Hi,I’m abig newbie,so excuse me if i sound stupid.I’m sure i am.
What i want to know,is there a way to specify that any user who tries to login with ip,say 1.2.3.4, must do so with a specified MAC address,that he supplied and we save somewhere in miktrotik.
In other words,we supply clients with an ip range,that they use to access the router.Say I give ip 1.2.3.4 to user A.I want to bind this ip to him through his MAC address,to prohibit User B to just enter User A’s ip range into his PC and download on User A’s account.
Ok,i’ve got a static ARP List,now just two things.
I’ve found http://wiki.mikrotik.com/wiki/How_to_secure_a_network_using_ARP,but when i set my interface ARP setting to ARP only it does not work,but if i set it to proxy-arp it seems to authenticate a ip already entered into the static list.Is this ok,why does the reply-only setting as specifed not work?
2)Is there a way to disable ips dynamically getting on the ARP List.For instance,say i have 10 ips in my static ARP list,no other guy will be able to access this ip,but if he has a ip not in the ARP list,but that the router recognizes he will dynamically enter the ARP List.can i turn this off somewehere,in other words if its not in the static ARP List,it wont be able to do anything.
Ok,
Am i right in saying that if your interface is set to reply-only only ips in the static ARP List will work.No ips will be added dynamically.
If its set to enabled,any ip’s not in the static list will be added dynamically and then work,and if the ip is in the list it will use the MAC authentication?
That is how my rb532 is set up. People can still get a dhcp ip, but if the mac of the radio they are connecting with is not entered into the static arp table with the associated dhcp ip then they won’t get anywhere.