How can I do that without the use of PPPoE server? We’ll eventually move to PPPoE once we’re comfortable, but for now I need to avoid people modifying their IP. Today one of them set his IP to be the same as my gateway and things went bananas. MT2.9.8.
Thank you
No one has this problem, or is this a stupid question where I’m forced to adopt radius, certificates,pppoe, etc. to do so?!
Hi, you can usu static ARP entries, so if the client, change the ip associated to a MAC address, he will not connect…
cibernet,
Thanks for the reply!
I tried using static ARP but all it happens in this case is I get a red log pointing the mismatch. The client still connects and is able to surf 
Maybe I’m doing something wrong?!!
Will it work under transparent bridging? (maybe that’s where I’m mistaking?)
You have to set, in the interface ARP: reply-only .
Regards
Use firewall rules, static-arp will make the matter worse over time in so many ways.
This is why people design their networks before they implement - so they know the advantages and disadvantages.
sten,
How about some examples, how-to’s, etc. showing how should it be done!?
Thanks,
Here is example for static ARP configuration:
http://www.mikrotik.com/docs/ros/2.9/ip/address.content#8.42.3
Firewall rules you have to create by yourself:
http://www.mikrotik.com/docs/ros/2.9/ip/filter.content#6.38.3.2
link describe common firewall rules, but you have to set some additional rules, like 'ip firewall filter add chain=forward scr-address=user_IP src-mac-address=user_MAC action=accept
there will be rules accepting traffic from users, and than drop rule at the end of the list.