So I have a small wireless broadband network which is simply a flat network (A gateway and a few wireless bridges to other towers then AP's and CPE's. Infrastructure is on a separate subnet to Customers router and customers router has a static WAN IP.
I have Ques set for customers IPs. I am afraid that the customer can simply change their WAN Ip in their router to an unmonitored IP in that subnet and have unlimited bandwidth.
I have for example 10.1.0.2-10.1.0.254/24 for customers routers and 172.16.20.0/24 for infrastructure.
Is it possible to block all IP's that are currently unused in the customer pool untill I manually enable (allow) that IP when I give it to a new customer.
And is there a feature in RouterOS to monitor how many IP's are used/unused in a pool?
Hopefully that all made sense
Thanks in advanced
Re: IP Pool management / block local IP's?
Hi!
If you are using DHCP server for that customer facing interface, then I would suggest the following:
1) add in DHCP server configuration "add arp for leases";
2) change ARP on customer facing interface from enabled to disabled;
It will prevent ARP entries not added by either DHCP server or manually to be created, thus just chaning IP to something else would impair his communication.
If you have only one customer on that interace, just convert his ARP entry to static (double click) and disable ARP on that interface.
p.s. we've solved similar issue the following way:
1) dhcp is assigning by default from a pool which is being dropped in firewall filter
2) when we get a new client, we assing him a reservation manually.
Something like that
If you are using DHCP server for that customer facing interface, then I would suggest the following:
1) add in DHCP server configuration "add arp for leases";
2) change ARP on customer facing interface from enabled to disabled;
It will prevent ARP entries not added by either DHCP server or manually to be created, thus just chaning IP to something else would impair his communication.
If you have only one customer on that interace, just convert his ARP entry to static (double click) and disable ARP on that interface.
p.s. we've solved similar issue the following way:
1) dhcp is assigning by default from a pool which is being dropped in firewall filter
2) when we get a new client, we assing him a reservation manually.
Something like that
Code: Select all
add address=10.0.10.0/24 comment="Guest DHCP" dns-server=10.0.0
gateway=10.0.10.1 netmask=24
add address=10.0.11.0/24 comment="Tenants DHCP" dns-server=10.0
gateway=10.0.11.1
add address-pool=Guest_DHCP authoritative=after-2sec-delay disabled=no \
interface=LAN_BR name=DHCP_LAN
add name=Guest_DHCP ranges=10.0.10.10-10.0.10.250Re: IP Pool management / block local IP's?
Hi,
Thanks for all that but Im not using DHCP at all, Customers routers are manually assigned a static IP address from the 172.16.20.0 pool.
What im after is a visual list of all the available IP's in that pool and be able to enable/allow an individual IP when a new customer is connected.
Thanks,
Thanks for all that but Im not using DHCP at all, Customers routers are manually assigned a static IP address from the 172.16.20.0 pool.
What im after is a visual list of all the available IP's in that pool and be able to enable/allow an individual IP when a new customer is connected.
Thanks,
Re: IP Pool management / block local IP's?
Well, static ARP entries will allow you to see which addresses are used.
IP>ARP
IP>ARP