Answer the question
In order to leave comments, you need to log in
Mikrotik DHCP server?
Hello, I’m setting up a small network using Mikrotik, set up a DHCP server, everything works fine, using the make static button I reserve IP addresses in DHCP leases, but Voros is the current user who has received his reserved IP address, can manually register any other IP on the computer that not reserved by admin. How to disable LAN and WAN access if someone enters a different IP manually?
Answer the question
In order to leave comments, you need to log in
1. in the dhcp-server settings enable "add arp for leases"
2. in the interface settings to which the users are connected, configure arp - "reply-only"
as a result - either users who received the address via dhcp, or for which a static ARP entry is registered will be able to work .
Rigidly bind IP to mac address and resolve everything through ACL (if it concerns wifi) example
If over the wire - How to make your DHCP server the only one? the topic is not 1v1, but the essence should be caught
I'll upset you a little. If the user has the right to change the IP address on the computer, then he can change the MAC address with the same success.
In the enterprise, IEEE 802.1X solves all problems. At home\soho - I'm not sure what will be feasible for technical and financial reasons.
Moreover, it is worth starting small - organizational measures. For example, as already noted, with the implementation of the organizational part in terms of "the user / client cannot be naughty with wires and equipment settings."
Well, you can also play with each port - a separate vlan or so beloved earlier (and now) by PPTP providers (rolling out the gray pool 10.0.0.0/8) -)
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question