i have a /22 private network and I want to run one DHCP server able to chose the correct pool for each lease depending on the mac address of the devices in lan.
I mean, e.g. :
192.168.8.0/22 where I’m going to use the .8 as videosurveillance lan, .10 as network (router, wifi APs, switches..) .11 for wifi devices (smart devices, notebook, iPad..), .9 for domotic stuff.
I have families of mac addresses (e.g. B4-4C-3B is Dahua) that I want link to the correct pool.
I know that many vendors gots a lot of pools (just look ad HP..) but forget it, I have a few narrow brands in mind and generic stuff will just receive a lease from the .11 pool.
What I need is to have a sequential filter able to compare first six numbers of mac address chosing the correct pool or, when not matching, the last generic one.
Are you able to explain a bit more on why you want it set up like this, 2 examples:
Is this to keep a translation between devices and IP addresses? = there is a DHCP lease table under the IP/dhcp-server settings, in there you can see this as well as you can double click to copy a lease and make it static so that mac address will get that same ip address each time it requests from this server
is this to segregate the devices on the network? = this will not segregate them enough, if you keep them on the same /22 network as everything else since they are all on the same layer 2 network they can communicate, you cant change the subnetmask per lease (unless you play around with DHCP options i think?) but again thats a bit jankie.
The better way of doing this is to have a couple vlans on the router and set up individual vlans for each network, this will segregate the layer 2 connection on the network so all you would need to do is set up basic firewall rules on the router/dhcp server to prevent the ip traffic from communicating in between the vlans.
There are multiple ways on how to set things up so when looking for advice its best not to focus on this, it is best to instead explain the end behaviour of what you would like to achieve, update us with a export of your config (make sure you take out the sensitive info when exporting and removing things like public IP addresses manually after the rsc is generated), then explain what you have done so far to try and achieve this.
I have a private /22 subnet and I want the DHCP server to assign ip according to the mac address of the client that shows up.
The subnet is: 192.168.8.0/22, where I’m going to use the .8.X as videosurveillance lan, .10.X as network (routers, wifi APs, switches..) .11.X for wifi devices (smart devices, notebook, iPad..), .9.X for domotic stuff.
If I connect a Dahua camera that has a MAC address with prefix B4:4C:3B then I want it to be assigned an IP from the range I have previously allocated for the cameras, the 192.168.8.X.
If I connect a Somfy (home automation) device that has MAC address 4C:C2:06 then it must be assigned an IP from the range of .9.X.
If I connect a guest’s mobile phone or any device that does not fall within the mac address families I have provided, then it must be assigned an IP from the “generic” .11.X range
Answering questions when you don’t understand why something is being asked will often lead to suboptimal answers.
The question, as asked seems to imply that the user wants to separate the users into different classes. But the user is unwilling to provide any information about what equipment is involved. As far as we know from what he has posted, he could have a mix of a TP-Link router, and Tenda dumb switches.
I could answer: I have a Router OS.. but you are right, I missed an useful info: 6.49.6
CCR1009, today I cannot separate physically the network nor use VLANs.
in a month or two probably I’m going to have video surveillance network physically separated and maybe I could add VLANs.
sorry guys but I simply omitted informations I think are useless for the solution.
I know I’m going to have low security and a lot of broadcast but at least I’ll have a cleaner organization and I’ll be ready for the separation in the future.
Thanks a lot, me stupid, I didn’t see it in the manual..
Well, it seems to check the Class-ID (and shows how to obtain it) but I didn’t find it for dahua and somfy.. but tomorrow will check better.
Anyway that DHCP option could be the right clue.. would be fantastic if could work with client-id or chaddr that comes from the MAC address.. (better: matching first 3 couples of it).
If you can’t get that to work, the more manually intensive setting the dhcp pool to only hand out addresses in .11.0/24 and manually reserve all other addresses. E.g. like what is described here MikroTik Tutorial 44 - Static DHCP Leases
But I don’t really see any real advantage to doing this other than that you could see what you had classified, there won’t be any separation, but you seem to be aware of that.