I have several IP subnets as follows:
- Hotspot: 172.16.0.0/21
- Application: 192.168.46.0/24
- Cable: 192.168.1.0/24
On RouterOS version 7.16.2:
- A user who logs into the hotspot and gets a DHCP IP (e.g., 172.16.1.2) can access web services (ports 80 and 443), SSH, etc., on 192.168.46.8.
- After logging into the hotspot, the user attribute is AH.
- A device with IP 192.168.1.17 can still access web services (ports 80 and 443), SSH, etc., on 192.168.46.8.
However, since version 7.17 up to 7.18.2:
- A user who logs into the hotspot and gets a DHCP IP (e.g., 172.16.1.2) cannot access web services (ports 80 and 443), SSH, etc., on 192.168.46.8. Ping to this IP also times out.
- Internet access (e.g., Google, etc.) is still working fine.
- If IP 172.16.1.2 is bypassed (P), the user can access services on 192.168.46.8.
- After logging into the hotspot, the user attribute changes to (AD).
- A device with IP 192.168.1.17 can still access services on 192.168.46.8, so this issue seems to affect only the hotspot subnet only.
This issue only occurs in versions above 7.16.2 and started happening since 7.17.
This issue in the hotspot reminds me of Client Isolation, where the user cannot interact with other IPs, whether within the same subnet or across different subnets.
For now, my temporary solution is to downgrade to version 7.16.2.
I have encountered this issue on several devices:
- CCR2004
- RB-1100AHx4
- RB-450Gx4
- RB-750Gr3
Has anyone else experienced this issue? Is there any solution other than downgrading?