Duh, WPA!!! :-D Hotspot per sec is not /necessarily/ encrypted, but you can use WPA on the wireless then https on the captive portal to secure everything. BUT, since the usual intent for hotspot is to make access simple and easy and ad-hoc, all that encryption and security is usually left as a user exercise ;) For a few starting points, check these results: https://www.google.com.au/webhp?q=mikrotik%20wiki%20eap%20radius Essentially, enable eap and radius in wireless security profile, install user manger, then start playing! Have fun - expect it to take quite a while to get it all working together! :-D Cheers, Mike. ---------------------------------------------------------------------------- -------- Why Choose DuxTel for all your MikroTik needs? 10 good reasons: http://duxtel.com/why_duxtel ---------------------------------------------------------------------------- -------- Follow our tweets for news and updates: http://twitter.com/duxtel -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Karl Auer Sent: Friday, 18 September 2015 5:44 PM To: public@talk.mikrotik.com.au Subject: Re: [MT-AU Public] virtual APs - how many? On Fri, 2015-09-18 at 08:54 +1000, Mike Everest wrote:
You can do it all with EAP and RADIUS - allows you to set WDS password for every individual user if you want to in radius profile, then set connection parameters according to the auth'ed user: IP address, filter chain, packet marks, routing table, vlan-id, and more! So radius profile or radius group will control who gets to talk to each other and who is isolated. May take a little longer to get it all put together, but gives you the ultimate in flexibility in the end ;)
WDS?!? I must have missed a memo, I thought that was basically a method of halving your wifi input while lowering your security level? But the rest sounds very nice, do please point me to some how-tos :-) I got the very definite impression from several third-party articles and from the MikroTik doco that hotspot associations were not encrypted (though the auth exchange is in some circumstances). No amount of whizzbangery is any use to me if the association itself is not encrypted. Regards, K. -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Karl Auer (kauer@nullarbor.com.au) work +61 2 64957435 http://www.nullarbor.com.au mobile +61 428 957160 GPG fingerprint: 9DCA 0903 BCBD 0647 BCCC 2FA7 A35C 57A1 ACF9 00BB Old fingerprint: 231A B066 CF91 1216 4F0F F2AC CE25 B8AA 46DC CC4F _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au