Hello all,
I am trying to plan for some networks where I have to use Mikrotik CCRs as hotspot splash page routers and then some non Mikrotik wireless APs that have the client to client isolation. At any time, there will be less than 1000 devices online, and they are mostly long term users (students in a dorm), so with mac cookie set to say 90 days, there wont be much load on the Mikrotik router as for as serving login pages are concerned (other than anyone adding a new device or some guests over) and other than acting as a NAT router, and a DHCP server. The Internet service could be 2Gbps (delivered on a 10Gig fiber). Freeradius on a separate server with user accounts set up on SQL database on it, as well as this server will also host the external splash page, that hotspot router will redirect connecting users to.
Will a CCR like 1009 with dual power supply units and a 10Gig SFP+ slot be good enough for this need?
Also to ensure there is no single point of failure, can I use a redundant setup where the two routers are set up in a VRRP fashion and with same configuration essentially as is the case with Master / slave VRRP routers, but I am not sure if this arrangement can replicate mac-cookies.
Another question I have is in regards to loss of a single radius server. Does mac cookie send a proxy request on behalf of user as soon as it sees a returning device from its mac address? Or it simply does not do any radius authentication for the users who have a mac cookie saved in it? But in that case, what happens to radius accounting, as radius will need to first authenticate and then only accept radius accounting (unless mac cookie implies that router / NAS does not send any disconnect radius accounting to radius for it to remove the user.
Thanks for your help and guidance in this regard.