Community discussions

MikroTik App
 
User avatar
BartoszP
Forum Guru
Forum Guru
Topic Author
Posts: 2867
Joined: Mon Jun 16, 2014 1:13 pm
Location: Poland

DHCP - how to block IP offer to the client ?

Fri Jan 08, 2016 11:32 pm

The problem:
Is there a way to block offer to the DHCP client when the client already has IP assigned on the second interface ?

This second interface obviously has different MAC but the hostname of the client is the same for both interfaces.
I do not know which interface is connected and assigned first but the second one should be "banned" till the first works.
I do not want to statically disable particular MACs.
 
jarda
Forum Guru
Forum Guru
Posts: 7756
Joined: Mon Oct 22, 2012 4:46 pm

Sat Jan 09, 2016 12:34 am

I have normally multiple nic computers connected to one network actively without any issues. It doesn't make any problems. What is your reason?
 
User avatar
BartoszP
Forum Guru
Forum Guru
Topic Author
Posts: 2867
Joined: Mon Jun 16, 2014 1:13 pm
Location: Poland

Re: DHCP - how to block IP offer to the client ?

Sat Jan 09, 2016 2:17 am

A. Why to fill DHCP table with unsed leases ?
B. Computers in accounting department needs fast stable ethernet connection . When users forgot to switch-off WiFi then PC gets IP on WiFi first and it becomes "main" connection instead of ethernet one which means less stable and slower connection.

I know how to list "doubled" connections and who is the owner but I want just to fully disable such connections.
 
kamillo
Member Candidate
Member Candidate
Posts: 162
Joined: Tue Jul 15, 2014 5:44 pm

Re: DHCP - how to block IP offer to the client ?

Sun Jan 10, 2016 11:28 pm

I think easier would be to write some Windows script to check for network status on both nics. If both Ethernet and WiFi are up and belong to the same subnet, disable one or change default GW or do whatever you think is appropriate. You could deploy that with Group Policy.
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4047
Joined: Wed May 11, 2011 6:08 pm

Re: DHCP - how to block IP offer to the client ?

Mon Jan 11, 2016 5:08 pm

Ummm - why not just use a larger IP range?

192.168.0.1/23 or 192.168.0.1/22 ?

If IP pools are running out of addresses, make the pools larger or shorten the lease times. Trying to get fancy by making rules that block things if x-y-z is true can come back and cause strange problems later.

(EDIT - I previously said 'extend' lease times - whoops. Fixed.)

If you're completely against using a larger subnet mask (and there's no need to be against that, but it's your network not mine) then you might choose to split your network into multiple subnets. Move the wireless to a different IP segment...
Last edited by ZeroByte on Tue Jan 12, 2016 8:54 pm, edited 1 time in total.
 
mpreissner
Member
Member
Posts: 357
Joined: Tue Mar 11, 2014 11:16 pm
Location: Columbia, MD

Re: DHCP - how to block IP offer to the client ?

Mon Jan 11, 2016 5:46 pm

The default behavior on Windows (and Mac) computers is that a wired connection is always given preference over a wireless when both connections are active. I agree with ZeroByte...use a larger IP space. Or, you could set your wireless up to use a different subnet than your wired network. Either way, all your computers should automatically default to the wired connection when both wired and wireless are available. You're making a mountain out of a mole-hill...
 
Zorro
Long time Member
Long time Member
Posts: 675
Joined: Wed Apr 16, 2014 2:43 pm

Re: DHCP - how to block IP offer to the client ?

Tue Jan 12, 2016 3:25 am

simply decrease(and Dramatically !!) DHCP lease time, increase IP-pool for DHCP server to prevent saturation/DOS attack/misconfiguration.
if thats not enough - bound some leases STATICALLY in DHCP server(NOT in ARP's static list) and then restrict/whitelist some hosts in those leases in firewall.
and another "last resort tweak" - turn ARP on DHCP-managed interfaces to "reply-only".
would help enough, i think.

Who is online

Users browsing this forum: Kanzler, petardo, Valerio5000 and 27 guests