S

Stensed2015-11-21 19:59:20

System administration

Stensed, 2015-11-21 19:59:20

Mikrotik. Distributes IP to everyone, although the pools are closed. Why?

Mikrotik. Router os 5.23
Interfaces are raised, DHSP server is raised, each interface (vlan) has its own pool of addresses.
In leases `ah are set ip + poppy.
Address types in DHTsP - static only.
BUT! If a person changes the poppy, he is still assigned an IP address from the pool, and the corresponding person has the Internet without restrictions for others.
Tell me where to dig?

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

T

TyzhSysAdmin, 2015-11-21
@POS_troi

In general:
Or you have another DHCP server on the network (we won’t go into where and where)
Or the addresses are registered manually - IP and not MAC
Exit - properly organize the network or take away admin rights from users and the ability to change network settings, the second way in any schedule.

L

LESHIY_ODESSA, 2015-11-21
@LESHIY_ODESSA

You must make from the principle that what is not allowed is forbidden. That is, the Internet is allowed for this mac address, and any others are prohibited.
Then changing the mac address is useless.

G

Gregory, 2015-11-22
@Maxlinus

as a mono option, just add the necessary poppy addresses to IP:ARP, and set arp=reply-only on the interface, then only the poppy addresses you need will receive the Internet
wiki.mikrotik.com/wiki/How_to_secure_a_network_usi...