Hi all,

I've a network with 400 customers and I want to reconfigurate it.

Today I've 6 Access points and I'm using the Access List to deny the access to unauthorized people and I'm using the simple queue to control de traffic speed.

This 6 Access points are connecteds to my office trhoug a 5.8 backbone and all them are configurated as bridge.

In my office I've a mikrotik machine that do the connection with the APs in 5.8 and it works as bridge too. This machine is connected to the gateway of my network that is a FreeBSD machine and it has the Gateway IPs of all my networks (3 /24 networks).

Now I want to do my network more security (for me, not for the customers). I want to prevent that not authorized people connecting in my network or that my customers change the IPs.

I don't want to use authentication. I prefer that the customers just turn on the computers and start to use the Internet without an authentication process.

I want sugestions of the friends in how can I improve my network?

PS: I want to use radius to concentrate the informations of queues and access list in a mysql database. But is important to me that the users just associate to a specific access point. I not allow roaming on my network.

All my customers have fixed IPs and the bandwidth control is make through the IP addresses.

Regards

Hi all,

I've a network with 400 customers and I want to reconfigurate it.

Now I want to do my network more security (for me, not for the customers). I want to prevent that not authorized people connecting in my network or that my customers change the IPs.

PS: I want to use radius to concentrate the informations of queues and access list in a mysql database. But is important to me that the users just associate to a specific access point. I not allow roaming on my network.

All my customers have fixed IPs and the bandwidth control is make through the IP addresses.

Regards

A good implementation of Radius will do everything you require in a central database. The open question _might_ be how to configure RouterOS to act as a full radius client and accept Radius' notion of how the show should be played out.

Another forum member or a MikroTik staffer might help you on that submatter. It is a little unclear to this writer how a supplicant gets graced by MikroTik, its distributors and, indeed, this forum.

We use Radiator to control association with two fairly disparate APs, namely Cisco and MikroTik (the former passes a password, the latter doesn't (or more accurately, passes the same password for each client association)).

Since we are a "best effort" and "share and share alike" network, there are examples published in the manual that are helpful for that; the main thing we see missing in the MikroTik documentation is a section, say Appendix A consisting of RouterOS error messages, their likely cause(s) and their likely resolution(s). MikroTik staffers have posted a number of times that the manual is complete, correct and contemporaneous, but I can't find Appendix A, or any other listing of operational error messages. I can't imagine the training classes are any different.

<http://wiki.mikrotik.com/wiki/How_to_se ... _By_Ramona> is a good starting point but not complete when compared to your objectives.

The implementation of Radius we use is Radiator and it can handle everything you mention. I presume other implementations of Rigney's et al's work (RFC) is as complete.

I hope this information is helpul.

regards/ldv