Setting up single ip address users?

Richard_Stephens · September 7, 2007, 6:24am

Hi

I’m using a RouterOS router for my company’s core router, which is providing services to untrusted colocation and dedicated server clients. To prevent customers from using ARP poisoning, or other nefarious behavior like trying to get free transit by using IPs not allocated to them, we put each customer on their own VLAN, with a trunk between our RouterOS box and our 3com switch.

Trouble is, assigning a /30 to a customer who only requires one address is a bit of a waste of our address space. Is there any way to configure routerOS so that customers have a /32 subnet mask, and connect to the broadcast address to transmit packets?

Thanks
-Richard

skillful · September 7, 2007, 5:37pm

Use PPPoE to log them in and handout a /32 Ip address

UniKyrn · September 7, 2007, 6:11pm

It would be a pain to maintain, especially if your customers tend to swap equipment often at their end of the wire, but you could build firewall rules that allowed incoming packets from them that met specific MAC/IP combinations, and dropped anything else.

winxp2000 · September 7, 2007, 6:59pm

I do think so and made it successfully in few companys network.

You do not need care the user’s network setting before.

Just give them a account of PPPOE.

After they dial-up to you MT, it will get a /32 bit subnet code.

changeip · September 7, 2007, 8:10pm

i wondered about this also, the downside is that they have a smaller MTU now when using PPPOE?

Sam

gustkiller · September 7, 2007, 8:12pm

you can do a /32 via dhcp and it works like a charm here,

your client ill get a 255.255.255.255 netmask and everypacket coming from them should pass trough the router os, and u can do any type of filtering with that.

UniKyrn · September 7, 2007, 8:24pm

Yes, there will be a performance loss and since it was specified that these were colo and dedicated servers, they might not even have PPPOE available.