You want to have a loopback ip address on a bridge interface that does not have any ports associated to the bridge, and have that in the ospf networks that are being advertised. It is good to make that loopback ip the same as the router id in the ospf process that way it is easy to tell which routers are sending what (network reachability updates). Also you can log into the the router via that loopback address in a bind.

The other advantage of loopback (especially in MPLS setup) is that the loopback address will not go down if one of the interfaces is disconnected (as might happen with an IP on a WLAN). It also helps with keeping Source IP consistent when using it in RADIUS or anywhere else that you specify source IP.

Ok

But how do you connect to that loop back address when the IP address is ex. 127.11.11.11 if all you WISP is 192.168.x.x network? How ? Magic?

Don't assign a 127/8 address.

There's some confusion of terms here. There's the loopback interface built into many operating systems that is an always up, virtual interface that only exists in software that the computer is guaranteed to be able to use to talk to itself, facilitating communication between different processes. That's all the term 'loopback interface' means, though. It so happens that most operating systems use localhost addressing within 127/8 for that loopback interface since they never need other machines to reach it. There's no reason you can't assign any other IP address to the loopback interface.

Assign a normal, routable IP address to your empty bridge (which is how you fake out a loopback interface in RouterOS), and make sure it gets propagated through routing protocols. At that point you're no longer reliant on IP addresses on physical interfaces - which are IP addresses that may become unreachable when the physical interface (or the link it is connected to) goes down. The loopback interface will be reachable through ANY physical interface the router has, and thus will be reachable as long as there's even just one link into the router.

Loopback address has no practical application here is why.


Like you said, there has to be at least one link working (connection wire/wireless) to the device. So, you have interface with ip to connect. You don't need any loopback interface etc. since there has to be at least one virtual or physical interface with ip address.


You don't need to/have to complicate things on the ex. Routerboard.

if 2 wireless cards die on 2 minipci router board. and you have not assigned any ip address to physical or logical interfaces than you can not connect to it even thru cat 5 /RJ45 media.

But i agree, if i configure let say one bridge or virtual interface with my WISP subnet ip range address, than, yea , i would be able to scan and log in to the RBoard with telnet, WWW, SMP, etc.

Stand alone bridge interface with WISP ip address is good choice/suite the need for loop back interface. Well planned. LOL

thx

Loopback address has no practical application here is why.


Like you said, there has to be at least one link working (connection wire/wireless) to the device. So, you have interface with ip to connect. You don't need any loopback interface etc. since there has to be at least one virtual or physical interface with ip address.

It has a very practical application. If a single interface is active and advertising the loopback IP into the IGP then I'm still able to access the router by the same, consistent IP (loopback IP) without having to worry about exactly which physical interface is up.

Loopbacks also provide routing protocol stability as they provide a single, consistent source address to be used for routing protocol updates and session termination. More info.

if 2 wireless cards die on 2 minipci router board. and you have not assigned any ip address to physical or logical interfaces than you can not connect to it even thru cat 5 /RJ45 media.

True. MikroTik developed MAC Telnet for situations like this. But, of course it requires direct layer 2 communication.

Loopback address has no practical application here is why.


Like you said, there has to be at least one link working (connection wire/wireless) to the device. So, you have interface with ip to connect. You don't need any loopback interface etc. since there has to be at least one virtual or physical interface with ip address.

It has a very practical application. If a single interface is active and advertising the loopback IP into the IGP then I'm still able to access the router by the same, consistent IP (loopback IP) without having to worry about exactly which physical interface is up.

Loopbacks also provide routing protocol stability as they provide a single, consistent source address to be used for routing protocol updates and session termination. More info.

Another practical application is to keep your source IP consistent when using RADIUS. The RADIUS server needs to get the auth packet from the same IP every time (or you will need multiple NAS entries for the same multihomed router - a pain to maintain)

Qoute:

"Another practical application is to keep your source IP consistent when using RADIUS. The RADIUS server needs to get the auth packet from the same IP every time (or you will need multiple NAS entries for the same multihomed router - a pain to maintain)"


If you mean by Radius server MTik User Manager not quite exact. You still need for each NAS in Radius ( user manager MT) different ip addresses, other way Radius Srv, wont accept new NAS.
This is espacialy complicated/dificult when you run muiltiple hotspot on one device.

You have to trick the Radius server so it thinks it comes from different NAS, IP aliese on different subnet are linked to the same physical interface.

No, you misunderstand. This is useful for routers that are RADIUS clients. You can set the source IP address the built in RADIUS client uses. If you don't set it, it will use the IP address of whatever interface the ACCESS REQUEST leaves the router through, so you have to enter all interface IP addresses the client has on the RADIUS server, and it probably will not work right when subsequent CoA packets come sourced from a different IP. When you have a loopback interface you use it as the source and have a consistent IP address that the RADIUS server sees, regardless of interface status. Much easier to manage.

Loopbacks also make it possible to map that loopback IP to a DNS name so you can access the device without remembering IP addresses. Very useful on larger networks.
Also, NAT.

Loopback interfaces are incredibly useful.

Do you add the loopback ip address to local DNS server cach? as static? in MTik RB?

And again in Hotspot scenario you have to have each hotspot on different subnet, so if you have 3 routerboards with 3 hotspots ( A,B,C ) on each , and each had own subnet then you will have set the gateway ip address of the subnet on which the Radius Srv is running with Allies to those hotspot subnets, to trick the Radius Srv ,so he thinks those A1, B1, C1 hotspots are running on different NAS, but in real life the are virtual SSIDs on one physical AP and one antenna for example.


I will check the loopback with DNS, sound COOL.

Ok i check with my web browser to access my core router with the loopback ip (bridge int.) configured with 10.0.0.1/8 ip address. and add static DNS entry with name : loopback750 , and i entered that in my web browser got : google search results.



Ok

Web Browser = No , but , Winbox= YES YES , work MANN COOL, i can access the router by name COOOL, i will call him , coolloopback.

And yea, OSPF or static routes must running.

I just use the RADIUS attribute made for that purpose:
http://wiki.mikrotik.com/wiki/Manual:IP/Hotspot/Profile

radius-location-name (string; Default: ) RADIUS-Location-Id to be sent to RADIUS server. Used to identify location of the HotSpot server during the communication with RADIUS server. Value is optional and used together with RADIUS server.

There's also a location ID. They are standard RADIUS attributes for WISPr, and any decent RADIUS server can make decisions based on them. I have between 2 and 10 Hotspots on VLAN interfaces on all my routers that have the Hotspot packet installed and use the same single RADIUS source IP for all Hotspots on each of them.

The DNS name mapped to the loopback IP for administrative access goes on whatever your name server is. Could be a static entry in a RouterBOARD if that is what your client uses to resolve names. A real DNS server probably scales better.

That will work in bridge WISP but not in routed WISP.

Don't forget that MTik Routerboard UserManager 4.0 ( Radius Srv ) only accept Radius clients ( hotspots Srvs, NAS ) with different ip address. So, you can not have Hot spot A an Hotspot B with different ip address on the same subnet. Or you can share the ips/subnet /24 among those three hotspot A , B, C.

By giving them 50 addresses each. and the Accounting/Comunication/Authentication between the hotspots on one Solo(1 radio) Access point User Mgr ( Radius Srv ) will be baced on Location ID and Location Name, and maybe on Domain name.

See i don't know exacly, how Radius prioritize the connection to the hotspot ,In what order. It is importan.
i have idea, on what but not idea in which order. I did work bace on subnet, thou.


"There's also a location ID. They are standard RADIUS attributes for WISPr, and any decent RADIUS server can make decisions based on them. I have between 2 and 10 Hotspots on VLAN interfaces on all my routers that have the Hotspot packet installed and use the same single RADIUS source IP for all Hotspots on each of them."
----------------------------------------------------------------------------------
i must check this cause i try to do it with one source ip with no saccess.

can you post two screenshots of your two hotspots radius clients configurations to compare?