I have successfully configured Hotspot on RouterOS and authentication is done by RADIUS server. For security reasons
every user on Radius server is limited to only one MAC address for its entire lifetime but I can ask Radius owner to add more static MAC addresses per user. Problem is that RouterOS is sending client's MAC addresses to Radius server and therefore authentication is rejected. I want RouterOS to send some specific MAC addresses per Access Point in network and I'd ask Radius server owner to add list of AP's MAC addresses for every user. Afterward, I want RouterOS to log each client's MAC address locally so when Radius owner asks me which user was accessing a specific AP at specific time I can let them know actual client's MAC address. I know I can use open-source third party solutions but I prefer to stick to Mikrotik. I also thought of modifying network traffic between Mikrotik and Radius on the fly but there's an agency evaluating our system for security considerations and they are not ok with this solution. I know one solution is to ask users to let us know what MAC addresses are they willing to login and then we'd add those addresses to Radius server instead of AP's MAC addresses but we are dealing with large number of users and therefore we are not willing to involve users.Any help is highly appreciated.
Thanks in advance