Page 1 of 1

Hotspot with devices behind NAT

Posted: Tue Dec 01, 2009 5:34 pm
by centsi
Hi all.

I'm experimenting with authenticating all of our users using the hotspot service and radius.

Our distribution points are all Mikrotik based and I would like to add hotspot functionality to all of them.

At the moment we are using the 3.30 firmware.

All of our customers use CPEs which are routers (most of which are Mikrotiks) and also use NAT, so that any customer PC, VoIP ATA etc. appears to the outside world as the same IP.

When trying to authenticate the CPEs on the hotspot using MAc addresses however, the hotspot somehow recognizes that the connection is coming from a different device. It also seems to authenticate incoming connections separately too.

I can opnly assume that this is something to do with the higher level protocols involved, but I'm not sure.

The reasons this is a problem are twofold:

1. I would like to assign an IP to customers automatically using radius. When different devices (and incoming connections) are attempted however, the hotspot tries to give the same IP to the newer authenticated connection and therefore removes it from the first. This causes constant breaks in the connection and I would assume only allows one device to work at a time!

2. It becomes impossible to control the number of times that a MAC address can logon!

I wonder if anyone else has come across this problem and if there are any answers?

The ideal situation would be for devices behind a NAT router to be treated exactly as if they were just one PC connected directly.

Does version 4 change this funcionality at all?

Thanks for any advice.

Re: Hotspot with devices behind NAT

Posted: Tue Dec 08, 2009 3:57 pm
by sergejs
All of the HotSpot customers are behind NAT correct?
Is there any way to give them directly connection (by bridge, not NAT/routing), then your configuration is possible without any issues.

Re: Hotspot with devices behind NAT

Posted: Thu Aug 25, 2011 1:28 am
by NGL
Are you saying that it is impossible to have a NAT behind a hotspot? if so what is preventing it? or rather why does the hotspot pull addresses behind the NAT like this: ... 21#p277421

and is there a way to turn it off?

Re: Hotspot with devices behind NAT

Posted: Thu Aug 25, 2011 11:02 am
by sergejs
and is there a way to turn it off?
I assume you mention HotSpot universal client to disable it,
/ip hotspot set <0> address-pool=none

Re: Hotspot with devices behind NAT

Posted: Tue May 23, 2017 12:04 pm
by m2c
Sorry for gravedigging, but this topic helped me like five years ago to solve the problem that OP had.
Unfortunately the problem returned after upgrade to v6.37.1 on one of my hotspots. It recognises hosts behind routers even when the address-pool is set to none.
Is it a bug or is there a new way to disable this feature?