Hi, i have some “case” that related with mikrotik devices. So i directly put my topology to attached file
The story is i would like to build few some service integrated with other “service”
- For mikrotik hotspot i have successfully integrated with Active Directory Windows Server 2003. I write on here http://randymukti.wordpress.com/2014/11/25/integrated-mikrotik-hotspot-with-windows-server-active-directory-2003/ but for advance configuration i need to make limitation for each group of user (limit based user group) meanwhile in mikrotik device just can get few identification of user that have login to mikrotik hotspot (username radius not username of users, ip address, mac address) but there is no group in here (from active directory). So i will “cheat” this problem using limitation per range of ip address this will make problem if users change their ip address.
- [Fail Over Hotspot & other Service] Like my topology i will build failover router and included that services, The both configuration of main router is same. I have stuck to deliver failover hotspot services. Because when router primary down, i dont have any ideas the hotspot session will switch directly to secondary router so no problem if this case not solved but if you have opinion about replication router. My problem is when primary router from “down state” then switch to “up state” the hotspot services is running on primary router and secondary router so it will make “collision”. I have ideas like this post http://www.mikrotik.com/testdocs/ros/2.8/appex/hs1.php to make script that enable or disable hotspot+another service when router primary up or down. I have try this case, but not solved, maybe i have wrong with my script because in that link used Mikrotik ROS 2.8 meanwhile im using Mikrotik 6.xx, im still not understand about mikrotik scripting.
NB: In radius i make two profile based on real address of interface physical because radius not working on interface VRRP. - [Load Balance Internet] I have two router for main router, existing i using one router for primary router. The requirement i have to make load balance internet and fail over router, but i have just 2 router. So i change topology like my attached file, i have two provider and i directly put to my switch not on router. My plan is i will use vlan segmentation + VRRP on there, and make load balance + failover based on VRRP address. Is that works? or have another opinion? i not yet implement this planning because i have to solve the second problem.
Im so appreciated with any answer or another opinion.
Thanks and Regards 
