MikroTik

Hi all,

I want to secure server in my network, all host gets static IP from DHCP server in mikrotik.

I have 3 access points with WPA passphaze that knows also everybody now, and my idea is to force clients to get ip from dhcp only.
Than I would write some firewall scripts for the range IP's that aren't static from DHCP, and block them access to my server.

My question is, how to setup, enforcement for getting them IP only from dhcp, that if they assign maualy IP the connection will not be estblished.

Thanks in regards
Mike

I'm not sure exactly what you're asking is possible and/or wise. Even if you did set DHCP reservations for all of the hosts on your network, there's no reason someone couldn't accidentally pick a static IP that is within the range that your firewall allows.

If all or most of your hosts are wireless, what I would do instead is use a combination of the "Connect List" under "Wireless Tables" and setting default-authentication=no in the interface. That would mean that only MACs configured in the "Connect List" would be allowed to connect. Any other MACs seen would not be permitted to connect.

Just set your dhcp server up, make a static ip-mac binding list in leases table and set reply-only to the dynamic ARP on dhcp iface. Make sure you have "add ARP for leases" checked in dhcp server setup.

The same thing was also originaly discussed in this thread:
http://forum.mikrotik.com/viewtopic.php?f=9&t=43502

Thank you both! taduikis solution suits me the best