Hi.
I’m aware of the challenges of using Hotspot on L3 networks.
However I’m curious about using L3 networks with DHCP-relays.
If one was to use DHCP-relay, the router that runs hotspots would know the “active mac address” of the client, but would see the next hop routers mac address and use the IP address of the client as a identifier of the client.
Is there any chance to obtain and use the L2 mac of the clients in a L3 hotspot setup?
Ah, I like this idea!
If the HTTP redirect could contain the client’s MAC address from the DHCP table (resolved via the source IP address) this would solve a lot of problems for me as well! Then I could auto-login clients on a layer 3 topology (with DHCP-relaying) in the same way I do it on an ordinary layer 2 topology.
I’d thought about such things as well back at a former job where we used Hotspot all over the place.
I think the best thing to do is to tunnel each remote site’s LAN back to the central Hotspot server (EoIP/L2TP/etc) and use split horizon bridging at the central site so that traffic at site1 will not possibly be forwarded to any of the other sites. (this eliminates the broadcast storm problems, etc).
Use a great big honking 10.0.0.0/8 IP network on the bridge and you’ll be able to accommodate as many devices as you can imagine, and you’ll have the real MAC addresses right there at the server.
You could even use one (or multiple for fault-tolerance / load sharing issues) Mikrotiks as tunnel concentrators and drop them off onto a dedicated Hotspot server.
Thanks for your reply. Yes, this does the trick, but it obviously feels a bit of a waste when the data needed is right there in the DHCP leases list. One must also account for more equipment where there not necessarily are tunnel capable routers from before.
I have earlier dealt with Cisco infrastructure where it is quite convenient to make all the traffic go through the CAPWAP tunnels from APs to controller(s) – but not all WiFi vendors have this feature.
Split horizon bridging was news to me, thanks!