If my understanding is correct, Mikrotik’s hotspot is a layer 3 service. The basic concept is DSTNAT and HTTP proxy. For vendor like Aruba, Extreme, SonicWall and Ruckus, they usually combine WiFi(layer2) and hotspot(layer3) together. This makes management easy: kick out/de-associate(layer 2), change role/reauth(layer3), force renew dhcp(layer3) and similar function in a single interface(and single API). I know it’s great to separate layer 3 and layer 2 component which makes flexible assembly possible. However, I think many user want a single interface to manage wifi with hotspot devices easily. For me I’m helping a luxury brand international hotel to build guest wifi with mikrotik. But I’m suffer for lack of centralised reporting tools and management tools. But I’d love mikrotik so I’m not going to change hardware brand.
My suggestion is to build a universal layer3<–>layer2 reporting+monitor+manage tools(I call it the manager). To setup the manager you need to bind layer3 service and layer2 interface (using node base logic?) together and config the unique identify column make relation. For example:
ether1(unique col: ip from ARP) -> DHCP(unique col: ip from lease table)
-> hotspot(unique col: ip from hosts table)
OR for WiFi:
wlan1(unique col: mac from registration)
->
(unique col: mac from lease table) DHCP(unique col: ip from lease table)
->
hotspot(unique col: ip from hosts table)
The manager use relation to render a table which combined different service to represent same device/user. And provide some functions/buttons for different component. For example:
- wlan: button:de-associate, block MAC, display-able column: signal graph, speed graph, traffic graph etc.
- ethernet: button: block MAC, display-able column: port speed, traffic graph etc.
- hotspot: button: logout, reauth, display-able column:
- dhcp: button: remove from lease, display-able column: lease time etc.
I know similar function can be done via API. Maybe somebody had already implemented. But it may not efficiency since there’s API overhead, and hard to maintain over time pass. In my opinion, “The Manager” can be a service outside of webfig, which won’t break the flexible concept of mikrotik. Maybe somebody can take a look from “Identity and Access” of NetSight OneView and UBNT’s UnFi demo, my concept is similar but more flexible and more lightweight.