We have a hotspot runing over 433
Al user have a mikrotik rb711 as a client device with a mascarade and authentifi by mac

CLIENTE > /ip firewall nat pr
chain=srcnat action=masquerade src-address=192.168.2.0/24

Problem is than private ip like 192.168.2.x apear on HOST as dinamic


/ip hotspot host> pr
Flags: S - static, H - DHCP, D - dynamic, A - authorized, P - bypassed
# MAC-ADDRESS ADDRESS TO-ADDRESS SERVER IDLE-TIMEOUT
0 HA 00:0C:42:05:4F:CC 10.5.50.182 10.5.50.182 ht
1 DA 00:0C:42:05:4F:CC 192.168.2.97 10.5.50.101 ht

The we need top put in hotspot-server-addressper mac to 2 because else the login pages is appert to the user

I need help

What device is the 10.5.50.182? Is that the mac and ip of the RB711 interface?
How is the 711 set up?
/ip address
/ip route

ADD: I am a fan of using the "out-interface" parameter rather than "src-address" in the masquerade. I route my internal networks, so that really messes things up. If wlan1 is not the interface name that connects with the hotspot, change that.

What device is the 10.5.50.182? Is that the mac and ip of the RB711 interface?
YES


/interface wireless> pr
Flags: X - disabled, R - running
0 R name="wlan1" mtu=1500 mac-address=00:0C:42:05:4F:CC arp=enabled interface-type=Atheros AR5413
mode=station ....

/ip address> pr
# ADDRESS NETWORK BROADCAST INTERFACE
0 192.168.2.1/24 192.168.2.0 192.168.2.255 ether1
1 D 10.5.50.182/24 10.5.50.0 10.5.50.255 wlan1

/ip route> pr
# DST-ADDRESS PREF-SRC GATEWAY-STATE GATEWAY DISTANCE INTERFACE
0 ADS 0.0.0.0/0 reachable 10.5.50.1 0 wlan1
1 ADC 10.5.50.0/24 10.5.50.182 0 wlan1
2 ADC 192.168.2.0/24 192.168.2.1

If the masquerade is correct in the 711, the 192.168.2.x net should not be showing on the hotspot interface. No bridges or anything like that on the 711, correct?

ADD: I don't use devices with Level 3 licenses, so I am not experienced with that. There seems to be a "hotspot active users" limit of one on Level 3 licenses. Since the Level 3 license does not have AP capability, I will presume that this applies to clients behind the 711. ??
http://wiki.mikrotik.com/wiki/License_levels
Can anyone clarify that?

I have test a Nanostation 5 and not have this problem, Then i think problem is over mascarade cliente on mtk 711. I have tested with a 433 as a client with level 4 licence an i have the same problem...

Maybe if you did an export from the RB711 router and attach that file to your next post, someone would find the problem.

I have make a new test and now i dont now what is happening.
There is not any mascarade or nat

but the cliente ys login on hotspot with 2 adresses

/ip hotspot host> pr
Flags: S - static, H - DHCP, D - dynamic, A - authorized, P - bypassed
# MAC-ADDRESS ADDRESS TO-ADDRESS SERVER IDLE-TIMEOUT
0 HA 00:0C:42:7B:18:8F 10.5.50.254 10.5.50.254 hotspot1
1 DA 00:0C:42:7B:18:8F 192.168.2.101 10.5.50.253 hotspot1


If their not a nat or mascarade what is this....

Ya have attach a backp

THANKS

If there is no masquerade in the 711, like on my networks, the original ips will appear on the hotspot interface. It will leave the packet source address as-is (192.168.2.x). At that point (I have no hotspot there), I route the 192.168.2.x addresses back to the 711.

If there is a masquerade on the 711, then all packets on the hotspot interface will have the source address of your wlan interface (10.5.50.x).

ADD: Use export rather than backup. I can't use that. Mikrotik employees can tho.

Here is the file.

Thanks