hotspot enable network access

dacr33d · May 24, 2014, 6:27pm

Hi,
I have an RB750 with eth2 connected to WAN and eth3 to LAN. I have hotspot set up on eth3 with DHCP pool 192.168.1.0/24. MAC Auth is enabled. Using UserManager as RADIUS. This is the stock standard kind of set-up. no funny firewall settings just what was given by hotspot set-up.

Everything is working. The MAC auth works 100% and the PC’s get internet access and usage is tracked by UserManager as is needed.

My problem is that as soon as the hotspot server is enabled, all the PC’s in the network lose access to each other and their network shares even if they have internet access.

I need to track individual PC internet usage and be able to deny unwanted access and stop a user if they use too much internet. We have a soft capped internet and the throttling is really severe if we reach our soft cap. But now I also need the
PC’s to have access to local file shares.

rextended · May 24, 2014, 10:34pm

hotspot create Point-to-Point connection, without broadcast/Multicast.

This is why the pc can not see eachother.

jarda · May 25, 2014, 4:47am

Can copy the store without activation. This makes a backup.

SurferTim · May 25, 2014, 11:11am

If you want the PCs on the hotspot interface to communicate with each other, disable the hotspot universal nat.

/ip hotspot
set 0 address-pool=none

It is the hotspot using arp poisoning to perform the universal 1:1 nat that prevents localnet communication.

rextended · May 25, 2014, 11:46am

Wrong topic…

jarda · May 25, 2014, 1:43pm

Sure. Some tapatalk mismatch. Sorry for this.

dacr33d · May 25, 2014, 8:31pm

SurferTim:

If you want the PCs on the hotspot interface to communicate with each other, disable the hotspot universal nat.
/ip hotspot
set 0 address-pool=none
It is the hotspot using arp poisoning to perform the universal 1:1 nat that prevents localnet communication.

Thanx for the replies.
I did this, has no effect. I still can not ping any PC on the network or access any network shares.

Is there no firewall rule i can create to overwrite whatever the hotspot is doing to prevent access?

rextended · May 25, 2014, 11:07pm

Can you use another way?

HotSpot is made for do what you do not want hotspot do…

What are exactly your needs?

SurferTim · May 25, 2014, 11:52pm

So your localnet PCs can access each other and the internet with the hotspot disabled? If so, the hotspot universal nat is the only thing that has blocked localnet access for me. Setting the address-pool to none disables that nat.

Maybe you should post “/ip address” and “/ip hotspot profile”.

dacr33d · May 26, 2014, 5:31am

/ip address> print
Flags: X - disabled, I - invalid, D - dynamic

ADDRESS NETWORK INTERFACE

0 192.168.1.254/24 192.168.1.0 ether3
1 D 172.30.238.234/32 10.21.7.1 pppoe-internet

/ip hotspot profile> print
Flags: * - default
0 * name="default" hotspot-address=0.0.0.0 dns-name="" html-directory=hotspot
rate-limit="" http-proxy=0.0.0.0:0 smtp-server=0.0.0.0
login-by=cookie,http-chap http-cookie-lifetime=3d split-user-domain=no
use-radius=no

1 name="hsprof1" hotspot-address=192.168.1.254 dns-name="login.hotspot"
html-directory=hotspot rate-limit="4m/4m" http-proxy=0.0.0.0:0
smtp-server=0.0.0.0 login-by=mac mac-auth-password="password"
use-radius=yes radius-accounting=yes radius-interim-update=received
nas-port-type=wireless-802.11 radius-default-domain=""
radius-location-id="" radius-location-name=""
radius-mac-format=XX:XX:XX:XX:XX:XX

I need to control users usage amounts. They are only allowed set amount of Gb's per month. But they can not be bothered with logins or PPPoE connections because there are mobile devices also on the network like cellphones which can not support PPPoE. Then I need them to be able to use each other's network file shares for music and so on.

At this point, the internet control is working 100%, but file access does not work. Devices can not even ping each other.

Thanks for the help so far.

SurferTim · May 26, 2014, 12:07pm

Did you remove the interfaces from the switch? ether1 is normally the WAN interface, and ether2-ether5 are normally on a switch on the RB750.

If you haven’t removed them, I believe ether2 is the master port of the switch, not ether3.

If I get time, I’ll try some tests on my network today, just to insure all is the same with the hotspot nat.

dacr33d · May 26, 2014, 5:10pm

I always remove default config because it always messes around in some way. But i double checked and they are not in switch mode.

dacr33d · May 26, 2014, 6:14pm

I need to give my sincere apology to SurferTim. His advice was 100% correct and it does work. Someone went and fiddled with the MediaServer’s firewall and messed up the file sharing of the whole network somehow. When i fixed that, everything started working as it should have.

Thank you very much for your help.