What happens with a hotspot if you have users behind a (standard) wireless client where the wireless client ‘MAC NAT’ translates all the traffic to it’s own MAC address? Does the hotspot still require each IP to be authenticated (So I just need to allow multiple IPs per MAC) or is the authentication for all IPs behind the same MAC?
(Yes I know I could/should use WDS… but some of these need to be user plug & pray universal repeaters - Unit acting as both client to the main hotspot AP and a local AP)
It depends on the way, how MAC/NAT is working on bridge, but it might be that only one login from MAC/NAT bridge network is required, and other will be transferred to Internet automatically.
effectively the question is - when using radius login is it the IP address or the MAC that is authenticated? Even worse - if I bypass the IP address for the bridge will that then bypass the users behind it as well…?
From my experience, if the user has a NAT device (Ex. a router) hooked up, and devices hooked up behind that, then only one device has to authenticate to allow all devices on the private network through. This is because the only device pulling an IP from the Hotspot router is the end users router.
Assuming the below example(apologies for the quality.
Internet
|
V
Hotspot Router
|
V
Users CPE Device
|
V
Users router receiving an IP from the hotspot router
This device provides private IPs to downstream client devices
and then NATs them to the IP received from the hotspot router
|
V
Any number of clients