Hotspot on Vlan, doesnt work

leonet45 · August 18, 2011, 1:08am

Hi, im trying to set a hotspot to be used with ruckus AP.

This is my config.

RB450G eth2, 3, 4, and 5 on a bridge interface (bridge1). || IP adress 20.20.20.1/24

Vlan1 (tag=22) over Bridge1 || IP Address 10.10.10.1/24

eth1 dhcp client and masquerade

hotspot over Vlan1

now ruckus AP has 2 WLAN (SSID) , one for hotspot and another with WPA2 encrypt

i tag one SSID with 22 (vlan1)

the problem is , clients conected to wireless network cant get login page. I see on ie status bar “http://10.10.10.1/login?…” but nothing happens.

clients obtain ip form hotspot server correctly but can login.

Please help!!. The config is very easy, a simple router with a hotspot over one Vlan, but doesnt work.

fewi · August 18, 2011, 2:14am

First adding the VLAN to a physical interface and connect the AP to that. Does it work now? If not, your AP configuration is wrong. Hotspots generally work fine on VLAN interfaces.

leonet45 · August 18, 2011, 3:28pm

now i try this but doesn’t work. Iexplorer shows http://192.168.2.1/login?… but i cant see the login page. I use Unifi AP and Ruckus AP, vlan 23 on WLAN.

Note: The AP get IP address from eth5 pool (30.30.30.x)

/ip address

 0   address=10.10.10.1/24 network=10.10.10.0 broadcast=10.10.10.255 
     interface=bridge1 actual-interface=bridge1 

 1 D address=192.168.0.82/24 network=192.168.0.0 broadcast=192.168.0.255 
     interface=WAN actual-interface=WAN 

 2   address=30.30.30.1/24 network=30.30.30.0 broadcast=30.30.30.255 
     interface=ether5 actual-interface=ether5 

 3   address=192.168.2.1/24 network=192.168.2.0 broadcast=192.168.2.255 
     interface=vlan1 actual-interface=vlan


/interface vlan

 0 R  name="vlan1" mtu=1500 l2mtu=1520 mac-address=00:0C:42:5C:0A:B3 
      arp=enabled vlan-id=23 interface=ether5 use-service-tag=n


/ip hotspot

 0   name="hotspot1" interface=vlan1 address-pool=dhcp_pool3 profile=hsprof1 
     idle-timeout=5m keepalive-timeout=none addresses-per-mac=2 
     proxy-status="running

/ip firewall

0 X ;;; place hotspot rules here
     chain=unused-hs-chain action=passthrough 

 1   chain=srcnat action=masquerade 

 2   ;;; masquerade hotspot network
     chain=srcnat action=masquerade src-address=192.168.2.0/2

/ip route

 0 ADS  dst-address=0.0.0.0/0 gateway=192.168.0.2 
        gateway-status=192.168.0.2 reachable WAN distance=0 scope=30 
        target-scope=10 

 1 ADC  dst-address=10.10.10.0/24 pref-src=10.10.10.1 gateway=bridge1 
        gateway-status=bridge1 reachable distance=0 scope=10 

 2 ADC  dst-address=30.30.30.0/24 pref-src=30.30.30.1 gateway=ether5 
        gateway-status=ether5 reachable distance=0 scope=10 

 3 ADC  dst-address=192.168.0.0/24 pref-src=192.168.0.82 gateway=WAN 
        gateway-status=WAN reachable distance=0 scope=10 

 4 ADC  dst-address=192.168.2.0/24 pref-src=192.168.2.1 gateway=vlan1 
        gateway-status=vlan1 reachable distance=0 scope=10

Feklar · August 18, 2011, 4:01pm

Are you using a Ruckuss controller with the AP? If so, turn off client isolation on it or modify the firewall rules to allow access to certain private IP addresses. The APs when they are in controlled mode have a firewall that blocks all communication to private IP addresses by default.

leonet45 · August 21, 2011, 12:51am

Great, i’m using local isolation and it works. I put the vlan into the bridge and work without problem