I used to have a way to figure it out. I don’t remember how I did it other than link tests were involved. I think I link tested every SM one by one on an AP until.... something happened... Perhaps until a particular IP stopped pinging or ???
From: Dennis Burgess Sent: Monday, February 27, 2017 3:51 PM To: af@afmug.com Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets ARPs will not come though as you don’t have anything on that subnet. DHCP-Alert is what you want. Dennis Burgess – Network Solution Engineer – Consultant MikroTik Certified Trainer/Consultant – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE For Wireless Hardware/Routers visit www.linktechs.net Radio Frequiency Coverages: www.towercoverage.com Office: 314-735-0270 E-Mail: dmburg...@linktechs.net From: Af [mailto:af-boun...@afmug.com] On Behalf Of That One Guy /sarcasm Sent: Monday, February 27, 2017 4:19 PM To: af@afmug.com Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets Im mainly looking for IP space that shouldnt be present, DHCP or not. I can packet sniff and exclude all configured subnets on that bridge, but its a pain I didnt know if there was arp monitor or something along those lines. collecting gratuitous ARPs or something like that I see alot of false 192.168.1.1 when i stick that subnet on the interface, it doesnt respond and often times has the customer IP arp listed as well sometimes its the same mac, sometimes its one digit off like a reboot cycling up in switch then into router mode during boot cycle. I see it alot with netgear macs. alot of times the 192.168.1.1 is persistent even though its not responding or otherwise apparently even active On Mon, Feb 27, 2017 at 4:04 PM, Adam Moffett <dmmoff...@gmail.com> wrote: Oh? I never noticed that feature. If you get the offender's MAC address it should be trivial to find them at that point. That's really all you need. ------ Original Message ------ From: "Dennis Burgess" <dmburg...@linktechs.net> To: "af@afmug.com" <af@afmug.com> Sent: 2/27/2017 5:01:12 PM Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets MIkroTik does have a dhcp alert detection as well. It will not detect the dhcp sever on the router. It will give you basic information such as MAC address etc, but really don’t help you too much. But neither will turning a DHCP client on. You have to find where that client is and turn them off. Dennis Burgess – Network Solution Engineer – Consultant MikroTik Certified Trainer/Consultant – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE For Wireless Hardware/Routers visit www.linktechs.net Radio Frequiency Coverages: www.towercoverage.com Office: 314-735-0270 E-Mail: dmburg...@linktechs.net From: Af [mailto:af-boun...@afmug.com] On Behalf Of Dennis Burgess Sent: Monday, February 27, 2017 3:59 PM To: af@afmug.com Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets Switch can do it too, port isolation! Lol note, not a dumb switch though. Nettoix I belive does it. Dennis Burgess – Network Solution Engineer – Consultant MikroTik Certified Trainer/Consultant – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE For Wireless Hardware/Routers visit www.linktechs.net Radio Frequiency Coverages: www.towercoverage.com Office: 314-735-0270 E-Mail: dmburg...@linktechs.net From: Af [mailto:af-boun...@afmug.com] On Behalf Of Adam Moffett Sent: Monday, February 27, 2017 3:57 PM To: af@afmug.com Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets Only on two different router interfaces. If they're on a switch, then no. I think Dennis may be referring to how you should ideally have things configured, and I think you're talking specifically about the feature in Canopy equipment labeled "SM Isolation". Ideally, yeah you should make it so one customer can't break everyone. That's a multi-faceted thing and SM Isolation is one component of it. If you're looking specifically for a router plugged in backwards, add a DHCP-client to the interface facing the AP, and (*critical*) uncheck the boxes for "add default route" and "add peer DNS". That might be the kind of quick, simple test you're hoping for. ------ Original Message ------ From: "That One Guy /sarcasm" <thatoneguyst...@gmail.com> To: "af@afmug.com" <af@afmug.com> Sent: 2/27/2017 4:42:02 PM Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets clients on two different access points wil be blocked by client isolation? On Mon, Feb 27, 2017 at 3:35 PM, Dennis Burgess <dmburg...@linktechs.net> wrote: There is no reason why it would and should not . J You can easily allow the one offs … Dennis Burgess – Network Solution Engineer – Consultant MikroTik Certified Trainer/Consultant – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE For Wireless Hardware/Routers visit www.linktechs.net Radio Frequiency Coverages: www.towercoverage.com Office: 314-735-0270 E-Mail: dmburg...@linktechs.net From: Af [mailto:af-boun...@afmug.com] On Behalf Of That One Guy /sarcasm Sent: Monday, February 27, 2017 1:13 PM To: af@afmug.com Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets A. we have some locations where we dont use client isolation and B client isolation doesnt apply to two access points as far as I know On Mon, Feb 27, 2017 at 12:42 PM, Dennis Burgess <dmburg...@linktechs.net> wrote: Your client isolation should take care of that. FYI. Dennis Burgess – Network Solution Engineer – Consultant MikroTik Certified Trainer/Consultant – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE For Wireless Hardware/Routers visit www.linktechs.net Radio Frequiency Coverages: www.towercoverage.com Office: 314-735-0270 E-Mail: dmburg...@linktechs.net From: Af [mailto:af-boun...@afmug.com] On Behalf Of That One Guy /sarcasm Sent: Monday, February 27, 2017 12:42 PM To: af@afmug.com Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets I wasnt clear, I was actually looking for rogue subnets in general another issue example is that a customer with some time clocks recently had a slick tech put a switch in before the router at multiple locations from the same site, different APs, we bridge the APs at the POP, so they were directly communicating On Mon, Feb 27, 2017 at 12:33 PM, Faisal Imtiaz <fai...@snappytelecom.net> wrote: You might find the useful. https://forum.mikrotik.com/viewtopic.php?t=23640 Regards. Faisal Imtiaz Snappy Internet & Telecom 7266 SW 48 Street Miami, FL 33155 Tel: 305 663 5518 x 232 Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net -------------------------------------------------------------------- From: "That One Guy /sarcasm" <thatoneguyst...@gmail.com> To: af@afmug.com Sent: Monday, February 27, 2017 11:34:59 AM Subject: [AFMUG] Mikrotik quick view for unknown subnets If, for example a customer has a router connected backward, is there an arp(ish) check aside from packet sniffing to see this since its not a subnet on the interface and there wont be an arp entry? -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team. -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team. -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team. -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team. -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team.