Hello,
I’m trying to make WiFi hotspot for customers and keep our company network separated. I’m thinking of using mikrotik devices for this reason. The idea is to make every customer connect for maximum 1 hour. Other requirement is that we have to use tablet that is connected to private network as well.
Here are different ways how I think this could work:
The first idea was to connect mikrotik public router and private office switch to modem. Then (somehow) connect router to switch for reasons of router settings. Then make VAP for tablet with ability to connect to private network ( in case vap has some option for minimal bandwith because even with 200 users connected to AP table must work) PC in office would connect to router over switch and my app would dynamically create WiFi users.
Next is that I would use second router for private network but I would still need connection to mikrotik router over switch.
I would buy bigger mikrotik switch and connect only some cheaper WiFi access point. Switch would have separated subnets.
Next question is how secure can I make private AP? Is Mac filtering and hidden ssid enough?
Also should I generate 2000 users at once and enable/disable them dynamically or generate users dynamically?
And is in mikrotik some option to limit time connection is valid? And not just actual login time?
You can easily separate the client wifi network from the corporate WiFi network running under the same router board as the WiFi AP. The router boards support virtual Access points were in you can have multiple ‘networks’ with different SSID and Security options including hotspot etc. The virtual Access points can then be assigned to different VLANS. One VLAN can go to the Main corporate network. Whilst the other goes to the internet and bypasses the main network.
The hotspot settings for maximum connection times etc should be in the mikortik hotspot tool kit. However I have never used it so I would not know.
The Private access point should, if this is a company run RADIUS sever for authentication, don’t worry about mac filtering it is to easy to bypass but increase your administration headache by a thousand. You can do public/hidden SSID it doesn’t really make a difference.
Thank you for your really good answer.
However I found another problem. I need to physically place AP away from modem. The problem is there is another system near modem, that must be connected to the Internet. So I was thinkink about possibility to configure some cheap AP using mikrotik. I would put mikrotik near modem, configure VAPs and VPNs, connect AP and other systems to mikrotik.
Would cheap AP (somehow) use VAPs settings from mikrotik?
Or do I have to connect Mikrotik router in AP mode and other Internet devices to some other router and connect it to modem?