Long time listener first time caller. So I figured I’d solicit the help of the forums with this little issue I have. After a week of beating my head against the desk, and eventually finding myself rocking back and forth in the corner of my office attempting to dig my way out with a plastic spork, I’ve given up hope and turned to the experts.
Yes the common courtesy seems to be to print out a boatload of configs or fancy diagrams bit I figured at this point a fancy diagram isn’t going to take place of simple words and too much configs might be a bad idea. So you just tell me what you request for configs and I’ll dump what’s necessary to the forums.
This is what I have: 7 RB435G’s setup currently as wireless bridges spread throughout a large building. Due to the layout of the network (don’t shoot the messenger) we have an…interesting vlan setup on the other switches/routers which looks like this:
Wireless Mgmnt (AP’s) 810 - 10.8.10.x
Wireless Employees: 820 - 10.8.20.x
Wireless Guests: 830 - 10.8.30.x
By adding wireless mgmnt and wireless employee’s (or guests at this point, it doesn’t matter) to vlan, then bridging wlan1 and vlan-guest. Adding an address to the bridged interface, IP’s are successfully handed out via our external dhcp server (gateway of 10.8.20.1, 10.8.30.1 depending on which vlan I attach to the bridge). Now that’s not the problem..it works, I celebrated with copious amounts of coffee.
Here’s the kicker. I have now been tasked with creating hotspot with radius authentication (once again, doesn’t seem to be a problem). Successfully setup Usermanger with radius authentication and all of that fun stuff..but I digress. If I setup a wireless hotspot listening on the bridged interface (wireless-bridge) and either enable or disable default forward on the wireless interface with a local DHCP server on the RB436G I get hit with the hotspot portal (success!), clients authenticate and life goes on.
Now before I go on and further confuse you, maybe I have the pools setup incorrectly (but yet it works). Because the VLANs on this network are Required in order to get out of the network (forced on both the 8206 switch and our firewall), I’ve had to create two separate pools for the hotspot. The default hotspot pool is pool-guest which gets a 10.8.69.xxx address for unauthenticated guests. Once a client has successfully authenticated they get a 10.8.30.x address in the pool.
So if your still with me and haven’t started drooling uncontrollably…Wirelss AP’s work with a 10.8.30.1 gatway, Hotspots work with a DHCP server setup locally (clients gateway is 10.8.30.58 which is the wireless-bridge ip address, go figure). Now if I setup a dhcp relay to point to our external dhcp server and issue a 10.8.30.1 gatway..nadda, zip, zilch, bumpkis. Clients don’t get the authentication page, nothing. However they do get a dhcp address from the external server, I can see it on the server side and the client gets a proper address. They successfully get stuck in the 10.8.69.x pool (pool-guest) awaiting authentication but can’t get a proper route, nor can I navigate to the 10.8.30.58 hotspot portal with said gateway.
At this point I’m thinking it’s a mix of firewall and/or routing on the AP.
Here’s what I want to accomplish: These clients are a mix of laptops, ipads, android tablets and all sorts of mysterious wireless devices. Because of this they will be roaming around. I figured if I could setup a centralized dhcp server on a mikrotik device that has a single pool then each hotspot with just pool-guest and a set static gateway of 10.8.30.1 then the clients, as they roam should be able to get through each access point they hit.
Am I doing something wrong? Have I created a black hole to the end of the universe? Please help, as i’m at the end of my leash and currently entertaining the idea of attempting the French can-can dance on top of my desk to Orpheus in the Underworld if it would make this work.
… did you find any Solution for this Problem ?