Discussion:
Unanswered Questions
b***@simplebroadband.com
2004-06-07 16:21:14 UTC
Permalink
Greetings all,

I have a few unanswered questions. I've actually seen them pop up in the
list and forums over the past month, but no answers as of yet, so any
advice will be appreciated!

1. With a hotspot, is it possible to authenticate on any traffic, not
just http? I don't want users to have to open a web browser to
authenticate too frequently. I'm using Mac address authentication, and
I'd rather just have the router pass them straight through if the radius
server agrees that they are valid. Is there a different way to do this?
The hotspot piece is essential, as I need to capture their initial visit
and force them to sign up. Could I do this without the hotspot somehow?
Some combination of scripts and firewall rules??

2. How do I go about serving publicly routable IPs on the hotspot
interface? This seems like it should be fairly straightforward.. What am
I missing? Create a pool with publicly routable IP's and have the hotspot
hand them out.

Thanks!

Brian
Jonathan Miller
2004-06-07 17:37:46 UTC
Permalink
One solution that I've seen used on college campuses is to have a default
webpage that all users get routed to "signup". The IP address that these
users receive can never talk to the outside internet. Instead, signed up
users are directed to download a vpn client that will log them in with their
studentID and new password. This way the system is secure, and you still
have http to allow people to signup. MT supports pptp server setup that
could be used a VPN, and I believe it could also authenticate to radius.

Jonathan Miller
-----Original Message-----
Sent: Monday, June 07, 2004 11:21 AM
Subject: [MikroTik] Unanswered Questions
Greetings all,
I have a few unanswered questions. I've actually seen them
pop up in the list and forums over the past month, but no
answers as of yet, so any advice will be appreciated!
1. With a hotspot, is it possible to authenticate on any
traffic, not just http? I don't want users to have to open a
web browser to authenticate too frequently. I'm using Mac
address authentication, and I'd rather just have the router
pass them straight through if the radius server agrees that
they are valid. Is there a different way to do this?
The hotspot piece is essential, as I need to capture their
initial visit
and force them to sign up. Could I do this without the
hotspot somehow?
Some combination of scripts and firewall rules??
2. How do I go about serving publicly routable IPs on the
hotspot interface? This seems like it should be fairly
straightforward.. What am I missing? Create a pool with
publicly routable IP's and have the hotspot hand them out.
Thanks!
Brian
_______________________________________________
ALL POSTS SHOULD BE ABOUT GENERAL ROUTEROS QUESTIONS To post
, with text in the body "unsubscribe <password>" or "subscribe"
Butch Evans
2004-06-07 17:51:40 UTC
Permalink
Post by b***@simplebroadband.com
1. With a hotspot, is it possible to authenticate on any traffic,
not just http? I don't want users to have to open a web browser to
authenticate too frequently. I'm using Mac address authentication,
and I'd rather just have the router pass them straight through if
the radius server agrees that they are valid. Is there a different
It is possible to auth to the hotspot via MAC address. The hotspot
can log on any user from a given mac automatically.
Post by b***@simplebroadband.com
2. How do I go about serving publicly routable IPs on the hotspot
interface? This seems like it should be fairly straightforward..
What am I missing? Create a pool with publicly routable IP's and
have the hotspot hand them out.
Yes (to the pool part).

You may want to speak with Eje over at wisp-router.com. His phone
number can be found on the his website at
http://www.wisp-router.com/. He has a solution already built that
does exactly what you are asking for. I am certain that he can
either sell you a "turnkey" solution, or help you get set up with
something else.
--
Butch Evans
BPS Networks
Bernie, MO
573.293.2638
Loading...