Automatic bypass of hotspot devices based on MAC Address

Recently I was doing some work for a hotel that supplies a ‘Smart TV’ device with Netflix and other functions in every room. These rooms are in turn all connected to a hotspot network and the TV’s all needed to be given internet access.

As this was (as sometimes occurs) an unexpected addition to the known requirements of the installation, it fell to me to come up with a way to add these – preferably without having to have someone walk around manually collect details for 300+ TV’s.



After confirming with the hotel manager that all the TV’s were the same model, we tested with a device and copied down the mac address, comparing it to a few others I could see connected. For the sake of this article we’ll just say it was “11:22:33:44:55:66”. Now if you don’t know – the companies manufacturing network hardware are assigned OUI’s (Organizational Unique Identifier) which make up the first 24 bits of a MAC address, in turn meaning if we know a MAC address we can tell what manufacturer created it, and in a lot of cases, catch all devices of the same type/model by filtering lists containing this OUI segment.

Some random examples of devices you could find are:

Sony Interactive Entertainment: 00:D9:D1:–:–:– (PS4)
Nintendo Co. Ltd 98:B6:E9:–:–:– (Nintendo Switch)
Samsung Electronics Co. Ltd 1C:5A:3E:–:–:– (Samsung TV)
Fuji/Xerox Co. Ltd 1C:7D:22:–:–:– (Fuji/Xerox Photocopy Machines)

The last 24 bits of the MAC address are the devices unique serial number, assigned to the device by the manufacturer and means a single OUI can cover 16,777,216 unique devices. This is handy for us because it means not only can you look up the vendor of a MAC address (you can download a dictionary from wireshark here, or use a handy site like this) but it means that all of the devices installed at this hotel should have a MAC address with an OUI (or ‘prefix’) of “11:22:33”.

Now it’s my recommendation that a hotspot bypass has at least the 2 following items set:
1. IP address
2. MAC Address

This in turn means that you should also reserve these devices a static DHCP lease.

So what did we do? Created a script to deal with it of course!

The following script searches through the DHCP lease list for any dynamic listings where the MAC address starts with our specific listing, and sets the DHCP lease to static (with a handy comment) as well as creates the Hotspot Bypass listing (also commented).

#This script searches for all DHCP leases where the OUI of the mac address matches the supplied listing(s)"
:do {
  :local newtvs 0;
  :local debug "no";
  :local foundtv "no";
  :foreach leasecounter in=[/ip dhcp-server lease find where dynamic] do={
    :if ($debug ="yes") do={:put "Found $leasecounter";};
    :local leaseip [/ip dhcp-server lease get $leasecounter address];
    :local leasemac [/ip dhcp-server lease get $leasecounter mac-address];
    :if ($debug ="yes") do={:put "IP $leaseip MAC $leasemac";};

# Can add multiple OUIs by repeating this line with different values	
    :if ([:pick $leasemac 0 8] = "11:22:33") do={:set $foundtv "yes"};
    :if ([:pick $leasemac 0 8] = "44:55:66") do={:set $foundtv "yes"};

    :if ($foundtv = "yes") do={
      :put "Found TV";
      /ip dhcp-server lease make-static [find mac-address=$leasemac];
	  /ip dhcp-server lease set [find mac-address=$leasemac] comment="TV WiFi";
      :put " - Static allocated";
      /ip hotspot ip-binding add address="$leaseip" mac-address="$leasemac" server="all" comment="TV WiFi" type="bypassed";
	  :put " - Binding added";
      :set newtvs ($newtvs +1);
	  :log warning "!!! ADDED NEW TV(s) $newtvs !!!";
    };
    :set $foundtv "no";
  };
};

I created this as a script called “CUSTOM_TV-Check” and then rather than issuing this as a scheduler entry, attached it as a script to run from the DHCP server itself, using the following:

/system script run CUSTOM_TV-Check

Like so:

And the end result, a list of Static DHCP Reservations + Hotspot Bindings generated with no need for a support call.

You may also note that while this was just for one variety of device; I left open the option of different models appearing and needing the same treatment in the future, with the ability to add multiple sets of OUI’s

Advertisement

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.