Hi,
I have an RB750 with eth2 connected to WAN and eth3 to LAN. I have hotspot set up on eth3 with DHCP pool 192.168.1.0/24. MAC Auth is enabled. Using UserManager as RADIUS. This is the stock standard kind of set-up. no funny firewall settings just what was given by hotspot set-up.

Everything is working. The MAC auth works 100% and the PC's get internet access and usage is tracked by UserManager as is needed.

My problem is that as soon as the hotspot server is enabled, all the PC's in the network lose access to each other and their network shares even if they have internet access.

I need to track individual PC internet usage and be able to deny unwanted access and stop a user if they use too much internet. We have a soft capped internet and the throttling is really severe if we reach our soft cap. But now I also need the
PC's to have access to local file shares.

hotspot create Point-to-Point connection, without broadcast/Multicast.

This is why the pc can not see eachother.

Can copy the store without activation. This makes a backup.

If you want the PCs on the hotspot interface to communicate with each other, disable the hotspot universal nat. It is the hotspot using arp poisoning to perform the universal 1:1 nat that prevents localnet communication.

Can copy the store without activation. This makes a backup.

Wrong topic....

Can copy the store without activation. This makes a backup.

Wrong topic....

Sure. Some tapatalk mismatch. Sorry for this.

If you want the PCs on the hotspot interface to communicate with each other, disable the hotspot universal nat.

Code: Select all

/ip hotspot
set 0 address-pool=none

It is the hotspot using arp poisoning to perform the universal 1:1 nat that prevents localnet communication.

Thanx for the replies.
I did this, has no effect. I still can not ping any PC on the network or access any network shares.

Is there no firewall rule i can create to overwrite whatever the hotspot is doing to prevent access?

Can you use another way?

HotSpot is made for do what you do not want hotspot do...

What are exactly your needs?

So your localnet PCs can access each other and the internet with the hotspot disabled? If so, the hotspot universal nat is the only thing that has blocked localnet access for me. Setting the address-pool to none disables that nat.

Maybe you should post "/ip address" and "/ip hotspot profile".

/ip address> print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK INTERFACE
0 192.168.1.254/24 192.168.1.0 ether3
1 D 172.30.238.234/32 10.21.7.1 pppoe-internet


/ip hotspot profile> print
Flags: * - default
0 * name="default" hotspot-address=0.0.0.0 dns-name="" html-directory=hotspot
rate-limit="" http-proxy=0.0.0.0:0 smtp-server=0.0.0.0
login-by=cookie,http-chap http-cookie-lifetime=3d split-user-domain=no
use-radius=no

1 name="hsprof1" hotspot-address=192.168.1.254 dns-name="login.hotspot"
html-directory=hotspot rate-limit="4m/4m" http-proxy=0.0.0.0:0
smtp-server=0.0.0.0 login-by=mac mac-auth-password="password"
use-radius=yes radius-accounting=yes radius-interim-update=received
nas-port-type=wireless-802.11 radius-default-domain=""
radius-location-id="" radius-location-name=""
radius-mac-format=XX:XX:XX:XX:XX:XX



I need to control users usage amounts. They are only allowed set amount of Gb's per month. But they can not be bothered with logins or PPPoE connections because there are mobile devices also on the network like cellphones which can not support PPPoE. Then I need them to be able to use each other's network file shares for music and so on.

At this point, the internet control is working 100%, but file access does not work. Devices can not even ping each other.


Thanks for the help so far.

Did you remove the interfaces from the switch? ether1 is normally the WAN interface, and ether2-ether5 are normally on a switch on the RB750.

If you haven't removed them, I believe ether2 is the master port of the switch, not ether3.

If I get time, I'll try some tests on my network today, just to insure all is the same with the hotspot nat.

I always remove default config because it always messes around in some way. But i double checked and they are not in switch mode.

I need to give my sincere apology to SurferTim. His advice was 100% correct and it does work. Someone went and fiddled with the MediaServer's firewall and messed up the file sharing of the whole network somehow. When i fixed that, everything started working as it should have.


Thank you very much for your help.