talk about this mac-address (MAC address; default: 00:00:00:00:00:00) - static MAC address. If not 00:00:00:00:00:00, client is allowed to login only from that MAC address
I have this scenary,
Server with Routeros and running Hotspot
and put the MAC-address in /ip hotspot user mac-address the MAC address the end user,
but, the user can login in this MAC-address, and in other Computer MAc-address.
the Server Routeros, is connect to AP, and this AP, make a PtM link to other CPE, and this CPE go with swtiche wired, to other two AP
the AP is all in bridge mode.
what is wrong, because when i am triying, put the aunthetification or filter with MAC-address of end user wireless CPE, no work, because the user can login in other Computer with different mac address.
HI sergejs, ok, the authentication is chap only in the profile of server hotspot, and try explain, if the user example, login: demo pass:demo, try login in to the Hotspot from other computer the Hotspot, send this message
you see in the files of hotspot error.txt
wrong-mac-username
If username looks like MAC address (12:34:56:78:9a:bc), but is not
a MAC address of this client, login is rejected
wrong-mac-username = invalid username ($(username)): this MAC address is not yours
ok, the problem is, i am thinking now, this topology
______AP one
Hotspot —AP(omni) —CPE(especial) — switch ----<
---------AP two
ok, the users when make link in AP one or AP two, the HOTspot only see the MAC-address of the CPE(especial) no the MAC-address of the wireless CPE from regular users
when see in /IP HOTSPOT HOST, onyl see the MAC-address of CPE(Especial), if have 50 customer in AP one, i will see the 50 times the same MAC-address of CPE(especial)
BUT, when the customer make a link to AP (omni), i will see the real MAC-address of user, and can match the MAC-address in /ip hotspot user add=EXAMPLE MAC-address= THE MAC OF THE USER CPE.
and WORK VERY FINE, when the user go to other Computer example the other user, and try use the login and password, the message is
wrong-mac-username = invalid username ($(username)): this MAC address is not yours
the CPE is a Airbridge TOTAL of SmartBridges, and only see the mac-address this bridge, i remember smartBridges have a Firmware for work with transparent mac-address.
i will study again, the old firmware, in the FAQ of smartBridges, and i am correct, put the firmware, and test, and WRITE HERE the test
look this please, this in the FAQ of airbridge CPE
Is airBridge series a transparent device ?
Yes, using older firmware 0.09.10, airBridge is transparent bridge with single Mac support. With the newer firmware installed starting ver 0.01.04, it support multiple Macs and is not a transparent device anymore as it does Mac Nating. So when any PC sending traffic which is attached behind airBridge, it will replace with its own Mac#.
other item from the same FAQ
Does Mikrotik ver 2.7 works with airBridge ver 1.5 (F/W 0.01.04)?
Yes, it will work in respect to the following functionality which is tested working with airBridge ver 1.5
DHCP
PPPoE (using RASPPPoE client)
Hotspot (Enabled_address Method) - In this case, the ARP feature is set to enabled. When use together with DHCP, the Mac address seen by the Mikrotik is the Mac# of the PC for authentication but destine to airBridge Mac# in turn forward to PC. So based on this, you can enable auth-mac in Hotspot server for mac authentication. If it is static, the Mac# seen by the Mikrotik is airBridge, and you will be prompted to enter username & password.
In Hotspot’s DHCP-Pool Method, this is not working.
Hotspot (DHCP_Pool Method) - In this case, the ARP feature is set to reply-only. Due to the fact that it is using DHCP to assign IP address for temporary and real address, the Mac# seen by the Mikrotik is the PC and it response to Mac# of the PC but is not exists on the hotspot’s interface, the transaction failed and connect proceed.
