I have installed the Mikrotik v2.8 router to test it and I was very happy with it. Nonetheless, I have a couple problems:
How can I control access to the router in such a way that I create pairs of IP-MAC that can connect to the router? I need this in order to corectly survey the traffic generated by each computer on the network, and prevent the use of “illegal IPs”. One can easily just change his machine’s IP and make traffic.
Can I see the traffic generated by each computer on the LAN directly on the router. I know there is a windows software for remote access, but I need to see a kind of log created on the router.
You should set the interface’s ARP mode to “reply-only” and then put static ARP entries for the IP-MAC-combos you want to allow. So as an example do:
“/interface ethernet set ether1 arp=reply-only”
“/ip arp add address=1.2.3.4 mac-address=00:10:DC:68:76:03 interface=ether1 comment=customerA”
Thank you for your answers. The first problem is solved then. The second one, though, not. As far as I understand, torch is a realtime traffic monitor, but not a counter. I want to see how much traffic an IP has made during the last week, or month for instance. The windows traffic counter utility does not show correct values, or maybe I don’t know how to set it up :-).
You have to poll the data regularly out of the router, though, as you will loose data when the accouting table hits its’ limits.
Eje Gustafsson (Macahan@fament.com) has written a script to do this and save the data into a database. I’m not sure, where the most current version is - I could send you version 1.1 he published on the mailing list in October 2002…