what method to prevent user/client change their IP address?

xaviero · Wed Aug 02, 2006 8:06 pm

Hello,

using MT 2.9 now...
actually my clients about 20, i'm using queue to limit their ul/dl.
and the remain IP i blocked with firewall.

say that my network:
192.168.100.0 (network)
192.168.100.254 (MT)
192.168.100.1 (monitoring computer) --> had 150kbit limit
192.168.100.10-30 (AP Client IP)
192.168.100.31-41 (Comp Client IP)

and i'm block remain IP. Each user, i limit about 70kbit, except the 192.168.100.1

now, someday, i got a user that cheating the rule, he change his IP to any, say so 192.168.100.5,10,1 etc...
may be he want to run out from IP limitting, somehow, the tricky way can cause IP Conflict for other user, say he use 192.168.100.32 . it will make "IP Conflict" for original user 192.168.100.32, or conflicting with my monitorin IP and MT IP.

so, is there a way to prevent such like this cheatting IP ??

thanks, waiting for your enlightment...

tneumann · Wed Aug 02, 2006 10:10 pm

Set arp=reply-only and define static ARP entries per client.

xaviero · Thu Aug 03, 2006 4:59 am

Set arp=reply-only and define static ARP entries per client.

how i can set that config ??

from interface -> change ether2 (LOCAL) to ARP=Reply-only ??

and how to define STATIC ARP ENTRIES per Client ???

give me more clue plz..

thanks alot

tneumann · Thu Aug 03, 2006 7:33 am

Please read the manual at http://www.mikrotik.com/docs/ros/2.9/ip/address

--Tom

xaviero · Thu Aug 03, 2006 1:23 pm

wow, thanks bro... it works. thanks alot....

BurstNET · Thu Aug 03, 2006 5:56 pm

This is something we were just about to look into ourselves...

<< Set arp=reply-only and define static ARP entries per client >>

Did you do that on the AP or the CPE?

Which interface in particular did you set that on?

I assume you can set multiple static ARP entries, if you want a client to have multiple IPs assigned right?

Thanx...

SMA

xaviero · Thu Aug 03, 2006 6:25 pm

i set arp=enabled on my local interface.
so, can u give more clue, what different between

ARP=Enabled
ARP=Proxy-ARP
ARP=Reply-Only

Thanks

tneumann · Thu Aug 03, 2006 11:56 pm

Did you do that on the AP or the CPE?

You need to do it on the AP.

Which interface in particular did you set that on?

It should be set on the interface that the clients are connecting to,
not on uplink or backhaul interfaces.

I assume you can set multiple static ARP entries, if you want a client to have multiple IPs assigned right?

Yes, that is possible.

--Tom

tneumann · Fri Aug 04, 2006 12:00 am

what different between

ARP=Enabled
ARP=Proxy-ARP
ARP=Reply-Only

The different modes are explained in the manual (link posted in previous answer). What facts are you missing that are not explained there?

--Tom

BurstNET · Fri Aug 04, 2006 2:45 am

<< The different modes are explained in the manual (link posted in previous answer). What facts are you missing that are not explained there? >>

The manual really is not helpful in regards to the arp settings.

We've spent alot of time tinkering with that, and what the manual says should be done, doesn't seem to have the effect we need.

Things go unpingable without proxy-arp enabled sometimes, in places where proxy arp really does not need to be according to the manual, like across a wds bridge (should be transparent) where it should function without it. Without it being enabled, the CPE does not ping.

SMA

xaviero · Fri Aug 04, 2006 8:22 am

actually, i wanna know what the feature each setting. until now, i doesn't see any different between that. thats why i'm asking...

what method to prevent user/client change their IP address?

what method to prevent user/client change their IP address?

Who is online