Hi!

I have a problem. I want to limit my users. I have the following tools: drop all incoming packages with un-used ip address (with forward tables), and fix the ARP list so one user cannot use other user's IP. BUT. I have EthernetConverters (Netgear,Senao) and that equipment REPLACES the source MAC address of the packages. So that from the MikroTik's point of view all users behind one EC have the same MAC in the ARP table. This effect makes possible users to steal the IP addr of another user behind the same EC.

Is there any workaround to fix this problem?

The easiest answer would be to require them to authenticate with a protocol like PPPoE, or PPtP, or use IPSec

The easiest answer would be to require them to authenticate with a protocol like PPPoE, or PPtP, or use IPSec

We tried it months ago but it hadn't been the right solution because a little packet loss dropped the connection - all of the users tcp connections were reset. I see IPSec...