in the second customer account? Should be like the first one for your setup.
Yes exactly the same, what i am not sure off is using that ip from the localhost ip block, whether it is correct to use the 2 or not bcos as a localhost ip, it is meant to reply but only 127.0.0.1 replys from the router, but on the normal system command line, 127.0.0.1-127.0.0.254 replies.
so why is it not replying from the MT command line?
Sounds like you use the same ip for all users/customers. Only one radius entry should do it.
I guess the test would be to try to enter a duplicate user from customer1 in the customer2 database and see if it will accept it. If it does, there may be more to it. If it won’t accept it, I bet it will work with one radius entry in the router. Does that logic make sense?
.
Yes one radius setting will work for both hotspot but with only one customers database, splitting the user to their different customers database is the problem
Example: USERSA,B,C,D are created under customer ID Mobile while USER1,2,3,4 are created under customer ID LAN, Mobile and LAN has their diffrenet login page and should be authenticated on their diffrent database.
The Problem: How to split their radius request to their different customers database for authentication. Specifying domain as u use is fantastic and should work but the problem is the localhost ip address that is not replying from the router I guess! any idea about that?
Did you try entering a duplicate user in each customer database? Try entering the user “test” in both customer user databases. Does it accept the second entry? Or does it fail with “User name already in use” or the like.
Also check each customer’s setup under “routers”. Do you have the correct info there? Like radius secret?
I entered user test on both database without any complain which is normal, i also swap the ip address of 127.0.0.1 tto the other customer and it worked fine on that while the other hotspot did not work.
This means only 127.0.0.1 is available for use in the localhost address block. Is this normal? why cant i ping 127.0.0.2-254? I can only ping 127.0.0.1 from the router. but from the command line of my pc i can ping 127.0.0.1-254!
Is it possible to assign one customer (subscriber) to the 127.0.0.1 local ip, and the other to a local or public ip assigned to your ethernet interface? Can you ping those from the router?
from the test I have been running, it is only possible if the ethernet interface of the second local or public ip is not sitted on that same machine. That works fine but if it is on the same machine like my case now, is not working.
Is it possible to have two loop IP on the same machine? If yes which and which address can be use? Bcos since both interfaces are on the same machine, it is only loop ip that can make them talk to userman hosted on the same machine.