MikroTik

what i beter for large LAN?

hotspot will be easier for customer. for pppoe you need to teach the customer how to make the connection plus some OS need special tool. hotspot can be completely transparent to customer, and he does not need any special config in his PC

hotspot will be easier for customer. for pppoe you need to teach the customer how to make the connection plus some OS need special tool. hotspot can be completely transparent to customer, and he does not need any special config in his PC

thank you Normis - i'm more interest about securiti of the two connection types and which have less potential ways for users to get more speed than they have paid or to disturb internet connection of another user (steel IP or MAC address, broadcast fake packages, steal passwords with sniffer ...)

i think better will be use of pppoe, more secure than hotspot...

and if u plan to disable default forward then on pppoe users can still ping each other but they are over control of queue

on hotspot i don't know how it works...

another question how secure is hot spot, can anybody snif ?
can wlan clinets see each other when default forward is disabled ??

I also lean more towards PPPoE. It's more traditional in regards to dialup internet services - and it doesn't require a customer to first open a web browser and browse to a site, prior to using whatever protocol he wants, such as DNS, FTP, IRC, etc...

Most modern OSes has built in PPPoE support... Even *nix

i think better will be use of pppoe, more secure than hotspot...

and if u plan to disable default forward then on pppoe users can still ping each other but they are over control of queue

on hotspot i don't know how it works...

I think if you don´t know hotspot, before tell an opinion may be know this... I only use hotspot in all my nodes and clients and have an absolute control over all when is well configured, obviusly...
Regards!
Alessio

I also lean more towards PPPoE. It's more traditional in regards to dialup internet services - and it doesn't require a customer to first open a web browser and browse to a site, prior to using whatever protocol he wants, such as DNS, FTP, IRC, etc...

Most modern OSes has built in PPPoE support... Even *nix

You can permit and customer to bypass hotspot doing a binding rule or auto connect by MAC, and in routers you have to set Dynamic IP or Static and hotspot work freely to the LAN... I think hotspot is better, require less resources and is a modern connection type with very much publicity
Regards
Alessio

I also lean more towards PPPoE. It's more traditional in regards to dialup internet services - and it doesn't require a customer to first open a web browser and browse to a site, prior to using whatever protocol he wants, such as DNS, FTP, IRC, etc...

Most modern OSes has built in PPPoE support... Even *nix

------------------------------------------
I thing MT is incredible, that's for me,
simple answer to that about:
pppoe and hotspot is not more difference, but importan for clever methode to make easy to connect to the gateway. cause with pppoe you must have extra time to make dialer on client access. for example: os windows'98 u must install first additional raspppoe for more info at: http://www.raspppoe.com/

1. if you want busy for first client to make connect to, u can you can use pppoe system.
2. if you want to make easy like PnP u can use hotspot

for large lan i thing is no problem, the problem is your limited of your license for access point.

Peace all
Balimore dot com
-------------------

I also lean more towards PPPoE. It's more traditional in regards to dialup internet services - and it doesn't require a customer to first open a web browser and browse to a site, prior to using whatever protocol he wants, such as DNS, FTP, IRC, etc...

Most modern OSes has built in PPPoE support... Even *nix

You can permit and customer to bypass hotspot doing a binding rule or auto connect by MAC, and in routers you have to set Dynamic IP or Static and hotspot work freely to the LAN... I think hotspot is better, require less resources and is a modern connection type with very much publicity
Regards
Alessio

hmm but when u use mac auth then somone else can connect, u know war driving... in my are this is first problem of ap and my net.

In theses cases you need to associate the MAC to connect only from an IP, or don´t use MAC authentication, use cookie or binding type bypass...

Even better, if you have an Atheros card, setup up another virtual AP. Whereby you can run Hotspot and PPPoE simultanously.

We offer hotspot and PPPoE always together, so the customer can choose. Its very easy to setup and both options authenticate to the same radius server. (eric: you don't need an virtual AP for that. Thus, it works on Prism etc as well)

In theses cases you need to associate the MAC to connect only from an IP, or don´t use MAC authentication, use cookie or binding type bypass...

cookie is good

what about this case:

1. client connects with mac 00:01:02:03:04:05 - login and pass then cookie
2. spoofed mac clinet connect with mac 00:01:02:03:04:05 - did he also gets access to internet ? I meen my real client is authenticated and running, then spoofed mac client connected will also use or not ?

auth will be by https and login with cookie.

Hmm and another question is hotspot always use 1to1 nat ? Can i use routed ip not private like in pppoe?

By my experience, NAT 1to1 work only if you put an IP Pool in Address Pool in the Hotspot Server... and to route Public IP you need to create a bridge interface between the public and the hotspot interface...
If in your area have wireless hackers or security problems, i don´t recommend to use any autologin method.
But i remember you, better security is binding the username with the IP and the MAC Address...
Regards!
Alessio

ok but when one client is connected and authenticated then some one spoofing mac can also use internet , then i think there i cannot secure conection only for my client
on pppoe i can...

May be, but i think:

1) Do the AP to not permit more than 1 MAC registered simultaneously.
2) Cloning MAC is not sufficient to have access...
3) Cloning IP is a terrible address conflicts between both connections...

4 and last) By your persistence, i recommend you to use PPPoE and do not disturb more

Regards!
Alessio

We offer hotspot and PPPoE always together, so the customer can choose. Its very easy to setup and both options authenticate to the same radius server. (eric: you don't need an virtual AP for that. Thus, it works on Prism etc as well)

Then it means that you can use one PC Router interface to conect both kind of clients, by Hotspot and by PPPoE mode? using only one AP?, let me know more about how to do that!!!

bouth PPPoE and Hotspot have the same big problem with QoS control.
non of them offers complite solution for QoS control - only veri basic shaper.
it will be good if Mikrotik have sistem where you need only to enter service port numbers and set priority, automatic queues generation where you can specify 2-3 or more source/destinations (MARKs) and set them different speeds and priority.
all this is possible even now but will cost you big headache and some weeks to set it up (the manual can't help you with this level of complicated setup)
we only can hope Mikrotik developers manage to do it soon.
i will pay gladly double price for this tipe of advanced setup.

you can just use dhcp for mac based auth and assign ip and bandwidth based on the mac, doesnt require hotspot, only dhcp server.