DHCP alert will tell me if there is an IP thats not a DHCP server? On Mon, Feb 27, 2017 at 4:51 PM, Dennis Burgess <dmburg...@linktechs.net> wrote:
> ARPs will not come though as you don’t have anything on that subnet. > DHCP-Alert is what you want. > > > > > > *Dennis Burgess** –** Network Solution Engineer – Consultant * > > MikroTik Certified Trainer/Consultant > <http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> – > MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE > > > > For Wireless Hardware/Routers visit www.linktechs.net > > Radio Frequiency Coverages: www.towercoverage.com > > Office: 314-735-0270 <(314)%20735-0270> > > E-Mail: dmburg...@linktechs.net > > > > *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *That One Guy > /sarcasm > *Sent:* Monday, February 27, 2017 4:19 PM > *To:* af@afmug.com > *Subject:* Re: [AFMUG] Mikrotik quick view for unknown subnets > > > > Im mainly looking for IP space that shouldnt be present, DHCP or not. > > I can packet sniff and exclude all configured subnets on that bridge, but > its a pain > > I didnt know if there was arp monitor or something along those lines. > collecting gratuitous ARPs or something like that > > > > > > I see alot of false 192.168.1.1 when i stick that subnet on the interface, > it doesnt respond and often times has the customer IP arp listed as well > sometimes its the same mac, sometimes its one digit off like a reboot > cycling up in switch then into router mode during boot cycle. I see it alot > with netgear macs. > > > > alot of times the 192.168.1.1 is persistent even though its not responding > or otherwise apparently even active > > > > On Mon, Feb 27, 2017 at 4:04 PM, Adam Moffett <dmmoff...@gmail.com> wrote: > > Oh? I never noticed that feature. > > > > If you get the offender's MAC address it should be trivial to find them at > that point. That's really all you need. > > > > > > ------ Original Message ------ > > From: "Dennis Burgess" <dmburg...@linktechs.net> > > To: "af@afmug.com" <af@afmug.com> > > Sent: 2/27/2017 5:01:12 PM > > Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets > > > > MIkroTik does have a dhcp alert detection as well. It will not detect the > dhcp sever on the router. It will give you basic information such as MAC > address etc, but really don’t help you too much. But neither will turning a > DHCP client on. You have to find where that client is and turn them off. > > > > > > *Dennis Burgess** –** Network Solution Engineer – Consultant * > > MikroTik Certified Trainer/Consultant > <http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> – > MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE > > > > For Wireless Hardware/Routers visit www.linktechs.net > > Radio Frequiency Coverages: www.towercoverage.com > > Office: 314-735-0270 <(314)%20735-0270> > > E-Mail: dmburg...@linktechs.net > > > > *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *Dennis Burgess > *Sent:* Monday, February 27, 2017 3:59 PM > *To:* af@afmug.com > *Subject:* Re: [AFMUG] Mikrotik quick view for unknown subnets > > > > Switch can do it too, port isolation! Lol note, not a dumb switch > though. Nettoix I belive does it. > > > > > > *Dennis Burgess** –** Network Solution Engineer – Consultant * > > MikroTik Certified Trainer/Consultant > <http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> – > MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE > > > > For Wireless Hardware/Routers visit www.linktechs.net > > Radio Frequiency Coverages: www.towercoverage.com > > Office: 314-735-0270 <(314)%20735-0270> > > E-Mail: dmburg...@linktechs.net > > > > *From:* Af [mailto:af-boun...@afmug.com <af-boun...@afmug.com>] *On > Behalf Of *Adam Moffett > *Sent:* Monday, February 27, 2017 3:57 PM > *To:* af@afmug.com > *Subject:* Re: [AFMUG] Mikrotik quick view for unknown subnets > > > > Only on two different router interfaces. If they're on a switch, then no. > > > I think Dennis may be referring to how you should ideally have things > configured, and I think you're talking specifically about the feature in > Canopy equipment labeled "SM Isolation". > > Ideally, yeah you should make it so one customer can't break everyone. > That's a multi-faceted thing and SM Isolation is one component of it. > > > > If you're looking specifically for a router plugged in backwards, add a > DHCP-client to the interface facing the AP, and (*critical*) uncheck the > boxes for "add default route" and "add peer DNS". That might be the kind > of quick, simple test you're hoping for. > > > > > > > > > > ------ Original Message ------ > > From: "That One Guy /sarcasm" <thatoneguyst...@gmail.com> > > To: "af@afmug.com" <af@afmug.com> > > Sent: 2/27/2017 4:42:02 PM > > Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets > > > > clients on two different access points wil be blocked by client isolation? > > > > On Mon, Feb 27, 2017 at 3:35 PM, Dennis Burgess <dmburg...@linktechs.net> > wrote: > > There is no reason why it would and should not . J You can easily allow > the one offs … > > > > > > *Dennis Burgess** –** Network Solution Engineer – Consultant * > > MikroTik Certified Trainer/Consultant > <http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> – > MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE > > > > For Wireless Hardware/Routers visit www.linktechs.net > > Radio Frequiency Coverages: www.towercoverage.com > > Office: 314-735-0270 <(314)%20735-0270> > > E-Mail: dmburg...@linktechs.net > > > > *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *That One Guy > /sarcasm > *Sent:* Monday, February 27, 2017 1:13 PM > *To:* af@afmug.com > *Subject:* Re: [AFMUG] Mikrotik quick view for unknown subnets > > > > A. we have some locations where we dont use client isolation and B client > isolation doesnt apply to two access points as far as I know > > > > On Mon, Feb 27, 2017 at 12:42 PM, Dennis Burgess <dmburg...@linktechs.net> > wrote: > > Your client isolation should take care of that. FYI. > > > > > > *Dennis Burgess** –** Network Solution Engineer – Consultant * > > MikroTik Certified Trainer/Consultant > <http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> – > MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE > > > > For Wireless Hardware/Routers visit www.linktechs.net > > Radio Frequiency Coverages: www.towercoverage.com > > Office: 314-735-0270 <(314)%20735-0270> > > E-Mail: dmburg...@linktechs.net > > > > *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *That One Guy > /sarcasm > *Sent:* Monday, February 27, 2017 12:42 PM > *To:* af@afmug.com > *Subject:* Re: [AFMUG] Mikrotik quick view for unknown subnets > > > > I wasnt clear, I was actually looking for rogue subnets in general > > another issue example is that a customer with some time clocks recently > had a slick tech put a switch in before the router at multiple locations > from the same site, different APs, we bridge the APs at the POP, so they > were directly communicating > > > > On Mon, Feb 27, 2017 at 12:33 PM, Faisal Imtiaz <fai...@snappytelecom.net> > wrote: > > You might find the useful. > > > > https://forum.mikrotik.com/viewtopic.php?t=23640 > > > > > > Regards. > > > > Faisal Imtiaz > Snappy Internet & Telecom > 7266 SW 48 Street > Miami, FL 33155 > Tel: 305 663 5518 x 232 <(305)%20663-5518> > > Help-desk: (305)663-5518 <(305)%20663-5518> Option 2 or Email: > supp...@snappytelecom.net > > > ------------------------------ > > *From: *"That One Guy /sarcasm" <thatoneguyst...@gmail.com> > *To: *af@afmug.com > *Sent: *Monday, February 27, 2017 11:34:59 AM > *Subject: *[AFMUG] Mikrotik quick view for unknown subnets > > If, for example a customer has a router connected backward, is there an > arp(ish) check aside from packet sniffing to see this since its not a > subnet on the interface and there wont be an arp entry? > > > > -- > > If you only see yourself as part of the team but you don't see your team > as part of yourself you have already failed as part of the team. > > > > > > > > -- > > If you only see yourself as part of the team but you don't see your team > as part of yourself you have already failed as part of the team. > > > > > > -- > > If you only see yourself as part of the team but you don't see your team > as part of yourself you have already failed as part of the team. > > > > > > -- > > If you only see yourself as part of the team but you don't see your team > as part of yourself you have already failed as part of the team. > > > > > > -- > > If you only see yourself as part of the team but you don't see your team > as part of yourself you have already failed as part of the team. > -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team.
