Can someone explain to me what is the difference in ticking the tick box “Use Src. MAC Address” in Ip / DHCP-Server / Leases / New DHCP Lease window?
In the field “MAC Address” the mac address of a nic can be filled in (or is automatically filled when a nic requests an IP addres) and the dhcp server then assigns certain IP to that nic/mac address.
I notice no difference in using tick box “Use Src. MAC Address” or not.
The manual says about the tick box nothing more then: “use this source MAC address instead”
“Instead” of what? The MAC address filed in the field above? That is always the same?
Can any shine some light on this so I get more understanding?
it’s for wireless links, for example. we have non-WDS link, so all clients on the other side have the same MAC address. but DHCP requests contain their real MAC address - that allows us to lease correct IP addresses. if “Use Src. MAC Address” is ticked, then only one user can obtain the address. something like that
p.s. also, it has meaning when using DHCP Relay, I believe
hmm, I’m afraid I don’t understand what you mean. All my AP’s have non-WDS links to clients. They all get dynamic IP’s from AP-dhcp server where after I set this IP to a fixed one so they always get the same after disassociation and re-association.
The MAC address field is filled in the lease window of winbox for each client on that AP automatic by ROS. And they all have off course different mac addresses.
I have one AP where one client antenna is in WDS-station mode, so the real client PC behind is bridged to the AP. Both antenna and client PC get an IP address from AP-DHCP server. Both with their own mac address.
Since lease fields are usually always dynamic dynamic for me in 1st instance I never have to tick the “Use Src. MAC Address” box since ROS fills it by itself.
Only if I want to make sure a CPE gets a certain IP address (in pre-configuration, and thus in pre-association of CPE) then I fill the CPE mac address in the lease field I make. I tried with a laptop and saw no difference in ticking yes or not the tick box of this discussion…
I mean, I have one MT CPE that is bridged on an appartment block and then several users via a switch connected to it. Each user gets with its nic mac a unique IP address that then belongs to their unique mac. And the CPE itself also is dhcp-client and thus also gets an IP for its nic-mac
On all my other networks I have the CPE functioning as router. Thus is assigns itself IP addresses to clients that request for it on its LAN port. All these clients yet again get unique IP addresses assigned to their unique mac address.
How do you manage to get similar mac addresses for each client? Each nic is supposed to have a unique mac unless you cloned it?
The header for DHCP packets contains a CHADDR field, which stands for client hardware address. That can be different from the source MAC address in the frame when you have a layer 2 device rewriting it, or are using DHCP relay and have routers rewriting it due to the packet traversing layer 3 hops. Ticking that box leads to the DHCP server using the source MAC address from the frame rather than the MAC address from the CHADDR field.
There’s just some layer 2 devices that rewrite MAC addresses. Think of it as MAC NAT. They hide whatever layer 2 portion is behind them.
A device behind a 802.11 client in station mode, or pseudo bridge, is hided behind the MAC of the 802.11 interface.
the 802.11 interface hide the device behind, using 1 to 1 MAC NAT if there is only one device behind, or using an IP mapping table to NAT source MAC according to source IP.
I don’t see where “use source MAC” could be usefull for DHCP. If this is ticked, then the DHCP server on the access point will not see client devices MAC and DHCP will not work ?
(DHCP relay can be used if needed, or use WDS or station-bridge if level 2 bridge connectivity is needed).
If “use source MAC” is not ticked, then DHCP take the MAC from the CHADDR DHCP request field. This is the normal use.
“use source MAC” could be used to enhance security when clients MAC are not MAC NAT hided ?
I agree, if this would be useful for security-reasons, why is it even unticked by default?
Also, why would you ever NOT want to use the source MAC? If people are trying to fake or clone MACs (like those stupid iPhones with ‘privacy’ setting..) this will only be detrimental to proper DHCP leases, and forces you to use short lease-times, which, in most small networks is pure bullshit.
