Page 1 of 1
How to link MAC address to IP?
Posted: Sun Jul 25, 2010 12:41 pm
by macosoft
I have a small network and I need to link MAC address of the network card on IP to prevent IP stealing inside the network.
How can I do that?
Re: How to link MAC address to IP?
Posted: Sun Jul 25, 2010 1:51 pm
by blake
So, you only want to distribute IPs to certain MAC addresses?
Try the following. Add a lease for each computer you want to allow access.
/ip address
add interface=ether1 address=192.0.2.1/24
/ip dhcp-server
add interface=ether1 name=dhcp1 address-pool=static-only
/ip dhcp-server network
add address=192.0.2.0/24 gateway=192.0.2.1 dns-server=8.8.8.8,8.8.4.4
/ip dhcp-server lease
add mac-address=02:6D:42:12:34:56 address=192.0.2.10 server=dhcp1
I haven't tested this, but you may be able to enable these to only have RouterOS respond to ARP requests from hosts which have a valid DHCP lease.
/interface ethernet set ether1 arp=reply-only
/ip dhcp-server set dhcp1 add-arp=yes
Re: How to link MAC address to IP?
Posted: Sun Jul 25, 2010 2:03 pm
by macosoft
No, I want to distribute internet access only to those IP who have a specific MAC address.
A user have a certain IP address and a MAC address. If he try to change IP the router should not give him internet access.
Same user if changes his network card and set same IP should not have internet access till I set in router the new MAC address for that IP.
Re: How to link MAC address to IP?
Posted: Sun Jul 25, 2010 2:13 pm
by blake
All of those commands should do that; the last two being the key to the whole setup. Users will not receive IPs unless they are in your DHCP leases list. They will not be able to change their IPs to anything other than what their DHCP lease specifies because the router will not dynamically create an ARP entry for the new IP. The router only creates ARP entries for IPs specified in the lease list, which effectively prohibits layer 2 communication with the router for unauthorized MAC / IP pairs.
*** Edit ***
I guess I should clarify something. Are you wanting to use the router to freely route traffic between other internal subnets, and just control access to the Internet? You can limit control to the Internet by MAC address, but its a bit messy in the firewall rules. RouterOS does not support the concept of address lists for MAC addresses like it does for IPs.
Re: How to link MAC address to IP?
Posted: Sun Jul 25, 2010 2:47 pm
by macosoft
Thanks for your replies blake!
The things is this way: I already have a linux router who does what I have asked before, but now I have a RB1100 (with 13 ethernet ports) and that could be more helpfull for me to use it instead the linux router and another switch.
I have my own 256 class IP (80.97.140.0/24), the rb will be 80.97.140.1 on first ethernet port and each client will have own internet IP. I need to set a bandwidth on each client for download/upload.
Any help with limitations, and configuring the ports of the RB1100 will be appreciated.
Re: How to link MAC address to IP?
Posted: Sun Jul 25, 2010 10:25 pm
by fewi
What blake posted will do exactly that. Try it.
Re: How to link MAC address to IP?
Posted: Mon Sep 27, 2010 12:09 pm
by macosoft
But most of my users have manually IP set, and sometime 2 or more users have the same mac address, but different IP (because on some access points the client have all the same mac as the AP).