Good Day
My customer has a network for their office PC's, Tills, Scales, and Camera systems (10.0.0.8/24)
They have most of their Computers static IP, as well as their IP Cameras and NVR's.
Their ISP Router supplies the DHCP for any clients with Dynamic IP.
However their Camera Provider also has an ADSL router on the same network. That router is used for VPN connections from remote branches.
It is a Billion ADSL Router. Occasionally the DHCP server gets enabled on their Billion ADSL Router, which then messes things up, eg the Dynamic Clients get the wrong Default Gateway, or there are IP Conflicts as their Billion Router assigns some addresses that the ISP Router has assigned, or it assigns addresses that are already static on other devices.
There is a single network cable between the CCTV physical network, and the remaining network, however it is not logically split.
They would like to have a way to block the DHCP from the Billion ADSL Router from assigning addresses to their other computers (should it get enabled again). Everything on the CCTV network is static anyway, so this is just an extra precaution.
What I was thinking is putting a Mikrotik Router between the 2 Networks (Office Net on Eth1, CCTV Net on Eth2), have it pass through all traffic (sort of acting just as a network switch, without routing, masq, etc), but it must block all DHCP requests passing from the Office Network to the CCTV Network, or deny all DHCP Replies from the CCTV Network to the Office Network.
Renumbering their networks is not an option at this point (or else routing would be easy). Is this possible considering that it is a single Class C Network?
Thanks
Peter
Re: Network Passthrough but block DHCP
You can use a small Mikrotik device, configure two ports in bridge and then use bridge filtering do block all UDP packets src port either 67 or 68 and dst port either 67 or 68 ... in both directions. This should block any packet in any of the 4 phase of DHCP handshake. Just make sure that L2 HW offload is disabled on that bridge.
Re: Network Passthrough but block DHCP
DHCP Snooping on your current switch (assuming you have one) would solve this as well.Good Day
My customer has a network for their office PC's, Tills, Scales, and Camera systems (10.0.0.8/24)
They have most of their Computers static IP, as well as their IP Cameras and NVR's.
Their ISP Router supplies the DHCP for any clients with Dynamic IP.
However their Camera Provider also has an ADSL router on the same network. That router is used for VPN connections from remote branches.
It is a Billion ADSL Router. Occasionally the DHCP server gets enabled on their Billion ADSL Router, which then messes things up, eg the Dynamic Clients get the wrong Default Gateway, or there are IP Conflicts as their Billion Router assigns some addresses that the ISP Router has assigned, or it assigns addresses that are already static on other devices.
There is a single network cable between the CCTV physical network, and the remaining network, however it is not logically split.
They would like to have a way to block the DHCP from the Billion ADSL Router from assigning addresses to their other computers (should it get enabled again). Everything on the CCTV network is static anyway, so this is just an extra precaution.
What I was thinking is putting a Mikrotik Router between the 2 Networks (Office Net on Eth1, CCTV Net on Eth2), have it pass through all traffic (sort of acting just as a network switch, without routing, masq, etc), but it must block all DHCP requests passing from the Office Network to the CCTV Network, or deny all DHCP Replies from the CCTV Network to the Office Network.
Renumbering their networks is not an option at this point (or else routing would be easy). Is this possible considering that it is a single Class C Network?
Thanks
Peter
Re: Network Passthrough but block DHCP
Thanks for the suggestions.
It is a slap together network, so they do not have any managed switches.
The suggestion of Bridge filtering looks like the way to go (I just did not know the term to search for it).
I will be installing an HAP AC2 to provide a VPN Endpoint for them (and provide Wifi in their main office), so it will not be a problem. Also the traffic traversing the CCTV network side to the Office Network side is minimal (just ARP Requests, and the occasional packets from their Clocking systems, etc), so the HAP AC2 should be fine to handle that.
Thanks again
Peter
It is a slap together network, so they do not have any managed switches.
The suggestion of Bridge filtering looks like the way to go (I just did not know the term to search for it).
I will be installing an HAP AC2 to provide a VPN Endpoint for them (and provide Wifi in their main office), so it will not be a problem. Also the traffic traversing the CCTV network side to the Office Network side is minimal (just ARP Requests, and the occasional packets from their Clocking systems, etc), so the HAP AC2 should be fine to handle that.
Thanks again
Peter
Who is online
Users browsing this forum: xrlls and 89 guests