Page 1 of 1
How to stop customers from changing IP addresses?
Posted: Tue Jul 24, 2007 7:38 am
by Montana
I have a static IP assignment for each customer on our network. I find that on occasion by accident or on purpose the customer's change their IP address. Is there a way to lock in that IP address and the mac so that if the customer makes changes to something else that it would not work? Also if I only had 20 customers on the /24 network is there a way to block the unused IP addresses or send the offenders to a warning page it they are out of the IP range that they were assigned.
Thanks
Re: How to stop customers from changing IP addresses?
Posted: Tue Jul 24, 2007 7:50 am
by balimore
----
yes,
add your client ip's and mac's address on '
/ip arp' submenu than set your interface
arp=reply-only
regards
Hasbullah.com
----
I have a static IP assignment for each customer on our network. I find that on occasion by accident or on purpose the customer's change their IP address. Is there a way to lock in that IP address and the mac so that if the customer makes changes to something else that it would not work? Also if I only had 20 customers on the /24 network is there a way to block the unused IP addresses or send the offenders to a warning page it they are out of the IP range that they were assigned.
Thanks
Re: How to stop customers from changing IP addresses?
Posted: Wed Jul 25, 2007 12:04 am
by plcoomer
There's another way also... first only SOME customers are capable of doing it. I would attack only those who have shown the ability to hop IP's.
In the fire wall create a new rule for the IP hopper Go to the advanced tab and input their MAC address. Then go to Action tab and "Jump" to "Customer Name"
Now go to the
"Customer Name" chain you just created and creat 2 rules.
1. Source address = correct IP address then on the Action Tab Accept.
2. Action Tab Drop.
The result is that the only traffic that will pass is a match of his IP and MAC.
All else is dropped.
Re: How to stop customers from changing IP addresses?
Posted: Wed Jul 25, 2007 5:58 pm
by dapsyra
There is jet another way.
/ ip firewall filter
add chain=forward action=drop src-address=x.x.x.x \
src-mac-address=!yy:yy:yy:yy:yy:yy comment="" disabled=no
/ ip firewall filter
add chain=forward action=drop src-address=!x.x.x.x \
src-mac-address=yy:yy:yy:yy:yy:yy comment="" disabled=no
(Observe the ! before the src-mac-address and src-address values respectively)
This rule will drop his packets once he change his IP or MAC. Note that this rule will breakdown if he change both IP and MAC