Preventing any Static IP allocation on DHCP Router

ammar83 · November 29, 2011, 9:21am

Hi Forum,

I have RB433 (for test) with MikroTik 5.8 on it. It works as DHCP server. It is allocating IPs from this pool:

[admin@DHCP] > ip pool print detail 
 0 name="dhcp_pool1" ranges=10.10.10.20-10.10.10.100

Now I want to force the users to get their IPs from the DHCP server and do not allow any static allocation…

I’ve configured my DHCP server to add ARP for leases but it didn’t work:

[admin@DHCP] > ip dhcp-server print detail 
Flags: X - disabled, I - invalid 
 0   name="dhcp1" interface=ether3 - Local DHCP lease-time=3d 
     address-pool=dhcp_pool1 bootp-support=static add-arp=yes 
     authoritative=after-2sec-delay

At any time I can convert any lease to static so its MAC address in the ARP table will be bound with the IP and change its IP to something lies in another pool “Static_Pool”:

[admin@DHCP] > ip pool print detail where name="Static_Pool"
 1 name="Static_Pool" ranges=10.10.10.101-10.10.10.250

With this way, I can control the bandwidth of both pools for example set higher priority to the IPs that are lying in the Static Pool.

Any Suggestions to have the above scenario works normally? I believe that in MikroTik world there is nothing called “Impossible”
Thanks in advance…
Ammar

janisk · November 29, 2011, 9:32am

set interface so arp=reply-only and set dhcp server to add mac addresses to arp table when address is assigned. That way, you will force anyone to use DHCP settings.

ammar83 · November 29, 2011, 10:04am

Totally handled the problem:

[admin@DHCP] > interface ethernet set "ether3" arp=reply-only

Thanks janisk.. I really appreciate your reply…

Ammar.

ranpha · January 9, 2012, 10:53am

Sorry for bringing up this topic from the dead.

Setting ‘ARP’ for my DHCP server interface (in my case, it is ‘bridge-local’') to ‘reply-only’ works fine at preventing users with static IP addresses from connecting to the network, but it also break my Hurricane Electric IPv6 tunnel routing. Is there anything I can do to prevent that from happening?

Routerboard RB751U-2HnD with RouterOS 5.11.

janisk · January 11, 2012, 10:02am

wait for 5.12 to be released.

ranpha · January 21, 2012, 4:56pm

Just installed 5.12, and the IPv6 lost route problem is indeed fixed. But another problem surfaced with 5.12 that doesn’t happen with 5.11. If I set ARP to reply-only at bridge-local, IPv4 routes will instead lost. With this, I can only access IPv6-enabled resources and not IPv4 resources.

janisk · January 30, 2012, 1:55pm

this also is already fixed and waiting for next release.

2fast4youbr · April 27, 2013, 2:27am

arp=reply-only works, but lets say I have a pool of ip’s for the dhcp from 10.0.0.10 - 10.0.0.100, but the addresses 1.0.0.1/2/3/4/5/6/7/8/9 I would like to fix them on my switch or any other device on the network that I need a fixed IP.

If I forde to them use DHCp, I will not able to forthe my switch to get the 10.0.0.9 .

how can I do that ?

janisk · May 2, 2013, 9:43am

use static dhcp leases, that way you can assign what host gets what address. In alignment with previous topic - use feature to add ARP entry when DHCP lease is given.