I have an rb600 with 2 XR2s. It’s routing as well as an access point. It has a public interface (ether1, static ip, not natted) and the xr2s are in ap-bridge mode each running dhcp server and hotspot (wlan1 and wlan2, 192.168.3.1 and 192.168.4.1, srcnatted). Subscribers with their laptops connect to these APs without hassle.
I have 8 remote rb133s with 2 NMP8602s each, one in station and the other in ap-bridge mode. I assigned static IPs to the station (192.168.3.x or 192.168.4.x with srcnatting and bound these IPs in the rb600 to prevent conflicts) and set up the APs as dhcp servers only, i.e no hotspot (192.168.5.1, 192.168.6.1 etc, no natting, i used address spaces apart from those used in the rb600). The routing is fine.
Situation now is that once one user logs on and authenticates from any of the remote rb133s, anyone else connected to that AP can browse freely without being prompted to log in. I was forced to setup seperate hotspots on each of the rb133s, but its obviously nerve wracking trying to add subscribers to each one. I want all authentication to be done at the base rb600 only.
Hi, I am using a simular setup to cover a village.
What you did wrong ( my opinion).
Now the remote stations are routers, that is NOT what you want.
Switch off the dhcp in the remote stations and everything will work fine.
or you can use a centralized RADIUS server, or MikroTik’s “User Manager” to do all authentication in one place. Just point all the hotspots to that RADIUS
While waiting for responses, i tinkered around a little.
On the RB600
I noticed that the hotspot server profile on the RB600 was set to allow only 1 ip per mac address. So i upped it to 50.
On the RB133s
I set wlan1 in station (with static ip and route in rb600 dhcp range) and wlan2 in ap-bridge.
I setup dhcp server on wlan2.
Added DNS. No NAT, no hotspot.
The RB133s now passs clients to the RB600 which translates their IPs to the proper range in the hosts table and authentication is at the RB600.
The catch is that while they all have different IPs, all the mac addresses are the same (as the station).
Is there anyway to make the station ‘transparent’ so that each client on the RB133 shows up with its unique mac and assigned ip.
Normis you talked about using radius and janwschut you talked about disabling dhcp. Would either of these achieve what i’m asking? Or is there some other way?
are you using wds to bridge accress the network , because if not and your mainap is running hotspot it is treated as a client to your mainap if its running as a hotspot on the remote and the main ap side. Id suggest routing everything and not using the hotspot on the main ap, setup all the remote clients to have local hotspots on them and hand each of those out ip address and let them hand out the clients thier own network settitngs,and then use radiusmanager or the usermanager in order to keep crowd control, using those progs you will be able to allow access to all of your hotpsots from one place, and give all of your users address from diff pools, be able to locate what user is signed into what hotpsot at a time also.