Hi. Which would be the most recommended option for me?

Situation:

RB1000 NAS with Radius Server.
Hotspot running on Interface1, ip network 10.5.50.0
Hotspot user's laptop connects via HTTP login to the SSID through a CPE on some cafe, Radius assigns CPE MAC address instead laptop Mac address.
So I can't account 10 laptops under this CPE, just the CPE. CPE is not much manageable, no advanced options.

Considering that a laptop connects to my Hotspot SSID with no problems when not using any CPE, what are my options?

How do I get any laptop behind this CPE to join the 10.5.50.0 network?

Can I use a normal DD-WRT for this? Do I use PPTP, EoIP, BGP, RIP?

I have no ideia, and I tryed some of these but not sure if it works.

Cheers

Your topic title basically contains the answer: bridge the traffic to the Hotspot. The Hotspot must be the first layer three hop encountered by the client. On the CPE AP bridge the radio and wired interface so that the AP doesn't form a layer three boundary. It is both the most effective and most simple method.

Unless I am not understanding you correctly and the layout is AP at your choice at the cafe linking to a CPE router you have no influence over, linking to the RB1000 somehow. In that case your simplest and best best is to introduce an a Mikrotik AP that is its own Hotspot but potentially authenticates back to a central RADIUS server.

thanks fewi
i actually don't know how to bridge on my configuration.
the separate Mikrotik Ap sounds like a good option thought.

The CPE I mention it's AP receiver (client) and uses L2NAT. Thats why I can't get the first layer (i think). If you ever heard about, it's a Strix Systems EWS150 http://www.strixsystems.com/products/da ... s_150g.pdf

So the only solution I can see is a tunnel or the Mikrotik AP with separate Hotspot. On this case I need to check if RadiusManager software will accept multiple hotspots.

Cheers

Mauricio

That would screw things up, yes.

While you might be able to work around things with tunnels I think a dedicated Hotspot is a much simpler and nicer solution. With centralized AAA and maybe even centralized web servers for the login and landing pages it scales very well and will be easier to troubleshoot. I'd be surprised if RadiusManager didn't support multiple NAS but I have never used the software. It would seem like an odd limitation.

i'm quite sure it does support multiple NAS.

one last question, any recomendation on RB model for AP?

I guess 604 or 411?

Thanks once again

Sorry, got no experience with that. Hopefully someone else chimes in.

cheers
well someone came with the idea that if I actually don't use MAC authentication, then it would work. I'll try this out and post here, but what you think?

The Hotspot does a lot of identification based on MAC address. I don't think having everyone have the same MAC address will work well.
Can't say I've tried it, though.