Dear all,
i’m researching following clue for a view days, but unluckily without any positive result till now:
I’m having several Mikrotik 2.9 based PPPoE concentrators. These Concentrators also Support DHCP with options ‘Add Arp for lease’ and Interface configured for ‘Arp-Reply-only’.
Both PPPoE and DHCP are authenticated through Radius.
All works fine in the configuration if a user successfully authenticates.
But we have a lot of customers with ‘illegal’ configuration, which try to get an IP-Address from our DHCP, even when they are connected through PPPoE (both type of Customers come through the same Interfaces, because of Shared Dslams).
For sure our Radius denies the DHCP access, but finally we have a lot if unneccessary Radius ‘noise’ back to the Radius Servers.
From my point of view, DHCP requests are handled before any Firewalling of Bridge or IP, so there is no chance to make blacklists for Source-Mac’s before creating any DHCP reaction on Mikrotik ?
The only solution i found is messy, in destroying the created Radius Frames with an ‘IP Firewall Fiter Chain=output’ and Content search for illegal Mac-Address, because than Routeros thinks this Radius Server is having Problems…
Any Ideas in catching the DHCP Packages before triggering the DHCP, or in making the DHCP Server more ‘intelligent’ in matching Source MAC before authentication or the same for Radius Client ?
Kind regards from Austria,
Wolfgang