Hi There

Is it possible to keep the same routing marks between routers? In other words, if I mark packets or traffic from a certain address list in one router - and give it a routing mark - can I see those routing marks in another router?

I have an RB1100 acting as my main firewall for the network - straight forward setup - port 1 - 5 is part of a bridge - bridge1

port 10 goes to ISP 1
port 11 goes to ISP 2
port 12 goes to ISP 3

I have usermanager up and running on same unit - and PPPOE server running on bridge1 using radius with the 127.0.0.1 config - that is all working.

I know its bad practice - but I have an IP address assigned to the bridge - of 192.168.1.3/24 , however in the DHCP setup that is also running on the bridge - I assign out addresses and give the gateway as 192.168.1.1 - but the scope is 192.168.0.100 - 192.168.0.200 - so the users cant access 192.168.1.1 ( not only as it doesnt exist - but its on another sub net so they cant access it. I assign my servers in the 192.168.1.x/23 range - so they can all access the gateway address without needing to dial up, and the users have access to the servers on the LAN.

Its a simple method of forcing the users to dial up.

Anyway - in usermanager I use address list of either ISP1, ISP2 or ISP3 for the user accounts - so when they dial up, they get an random IP from the pppoe pool, and a certain list - which then gives them routing marks - and from that they use one of the ISPs.

That entire system works fine.

Problem is I have some users with android tablets - and they cant dial up - as they have no built in pppoe client - and although I have recently found out you can get a client for it - I want them to be able to use a hotspot method of gaining access. I setup the hotspot - to also use the usermanager, and that works fine. Except the hotspot breaks the LAN connectivity to the SERVERS - and prevents the servers from being able to use the gateway without connecting to the hotspot - so I tried removing the bridge - placing the 192.168.1.3 on interface 2 of the router, and set the PPPOE on that as well, and then set a hotspot on interface 1 - but even like that the hotspot still seems to destroy the network - its like it blocks anything unless you connect. So to play it safe I have gone back to my first setup - and decided to use a hotspot in another router - that router uses radius to connect to the first router.

I have this method as the most stable - or the method that guarantees that the first routers operation and the LAN functions as normal - this only works because I now connect the AP to the second router - so the hotspot is not on the LAN. This means anyone connecting to wireless can gain access - but they all go through ISP1 regardless of their address list. I see in the second router- in hotspot they get an address list they are meant to - so I give them a routing mark in the second router - but this doesn't pass through to the first router.

Also, they only have server access when they connect to the hotspot - which I guess I can get around with walled garden setup - but I haven't played with that yet. If the walled garden setup works well - I could try setting up the hotspot in the first router again - and place all the servers in the walled garden etc - but I have decided that I cant risk causing any network issues - as we have about 200 machines hitting the file servers so the only way I want to go - is to use the second router - and take the AP off of the first routers and place them on the second router.

So if there was a way to detect the routing marks that the traffic got in the second router - in the first one I guess that the system would work - is this possible?

routing marks are router internal thing and cannot be passed in direct way to another router. In any case you will have to determine if packet should be marked and then mark it on every router these packets are passing through.