Bridged AP with Virtual AP

JamesMcCarthy · March 15, 2016, 11:14am

Hi Guys,

I am trying to add a private network via a Virtual AP to run along side the hotspot network. My goal is to give user an option to have own private network so they can connect devices like apple tv without the need to log on. So Im trying to have the virtual AP on separate bridge with own dhcp and ip pool. This part is working but I cant get this network to be able to access hotspot page. I want the first device on network to logon then any other devices can just access in that network.

here is test config

/interface bridge
add name=“Hotspot Bridge”
add name=“Private Bridge”
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n disabled=no frequency=2462
mode=ap-bridge radio-name=AP-Hotspot ssid=Test@Hotspot
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa-psk,wpa2-psk eap-methods=“” management-protection=
allowed mode=dynamic-keys name=Private supplicant-identity=“”
wpa-pre-shared-key=12345678 wpa2-pre-shared-key=12345678
/interface wireless
add disabled=no mac-address=E6:8D:8C:D8:B7:76 master-interface=wlan1 name=
private-wlan1 security-profile=Private ssid=Test@Private wds-cost-range=0
wds-default-cost=0
/ip pool
add name=“Private Pool” ranges=172.16.0.2-172.16.0.250
/ip dhcp-server
add address-pool=“Private Pool” disabled=no interface=“Private Bridge” name=
Private
/tool user-manager customer
set admin access=
own-routers,own-users,own-profiles,own-limits,config-payment-gw
/interface bridge port
add bridge=“Hotspot Bridge” interface=ether2
add bridge=“Hotspot Bridge” interface=ether3
add bridge=“Hotspot Bridge” interface=ether4
add bridge=“Hotspot Bridge” interface=ether5
add bridge=“Hotspot Bridge” interface=wlan1
add bridge=“Hotspot Bridge” interface=ether1
add bridge=“Private Bridge” interface=private-wlan1
/ip address
add address=10.10.0.15/24 interface=“Hotspot Bridge” network=10.10.0.0
add address=172.16.0.1/24 interface=“Private Bridge” network=172.16.0.0
/ip dns
set servers=10.0.0.1
/ip firewall nat
add action=masquerade chain=srcnat comment=“Route for Private Network”
out-interface=“Hotspot Bridge” src-address=172.16.0.0/24
/ip route
add distance=1 gateway=“Hotspot Bridge”
/system identity
set name=“Test Location”
/system leds
set 5 interface=wlan1
/tool user-manager database
set db-path=user-manager

JamesMcCarthy · March 16, 2016, 5:17am

I have solved the first issue I can get virtual AP to access the gateway route was on interface and not ip as soon as i changed that all good. However my goal is to have several virtual AP with own dhcp wanting the first person that connects to that ssid needing to logon then everyone else sits behind that essentially the mac of that bridge is logged on. How ever what is happening is it is taking the address of the hotspot bridge so anyone else on other virtual APs are able to access without needing tologon as the bridge mac is already logged in. Is there a way i can achieve this.

Hotspot bridge, wlan 1 - ip from main router
Private bridge 1, VAP1 - ip 172.16.x.x - nat to hotspot bridge (need to logon first user to mac of this bridge)
private bridge 2, VAP2 - ip 192.168.x.x - nat to hotspot bridge (need to logon first user to mac of this bridge)

can I do this via vlan or will this bypass hotspot all together. I still want everyone to logon via hotspot to log usage.