Hi all,
Wondering if the following is possible.
Building a hotspot to dish out DHCP on a certain range say 10.0.0.1/24, but instead of using the MT wireless cards, using external routers?
The issue I’m running into is that the hotspot see’s only the routers MAC address and issues it an IP on the hotspot range.
And the users attaching to those routers would get a local IP of say 192.168.1.X
This being NAT’d to the MT, hence the MT seeing only the MAC address of the Router.
The first user to authenticate get access and everyone else to connect to that router just go through because of the first person that authenticated.
Running the routers in bridge mode is not an option because of the amount of MAC address’s running over the network.
If they go over 3000MACs the network switches will go into Hub mode and the entire network would need to be rebooted.
A small graphical example would be.
Any ideas on whether this is possible?
You need to bridge the AP. One way to do this with a generic router is to plug your cable coming from your hotspot into a LAN port on the router since the LAN ports and the wireless is normally already bridged. Then all addressing will come from the MikroTik and you would have to worry about Hotspot registering the mac address of the AP instead of the client.
Hi cbrown, thank you for your reply.
Yes I do get this whole thing working in the bridge mode, but their are risks involved in doing so,
My biggest of these risks is a MAC flood attack, if the router weren’t in bridge mode, this wouldn’t be a problem as the client (attacker) would only pull down the specific AP thereby cutting himself off in the process, my concern is flooding further upstream, which would send all relavant layer 2 switches into broadcast mode, (ie dumb switch)
I’m trying to to set the port security on the switches and have managed to circumvent rouge DHCP servers from being injected into the network as well as ARP poisoning, all that leaves is MAC flooding…