Community discussions

MikroTik App
 
wang1312150
just joined
Topic Author
Posts: 10
Joined: Thu Jan 20, 2022 3:11 pm

seek help

Thu Jan 20, 2022 3:55 pm

How to allocate the interface specified by DHCP to fixed IP
 
erlinden
Forum Guru
Forum Guru
Posts: 1920
Joined: Wed Jun 12, 2013 1:59 pm
Location: Netherlands

Re: seek help

Thu Jan 20, 2022 8:40 pm

 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19105
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: seek help

Thu Jan 20, 2022 8:59 pm

...............
You do not have the required permissions to view the files attached to this post.
 
wang1312150
just joined
Topic Author
Posts: 10
Joined: Thu Jan 20, 2022 3:11 pm

Re: seek help

Fri Jan 21, 2022 1:10 pm

Upstairs, it is the binding MAC address. If the online notebook is often changed, the binding MAC must not work
 
wang1312150
just joined
Topic Author
Posts: 10
Joined: Thu Jan 20, 2022 3:11 pm

Re: seek help

Fri Jan 21, 2022 1:18 pm

Upstairs, fixed IP is assigned to the specified MAC address, not interfaces. For example, my router has 24 interfaces. I think the IP address assigned to the network cable of interface 10 is 192.168.1.10, and the IP address assigned to the network cable of interface 11 is 192.168.1.11, and so on. How to set this way, because the online client is a laptop, which is always changing, and there is no way to assign IP address according to Mac
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19105
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: seek help

Fri Jan 21, 2022 1:34 pm

My apologies, I do not understand your situation or the requirements.
perhaps draw a network diagram??
 
Zacharias
Forum Guru
Forum Guru
Posts: 3459
Joined: Tue Dec 12, 2017 12:58 am
Location: Greece

Re: seek help

Fri Jan 21, 2022 2:19 pm

and there is no way to assign IP address according to Mac
Why ?
 
User avatar
jvanhambelgium
Forum Veteran
Forum Veteran
Posts: 985
Joined: Thu Jul 14, 2016 9:29 pm
Location: Belgium

Re: seek help

Fri Jan 21, 2022 2:33 pm

Upstairs, fixed IP is assigned to the specified MAC address, not interfaces. For example, my router has 24 interfaces. I think the IP address assigned to the network cable of interface 10 is 192.168.1.10, and the IP address assigned to the network cable of interface 11 is 192.168.1.11, and so on. How to set this way, because the online client is a laptop, which is always changing, and there is no way to assign IP address according to Mac
The "port" of the router/switch is irrelevant, ultimately it is the CLIENT MAC-address that determines which IP it will receive.
Using the Mikrotik-DHCP service, you cannot "force" (to my knowledge) a device to receive 192.168.1.10 when plugged in Port10 or 192.168.1.17 when plugged in Port17 because I think this is what you are looking for?

"the online client is laptop, which is always changing" => Is this a MAC-book or Android device ? Check if there is a setting "Privacy" on the network-setting that makes RANDOM MAC-ADDRESSES making it indeed impossible to provide a specific IP to certain MAC.
Android phone on their Wifi have the same setting, iOS devices also.

To be honest, this is a wild guess from my part as your question/requirement is almost not understandable!
 
wang1312150
just joined
Topic Author
Posts: 10
Joined: Thu Jan 20, 2022 3:11 pm

Re: seek help

Fri Jan 21, 2022 2:34 pm

Because the laptop changes at any time, of course, the MAC changes at any time, and the IP changes at any time, so it can't be fixed
 
Zacharias
Forum Guru
Forum Guru
Posts: 3459
Joined: Tue Dec 12, 2017 12:58 am
Location: Greece

Re: seek help

Fri Jan 21, 2022 2:41 pm

Because the laptop changes at any time, of course, the MAC changes at any time, and the IP changes at any time, so it can't be fixed
ok, i see...
As far as i know you can't bind the port number with a specific IP...
There might be hundreds of different solutions but i am missing the reason why you want to bind the port with a specific IP... what is the benefit ?
 
wang1312150
just joined
Topic Author
Posts: 10
Joined: Thu Jan 20, 2022 3:11 pm

Re: seek help

Fri Jan 21, 2022 2:43 pm

Requirements: the PC connected to port 10 of the router can obtain a fixed IP address each time.

Demand analysis:

Turn on the DHCP function on the router. The addresses obtained each time are different. Although DHCP binding can be done, only the specified PC can be bound (IP is allocated according to the MAC of the PC). If the PC changes the network card (the MAC of the PC changes), the binding configuration needs to be changed, which is more troublesome
 
wang1312150
just joined
Topic Author
Posts: 10
Joined: Thu Jan 20, 2022 3:11 pm

Re: seek help

Fri Jan 21, 2022 2:47 pm

If there are dozens of computers in the office and someone secretly mines, there is no way to trace them. If they are assigned a fixed IP, they know which IP used by the office is easier to trace
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: seek help

Fri Jan 21, 2022 2:50 pm

If you don't mind having a separate VLAN (and, therefore, subnet) at each port, you could do it that way, having a separate DHCP server for each VLAN (or for the ethernet port directly). But the lease time would have to be short, so that the lease could expire between disconnection of one PC and connection of the other one.
 
Zacharias
Forum Guru
Forum Guru
Posts: 3459
Joined: Tue Dec 12, 2017 12:58 am
Location: Greece

Re: seek help

Fri Jan 21, 2022 2:51 pm

If there are dozens of computers in the office and someone secretly mines, there is no way to trace them. If they are assigned a fixed IP, they know which IP used by the office is easier to trace
Use VLANs ( for the clients ) for network segmentation and Firewall rules to protect your Local network then...
 
wang1312150
just joined
Topic Author
Posts: 10
Joined: Thu Jan 20, 2022 3:11 pm

Re: seek help

Fri Jan 21, 2022 3:06 pm

vlan does not work, because of the special requirements of the network, all computers must be in the layer 2 network
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11439
Joined: Thu Mar 03, 2016 10:23 pm

Re: seek help

Fri Jan 21, 2022 3:16 pm

I guess the only other possible solution would be to use RADIUS as backend for DHCP server ... if switches support remote-circuit-id property ...
 
Zacharias
Forum Guru
Forum Guru
Posts: 3459
Joined: Tue Dec 12, 2017 12:58 am
Location: Greece

Re: seek help

Fri Jan 21, 2022 3:26 pm

vlan does not work, because of the special requirements of the network, all computers must be in the layer 2 network
mac based VLAN then.. all unknown MAC addresses can be added to a specific VLAN that has no access to resources that it shouldn't...
So if an unknown MAC connects to the network, it won't be able to access any of the local network resources... If on the other hand, that MAC should be able to access the local network, then you will manually add it to the allowed VLAN...
 
User avatar
jvanhambelgium
Forum Veteran
Forum Veteran
Posts: 985
Joined: Thu Jul 14, 2016 9:29 pm
Location: Belgium

Re: seek help

Fri Jan 21, 2022 3:28 pm

I guess the only other possible solution would be to use RADIUS as backend for DHCP server ... if switches support remote-circuit-id property ...
Yep, perhaps with a 802.1X NAC / Separate DHCP setup there might also be some option here, but this is getting really complex for a "problem" that should not be fixed at NETWORK layer.
 
wang1312150
just joined
Topic Author
Posts: 10
Joined: Thu Jan 20, 2022 3:11 pm

Re: seek help

Fri Jan 21, 2022 3:42 pm

Does the official switch have the function of assigning fixed addresses according to the port of the switch? Which God knows
 
Zacharias
Forum Guru
Forum Guru
Posts: 3459
Joined: Tue Dec 12, 2017 12:58 am
Location: Greece

Re: seek help

Fri Jan 21, 2022 3:52 pm

Does the official switch have the function of assigning fixed addresses according to the port of the switch? Which God knows
IP assignment according to the Port ID as far as i know no... but i think that has already been answered...
 
afuchs
Frequent Visitor
Frequent Visitor
Posts: 81
Joined: Wed Jul 03, 2019 11:10 am

Re: seek help

Fri Jan 21, 2022 4:09 pm

Why is it so important, that you assign a IP-Address to specific ethernet ports?
Isn't it possible that someone use a other port?
Perhaps something like the hotspot https://wiki.mikrotik.com/wiki/Manual:IP/Hotspot or a separate proxy can do the trick.
The internal traffic is free, but to use the Internet you must authenticate with your personal credentials (logging!).
So you know, who is mining or who gave his credentials away.
I don't know much about mining, but is there a way to block it in the firewall (special ports, set of IP addresses)?
 
wang1312150
just joined
Topic Author
Posts: 10
Joined: Thu Jan 20, 2022 3:11 pm

Re: seek help

Fri Jan 21, 2022 4:47 pm

Network requirements do not allow authentication. For example, I want to know which IP address computers in the office access. As we all know, the network cable in the office is connected to an interface of the switch. Computers in the office may be unfixed laptops. How do I track it
 
afuchs
Frequent Visitor
Frequent Visitor
Posts: 81
Joined: Wed Jul 03, 2019 11:10 am

Re: seek help

Fri Jan 21, 2022 5:49 pm

In my office are 4 ethernet ports (wall outlets if it is the correct term), so I can switch to the port of my work college or the printer.
By the way, we have offices with more ports and persons.

How do you think about blocking the mining traffic with the firewall (if possible) or a separate (transparent) proxy?

Regarding the Network requirements, there are points where it must be considered if a new feature can be implemented without changing the requirements (changing or feature).

Is there any service, like an Active Directory, a RADIUS-Server or something, where all users log in, if yes you could consider to log the IP-address - person relation there (perhaps from a other department) and
only monitor the traffic. In a specific case, the data could be correlated. Not pretty but an option.
 
User avatar
mozerd
Forum Veteran
Forum Veteran
Posts: 872
Joined: Thu Oct 05, 2017 3:39 pm
Location: Canada
Contact:

Re: seek help

Fri Jan 21, 2022 6:09 pm

If there are dozens of computers in the office and someone secretly mines, there is no way to trace them. If they are assigned a fixed IP, they know which IP used by the office is easier to trace
From the sound of your requirement I suspect that your network was installed by person(s) who do not know how to build effective networks. If this network had been properly configured to accommodate your requirements then you would have what you need. @Sindy's suggestion is the one that accomplishes your objective.

My apologies for the poor grammar and sentence structure ... now corrected.
Last edited by mozerd on Sat Jan 22, 2022 3:36 pm, edited 3 times in total.
 
wang1312150
just joined
Topic Author
Posts: 10
Joined: Thu Jan 20, 2022 3:11 pm

Re: seek help

Sat Jan 22, 2022 11:54 am

Upstairs, my demand is that each office is assigned a fixed IP. Only the specified IP can be used to access the Internet. If you change the IP privately, you can't access the Internet and can't bind the Mac, because the computer is not fixed

Who is online

Users browsing this forum: Ahrefs [Bot], anav, svh79 and 82 guests