HI

in /ip hotspot user mac-address

talk about this mac-address (MAC address; default: 00:00:00:00:00:00) - static MAC address. If not 00:00:00:00:00:00, client is allowed to login only from that MAC address

I have this scenary,

Server with Routeros and running Hotspot

and put the MAC-address in /ip hotspot user mac-address the MAC address the end user,

but, the user can login in this MAC-address, and in other Computer MAc-address.

the Server Routeros, is connect to AP, and this AP, make a PtM link to other CPE, and this CPE go with swtiche wired, to other two AP

the AP is all in bridge mode.

what is wrong, because when i am triying, put the aunthetification or filter with MAC-address of end user wireless CPE, no work, because the user can login in other Computer with different mac address.


thanks in advance really

1) What kind of the client authentication is enabled on HotSpot ?

2) What do you mean by,
>>but, the user can login in this MAC-address, and in other Computer >>MAc-address. ?

1) What kind of the client authentication is enabled on HotSpot ?

2) What do you mean by,
>>but, the user can login in this MAC-address, and in other Computer >>MAc-address. ?

HI sergejs, ok, the authentication is chap only in the profile of server hotspot, and try explain, if the user example, login: demo pass:demo, try login in to the Hotspot from other computer the Hotspot, send this message

you see in the files of hotspot error.txt

# wrong-mac-username
# If username looks like MAC address (12:34:56:78:9a:bc), but is not
# a MAC address of this client, login is rejected

wrong-mac-username = invalid username ($(username)): this MAC address is not yours


ok, the problem is, i am thinking now, this topology

______AP one
Hotspot ---AP(omni) ---CPE(especial) --- switch ----<
---------AP two



ok, the users when make link in AP one or AP two, the HOTspot only see the MAC-address of the CPE(especial) no the MAC-address of the wireless CPE from regular users


when see in /IP HOTSPOT HOST, onyl see the MAC-address of CPE(Especial), if have 50 customer in AP one, i will see the 50 times the same MAC-address of CPE(especial)


BUT, when the customer make a link to AP (omni), i will see the real MAC-address of user, and can match the MAC-address in /ip hotspot user add=EXAMPLE MAC-address= THE MAC OF THE USER CPE.

and WORK VERY FINE, when the user go to other Computer example the other user, and try use the login and password, the message is


wrong-mac-username = invalid username ($(username)): this MAC address is not yours

and work very fine.


i am thinking, this

Hotspot ---AP(omni) ----CPE(especial) --switch -etc.etc


the CPE is a Airbridge TOTAL of SmartBridges, and only see the mac-address this bridge, i remember smartBridges have a Firmware for work with transparent mac-address.

i will study again, the old firmware, in the FAQ of smartBridges, and i am correct, put the firmware, and test, and WRITE HERE the test


thanks in advance.

look this please, this in the FAQ of airbridge CPE



Is airBridge series a transparent device ?

Yes, using older firmware 0.09.10, airBridge is transparent bridge with single Mac support. With the newer firmware installed starting ver 0.01.04, it support multiple Macs and is not a transparent device anymore as it does Mac Nating. So when any PC sending traffic which is attached behind airBridge, it will replace with its own Mac#.



other item from the same FAQ

Does Mikrotik ver 2.7 works with airBridge ver 1.5 (F/W 0.01.04)?



Yes, it will work in respect to the following functionality which is tested working with airBridge ver 1.5

1) DHCP

2) PPPoE (using RASPPPoE client)

3) Hotspot (Enabled_address Method) - In this case, the ARP feature is set to enabled. When use together with DHCP, the Mac address seen by the Mikrotik is the Mac# of the PC for authentication but destine to airBridge Mac# in turn forward to PC. So based on this, you can enable auth-mac in Hotspot server for mac authentication. If it is static, the Mac# seen by the Mikrotik is airBridge, and you will be prompted to enter username & password.



In Hotspot's DHCP-Pool Method, this is not working.

Hotspot (DHCP_Pool Method) - In this case, the ARP feature is set to reply-only. Due to the fact that it is using DHCP to assign IP address for temporary and real address, the Mac# seen by the Mikrotik is the PC and it response to Mac# of the PC but is not exists on the hotspot's interface, the transaction failed and connect proceed.



you urdenstand ?,

1) What is the version of your HotSpot router ?
2) If you have enabled 'Universal client' on HotSpot server, than 'arp' should be enabled for HotSpot interface.
http://www.mikrotik.com/testdocs/ros/2. ... 7305699482

1) What is the version of your HotSpot router ?
2) If you have enabled 'Universal client' on HotSpot server, than 'arp' should be enabled for HotSpot interface.
http://www.mikrotik.com/testdocs/ros/2. ... 7305699482

the version is 2.9.32

and the interface the ARP is enable (default).

i am thinkining is the bridge CPE especial, the airbridge smartBridges because make MAC-NATting

Thanks in Advance, i will make a test and tell you