Community discussions

 
netwpl
newbie
Topic Author
Posts: 25
Joined: Fri Jun 22, 2012 8:09 pm

One SSID with Access-list mode

Sat Feb 09, 2019 7:51 pm

Hi folks!

ive read and read the manual but i do not get smart.

I need one SSID hosted on my Mikrotik and want that my clients get identifacted by access-lists with their MAC Address. Also they should use their own PSK.
well. thats works but i dont know how to configure those vlans and bridge settings, so that every user gets his own VLAN.

for example: If user ADAM connects to SSID NETWORK, the router looks in the access-list and accept hist private PSK 12345678. Afterwards he get his VLAN (vlan 20) untagged, cause i want to isolate clients in their VLAN so that they cant access each other (firewall rules)

i think my greatest problem is understanding the new bridge / VLAN Filtering cause im not familiar with it.

where to bind all VLANS (to an ethernet interface?) and how could i host 1 DHCP per VLAN. cause when i put those vlans in my bridge as ports, i cant host a DHCP on them, cause of slave interfaces.

maybe someone could give me config snippets so that i can reproduce this.

THANKs BR

Paul

PS: i want to work with the bridge/VLAN function and not with multiple Bridges if it isn't necessary.
 
anav
Forum Guru
Forum Guru
Posts: 2442
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: One SSID with Access-list mode

Sat Feb 09, 2019 9:26 pm

You are deciding on a solution space without really communicating your requirements.
There may be much better ways to use the features and functionality within the router to accomplish what you are trying to achieve.

Thus recommend you write down some good sentences describing what you want to accomplish without referring to the how it should be done, or what equipment you need to do it with.
This will help clarify your and our understanding of the requirements. After that design, and solutions and equipment flow naturally
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
 
netwpl
newbie
Topic Author
Posts: 25
Joined: Fri Jun 22, 2012 8:09 pm

Re: One SSID with Access-list mode

Sat Feb 09, 2019 10:21 pm

ok, thanks for your reply!

this are my customer requirements:

we are talking about a campus WLAN Network with 400 Appartments and some meetingpoints.

- the plan is to use 2 WLAN SSIDs - 1 Public SSID (for guest-network) , 1 Appartment SSID.
- every appartment tenant should get the possibility to login into the Appartment SSID
- 1 Private PSK per Appartment VLAN (PSK cause the clients are also using apple tv, firetv sticks.., WPA EAP got more problems with those clients)
- after successful login, the clients should get an IP Address from the DHCP Server hosted on the Appartment VLAN and be part of this appartment vlan
- the clients in VLAN X from the Appartments should be isolated from all other VLANS

in the best case i would not need an radius-server. maybe there are commercial external radius-server web-portals, so that a power-user (porter) can handle radius-user changes.

thank ou for your help!

BR
 
anav
Forum Guru
Forum Guru
Posts: 2442
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: One SSID with Access-list mode

Sun Feb 10, 2019 4:39 pm

I see the problem,
You want 400 apartments to share a single SSID, but each have its own unique wpa2psk password.
The public SSID is the easy part.

For me a radius server makes sense in this case where you have a fixed and known group of 400 users (not dynamic).
I am not familiar with the MT hotspot capabilities yet, but I am sure there is some functionality that might also assist but its probably geared towards the temporary dynamic type of user.

You will have to have many access points to service 400 apartments as well.
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
 
gotsprings
Long time Member
Long time Member
Posts: 690
Joined: Mon May 14, 2012 9:30 pm

Re: One SSID with Access-list mode

Mon Feb 11, 2019 6:55 pm

Seems you would want a SSID and ports per apartment. Then have the "public SSID" run across all the hardware?
"It ain't what you don't know that gets you into trouble. It's what you know for sure that just ain't so."
Mark Twain

Who is online

Users browsing this forum: No registered users and 6 guests