UserManager - Hotspot binding client to AP's MAC address
Posted: Sat Jan 19, 2013 8:08 pm
I am facing a problem that I just cant get around. I have searched the forum without success. Any help will be highly appreciated. Thanks in advance.
I have a network setup as follows:
DSL -Ether1- Mikrotik 750G (DHCP, Hotspot, Userman) - Ether2- Switch- APs
* The network consists of many APs connected through a switch to the 750G.
* Radius is enabled for hotspot (not for dhcp)
* In userman, for each user, I have enabled *MAC binding on first use*.
The issue is, the user manager is binding the user to the AP 's MAC address. This is the AP to which the client is connected. The DHCP server is showing the correct MAC address of the client but the hotspot is showing the AP's address. Obviously this results in only one client being able to get connected through an AP.
What is going on? How do I cleanly enable mac authentication (or binding)?
The config:
HOTSPOT
[admin@MikroTik] > ip hotspot profile print Flags: * - default
0 * name="default" hotspot-address=0.0.0.0 dns-name="" html-directory=hotspot
rate-limit="" http-proxy=0.0.0.0:0 smtp-server=0.0.0.0
login-by=cookie,http-chap http-cookie-lifetime=3d split-user-domain=no
use-radius=no
1 name="hsprof1" hotspot-address=192.168.4.1 dns-name=""
html-directory=hotspot rate-limit="" http-proxy=0.0.0.0:0
smtp-server=0.0.0.0 login-by=mac,http-chap,http-pap mac-auth-password=""
split-user-domain=no use-radius=yes radius-accounting=yes
radius-interim-update=received nas-port-type=wireless-802.11
radius-default-domain="" radius-location-id="" radius-location-name=""
radius-mac-format=XX:XX:XX:XX:XX:XX
DHCP Server
# jan/19/2013 23:22:46 by RouterOS 5.0rc1
# software id = XXX-XXX
#
/ip dhcp-server
add address-pool=hs-pool-2 authoritative=after-2sec-delay bootp-support=\
static disabled=no interface=ether2-local-master lease-time=1h name=dhcp1
/ip dhcp-server config
set store-leases-disk=5m
/ip dhcp-server network
add address=192.168.4.0/24 comment="hotspot network" gateway=192.168.4.1
USER MANAGER
[admin@MikroTik] > tool user-manager export
# jan/19/2013 23:24:00 by RouterOS 5.0rc1
# software id = XXX-XXX
#
/tool user-manager customer
add backup-allowed=yes currency=Dollars disabled=no login=admin parent=admin \
password=iofc_admin paypal-accept-pending=no paypal-allowed=no \
paypal-secure-response=no permissions=owner signup-allowed=no time-zone=\
-00:00
/tool user-manager router
add coa-port=1700 customer=admin disabled=no ip-address=127.0.0.1 log=\
auth-fail name=router1 shared-secret=1
/tool user-manager user
add caller-id=94:XX:XX:XXX:XX:XX customer=admin disabled=no name=test \
password=test shared-users=1
add caller-id=94:XX:XX:XX:XX:XX customer=admin disabled=no name=mtest \
password=mtest shared-users=1
* Both these MACs are AP MAC addresses.
I have a network setup as follows:
DSL -Ether1- Mikrotik 750G (DHCP, Hotspot, Userman) - Ether2- Switch- APs
* The network consists of many APs connected through a switch to the 750G.
* Radius is enabled for hotspot (not for dhcp)
* In userman, for each user, I have enabled *MAC binding on first use*.
The issue is, the user manager is binding the user to the AP 's MAC address. This is the AP to which the client is connected. The DHCP server is showing the correct MAC address of the client but the hotspot is showing the AP's address. Obviously this results in only one client being able to get connected through an AP.
What is going on? How do I cleanly enable mac authentication (or binding)?
The config:
HOTSPOT
[admin@MikroTik] > ip hotspot profile print Flags: * - default
0 * name="default" hotspot-address=0.0.0.0 dns-name="" html-directory=hotspot
rate-limit="" http-proxy=0.0.0.0:0 smtp-server=0.0.0.0
login-by=cookie,http-chap http-cookie-lifetime=3d split-user-domain=no
use-radius=no
1 name="hsprof1" hotspot-address=192.168.4.1 dns-name=""
html-directory=hotspot rate-limit="" http-proxy=0.0.0.0:0
smtp-server=0.0.0.0 login-by=mac,http-chap,http-pap mac-auth-password=""
split-user-domain=no use-radius=yes radius-accounting=yes
radius-interim-update=received nas-port-type=wireless-802.11
radius-default-domain="" radius-location-id="" radius-location-name=""
radius-mac-format=XX:XX:XX:XX:XX:XX
DHCP Server
# jan/19/2013 23:22:46 by RouterOS 5.0rc1
# software id = XXX-XXX
#
/ip dhcp-server
add address-pool=hs-pool-2 authoritative=after-2sec-delay bootp-support=\
static disabled=no interface=ether2-local-master lease-time=1h name=dhcp1
/ip dhcp-server config
set store-leases-disk=5m
/ip dhcp-server network
add address=192.168.4.0/24 comment="hotspot network" gateway=192.168.4.1
USER MANAGER
[admin@MikroTik] > tool user-manager export
# jan/19/2013 23:24:00 by RouterOS 5.0rc1
# software id = XXX-XXX
#
/tool user-manager customer
add backup-allowed=yes currency=Dollars disabled=no login=admin parent=admin \
password=iofc_admin paypal-accept-pending=no paypal-allowed=no \
paypal-secure-response=no permissions=owner signup-allowed=no time-zone=\
-00:00
/tool user-manager router
add coa-port=1700 customer=admin disabled=no ip-address=127.0.0.1 log=\
auth-fail name=router1 shared-secret=1
/tool user-manager user
add caller-id=94:XX:XX:XXX:XX:XX customer=admin disabled=no name=test \
password=test shared-users=1
add caller-id=94:XX:XX:XX:XX:XX customer=admin disabled=no name=mtest \
password=mtest shared-users=1
* Both these MACs are AP MAC addresses.