Interesting Mikrotik integration question

Rajesh_Yadav · March 16, 2018, 4:02pm

Hypothetical network

1 mid size (100 hosts) Layer 2 wired network (with or without VLANs)
All hosts assigned IP in similar range using DHCP with Radius
Blocking works via reject IP list in Splynx

Problem
There is no way for us to block a user if the user assigns IP address manually in the same range that the DHCP server assigns

Probable solution?

Mark all IP addresses as blocked in Mikrotik firewall
Whenever DHCP assigns an IP addresses it gets selectively (magic?) unblocked in Mikrotik

Heiko_Rehm · March 19, 2018, 7:29pm

Solution is to use IPoE instead DHCP.

Difference between DHCP and IPoE:

– In IPoE, a Router doesn’t send ARP-Requests. (arp reply-only setting on the IPoE Interface in Mikrotik)
– The ARP Table needs to be filled by something else otherwise there is no communication between client and router.
– The ARP Table is filled by the DHCP Server which adds a lease to the ARP table after the Lease has been authenticated by a AAA Server.
– The router doesnt send arp-requests but only replies.

So even if a user sets a static IP, as long its not entered in the routers ARP Table, the router isnt able to communicate with the client and therefore the client cannot neither.

Heiko

rocky · January 26, 2023, 8:16pm

Does Mikrotik allow for an IPoE setup?

If so, is there a guide or wiki with directions on how to implement it?