Hotspot aggregation using EOIP tunnels

spoontee · February 13, 2005, 9:52pm

I have 44 mikrotik routerboards deployed. Each one had a hotspot definition with RADIUS. That works great. NO problems for months. But we’ve been installing about 4 to 5 per week. Its getting unruly on managing this any time we make a change to hotspot login pages, service levels, other changes requiring updating of firewall rules, etc … SO .. I had a bright idea. Instead of installing hotspot in 100 routers, use EOIP to bridge each of the remote wireless interfaces back to our data center, and install 1 high end mikrotik controller license and enable hotspot inteface only on the bridge all the eoip’s terminate. Anyway, sounded good on paper, but it doesn’t work. So I have 1 hotspot enabled router. All remote mikrotik’s have EOIP tunnels back to it. DHCP works. It appears the problem is ARP does NOT work. I DO have firewall input allows to allow the remotes to terminate eoip’s. I know this is effective because DHCP is working fine. If from a hotspot client at a remote location, I attempt to ping the default gateway (which is the centrall hotspot controller) ping faills. It appears to fail because arp fails. (arp is enabled on all intefaces, ie eoip, wireless and bridge). What’s interesting is that the controller CAN ping the client. As soon as 1 ping goes through, arp begins working on the client and the client can ping the gateway (and get online).

Versions are 2.8.23 contoller and a mix of 2.8.23 and 2.8.24 on the remotes.

Any ideas?

tully · February 14, 2005, 7:25am

V2.9 has features to help with this – already in the beta. The documentation is in the works now. Check the beta manual around the end of the week.

John

spoontee · February 14, 2005, 1:50pm

I tested 2.8.23 “on the bench” with 3 new mikrotik routers. It worked fine. Is it possible only when I extend many hops away does this become an issue? What features in 2.9 help – EOIP related or central hotspot aggregation related?

AndriesS · March 2, 2005, 3:18pm

I’m not entierly certain, but we have got the situation you are discribing running on diferent locatons. A “main” RouterOS HotSpot server (on a P4-PC) and PC-embedded boards with RouterOS and radio cards as “AP’s”. The AP’s are connected to the Main via EoIP tunnels. Arp requests are getting through fine.

I think you have to review you firewall settings in the client-AP’s. We are setting Bridge-only with in the Bridge everything ON. There are no settings in the AP firewall. (added nothing) EoIP tunnels in the Bridge and do not forget: the Wireless card for the connection to the Main is NOT in the bridge! (the EoIP interface already is..)

Should be working.

Andries.