Hi,
I was looking around for a solution to our network, currently we are using a Mikrotik RB3011 configured to give users an Ip address through its dhcp server.
We want to make sure users cant connect using a static ip adress but only when their settings are set to auto obtain dhcp.
Is there any easy way to get this done?
You could make a script that add new DHCP lease to an access list, and then remove them when lease ends.
Variation on the previous, only allow forward for known macs on bridge / switch, as reported to dhcp server. Access through router can be controlled too.
Add this script to your DHCP server.
And then allow only clients int the list to access internet.
:if ($leaseBound = "1" ) do={
/ip firewall address-list add address=$leaseActIP list=DHCP
} else={
/ip firewall address-list remove numbers=[find where address=$leaseActIP]
}
It will store IP of the client in an access list DHCP when clients connects, and then be removed when client ends its leas time.
This should block all except DHCP clients (remember to exclude your server and other stuff)
/ip firewall filter
add action=drop chain=forward in-interface=bridge src-address-list=!DHCP