I am having an issue where the 1:1 NAT address pool settings are ignored when set on hotspot.
It works fine and well for trial users, but for static users where address pool in their user profile is set to ‘none’ it does not take default settings from the hotspot and instead the user is logged in with an internal IP.
Yes, address pools can be set in the profile but this is not possible when multiple hotspots/subnets are involved - the settings can only be and should be inherited from the hotspot itself.
We now have a hotspot user account (local user, not radius). The user has a hotspot user profile of “2Mbit”.
The “2Mbit” user profile has address-pool set to “external-pool-1”, so the user will login to the hotspot #1 and have a dynamic 1:1 NAT rule generated.
The issue is when the user now logs in to hotspot #2. The user will still be assigned an IP from “external-pool-1” which is not valid for the interface.
For trial users, address-pool comes via the “address-pool” setting in ip hotspot, rather than the user profile, so these users work fine.
But for static hotspot users, the address-pool in the hotspot user profile takes presidence even if set to “none”, and thus they will either have no 1:1 NAT mappings or 1:1 NAT mappings that will only work on one hotspot.
What is missing is an option to say “hotspot user profiles with no address-pool set should inherit address-pool settings via ip hotspot rather than disabling 1:1 NAT mappings completely”.
Well, my previous solution has reached it’s limits now. It cannot scale anymore and RIPE will not approve more IPs as it’s too wasteful.
MikroTik, will you please look into implementing this? If you can do it for unauthed clients then please - an option for authed clients would be great too!
The simplest explanation of what I desire to do would be for the following options in ip hotspot user profile:
address-pool (name | none | inherit from hotspot; default: none)
