I’m in the process of creating a config (MT RouterOS 2.9.38) for a Hotspot+PPPoE network to suit a 3 campus, 950 Room on-campus student accommodation network. I would like to hear other peoples opinions on what I have so far, to make sure no issues spring up during install and production.
Particulars that I am unsure about is how should I estimate the resource usage of hotspot and pppoe connection? Is there any rule such as xMHz CPU and xMb memory per connection? For example should I be looking at two 1GHz/768Mb servers instead of one?
Been testing things and I’ve come across something odd.
All 6 VLANs are on ether2 (on the test box, single interface). I have these combined into pairs using three bridges.
When I connect straight to ether2 to run some test on a default setup I have on that interface, the router assumes all traffic is on the first VLAN (101) even tho none of it is tagged traffic. ARP shows duplicate entries on ether2 and the bridge interface, DHCP has duplicate leases.
I have all forwarding disabled in the bridge filter.
So on each of these three bridges (one per campus?) you are bridging together one “VLAN for PPPoE” and one “VLAN for hotspot”? If so, I would recommend against this design because then you’ll end up running a PPPoE server and a hotspot on a common interface (the bridge interface), which is something I’d avoid, even with a deny-all bridge filter in place. I would not bridge PPPoE+hotspot together into one bridge but rather leave the VLANs seperated at the MikroTik router and run individual PPPoE servers and individual hotspot servers on each VLAN interface, or alternatively bridge all three PPPoE segments (from the three campus regions) together into one bridge and run one PPPoE service on that bridge (which would then serve the entire unversity) and the three hotspot segments into another bridge and run one hotspot on that bridge. But this would give you two bridges with three VLANs each, and you wrote that you have three bridges with two VLANs each, so I believe your configuration is more like what I described first?
I was hoping to run both the PPPoE and Hotspot on the one interface with the appropriate security in place. Pairing up VLANs into bridges would allow me to run three sets of services instead of six, one service type per each location.
What I will do is include a dedicated PPPoE concentrator that will sit beside the current router.
I was considering something like this. I might actually do so now.
Yes, I have untagged frames on ether2. I would like to know why they’re being picked up on vlan101 - shouldn’t the vlan interfaces ignore all untagged?
