Hello
I have the following setup
Capsman running on RB1200, which dials up into ISP as PPPoE. This main router needs to implement Qos and security.
There is SINGLE wifi SSID which is published using Capsman.
The idea is that certain known MACs are to be authenticated by Userman, and given IP address from a certain set (either dhcp pool1 or maybe a certain subnet). All these authenticated MACs are to be trusted and can talk to each other, can use all BW etc.
All the MACs which are not in the Userman are to be given a different IP address(dhcp pool2 or other subnet). They can talk to authenticated MAC for only a few IP addresses(not all) and have very restricted BW to internet.
All this needs to be implemented in one single RB1200 (no free radius etc).
I have thought of three VLANs (one VLAN has full Qos, Other VLAN is for certain devices which can talk to all and third VLAN for restricted untrusted MACs). But however I plan, I cant seem to get past the limitations of userman/dhcp. If I forego all VLANs (will use different subnets in that case and not bridge those) I just cannot get the Userman and DHCP to work together. Its either accept-accept or accept-reject. (ie, if dhcp not in list, kick that client away).
Can somebody guide me in this approach.
Or
(brainstorming) - I make two bridges, one bridge consults userman, kicks the client to bridge 2(how do i do that). Bridge 2 is running normal dhcp and doles out address from pool2.
Thanks
Nitin
Re: Capsman+Userman based Qos and authentication
Nobody?
To clarify, the problem is
1. Use single SSID (capsman) and few others.
2. Assign address from pool1 if MAC is present in trusted MACs.
3. Any new MAC is considered untrusted and is given dhcp from pool2.
The other problem (Qos, communicating beyween each other) is trivial and can be easily accomplished using packet mark/simple queue/address list.
How do I make userman respond which pool to use when dhcp asks it? Userman/dhcp combo seems to be dumb here - It can only reply if the mac is present or not, so dhcp either assigns or not.
PS - This problem is easily solved by Dynmic VLANS but as usual this simple feature is absent in mikrotik. I thought of this and thats why I asked in earlier post if VLAN involvement was to be used.
To clarify, the problem is
1. Use single SSID (capsman) and few others.
2. Assign address from pool1 if MAC is present in trusted MACs.
3. Any new MAC is considered untrusted and is given dhcp from pool2.
The other problem (Qos, communicating beyween each other) is trivial and can be easily accomplished using packet mark/simple queue/address list.
How do I make userman respond which pool to use when dhcp asks it? Userman/dhcp combo seems to be dumb here - It can only reply if the mac is present or not, so dhcp either assigns or not.
PS - This problem is easily solved by Dynmic VLANS but as usual this simple feature is absent in mikrotik. I thought of this and thats why I asked in earlier post if VLAN involvement was to be used.
Who is online
Users browsing this forum: Belette, Bing [Bot] and 27 guests