Community discussions

MikroTik App
  4. RouterOS
  5. Beginner Basics

How i can make 6 Hotspot servers in RB2011UAS

Locked
 
hi4ibb
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 97
Joined: Mon Jan 18, 2016 4:36 pm

How i can make 6 Hotspot servers in RB2011UAS

Mon Jan 18, 2016 4:58 pm

Hi all

i have RB2011UAS-2HnD and 6 Nanostations as AP, and i want to connect every AP to router with different gateway , but i want all connect with one user manager ?

eth1 - 192.168.1.1/24 [WAN]
eth2 - 192.168.10.1/24 [LAN 1]
eth3 - 192.168.11.1/24 [LAN 2]
eth4 - 192.168.12.1/24 [LAN 3]
eth5 - 192.168.13.1/24 [LAN 4]
eth6 - 192.168.14.1/24 [LAN 5]
eth7 - 192.168.15.1/24 [LAN 6]

as the pic on attachments

plz anyone can help me ?
You do not have the required permissions to view the files attached to this post.
Top
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4047
Joined: Wed May 11, 2011 6:08 pm

Re: How i can make 6 Hotspot servers in RB2011UAS

Wed Jan 20, 2016 6:35 pm

Why not just do client isolation in the APs and then use split horizon on the router so that you have total client isolation:

First, set all physical ports on the switch to master=none

Then add the hotspot bridge.
/int bridge add name=hotspot-bridge

Next, for every ethernet interface with an AP attached, connect it to the bridge and configure horizon=1
/int bridge port add bridge=hotstpot-bridge interface=ether2 horizon=1
/int bridge port add bridge=hotstpot-bridge interface=ether3 horizon=1
/int bridge port add bridge=hotstpot-bridge interface=ether4 horizon=1

This enables split horizon - so any two devices on the same horizon cannot talk to each other.
If each link is direct to an access point, and the access point has client isolation enabled, then the users' devices cannot contact each-other.

Then you just have one hotspot network.
Top
 
dkalam
just joined
Posts: 17
Joined: Fri Aug 13, 2004 1:18 pm

Wed Jan 20, 2016 7:07 pm

If i had 2 virtual APs in every AP tagged with different vlan id's and wanted to not "speak" to each other, would this configuration with the split horizon attribute enabled help me to keep the 2 vlans separated? or i must add firewall rules to forbit communications between the vlans?

Στάλθηκε από το Redmi Note 3 μου χρησιμοποιώντας Tapatalk
Top
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4047
Joined: Wed May 11, 2011 6:08 pm

Re:

Wed Jan 20, 2016 7:21 pm

If i had 2 virtual APs in every AP tagged with different vlan id's and wanted to not "speak" to each other, would this configuration with the split horizon attribute enabled help me to keep the 2 vlans separated? or i must add firewall rules to forbit communications between the vlans?
You will need firewall rules to prevent IP from forwarding between the VLANs. Split horizon bridging is a layer2 (ethernet-layer) thing, and prevents direct host-to-host communication. Split horizon keeps members of each VLAN from talking to each other (intra-vlan), and firewall rules prevent inter-vlan communication.

As for whether the single split horizon configuration works for both vlans, it depends on how your bridge is set up.

If you have a single bridge with the raw interfaces as ports, and then create a vlan sub-interface of the bridge (e.g. /interface vlan add name=myvlan vlan-id=10 interface=bridge1), then yes, the split horizon would limit the un-tagged vlan and the tagged VLAN as well.

split horizon means that traffic can't go out an interface on the same horizon as the iterface where the traffic was received.
This is true whether or not the ethernet frames have dot1q tags.

Now, if the vlan interfaces are applied directly to the raw ethernet ports, and then the vlans have their own bridge, you could just put the horizon=1 value on the vlan interfaces on the vlan bridge, too.

The only way this isn't going to work is if the ethernet interfaces are forwarding through the hardware switch, although there might be a way to achieve this same result in the switch menu - not sure about that though.
Top
Locked
  4. RouterOS
  5. Beginner Basics