I have a redback doing my DSL PVCs. I am having trouble with people assigning their own IP and surfing.. but they are using someone elses IP and knocking them off.
I am using MK to do the NAT and I can block the IP, but then they pick another and I have to chase them down.
I can see the MAC address in the Redback, but the MK only sees the MAC address from the ethernet port of the redback
I pretty much think Im screwed, but any help would be appreciated..
So I presume your PPPoE terminates on the redback?
The only thing I can think of, is to use Radius for Authentication. You can used Calling-Station-ID for authentication / verification, which would have the value of the CPE MAC Address.
no PPPoE, just straight bridging. I used to use a Cisco which would allow sercuring the IP to the PVC, but when I switch to the redback, even though it says that is secures it, it does not.
Nah, I’m pretty sure there must be something you are overlooking then…
Is the redback acting as a bridge? Have a look if you’re perhaps not NATing MAC addresses (Well OK - it obviously is, but there must be a setting for that IMHO 
). In a bridge, this could be possible - many APs does this as well.
If it’s acting as a router, you won’t see those MAC addresses on your MT, and your configuration definately needs to be done on the redback instead of the MT.
I have been looking through the commands on the redback with no luck.
Seaching the web for redback help is worthless, they make you pay big buck for the privledge of looking at the manuel
this is the config for the interface that carries the cleints in question
interface subscribers-1
ip address 192.168.1.1 255.255.255.0
ip arp arpa
ip pool 192.168.1.0 255.255.255.0
I am wondering what the IP arp arpa command means.. maybe that is the reason
also on the MK.. is there a way to see the MAC address of the packet .. in torch it only shows the IP.
what I did to see the MAC was to ‘Log’ the IP traffic and then in the log window I saw the MAC address of the enet0 interface on the redback for all the NAT’ed IP coming through the redback
Re packet views… Not as far as I know. Once the packet passes a router, that information is dropped from the packet.
I don’t know redback too well, but did you have a look at http://www.redback.com/resources/pdf/TB-CLIPS.pdf
It’s not very technical, but someone that has more knowledge of what goes on (like you I hope), might be able to spot a couple of errors in your configuration out of it.
That doc talks in parts about denying certain MAC addresses and stuff - which is essentially what you’re looking for…
Hope it helps!
What about setting static ARP entries for your customers? If I had customers intentionally “playing around” like this on my network like this, they’d be gone.
the problem is that I cant find where the user is coming from
The redback wont allow me to find a PVC using a MAC address.
The redback wont let me secure an IP to a PVC
so I am trying to use the Mikroitk to fill the job. it seems like the mikrotik can do almost anything.. but terminate DSL …
so I was trying to use the MK to filter out the offending MAC address..but the only MAC it sees is that of the Redbacks ethernet port
I have a company that is helping me contact redback and see if they can help, but it is very frustrating that I can get hit like this and cant find the user. THey must be a client of ours or elese they wouldnt have a DSL modem that could connect to our redback.. ugh