I have dhcp server enabled for clients. How to make a network connected without internet until you assign it a static address?
Block all DHCP scope IP addresses, except the static entries. But this won’t prefend users from IP spoofing.
To be honest I really would like to see your use case.
Could you explain what you mean in a little more detail?
Do you want the DHCP server running but not handing out client addresses until there is a WAN connection? That would likely be difficult to police unless you used extremely short leases, but it may be possible to do that using scripting, only enable the DHCP server in question when the WAN interface comes up or something. The problem may be killing the leases when the WAN link goes down, unless you use very short leases as I said.
As erlinden said, getting a clearer understanding of what you want to do would definitely help.
The concept looks like this.
I have internet for teachers protected by wifi. The teacher connects to wifi without internet. I see it in dhcp lease and add a static address. After that, the internet should work for them.
It happens that the teacher writes down a password in the notebook that the student will read.
It sounds like a captive portal for anyone connecting to the WiFi would be a better option, where they have to enter a time limited code to get access to the Internet after connecting to the WiFi.
Unless I’ve still fundamentally misunderstood…
When you say you give them a static IP when you see the lease, is that a different IP address than the DHCP server has already given them?
What you are asking for seems reasonable.
The best methods would be to use any of a number of available resources on the MT.
a. radius server/userman
b. hotspot functionality
https://www.youtube.com/watch?v=QnSuS88Np_s
He touches upon some of the limitations, day/time schedule up time, total download, rate limiting. all kinds of useful features.
At the end of the day, the main difference here is that the teachers can make up their own password to use, that they dont have to write down, so less likely that students will see it written anywhere.
I am assuming this is mainly for cell phone usage???
What I dont know not having explored this userman/hotspot functionality is whether or not, either at userman or radius server or hotspot level you can also put in the mac addresses of the cell phones used by the teachers so that any other mac addresseses would also be blocked.
Okay watched this one too and there is a hotspot feature of the # of mac addresses per connection!!
https://www.youtube.com/watch?v=bH_6MS9T_n4
@anav, What about Access-List Function in Mikrotik?
Set a default VLAN-TAG with no Internet on the Wireless-Interfaces.
Only Clients in the Access-List get access to the Network or Internet!
Good idee?
if I remember correctly, it was possible click in winbox without configuring of any network addresses? It is possible?
No idea as have not used access lists at all. I do like the hotspot,userman approach because of the fidelity of control, the logging etc…
The school admin will have a clear picture of what goes on.