How to manage my network effectively - TIE MAC TO IP

auwudia · June 12, 2007, 11:03am

Hi ALL,
I need help once again on how to best manage my network for efficiency and security. The network layout currently is like this:

I have a Net Modem for a C-bandwidth VSAT link. I have /26 public IP address range and all the clients on my network are given public IP address for the purpose of controlling SPAM as each client signs an undertaking.

I have a MT router and queues are setup and working very fine. But i have interfaces eth1 and eth2 bridged to bridge1. I have ARP set to read only on the bridge interface and static on the queue interface; the clients are using the modem as the default GW. I know this is not the best approach as clients can easily change the IPs and are still able to get to the Internet. I have been informed i need to setup the MT in routing mode and not bridge to achieve my aim of being able to to tie clients MAC address to IP, but I dont know how to do it.

CAN ANYONE PLEASE TAKE OUT TIME TO HELP ME WITH DETAILED INFO? I WILL VERY MUCH APPRECIATE.

thanks
Austin

gmsmstr · June 12, 2007, 9:56pm

wow, well, 1st, are you assigning IPs via DHCP, that will allow you to say this mac gets this IP.

If you look at your ARP tables, you should already have this. If the goal is to not allow clients to change their ips, then use PPPoE, and assign them publics, that will work really well. I guess I don’t know what your end goal is.

Need Mikrotik Support, contact
Dennis Burgess
St. Louis Network Engineering Services
http://www.mikrotikconsulting.com
dmburgess@mikrotikconsulting.com
Certified Mikrotik Engineer
Purchase hours on-line!

auwudia · June 13, 2007, 10:43am

Hi Dennis,
Thanks for your response. My objective principal is to prevent clients from working once their IP address is change. We have supposedly tied the IPs to MAC address since we have set the ARP to static in the ARP table relative to the IP address. But as it is now, it is not working that way as the clients are still able to browse when the change the IP. We assign static public IPs to clients.

I hope i have thrown in more light to enable you guys help me out.

Thanks
Austin

abab_rafiq · June 13, 2007, 11:00am

From your interface check that your Local Interface has ARP enable.

Rafiq…