Hey there everyone!
New to the board and MIkrotik, but learning fast and willing to search on hours for my solutions, but this ones got me stumped. Theres almost toooo much information in the manuals (if there ever was such a thing) 
anyways, What I am trying to do essentially (overall) is to have this configuration:
- Mikrotik router used as edge device on 2 different networks (my subs internal network & my backhaul/isps network)
- several nic cards on backplane- 1 for out, 1 for my external AP, and 1 for a server (and several more for the load balancing bond later)
- Want to run a hotspot on my MT box that authenticates against a freeradius-mysql server & does redirects to login page
- All services are handled by my other server in this config (ie; DHCP, Virthosts, DNS, SQUID, Radius/Mysql/AUTHENTICATION/Logging) - it affords more control..
**All services are doing what they are supposed to except the login process basically (& possibly squid/MT setup but thats another issue) **
What I have done so far:
- Setup MT with several nics
- setup IPs of 10.10.10.1/24 & 192.168.2.1/24
- Bridged my interfaces (Server1 & AP1 cards) both on the 10.x network
- setup NAT masq for anything going out interface (ether-whateveritis)
- enabled hotspot on that IP with HTTP chap methodā¦and tried assigning on the bridge once too
So heres where I am atā¦
As a sub I can connect to the AP, recieve dhcp from ext server, and connect to internet. Problem is that the hotspot is enabled against the 10.1 and I get no login page! I dont send any credentials whatsoever and no offer of a login page. when I direct the browser to x.x.x.1/login I get the MT Error 404: Not Found, when I direct just to 10.10.10.1 I get the admin login page for the routerā¦
I had the hotspot page up and working (local auth only) at one point, but I believe the only thing changed since that point was the bridging of the interfacesā¦Not sure what to do here. I have read tons of manual pages and forum posts but nothing. I found some walkthroughs for the radius auth and such, but nothing that specific for this applicationā¦
anyone have any ideas? has anyone successfully got bridges and hotspot working together? I think I saw some posts that indicated they were running some bridges as well as hotspot, but not sure if that has anything to with this at this point. Someone please help me out here 
better yet has anyone done a config close to this before and documented/have scripts/output for me?
**Also, I can post any print commands or output you need to further assist (more specifically) if needed **
**Also I have read the respective manual sections located @: http://www.mikrotik.com/testdocs/ros/2.8/ip/hotspot.php and still cannot find my answers
**MT 2.946
Thanks in advanceā¦
GrantWNorman
Well didnāt get any response outta that one!
I have since changed my configuration and have the hotspot working now although it is completely on the MT box at this point.
I removed all the bridges and got the hotspot working and routing properly again. However I can no longer talk to my server1 on 10.10.10.30 which is on my interface ether6.
Ether6 does not have an ip address so I want to bridge it to the existing 10.x network on my AP ether8 (10.10.10.1), so anyone on a 10. address can talk to this box. Problem is that whenever I bridge any of the interfaces I lose my hotspotā¦
What am I doing wrong here or missing? Can someone please help me out on this?
-UPDATE-
I did get this working although I donāt recall the specific problem that caused it. This thread could be closed.
Hi justjoined.
I have similiar problem like you.
Try to contact Mikrotik Support and they ask me to turn on the use-ip-firewall but still no luck
Anyone out there know how to fix the problem?
Regards
Boon
Boone -
I was able to correct my problem somehow. Can you describe your situation better so we can try and help you.
Does the hotspot login page come up or redirect you?
How many interfaces are in the machine?
What interface do you have the hotspot assigned to?
Are the interfaces bonded? etc. etc.
I can try and help out, but need more information to do so.
-Grant
Hi justjoined.
Below are my scenario.
i. Have one MT with WAN IP : 118.103.xxx.xxx and LAN IP : 10.201.20.20
ii. Hotpsot running on LAN interface.
iii. MT act as DHCP server as well
iv. I have one AP (wifi Access Point) connected directly to LAN port (carrying ip 10.201.20.19) with SSID : Starbucks
PC/notebook that connecting to Starbucks SSID will get the DHCP and login page come up. I can enter my username
and password and eventually can athenticate with my radius server. Everything works as planned so far.
iv. Next, i put one more AP to extend my wireless coverage/or you can say i bridging the Starbucks wifi signal and rebroadcast again. What i did was set the 2nd AP (carry ip address 10.201.20.18) to bridge mode. It will get the Starbucks signal and rebroadcast the signal again(SSID : McDonalds). I put different SSID so that i know which AP i connecting to.
v. Using my notebook to connect to McDonalds SSID and manage to get ip adress from MT. BUT, i cant get the login page coming up.
To answer your questions :
Does the hotspot login page come up or redirect you?
Yes if i connect to Starbucks and NO is i connect to McDonalds.
How many interfaces are in the machine?
Two. LAN and WAN interface
What interface do you have the hotspot assigned to?
LAN interface
Some note you might need to know.
i. When i connect to McDonalds SSID, i can get dhcp but cannot the login page doesnt shows up.
ii. I encounter this whole thing when i upgrade the software to 3.1.
iii. I have all this setup working fine on version 2.9
iv. MT detect AP (that carrying McDonalds) MAC add as another client. That is why i cant get the login page. But if i put that MAC address under IP Binding and set to bypass, all the computer/notebook that connecting to McDonalds will have direct access to internet without authentication.
Can i contact you via email? mine is boon_ee remove me @ remove me mitzmara.com
Thanks
Regards
Boon
Hello Boon-
Yeah you wouldnāt want to bypass the MAC address of the AP itself, as that will allow all traffic with no login as expected.
And you apparently are able to pass traffic through the APs to the MT box, as you are recieving DHCP from it.
Have you made sure to leave your AP2 wide open so that anyone can connect and let MT/radius authenticate?
What happens when you hit up your login page from the McDs connection?
Do you get the login page at least, or page not found, or do you get the MT admin login page for the router itself?
Also, is the User Manager (userman) package installed and runningā¦or no? I know people were finding it impossible to run both the hotspot and userman on the same interface on the last ver of ROSā¦
If you get the router login page (not the hotspot) than the hotspot is being bypassed for some reason or something similarā¦otherwise if the hotspot pages come up, than it is more of a redirect problem than the hotspot problem.
Seems strange that you started having problems with this after your upgrade of the ROS. I was kind of hesitant to install the new ROS, as it seems that new releases of software in general will often cause more problems than it is worth. Especially to a live system.
You can contact me if you like via email: GrantWNormanremove me @ remove me Gmail.com
-Grant
Hi Grant,
I still believed there is something that blocked the packet from going through on version 3.1, please correct me if iām wrong.
I even try to reset the whole thing and reconfigure all over again but NO luck.
Yes, both AP are open to everyone and there is no WEP key.
Regards
Boon