We are trying to setup a simple MAC authenticated hotspot system for a local area. The idea is to hand out client radios for the event that we could rate limit in the AP’s RouterOS Hotspot system. We are unable to control what each client plugs into their side of the network so we wanted to use the MAC address of the radio that we give them for the authentication. While the setup seemed straight-forward we are running into some issues.
For our AP setup the wireless interface is in AP Bridge mode. We have the hotspot running on the wireless interface with a DHCP server handing out a handful of public addresses. The hotspot is setup to login by MAC and the Mac Auth. Mode is set for MAC as username.
/ip hotspot
add disabled=no idle-timeout=2m interface=wlan1 name=wireless-ap profile=wireless-ap
/ip hotspot profile
add html-directory=wireless login-by=mac name=wireless-ap
Our client devices have the wireless interface setup as station-bridge and it is bridged in with the ethernet port.The bridge then has a SRC-NAT rule to change the source MAC address for anything leaving the wireless interface to the wireless interface’s MAC address.
/interface bridge
add name=bridge1 protocol-mode=none
/interface bridge port
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=wlan1
/interface bridge nat
add action=src-nat chain=srcnat out-interface=wlan1 to-src-mac-address=6C:3B:6B:37:53:FB
With things setup this way the hotspot does see the mac-address of the client’s wireless interface, but the hostspot host list populates with all the outside IP’s (DNS, HTTPS server, NT, ect…) that the end user device talks to. What can I do so that the host list only populates with the address that, say the router, is using and not also what it is talking to?