after lots of problems in the network , we cleaned the main question and rebuild it in our way in order to be responsive.
1st scenario : radius server+x86 mikrotik using 3 pci network adapters + Hot spot = a flat network with a non-manage central switch and 5 small Hubs (5 port) and approximately 70 clients using the limited internet . we come into a big unsolvable problem , Broad Cast Storm!!! even with the use of a layer2 switch as the central switch with the help of rstp !!
(the network was working fine , maybe every 2 weeks we had a broad cast storm , the Access points all had one SSID named JACK with one encryption method and one wireless password so they have made a roaming wireless network and when user logged into hot spot and walk trough the building its connection to the internet never drops or it wouldn't been asked about mikrotik credentials until its login period finishes or he goes out of building and come back again for a while . the problem started from a day we changed old AP with new ones and increased their amount from 7 to 20 APs , each HUB had only 1 or 2 APs and we add 2 or 3 APs to each Hub)
**Solutions which have been done :
-monitored the network traffic with Wire-Shark , multi casts and broad casts are all the data in the network and after about 20 minutes the network is done. each time , the source of multicast and broadcast differs from the next time and each time one of them start to send the broadcast on the network and others answer until the network goes down
-one by one , unplugged the small hubs , restart all devices (specially switches and hubs) and let the other 4 hubs work with each other , but in every try the Broadcast Storm happen less than half an hour
-firmware upgrade
-changed the central switch with layer2 ones
-enabled stp and rstp
-disabled all AP DHCP(dhcp server is the edge mikrotik)
-separate the dhcp lease range from every device in the flat network in order to prevent IP assigning conflicts (APs and GW and every device available)
-omitted small hubs and use WDS instead
-changed the SSID of each AP and changed the wireless password of every of them (unfortunately our roaming network that had just one SSID , now have 20 different SSID s[very bad solution])
-connect all 5 small hubs into ports of a mikrotik RB and add all the ports into a bridge and start rstp service on the bridge interface (so the RB works like a layer2 switch)
PROBLEM NOT SOLVED , BROADCAST STORM STILL IS THE MAIN PROBLEM!!
SO WE CHANGED THE PLAN
2nd scenario: we changed the central switch with a mikrotik router board and connected the small hubs to its ports and separate them into five IP ranges and at last, route all the ranges into Edge mikrotik`s hot spot range (192.168.1.0/24) (GW : 192.168.1.1 ). so it worked fine and all end users saw the login page of edge mikrotik in their devices and could login using their credentials .
NEW PROBLEM!!
when one of end user, (no matter it is in which subnet or range ) login into hot spot , all the end users in all ranges start having the internet without login into hot spot !!!!
it means that the edge mikrotik understand its own hot spot IP range (192.168.1.0/24) and give the 192.168.1.10 the internet access without looking to the source IP which has login into hot spot, so all the clients behind 192.168.1.10 start having internet!! and another problem is that if we use one SSID to have a roaming network , when the user walks inside the building and goes for example from 192.168.12.0/24 range into 192.168.15.0/24 subnet , because the user doesn't disconnect from the network and connect again , it does not gain new IP address in the new subnets range , SO what happens ??? he have no connection to the internet or even network !! so we tried having 5 different SSID s for our 5 subnets (very bad solution)(another incredible work was that we put the edge mikrotik dhcp release time into 5 seconds so the clients ask for IP every 5 seconds !! but it made the problem much bigger and bigger so we forgot it)
the broad cast problem solved but now we have new problem with logins (the end users stay logged in until that user`s traffic ends)
because of radius server which configured and connected to the x86 mikrotik (edge mikrotik) and it cannot have more than 3 network adapters , we cannot connect all small hubs straightly into it and run five different hot spots on the edge mikrotik
now the question is that :
is it possible that like DHCP Relay agent we have a service named "HOT SPOT RELAY AGENT" that passes login requests trough another router and gives the login sessions to the exact person which have logged into edge mikrotik ???
does any body have any incredible solution for our problem ?(no matter for which part of our problem, just say your experiences)
