What device if issuing the IP/DHCP server? Is it the Cisco or Mikrotik?
Omar010
November 15, 2019, 11:14am
22
In that case, back to the drawing board. The least confusing way would be to set up two /30 interconnecting subnets outside the 10.104.104.0/22 one, add a route to 10.104.104.0/22 via the respective interconnect subnet at each of the two Ciscos, and do a normal routing also at Mikrotik side.
If you instead choose the interconnecting subnets to be inside the 10.104.104.0/22 range, you do not need the routes at the Cisco side, but you need the arp=proxy-arp setting at Mikrotik side on the cisco-facing ports.
In either case, the bridge (or the single etherX port) will then be used for the local clients, and all the traffic towards outside of that bridge will go through L3 routing so correct operation of the hotspot functionality will be possible.
But I still have a doubt, as you say the hotspot clients must be on the bridge - do you have also non-hotspot clients on the same bridge or all the clients on the bridge use hotspot? Because the hotspot manual says the following:
automatic and transparent > change any IP address of a client to a valid address > ;
Hotspot can work reliably only when IPv4 is used. > Hotspot relies on Firewall NAT > rules which currently are not supported for IPv6.
You can exclude a subrange of addresses in a subnet from hostpot handling, but it seems that a hotspot-handled client will always be NATed…
After i’m finished setting up the Tik am configuring PPTP-BCP layer 2 vpn through the MPLS router and it require’s that the LAN port must be add to the bridge
I’ll give it a shot and try configuring /30 between the gateways and the Tik with a proxy-arp and see what happens.
Omar010
November 15, 2019, 11:16am
23
In my environment we aren’t using a dhcp to assign ip addresses, we use static addresses.
Omar010
November 26, 2019, 10:43am
24
In that case, back to the drawing board. The least confusing way would be to set up two /30 interconnecting subnets outside the 10.104.104.0/22 one, add a route to 10.104.104.0/22 via the respective interconnect subnet at each of the two Ciscos, and do a normal routing also at Mikrotik side.
If you instead choose the interconnecting subnets to be inside the 10.104.104.0/22 range, you do not need the routes at the Cisco side, but you need the arp=proxy-arp setting at Mikrotik side on the cisco-facing ports.
In either case, the bridge (or the single etherX port) will then be used for the local clients, and all the traffic towards outside of that bridge will go through L3 routing so correct operation of the hotspot functionality will be possible.
But I still have a doubt, as you say the hotspot clients must be on the bridge - do you have also non-hotspot clients on the same bridge or all the clients on the bridge use hotspot? Because the hotspot manual says the following:
automatic and transparent > change any IP address of a client to a valid address > ;
Hotspot can work reliably only when IPv4 is used. > Hotspot relies on Firewall NAT > rules which currently are not supported for IPv6.
You can exclude a subrange of addresses in a subnet from hostpot handling, but it seems that a hotspot-handled client will always be NATed…
Hello sindy
sindy
November 26, 2019, 2:12pm
25
I have no problem to connect remotely (TeamViewer would be preferred, though), however bear in mind that I don’t use hotspot so at least the beginning would be a try and fail business. Worse than that, I’m also still not sure I fully understand the use case.
Oh yes, and my knowledge of Arabic is limited to “yes, no, thank you, maybe tomorrow, there is no electricity”.
So think twice; if you still want to give it a try, tell me whether you can use commandline openssl on some Linux or Windows system to send me your direct contact in a secure way.