Hello, we have a Mikrotik x86 virtual server running, and the User Manager is functioning on this server. There are 10 devices such as RB951, RB941, cAP located in different locations of the company, and these devices connect to the User Manager with a Radius server and obtain hotspot service from there. When company employees first connect to the Wi-Fi, they need to undergo authentication, and internet access is provided accordingly. I have an issue where a phone that is connected to device X and has authenticated to access the internet needs to reauthenticate when it leaves that area and connects to the Wi-Fi of another MikroTik device. This results in a “simultaneous session limit reached” warning. I can potentially resolve this by increasing the shared user count, but I want each user to connect with only one device. What can I do to avoid requiring authentication when switching between devices? All the Wi-Fi names for hotspot connections are the same.
You will need newer equipment for that.
The new devices that support 802.11k/r/v can do roaming without re-authenticating, but the older devices cannot and it will not be added.
However, even with this roaming you still can run into the situation where a user re-authenticates because their device believes that it has lost the network while the network does not agree with that (yet).
So you WILL have to allow at least 2 connections for it to function correctly.
First of all, thank you very much for your explanation. Let me describe my issue as follows:
I have 10 Mikrotik devices, each of which has 3 SSIDs. One of these SSIDs is intended for our staff to connect their personal smartphones. I’m currently providing this connection through the User Manager using the Hotspot service to ensure that it’s not open to everyone, not shareable, and that only one device can be connected with a single authentication.
Is there an alternative authentication method besides Hotspot? I don’t want to give users a single password because it will be shared with everyone. It’s a bit challenging to make hardware changes, and I want to solve this problem with the existing hardware I have.
The method you have will work, but you need to increase the “maximum number of connections” (“shared users”) to something higher than 1. Even when you do not want that.
Is it possible for me to provide a solution using WPA3-Enterprise and 802.1X?
No.
Thank you very much