Hi.
I am weighing my options here. The last time I used Mikrotik Routers was for a Point to Point Link, including VPN Tunnelling, and failed attempt at a hotspot, and that was at least 11 years ago!
My customer has a Ubiquity Unifi AP (that was not configured properly), which is giving anybody Unlimited Time, Unthrottled Bandwidth, Uncapped Traffic on their public Hotspot. {I did not set it up, and the controller machine was reloaded with no backup of the controller configuration, so it will need to be reprogrammed from scratch anyway} They are a Restaurant / Vip Lounge, etc. Some people park in the street, or come in, don't order anything, and just suck the bandwidth (with all the traffic they generate, the ping RTT for the 1st hop after the ADSL router goes up from 30ms to 30 seconds or more!).
They have another section that is further away from the Unifi AP, that also needs to be a hotspot.
So I thought something along the lines of :
Remove their Unifi AP (and sell it, to recoup some of the cost).
Install 2 Mikrotik AP's (1 in each section)
The Hotspots will then be configured:
1) Firewalled on the AP so that the hotspot users cannot access the Internal Network. (The Public Hotspot, and their Internal Network Share the same ADSL Line). They can only access the Gateway and the Internet. Also blocking Inter Client Traffic.
2) Hotspot Trial Account for people to use (giving anybody that comes access for 20 minutes, or 50MB, Bandwidth limited to 2Mbps for all the trial users in the pool)
3) Have Regular users (vouchers) generated, that if the customer is staying longer, and is actually spending money, that the waiter gives them a voucher with username/password for additional time/data.
There are just 1 or 2 things ,
1) With the Trial User, will each Mac Address be given it's own traffic limit and time limit (matching what was set in the user manager), or do all trial users share a portion of those limits?
2) In the Licence for Level 4 (which is on the AP's I want to get), you are limited to 200 Active Hotspot Users, and 20 User Manager Active Sessions. If the 20 Active Sessions is exceeded, I expect it will not allow any more connections (until some are released)
. Is each concurrent Trial access considered a seperate active session?
. If the Time/Traffic for the Trial user (or other user) is Exceeded, does the Mikrotik send a Close session to release that Session (so that somebody else can now use one of those 20 sessions)?
Can I get both AP's to use the Usermanager from one of the AP's (so that I can have the same voucher username/passwords.), So that I can just choose one to be my Primary (with the Usermanager, which I presume is radius), then put the details in that usermanager. Then both that AP, and the remote AP can access that data for authentication and accounting.
If that is the case, then maybe I can get the 1 AP with a Level 6 Licence (Unlimited User Manager Sessions), and then have the other AP with Level 4 querying the Usermanager on the level 6 AP. Does that make sense, and do you think it will work?
Is the usermanager just a nice frontend for a builtin radius server? If so, can set up my own radius server on a machine, and then just have it tell the Mikrotik what the users Bandwidth Profile, Traffic Limit, and Time limit is?) Or is there custom information that Usermanager and Mikrotik pass that cannot be replicated easily with a radius server? Then I can also have it centralised, and get away from the Usermanager limitations.