Community discussions

MikroTik App
 
pedja
Long time Member
Long time Member
Topic Author
Posts: 684
Joined: Sat Feb 26, 2005 5:37 am

A bit unusaual IP subnetting question

Fri Aug 25, 2006 9:32 am

What I like about connection users through PPPoE is that automatic subnet is created for user, so he cannot see anything on the network except router, and all his connections must go through the router.

That allows using client isolation on AP (which is a must for any open access network)

I run small community network and I am experimenting with MT as possible solution for centralizesd user management. I would like to achieve similar effect but without using PPPoE or any kind of tunneling.

Goal is to use client isolation on AP, but to provide means that each user can connecto to others (through router), even if they are on the same Access Point.

Is it possible in any way?
 
savage
Forum Guru
Forum Guru
Posts: 1220
Joined: Mon Oct 18, 2004 12:07 am
Location: Cape Town, South Africa
Contact:

Fri Aug 25, 2006 11:12 pm

hmm.. well the reason why u use PPPoE is because it is point to point - server to client.

I guess if you REALLY dont want to use it, the only real alternative would be to put each CPE into a dedicated VLAN... Your CPE would need to support VLANs obviously...
Regards,
Chris
 
User avatar
aitsecurity
Frequent Visitor
Frequent Visitor
Posts: 84
Joined: Thu Mar 16, 2006 12:28 am
Location: venezuela

Re: A bit unusaual IP subnetting question

Sun Aug 27, 2006 6:43 am

What I like about connection users through PPPoE is that automatic subnet is created for user, so he cannot see anything on the network except router, and all his connections must go through the router.

That allows using client isolation on AP (which is a must for any open access network)

I run small community network and I am experimenting with MT as possible solution for centralizesd user management. I would like to achieve similar effect but without using PPPoE or any kind of tunneling.

Goal is to use client isolation on AP, but to provide means that each user can connecto to others (through router), even if they are on the same Access Point.

Is it possible in any way?

i am using SmartBridges AP, this AP have disable port forwarding, and make this goal, in the radio. in MK have the same solutions but need put the PCI card radio inside the PC.

is you are using exernal radio AP, i don´t know you can easy make this goal.
 
pedja
Long time Member
Long time Member
Topic Author
Posts: 684
Joined: Sat Feb 26, 2005 5:37 am

Sun Aug 27, 2006 9:21 am

Well, I can achieve this if I make small subnet for each user. Problem is I have to do it manualy. I

would like that subnets are created automaticaly like it is created on tunel connections or even modem dial in.
 
savage
Forum Guru
Forum Guru
Posts: 1220
Joined: Mon Oct 18, 2004 12:07 am
Location: Cape Town, South Africa
Contact:

Sun Aug 27, 2006 1:55 pm

How do you want to automate it?

How will the MT know when this automation should take place for a client? There is no "request" presented by the client that the MT can deal with...

Creating & Assigning VLANs, pretty much is a manual job... Or, use PPPoE like the rest of us :)
Regards,
Chris
 
pedja
Long time Member
Long time Member
Topic Author
Posts: 684
Joined: Sat Feb 26, 2005 5:37 am

Mon Aug 28, 2006 10:02 am

If client gets all parameters from DHCP, I do not see why this could not be automated (in theory). Is MT capable od doing do it is another question.
 
savage
Forum Guru
Forum Guru
Posts: 1220
Joined: Mon Oct 18, 2004 12:07 am
Location: Cape Town, South Africa
Contact:

Mon Aug 28, 2006 10:15 am

Yes I suppose that *could* be possible.

But DHCP allocates to remote ends. To have the remove end in a dedicated VLAN, or dedicated Subnet (of any sort), configurations are required on BOTH sides of the link. Your MT needs to have a IP Alias in the same subnet as the subnet you are allocating to the client.

There is no tools (to my knowledge) that does these kind of configurations automatically on MT itself, it could *possibly* be done at the client. Forgive me if I'm wrong, but I also don't believe you can assign a VLAN via DHCP. Once the DHCP request reaches the server, it is already broadcasting packets outside of the VLAN...
Regards,
Chris
 
pedja
Long time Member
Long time Member
Topic Author
Posts: 684
Joined: Sat Feb 26, 2005 5:37 am

Mon Aug 28, 2006 5:04 pm

O, for the clarificain we are talking in theory, since it is very likely I cannot do what I need using MT.

Second, I do not need VLAN, I am talking just about subneting.

I am just hoping that someone may come up with some magical idea how to accomplish this.


Problemis this: I run AP with client isolation. This means clients connected to AP canot conect to eachother even if they belong tothe same subnet. I need to allow them to connect to each other (but client isolationon AP must be turned on for security reasons).

What wold hel is to set each user in his own subnet where client is onemember of the net and MT is other member. That would allow me to route all connections through MT and make connections among clients that way.

I know DHCP is for client side, but i suppose if would be possible tointroduce option to MT to specify, if user asks for IP he gets his own subnet IP (/32) and MT interface which one client is coming through also gets IP in that same subnet.

Actualy, if there is an OnDHCPLease event it probably could be possible to script something out. :(

Who is online

Users browsing this forum: alidamji, eworm, Google [Bot], idlemind, jamrobe, juzeal, spr41178 and 161 guests