Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
S
S
super-guest2018-09-17 06:34:44
Computer networks
super-guest, 2018-09-17 06:34:44

How to restrict access to the Internet if the company is not in DHCP Leases?

Greetings! I recently came across Mikrotiks and networks in general, I myself am setting up something in RouterOS, but I still don’t understand much, please explain on your fingers.
On the router from Mikrotik, I want to restrict the Internet (WAN) to one specific computer (by MAC address, apparently). But it is not in DHCP Leases. On the computer itself, ip is configured manually, and it is from a different subnet. Namely: The
router distributes ip like: 192.168.88.***
On the computer, ip is configured like this: 192.168. 1.10 In this case, the DNS server on
the computer is manually set to 192.168. 1.1, although I configured the router's ip as 192.168. 88.1 , but it also opens at the first address.
QUESTIONS:
1) How to restrict access to the Internet if the computer is not in DHCP Leases on the router? (in case I decide not to change the ip on the computer itself)
2) How to clean up the network? And now everyone can set up their own ip, I won’t see it on the router (in DHCP Leases), and he will be able to do whatever he wants uncontrollably ...
3) How to limit the ip on which the router will open / DNS will work? And it’s also not the order that it works on different ip, probably ...

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
I
Igor, 2018-09-17
@Lopar

For the first and second points:
Set add-arp=yes on the DHCP-Server.
Set arp-mode=reply-only on the desired interface.
At this stage, the router will not write an automatic ARP entry in the interface for each poppy, and a person with manual settings will simply not receive anything, because he will not be able to in layer 2. DHCP-Server, issuing addresses, will add entries to the ARP list and these users will be able to work as intended.
The third point needs more specifics. If you are interested in logging into the device, then in System>Users there is a field Allowed Address , which allows you to restrict the login to the router to certain addresses.

Report
M
mikes, 2018-09-17
@mikes

1) In this scenario, a person no longer has the Internet. His network 192.168.1.x is different from yours 192.168.88.x
2) Find, beat hands, raise a domain, take away admin rights from everyone, install managed switches with IP-MAC-Port Binding
3) Start with books on networks, go to some thread training courses.

Similar questions
A
Alexander2015-08-20 11:36:28
How to use OS X Accessibility API in Sandbox mode? 3Reply
S
Sergey Pugovkin2017-02-01 23:27:18
What are the youtube stats for today? How many servers, video, channel does he have today? 2Reply
O
one_question2015-02-01 15:58:03
How is the authentication mechanism implemented in distributed systems? 0Reply
K
kazpay2015-02-02 11:53:14
How to connect mikrotik CCR-1016 12G to 2 providers? 2Reply
S
ssafronov2017-02-03 16:01:12
How to create multiple wired network configurations? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question