Hi after get a running radius auth with MS IAS AD i stuckt in a strange think.
PS: i hope this post is better than my first one 
Overview:
RB433UAH 4.2
eth1: bridge-ext
eth2: bridge-int
eth3: bridge-int
wlan1:bridge-int
bridge-ext: uplink with private ip 192.168.0.70/24 GW 192.168.0.1
bridge-int: client net with private ip 10.33.0.1/16
DHCP on bridge-int settings GW 10.33.0.1 DNS 10.33.0.1
firewall src-nat src-ip 10.33.0.0/16 masquerade out-interface: bridge-ext
where we are:
- winbox from 192.168.0.50 to 192.168.0.70 works
- winbox from wireless client 10.33.255.250 works
- ping between 2 wireless clients works
- internet access from wireless and wired clients (eth2 and eth3) works
and now the strange part
- ping from eth2 to wireless or eth3 works
BUT - ping from eth3 to eth2
OR - ping from wireless to eth2
FAILED
looking inside the traffic with Microsoft Network Monitor 3.3 ( i dont like MS but this is a good tool for a fast view on the network )
- i see the ICMP Message from wlan1 to eth2 but no reply
- ping to internet host shows both ICMP-REQ and ICMP-RES
so where is the problem now ?
another strange think i get is that pinging between 2 wireless clients
the ping is very bad
from 40 ms to 1500ms to timeout