Hi.
For a WISP, we choosed hotspot for user AAA.
The customers have ip’s from 10.0.11.0/24 and
their CPE’s have 192.168.11.0/24
The problem is that i can’t acces the CPE’s because of the hotspot firewall.
I tried to put the subnet bypassed, not working. Tried to add forward-accept rules in
filter table, no luck.
Hardware is RB750G, RouterOS 4.11
Thank you.
It may be due to the universal 1:1 NAT the hotspot does. If the hotspot is assigned the 10.10.11.0/24 net, and the universal NAT is enabled, the 192.168.11.0/24 will be translated to the 10.10.11.0/24 net. Look at “/ip hotspot host”. You will be able to see the NAT at work. The only addresses available on the router side of the hotspot will be the “to-address”, not the address.
ADD: I see the hotspot interface almost like a vlan(?) between the localnet and the physical interface.
router – ether2 – hotspot1 – localnet
well, something is wrong, for sure…
I even removed a port from the bridge, and put a patch cable between the RB750 and the switch, assigned the 192.168.11.0/24 class to that port, and still i’m unable to access the switch.
If I disable the hotspot i can access all of them, no problem.
If I put a device MAC on the bypass list, i can access it for a brief time, after that i can’t.
I think that the bypass works if the DEVICE initiates a connection, the hotspot checks his status and after that it allows him.
But the device (AP, managed switch) it does not initiate any connection… i’ll try to make them send reports to some outside server, or remote pings, to see if that works…
I use the same subnet for aps and clients. All my aps are static ip assignment, in the network range. I make the dhcp lease to that mac address static.
/ip dhcp-server lease
make-static X
Then bypass that address, or the mac address, in “/ip hotspot ip-binding”.