Hello,
My name is David Horvath and I am currently using RB433's in the field at a university apartment complex. I have currently 21 RB433's deployed, all with Static eth1(uplink) IPv4 addresses. On each RB433 I have setup a hotspot on a bridge, the bridge includes not only the WLAN1 but also eth2 and eth3. So all users that connect to these networks have to login with a username and password and authenticate to a remote RADIUS server to access the internet. This is working out fine but I wanted to research if there is a better way of doing this. One problem I am having is that with the hotspot setup, any xbox's, playstations and other gaming stations need to be added to the IP bindings in order for them to be able to play online live. Not a huge problem but, has been mentioned. Another issue with users is that they need to login every time they disconnect from the network, unlike WPA2 authentication which has a passphrase and can automatically login, during the association to the AP the user must type in their username and password on the hotspot login page.
So, my question is this. Is there a better way to do this? I like the hotspot because of the accounting but, if I can make life easier for my customers by switching to WPA2, that might be best. Any suggestions or thoughts would be helpful.

Thank you in advance.

You could always use PPPOE to each user via the same username and password. The user can enter the PPPOE information in thier own routers or devices, that way it bypasses the hotspot but still has all that radius accounting stuff you love. anyone who isnt connecting via PPPOE would still have to pass hotspot authentication.

In winbox you would add the pppoe server to the interface, then setup the radius stuff in the secrets tab.

What type of radius software are you running?

use hotspot cookie, to ease the login for consoles and other equipment.

Also, you can use mac-authenticate, so that certain devices could log in automatically.