Hey guys, new to the mikrotik world, I work for a WISP we are changing providers and i have decided to go with mikrotik 1100 I am going to use the hotspot for authinaction and usermanger as my raduis. My problem is we dont want to do a one time cut over if we can keep from it. I tried just plugging in the mikrotik to our network the way it is set up and i was hoping i could just delete a few users off our DHCP server now and move them over to the hotspot but that is not working out. with our dhcp server now we are using stick ip with mac authinaction. The main problem right now once i plugged it in it gave people our login hotspot page instead of allowing it to go to our dhcp server. so i need a few ideas. One i have thought of is transfer our dhcp server now to the mikorik and try to create firewall rules that says if your not part of this dhcp server go to the hotspot login. but i do not know how to do this, then the next problem would be telling the router what WAN to go out of. or is there a simpler way of doing this? open for thoughts.
The network layout…
We hand out public ips to all customers
this part of the network is not routed
eventually it will be but thats down the road
we have about 150 customers on this network.
There’s not going to be really a clean or easy way for you to go about moving to a hotspot from not having one. The hotspot arp-poisons the network and will attempt to respond for everything, this is how it is able to act as the gateway for misconfiguration clients. You may be able to try setting Address Pool to none under IP-> Hotspot-> Servers. In this case it is probably best just to get it done and over with, just be sure to let your customers know of the impending change before you do it.
It is relatively easy to get certain clients to go out of one route vs. another. Look up Load Balancing, or Policy Based Routing and make adjustments to fit your needs. Basically set up a number of mangle rules that will mark new connections from certain IP addresses and set up routing marks for those connection marks. Then have a different routing table for those routing marks.
I think the main problem you are likely going to run into is having both of your upstream providers knowing how to route to your public subnet that you say is being handed out to each client. I don’t have any experience with that so can’t give much guidance there.