Note, that should NOT affect it. The DHCP-client trick should work, and it will get you the MAC address, the DHCP-ALERT will get you the mac as well. But you should NEVER distribute all connected subnets, this is a prime example of why not. ☺ Don’t get me wrong, there is a time and place for it, but 99% of the time, it always comes back to bite you. What networks are for! ☺
Dennis Burgess – Network Solution Engineer – Consultant MikroTik Certified Trainer/Consultant<http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE For Wireless Hardware/Routers visit www.linktechs.net<http://www.linktechs.net/> Radio Frequiency Coverages: www.towercoverage.com<http://www.towercoverage.com/> Office: 314-735-0270 E-Mail: dmburg...@linktechs.net<mailto:dmburg...@linktechs.net> From: Af [mailto:af-boun...@afmug.com] On Behalf Of Adam Moffett Sent: Monday, February 27, 2017 4:03 PM To: af@afmug.com Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets I should probably add....if you're distributing all connected subnets via ospf, then the dhcp-client trick will distribute a route to the customer's LAN subnet. You might not want that. That might be obvious depending on how much Keystone Ice we've already had. ------ Original Message ------ From: "Adam Moffett" <dmmoff...@gmail.com<mailto:dmmoff...@gmail.com>> To: af@afmug.com<mailto:af@afmug.com> Sent: 2/27/2017 4:57:04 PM Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets Only on two different router interfaces. If they're on a switch, then no. I think Dennis may be referring to how you should ideally have things configured, and I think you're talking specifically about the feature in Canopy equipment labeled "SM Isolation". Ideally, yeah you should make it so one customer can't break everyone. That's a multi-faceted thing and SM Isolation is one component of it. If you're looking specifically for a router plugged in backwards, add a DHCP-client to the interface facing the AP, and (*critical*) uncheck the boxes for "add default route" and "add peer DNS". That might be the kind of quick, simple test you're hoping for. ------ Original Message ------ From: "That One Guy /sarcasm" <thatoneguyst...@gmail.com<mailto:thatoneguyst...@gmail.com>> To: "af@afmug.com<mailto:af@afmug.com>" <af@afmug.com<mailto:af@afmug.com>> Sent: 2/27/2017 4:42:02 PM Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets clients on two different access points wil be blocked by client isolation? On Mon, Feb 27, 2017 at 3:35 PM, Dennis Burgess <dmburg...@linktechs.net<mailto:dmburg...@linktechs.net>> wrote: There is no reason why it would and should not . ☺ You can easily allow the one offs … Dennis Burgess – Network Solution Engineer – Consultant MikroTik Certified Trainer/Consultant<http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE For Wireless Hardware/Routers visit www.linktechs.net<http://www.linktechs.net/> Radio Frequiency Coverages: www.towercoverage.com<http://www.towercoverage.com/> Office: 314-735-0270<tel:(314)%20735-0270> E-Mail: dmburg...@linktechs.net<mailto:dmburg...@linktechs.net> From: Af [mailto:af-boun...@afmug.com<mailto:af-boun...@afmug.com>] On Behalf Of That One Guy /sarcasm Sent: Monday, February 27, 2017 1:13 PM To: af@afmug.com<mailto:af@afmug.com> Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets A. we have some locations where we dont use client isolation and B client isolation doesnt apply to two access points as far as I know On Mon, Feb 27, 2017 at 12:42 PM, Dennis Burgess <dmburg...@linktechs.net<mailto:dmburg...@linktechs.net>> wrote: Your client isolation should take care of that. FYI. Dennis Burgess – Network Solution Engineer – Consultant MikroTik Certified Trainer/Consultant<http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE For Wireless Hardware/Routers visit www.linktechs.net<http://www.linktechs.net/> Radio Frequiency Coverages: www.towercoverage.com<http://www.towercoverage.com/> Office: 314-735-0270<tel:(314)%20735-0270> E-Mail: dmburg...@linktechs.net<mailto:dmburg...@linktechs.net> From: Af [mailto:af-boun...@afmug.com<mailto:af-boun...@afmug.com>] On Behalf Of That One Guy /sarcasm Sent: Monday, February 27, 2017 12:42 PM To: af@afmug.com<mailto:af@afmug.com> Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets I wasnt clear, I was actually looking for rogue subnets in general another issue example is that a customer with some time clocks recently had a slick tech put a switch in before the router at multiple locations from the same site, different APs, we bridge the APs at the POP, so they were directly communicating On Mon, Feb 27, 2017 at 12:33 PM, Faisal Imtiaz <fai...@snappytelecom.net<mailto:fai...@snappytelecom.net>> wrote: You might find the useful. https://forum.mikrotik.com/viewtopic.php?t=23640 Regards. Faisal Imtiaz Snappy Internet & Telecom 7266 SW 48 Street Miami, FL 33155 Tel: 305 663 5518 x 232<tel:(305)%20663-5518> Help-desk: (305)663-5518<tel:(305)%20663-5518> Option 2 or Email: supp...@snappytelecom.net<mailto:supp...@snappytelecom.net> ________________________________ From: "That One Guy /sarcasm" <thatoneguyst...@gmail.com<mailto:thatoneguyst...@gmail.com>> To: af@afmug.com<mailto:af@afmug.com> Sent: Monday, February 27, 2017 11:34:59 AM Subject: [AFMUG] Mikrotik quick view for unknown subnets If, for example a customer has a router connected backward, is there an arp(ish) check aside from packet sniffing to see this since its not a subnet on the interface and there wont be an arp entry? -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team. -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team. -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team. -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team.