Setting up hotspot on a bridge interface

RouterOS Beginner Basics
1

I’ve done quite a bit of searching around and I am probably just not searching for the correct thing. This seems like a newbe problem to me.

There is actually more to this problem, but I think that I have it narrowed down. I am doing some work with WDS but I am having no problems with WDS itself. In a nutshell, I need to make the set up the bridge device that WDS is connecting to as a hotspot.

The remote WDS router is not using RouterOS and is just a dumb repeater, so can’t run hotspot there. When I have not set up the wds bridge as a hotspot I can easily get a solid connection with no routing problems. However, when I make the bridge device a hotspot I can still connect using the remote repeater and I see the normal login page I use on my hotspot network (it’s modified and not generic), however at that point any username and password combo simply causes a “Radius Server Not Found” error. My troubleshooting indicates that packets will simply not route beyond the hotspot’s network. It will not act as a true hotspot and tunnel that traffic.

I did an experiment on the original router where I created a bridge, set it up as a hotspot and added one of my network cards as a port and I have the exact same problem. So I think I simply do not know how to set up hotspot on a bridge and get it to route correctly… I must be missing needed setup.

Are there any howtos out there on how to set up a bridge as a hotspot? The docs indicate that it can be done but I appear to be missing something that would allow this to route correctly.

2

Have you tried logging in to the hotspot with the default user/password you entered in the setup? Sounds like the bridge is working, but not the routing from the hotspot to the radius server. How is that set up?

3

Yes, I failed to mention that. I can get logged in without radius but then DNS does not respond and trying to open a page via ip address doesn’t work either. So I believe you’re right. This might be where I am missing something because I did not add setup to aid the routing from the bridge’s hotspot to the rest of the network. I just used the the “/ ip hotspot setup” script and did nothing beyond that since that is how I have setup my wireless card devices in the past.

4

Have you set a default gateway?
/ip route add gateway=xxx.xxx.xxx.xxx
where xxx.xxx.xxx.xxx is the gateway issued by your ISP with your public IP address. It should be in the same subnet as your public IP address.

After that set your dns
/ip dns set primary-dns=xx.xx.xx.xx secondary-dns=yy.yy.yy.yy allow-remote-requests=yes

If you are going to use the hotspot to track client time, you must setup the NTP client.
/system ntp client set primary-ntp=zz.zz.zz.zz mode=unicast enabled=yes
and your time zone in
/system clock

5

here is my routing table…

C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, 
B - blackhole, U - unreachable, P - prohibit 
 #      DST-ADDRESS        PREF-SRC        G GATEWAY        
 0 A S  ;;; added by setup
        0.0.0.0/0                          r 10.0.0.1       
 1   S  ;;; added by setup
        0.0.0.0/0                          u 254.255.255.10 
 2 ADC  10.0.0.0/8         10.0.20.20     
 3 ADC  192.168.30.0/24    192.168.30.1   
 4 ADC  192.168.31.0/24    192.168.31.1   
 5 ADC  192.168.32.0/24    192.168.32.1

Now, before you say anything this setup is actually on a private network, and 10.0.0.1 is correct. 192.168.30.0 and 31.0 are my two hotspots on two wifi cards, 32.0 is being set up for the bridge that has hotspot running on it. Here is /ip hotspot print

 #   NAME                           INTERFACE ADDRESS-POOL PROFILE IDLE-TIMEOUT
 0   hotspot1                       wlan1     hs-pool-1    hsprof1 5m          
 1   hs-wlan2                       wlan2     hs-pool-2    hsprof1 5m          
 2   hs-wdsbridge                   wdsbridge hs-pool-45   hsprof2 5m

here is /interface bridge print

 0  R name="wdsbridge" mtu=1500 arp=enabled mac-address=00:15:6D:63:A7:B4 
      protocol-mode=none priority=0x8000 auto-mac=yes 
      admin-mac=00:00:00:00:00:00 max-message-age=20s forward-delay=15s 
      transmit-hold-count=6 ageing-time=5m

DNS and the rest are all ok… the other hotspots are working fine. I am only having problems setting the bridge wdsbridge (the bridge that WDS is defaulted to) so that it works with hotspot and then routes fine to 10.0.0.1 after authentication.

one more that might help…

/ip hotspot profile> print
Flags: * - default 
 0 * name="default" hotspot-address=0.0.0.0 dns-name="" html-directory=hotspot 
     rate-limit="" http-proxy=0.0.0.0:0 smtp-server=0.0.0.0 
     login-by=cookie,http-chap http-cookie-lifetime=3d split-user-domain=no 
     use-radius=no 

 1   name="hsprof1" hotspot-address=192.168.30.1 dns-name="SOMETHINGSOMETHING.org" 
     html-directory=hotspot rate-limit="" http-proxy=0.0.0.0:0 
     smtp-server=10.0.0.114 login-by=mac,cookie,http-chap,http-pap 
     mac-auth-password="" http-cookie-lifetime=1d split-user-domain=no 
     use-radius=yes radius-accounting=yes radius-interim-update=30s 
     nas-port-type=wireless-802.11 radius-default-domain="" 
     radius-location-id="" radius-location-name="" 

 2   name="hsprof2" hotspot-address=192.168.32.1 dns-name="SOMETHINGSOMETHING.org" 
     html-directory=hotspot rate-limit="" http-proxy=0.0.0.0:0 
     smtp-server=10.0.0.114 login-by=mac,cookie,http-chap,http-pap 
     mac-auth-password="" http-cookie-lifetime=3d split-user-domain=no 
     use-radius=no

I’ve turned off radius for the time being to drill down onto the problem itself.

6

The two hotspots have the same dns-name assigned? Try removing the dns-name on your bridge hotspot.
How far can you ping/traceroute from the wds hotspot once you are logged in. Can you ping 10.0.0.1?

7

Tim: I may have jumped the gun on this posting. I set it all up again to get you those numbers and now everything is routing correctly. I must have set this up 5 times yesterday and never got it to route. RADIUS and everything is now working. I never looked at the routing table… I wonder if there was a bad route or something in a table somewhere that expired…

8

Good deal. “It works!” is the important part. :slight_smile: