Community discussions

MikroTik App
 
Jans
just joined
Topic Author
Posts: 9
Joined: Wed May 27, 2009 9:58 am

DHCP server with MAC filtering

Wed May 27, 2009 10:08 am

Is there is an option in Miktotik to deal IP addresses only for known clients by MAC addresses?
I mean - if there is action when unknown person tries to connect to my network - router doesn't know it's MAC address and doesn't give him IP address and rejects connection to network.

Is there are options like this?
 
User avatar
sergejs
MikroTik Support
MikroTik Support
Posts: 6650
Joined: Thu Mar 31, 2005 3:33 pm
Location: Riga, Latvia
Contact:

Re: DHCP server with MAC filtering

Wed May 27, 2009 10:49 am

There is no any rejection, but it is possible to give IP addresses only for known clients.
Set
/ip dhcp-server set <server> address-pool=static-only
, then only clients from /ip dhcp-server leaser (or from RADIUS server/User Manager) can get IP addresses from DHCP server.
 
Jans
just joined
Topic Author
Posts: 9
Joined: Wed May 27, 2009 9:58 am

Re: DHCP server with MAC filtering

Wed May 27, 2009 11:01 am

so this will meet my needs for only known clients on my network? In this case - what is going to be shown for person who tries to connect? Is it going to be "Limited or no connectivity" or connection will be established, but there is not access to network services and internet?
 
User avatar
sergejs
MikroTik Support
MikroTik Support
Posts: 6650
Joined: Thu Mar 31, 2005 3:33 pm
Location: Riga, Latvia
Contact:

Re: DHCP server with MAC filtering

Wed May 27, 2009 11:04 am

The client will not get an IP address from the DHCP server, it should be Limited or no connectivity.
 
Jans
just joined
Topic Author
Posts: 9
Joined: Wed May 27, 2009 9:58 am

Re: DHCP server with MAC filtering

Wed May 27, 2009 11:09 am

Thank you Sergejs for help. This was really helpfull.
 
Jans
just joined
Topic Author
Posts: 9
Joined: Wed May 27, 2009 9:58 am

Re: DHCP server with MAC filtering

Wed Jun 03, 2009 5:37 pm

But is there any defense if person who tries to connect to my network input static address in Local Area Connection and he gets my network resources.
 
User avatar
skillful
Trainer
Trainer
Posts: 557
Joined: Wed Sep 06, 2006 1:42 pm
Location: Abuja, Nigeria
Contact:

Re: DHCP server with MAC filtering

Wed Jun 03, 2009 8:57 pm

But is there any defense if person who tries to connect to my network input static address in Local Area Connection and he gets my network resources.
If you are using unmanaged switch he get as far as the broadcast domain of the switch he connects to. Beyond that, the router will block him.

Only managed switch and vlans on it can protect you from such a person at switch level
 
fahad1986
just joined
Posts: 7
Joined: Wed Apr 23, 2014 9:38 am

Re: DHCP server with MAC filtering

Mon Apr 28, 2014 8:29 am

pl see my question in my most :
Hello all
I am getting IP from DHCP server on a fiber link . I dont have static IP , I want to give IP to my clients from the same DHCP server but after mac filtering.It mean if users mac is in the router then user get IP if not then user dont get IP .
Thank in advance
 
User avatar
johnfoe
just joined
Posts: 1
Joined: Wed Oct 21, 2020 10:36 pm

Re: DHCP server with MAC filtering

Wed Oct 21, 2020 10:46 pm

Yes it is, I've tested it and it works like a charm

1. DHCP Security: Add ARP for Leases
So that each device can only be connected by allocating the IP Address from the DHCP Server, we need to activate the 'Add ARP for Leases' option. The trick is to double click on the DHCP Server and check the option which is located at the bottom.
Image

In addition, on the router interface where the DHCP Server is located, we change the 'ARP' parameter with the 'reply-only' option. This is intended so that the router will not automatically update the ARP List table when a client is connected using a Static IP Address.
Image

The above settings will make the router only allow interconnection of clients who get the IP address from the DHCP process. Users who set the IP address manually are not able to interconnect to the router.

2. DHCP Security: Adress Pool Static Only
Furthermore, by using the 'Add ARP for Leases' parameter like the configuration above, we can also limit the devices connected via the DHCP Server to only the devices that we have specified. For this need, you can set the parameters on the DHCP Server, namely the Address Pool, by setting it to the 'Static-Only' option.

However, first we have to register the devices that are allowed to connect to the Static Leases list. For the addition itself, you can select the IP menu -> DHCP Server -> Leases tab -> Click Add [+].
Image

Once added, we can see a list of these devices in the Leases Tab.
Image

Next, we will set the Address Pool parameter to 'Static-Only'. For the settings, you can click twice on the existing DHCP Server and select the Address Pool parameter.
Image

Enjoy :)

source : here
Last edited by johnfoe on Wed Oct 21, 2020 10:51 pm, edited 1 time in total.

Who is online

Users browsing this forum: No registered users and 10 guests