Community discussions

MUM Europe 2020
 
kiira
newbie
Topic Author
Posts: 26
Joined: Fri Sep 10, 2004 1:44 am

Running hotspot on bridge??

Tue Mar 20, 2007 11:01 pm

Hi, I have a two ethernet hotspot router and I am trying to get hotspot to run on a 2 ports (ether0 + ether1) bridge. Everything works fine without hotspot enabled, local users get dhcp, dns lookup etc. But when I enable the hotspot the network dies, I cannot even ping in or out! First I tried on our class C and then on a 10.1.0.0/16 . Here are the configs - I've tried /system reset and it is runing 2.9.41 . This is my setup:

hotspot
admin@auth2.9.41] ip hotspot> export
/ ip hotspot
add name="hotspot1" interface=bridge1 address-pool=wire-pool profile=hsprof1 idle-timeout=none \
    keepalive-timeout=none addresses-per-mac=1 disabled=no
/ ip hotspot service-port
set ftp ports=21 disabled=no
/ ip hotspot profile

add name="hsprof1" hotspot-address=10.1.0.3 dns-name="" html-directory=hotspot rate-limit="" \
    http-proxy=0.0.0.0:0 smtp-server=0.0.0.0 login-by=cookie,http-chap http-cookie-lifetime=3d \
    split-user-domain=no use-radius=yes
/ ip hotspot user
add name="admin" password="**********" profile=default comment="" disabled=no
/ ip hotspot user profile
set default name="default" idle-timeout=none keepalive-timeout=2m status-autorefresh=1m shared-users=1 \
    transparent-proxy=no
dhcp
admin@auth2.9.41]/ip dhcp-server>export

add name="dhcp1" interface=bridge1 lease-time=1h address-pool=wire-pool bootp-support=static authoritative=yes \    disabled=no
/ ip dhcp-server config
set store-leases-disk=5m
/ ip dhcp-server lease
/ ip dhcp-server network
add address=10.1.0.0/16 gateway=10.1.0.3 dns-server=192.168.2.2,10.1.100.10 comment="hotspot network"
dns
[admin@NOCAuth-2.9.41] ip dns> export

/ ip dns
set primary-dns=192.168.2.2 secondary-dns=10.1.100.10 allow-remote-requests=no cache-size=2048KiB \
    cache-max-ttl=1w
dhcp- pool
[admin@NOCAuth-2.9.41] ip pool> export

/ ip pool
add name="wire-pool" ranges=10.1.200.1-10.1.201.254
bridge
[admin@NOCAuth-2.9.41] interface> export

/ interface ethernet
set out-wire name="out-wire" mtu=1500 mac-address=00:08:54:1D:57:0E arp=enabled disable-running-check=yes \
    auto-negotiation=yes full-duplex=yes cable-settings=default speed=100Mbps comment="" disabled=no
set in-lan name="in-lan" mtu=1500 mac-address=00:14:2A:FE:8C:61 arp=enabled disable-running-check=yes \
    auto-negotiation=yes full-duplex=yes cable-settings=default speed=100Mbps comment="" disabled=no
/ interface bridge
add name="bridge1" mtu=1500 arp=enabled stp=no priority=32768 ageing-time=5m forward-delay=15s \
    garbage-collection-interval=4s hello-time=2s max-message-age=20s comment="" disabled=no
/ interface bridge port
add interface=in-lan bridge=bridge1 priority=128 path-cost=10 comment="" disabled=no
add interface=out-wire bridge=bridge1 priority=128 path-cost=10 comment="" disabled=no
ip address
[admin@NOCAuth-2.9.41] ip address> pr
Flags: X - disabled, I - invalid, D - dynamic
 #   ADDRESS            NETWORK         BROADCAST       INTERFACE
 0   10.1.0.3/16        10.1.0.0        10.1.255.255    bridge1
routes
[admin@NOCAuth-2.9.41] ip route> pr
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf
 #     DST-ADDRESS        PREF-SRC        G GATEWAY         DISTANCE INTERFACE
 0 ADC 10.1.0.0/16        10.1.0.3                                   bridge1
 1 A S 0.0.0.0/0                          r 10.1.0.1                 bridge1
thank you,

Kiira[/code]
 
User avatar
tneumann
Member
Member
Posts: 394
Joined: Sat Apr 16, 2005 6:38 pm
Location: Germany

Wed Mar 21, 2007 12:59 am

It appears that your hotspot's default gateway is on address 10.1.0.1, which is part of the hotspot network itself and thus connected to the interface that the hotspot is active on (bridge1).

That is not a good design. You should have a separate client-facing interface on which you run the hotspot and another separate interface to connect to your upstream gateway. The hotspot should not be active on that upstream interface.

If you need more than one client-facing physical interface for the hotspot then you can bridge ports just like you did (but do NOT include the upstream interface in the bridge) or just connect a transparent layer 2 switch to the router's hotspot interface.

--Tom
 
dawam
Trainer
Trainer
Posts: 136
Joined: Wed May 31, 2006 1:40 pm
Location: Malaysia

Fri Mar 23, 2007 2:54 pm

If you need more than one client-facing physical interface for the hotspot then you can bridge ports just like you did (but do NOT include the upstream interface in the bridge)
--Tom
How can this be made possible Tom, I have difficulty understanding this, But I think this could be the right design,

What I presently have is to define hotspot servers on each interface, ether0,ether1 on my RB532 seems to have very high CPU. 100% most of the time.

I am thinking of having just one Hotspot server and bridge the interface, and hope to lower the cpu

Kirra :: sorry for hijacking the thread..I have been trying to get the right design and going round and round.


Mat
 
kiira
newbie
Topic Author
Posts: 26
Joined: Fri Sep 10, 2004 1:44 am

Mon Mar 26, 2007 8:02 pm

It appears that your hotspot's default gateway is on address 10.1.0.1, which is part of the hotspot network itself and thus connected to the interface that the hotspot is active on (bridge1).
Yes, 10.1.0.1 is a port on a Cisco 7509.
That is not a good design. You should have a separate client-facing interface on which you run the hotspot and another separate interface to connect to your upstream gateway. The hotspot should not be active on that upstream interface.
OK I see. So there is no way to run the hotspot on bridged interfaces if the default gateway is part of the bridge network.

I had hoped to simplify my network slightly and use the authentication MT machine as a transparent traffic shaper as well as a hotspot. So I will need two machines now I see.

thank you,

Kiira
 
User avatar
GWISA
Member
Member
Posts: 394
Joined: Tue Jan 31, 2006 2:37 pm
Location: Johannesburg, South Africa

Tue Mar 27, 2007 12:56 am


OK I see. So there is no way to run the hotspot on bridged interfaces if the default gateway is part of the bridge network.

I had hoped to simplify my network slightly and use the authentication MT machine as a transparent traffic shaper as well as a hotspot. So I will need two machines now I see.

thank you,

Kiira
You can run hotspot on a bridged interface, just not in the way you are trying.

You can use the MT as you'd like to, but just don't bridge the hotspot interface.

Either that, or just try changing the gateway of your DHCP config to be 10.1.0.1, and not the hotspot itself...
 
kiira
newbie
Topic Author
Posts: 26
Joined: Fri Sep 10, 2004 1:44 am

Tue Mar 27, 2007 8:56 pm


Either that, or just try changing the gateway of your DHCP config to be 10.1.0.1, and not the hotspot itself...
I thought that would work too but it did not. The config I posted was the one I went back to after trying using the Cisco port as the gateway in dhcp.

In fact, nothing would work with the MT as a bridge whenever I turned on the hotspot. I couldn't even ping in the 10.1.0.0/16 network at all! MT 2.9.41

Kiira

Who is online

Users browsing this forum: PROXCON and 91 guests