Community discussions

MUM Europe 2020
 
nordex
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 91
Joined: Fri Mar 23, 2007 7:46 pm
Location: Croatia

Is it possible - identify by switch port ?

Fri Mar 23, 2007 7:53 pm

I'm creating Internet solution for a hotel.

Now, they have working solution where each guest in a room is identified through MAC address of port of switch for that floor.

I'll write script to create user names and passwords through telnet on mikrotik, but I need to identify in which room is guest, first.

What switch can change it's port mac address ? (except cisco which is too expensive).
 
User avatar
jp
Long time Member
Long time Member
Posts: 600
Joined: Wed Mar 02, 2005 5:06 am
Location: Maine
Contact:

Fri Mar 23, 2007 9:04 pm

Switch ports don't have mac addresses. If a switch has a mac, it's just for remote management.
 
ste
Forum Guru
Forum Guru
Posts: 1819
Joined: Sun Feb 13, 2005 11:21 pm

Sat Mar 24, 2007 8:04 am

If your switch can, use vlans.
If not, consider pppoe.

Stefan
 
nordex
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 91
Joined: Fri Mar 23, 2007 7:46 pm
Location: Croatia

Sat Mar 24, 2007 10:25 pm

Switch ports don't have mac addresses. If a switch has a mac, it's just for remote management.
switch port can have different mac addresses, when creating vlans, on some switches you can specify it's mac address.

Can you tell me some non expensive switch that can do that,


I'll need at least 4 * 48 ports. or 8 * 24.
 
User avatar
tneumann
Member
Member
Posts: 394
Joined: Sat Apr 16, 2005 6:38 pm
Location: Germany

Sun Mar 25, 2007 12:26 am

Even if you find and install a switch that can set an individual MAC address for each VLAN, how would the MAC address of that switch port ever be communicated to the MikroTik router? All you will ever see on the MikroTik router is the MAC address of a client that is connected to that switch ports, but never the MAC address of the switch itself!

I assume that your goal is to implement a LAN hotspot for the hotel guests? Then all you need is an 802.1q VLAN capable switch (MAC address per port/VLAN or not doesn't matter - not needed). Define one VLAN per hotel room on the switch, and assign a room's access port to that VLAN so there will be a one-to-one mapping between VLANs and hotel rooms.

Then create a tagged link holding all VLANs between the switch and our hotspot router. Finally define a bridge on the MikroTik router and add all VLAN interfaces as ports to the bridge. This would basically negate the effect of the VLANs and bring them all back together into one big broadcast domain, and more importantly allow direct client-to-client communication, which you probably do not want. To fix this you can add a bridge filtering rule such as
add chain=forward in-bridge=bridge1 out-bridge=bridge1 action=drop comment="" disabled=no
With this the bridge interface basically gets reduced to an aggregation of VLAN interfaces without the ability to actually bridge traffic between the ports. That fits our bill perfectly.

Lastly create a hotspot configuration on the bridge interface and set up a radius server for the hotspot.

This setup will make the hotel room's VLAN available in the attribute NAS-Port-Id with each radius access request. You radius server and database can then check the VLAN information and derive a room number from that information.

--Tom
 
nordex
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 91
Joined: Fri Mar 23, 2007 7:46 pm
Location: Croatia

Sun Mar 25, 2007 12:31 am

tnx for detail reply. I need to identify them through mac addresses (or NAS-Port-Id ) because I need to know from what room they are connecting so I can make bill on hotel Fidelio system.

-From login page they will be transfered to custom page (walled garden) where they will push link 'Create account here...'.
-Then through php I'll retrieve their mac address
-through telnet I'll create mikrotik account, and
-through com port I'll have to update fidelio (that is yet uknown how-to-do part) for specific room number
 
User avatar
tneumann
Member
Member
Posts: 394
Joined: Sat Apr 16, 2005 6:38 pm
Location: Germany

Sun Mar 25, 2007 12:54 am

-Then through php I'll retrieve their mac address
-through telnet I'll create mikrotik account
This would be a lot cleaner and more reliable using radius (like I already suggested) with an underlying SQL database, then you'd need none of that ugly telnet and MAC-address-retrieval voodo.

With radius you'll get the VLAN (NAS-Port-Id) and the client's MAC address (Calling-Station-Id) delivered "for free" without any additional effort.

I'm running a similar setup. Here's a dump of a radius access request from that system:
Attributes:
        Acct-Status-Type = Start
        NAS-Port-Type = Wireless-IEEE-802-11
        Calling-Station-Id = "00:0E:35:8F:95:**"
        Called-Station-Id = "hs-kabelab"
        NAS-Port-Id = "vlan311"
        User-Name = "AA84**"
        NAS-Port = 2160066803
        Acct-Session-Id = "80c000f3"
        Framed-IP-Address = 212.23.135.**
        Mikrotik-Host-IP = 212.23.135.**
        Event-Timestamp = 1174774115
        NAS-Identifier = "bo-bren-hsg01"
        NAS-IP-Address = 212.23.140.***
        Acct-Delay-Time = 0
As you can see it includes all the information you need.

--Tom
 
nordex
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 91
Joined: Fri Mar 23, 2007 7:46 pm
Location: Croatia

Sun Mar 25, 2007 4:24 am

tnx for the tips.
 
Rabitech
just joined
Posts: 22
Joined: Fri Feb 09, 2007 10:14 am

Re: Is it possible - identify by switch port ?

Tue May 20, 2008 2:12 pm

Hi tneumann,

I have tried implementing this as you have described but it is not working. It looks like when the hotspot is running on a bridge, it is the bridge name that is sent in the Access Request, not the actual vlan name.

From mikrotik RADIUS client manual:
NAS-Port-Id - async PPP - serial port name; PPPoE - ethernet interface name on which server is running; HotSpot - name of the physical HotSpot interface (if bridged, the bridge port name is showed here); not present for ISDN, PPTP and L2TP

How were you able to achieve this?
 
dsobin
Member Candidate
Member Candidate
Posts: 160
Joined: Mon Jun 04, 2007 3:58 am
Location: New Jersey, USA

Re: Is it possible - identify by switch port ?

Thu May 22, 2008 6:17 am

I'm in the process of implementing this suggestion.

The "trick" is to give each vlan a unique name, and then attach each of the vlans as ports to the hotspot bridge. As the documentation says:
NAS-Port-Id...(if bridged, the bridge port name is showed here)
As a result, you should see the bridge port name, which is the name you assigned to the vlan, in the radius request packet.

My hotspot is assigned to a bridge, and I see the bridge port names of the non-vlan segments, which are wds wireless connections to other nodes. I expect to see the vlan bridge port names in the radius request packets as soon as I add them to the bridge.

I'm still not sure where to tag and untag the vlans to each of my remote nodes, but I expect that I'll get it sorted out soon. In the meantime, the radius part seems to be working as advertised.

Who is online

Users browsing this forum: HarolsdPhivy, valnuke and 88 guests