I’ve all my AP running mikrotik with a 802.11b card working in AP mode and a 802.11a card working in wds sation to do backbone (point to point with my office).
Today I’ve the bandwidth control concentrade in a mikrotik in my office but I want to do the bandwidth control on the AP where the client connects to reduce the traffic in my backbone.
I made this putting the simple queue rule bellow on the mikrotik that make the AP:
In then Final queue I’ve a queue with unlimited bandwidth. I created this queue to observe if everthing was working fine but I observe that the Final queue have a lot of upload traffic. This is wrong! I can’t have traffic on this queue because I’m making the traffic controle with one queue for each client IP.
I’m sure that ALL IP have a simple queue for each! I DON’T forget any simple queue.
Why is this occouring? Why the Final queue have traffic?
I tried to use Mikrotik-Rate-Limit but I hadn’t sucess.
I put the Mikrotik-Rate-Limit in the radius radreply table and when the MAC address is authenticated on mikrotik this parameter is send to the Mikrotik AP but the client can use the Internet without bandwidth limit.
I don’t use hotspot just MAC authentication with encrypt throught FreeRadius server.
I’m thinking in use hotspot in my APs but I’ve a problem because all then have the interefaces configurated birdged. The gateway of my customers are in my office not in the towers.
How do you suggest me to make the hotspot configuration?
PS: I’m newbe in hotspot, I never work with this.
But in this topic my doubt with this question is why didn’t the simple queues in the APs work in download and upload traffic? If I put a mikrotik configurated as bridge with 2 lan cards I can make the simple queues working right.
You can configure HotSpot to bridge interface (make sure that upstream interface is not included into bridge), the same for DHCP-server that can be configured for bridge interface.
Today I don’t use DHCP. All my customers have fixed IP address and I don’t want to chage this. Is this a problem for hotspot?
In my mikrotik that works as AP I’ve 2 wireless interfaces where my customers are associated and 1 ethernet interface that in linked with a 5.8Ghz radio and that doing the backbone with my office and all then are in the bridge. I just have an administrative IP addres on the Mikrotik. All the traffic of the wireless customers are bridged today.
How do you sugest that I configure the hotspot. I ready the documentation of mikrotik but I didn’t understand the hotspot very well.
With this will the customers see some web page or will be transparent for then?
There aren’t any documentation with example about the MAC authentication with hotspot. If this work fine for me I’ll write a document for the wiki.
And in the wireless configuration? How do I configure the default authentication? Today I’m using radius authentication in wireless. For this I activate the “RADIUS MAC Authentication” in the Security Profiles.
Another thing, in the setup of the Hotspot the Mikrotik ask me about the network that I’ll use in the hotspot and I don’t want to use dynamic IPs. What do I put in this conifugration?
Communication to the Internet is transparent for MAC autheniticated users in HotSpot, user is authorized as soon as MAC-address is present on host list.
You may leave wireless MAC-authenication as well, however it could be configured without it.
Disable DHCP-server and "Universal client’ (ip hotpsot set 0 address-pool=none), then only clients static addresses will be accepted.
Today I’m trying to configure the hotspot to do the MAC Authentication than I’m following your instructions:
Firstly I configured the radius client:
Radius - Services: hotspot and wireless (that I’m using at now and I intend to saty using it). The radius services is working fine because I’m doing the wireless MAC authentication on it for an year without problem.
Then I configured the hotspot:
I went to IP->Hotspot than I clicked on the Setup button and I put the follow informations:
Hotspot interface: ether1
Local address of Network: 192.168.33.50 (How I said to you before my Mikrotik is configurated as bridge than this is an administrative IP that I’ve on it)
Address pool of network: none (I’d to put the address pool on the setup than I change if after because the word NONE is invalid on the setup configuration, I tried to configure using the winbox and the terminal)
Select certificate: none
IP Address of SNMP server: 0.0.0.0
DNS Server: I put my DNS server address
DNS Name: I left it blank
User name: admin, password admin
I received the message tha the hotspot was configurated with successfull
I clicked twice on the hotspot that was created and set the Address-Pool to NONE (Because all my customers have fixed and IP addresses valid to the Internet. I don’t to NAT)
Now I configurated the hotspot profile:
I clicked on profile button and change the Login By and I left just the MAC option marked
In Radius tab I marked the option Use RADIUS and the NAS Type I left as “19 (wireless-802.11)”
On the Radius database I have the Users on table RADCHECK to do the wireless authentication than I presumed that the hotspot MAC Authentication use the same configuration of the wireless. For each client I’ve the follow records on the RADCHECK table:
UserName: “00:02:78:E3:A7:1C” - Attribute: “Auth-Type” - op: “:=” - Value: “Local”
UserName: “00:02:78:E3:A7:1C” - Attribute: “NAS-Port-Id” - op: “==” - Value: “AP1”
UserName: “00:02:78:E3:A7:1C” - Attribute: “NAS-IP-Address” - op: “==” - Value: “192.168.0.5”
UserName: “00:02:78:E3:A7:1C” - Attribute: “Password” - op: “==” - Value: “”
Everything is working fine to the Wireless authentication. With this configuration I permit that the client “00:02:78:E3:A7:1C” can associate to the Mikrotik with IP address 192.168.0.5 and on the interface AP1.
Remembering: All my mikrotik is configurated as BRIDGE. The IP address of the mikrotik is just for administrative use and for the Radius authentication. All interfaces on the Mikrotik (2 Prism Wireless and 1 ehternet) is included on the bridge.
Fabricio, note that you cannot run HotSpot on bridge, if remote interface is included to the bridge (you have to exclude this, either avoid HotSpot there, if bridged configuration is necessary).
Thanks again! I’m with difficult to configure the hotspot for MAC Authentication. Can you help me with this? Perhaps you can send me a step by step tutorial of how I can make it.
PS: You have the structure of my network that I sent to the support email.
MAC authentication HotSpot does not have any difference settings (as login/password HotSpot), if this type of authentication is working fine, there should be any problems with MAC.
The configuration is different only for,
login-by=mac at HotSpot profile;
users have the following configuration user=MAC_address with blank password at HotSpot or RADIUS database.
This is the problem: I never used hotspot! I just made the wireless mac authentication on freeradius.
And I’m trying to configure an hotspot without sucess. When I fineshed the setup the hotspot staid with a letter I (invalid) at the left side.
I don’t know what more I can do. Please make a newbie tutorial if it’s possible.
Most likely invalid letter you get because HotSpot is configured to interface, that is added to bridge.
HotSpot should be configured on bridge, if bridge exists (bridge should not contain any public interfaces included into ‘interface bridge port’).
Basic configuration of HotSpot is very simple, it is accomplished by ‘ip hotspot setup’ command (you may look at HotSpot documentation to get more information about that), setup HotSpot to local itnterface of the router or to bridge interface (where local interfaces are included), it should work fine.