Re: [AFMUG] Mikrotik quick view for unknown subnets

[Josh Luthman]

A logging firewall rule


Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

On Tue, Feb 28, 2017 at 9:56 AM, That One Guy /sarcasm <
thatoneguyst...@gmail.com> wrote:

> How will that identify unroutable IP space?
>
> On Feb 28, 2017 1:55 AM, "Rob Genovesi"  wrote:
>
> Create a firewall address list of all known good subnets.
> Create a forwarding rule in your firewall to accept known good subnets
> to forward from customer side to WAN side
> Create a forwarding rule to drop everything else coming from customer
> side to WAN side
>
> /ip firewall address-list add list="customer" address="x.x.x.x/x"
> /ip firewall address-list add list="customer" address="y.y.y.y/y"
> /ip firewall filter add chain=forward src-address-list="customers"
> in-interface="LAN" out-interface="WAN" action="accept"
> /ip firewall filter add chain=forward in-interface="LAN"
> out-interface="WAN" action="drop"
>
> You could start with a logging rule for unknown traffic first and
> watch for what pops up.
>
>
> -Rob
>
>
> On Mon, Feb 27, 2017 at 2:18 PM, That One Guy /sarcasm
>  wrote:
> > Im mainly looking for IP space that shouldnt be present, DHCP or not.
> > I can packet sniff and exclude all configured subnets on that bridge, but
> > its a pain
> > I didnt know if there was arp monitor or something along those lines.
> > collecting gratuitous ARPs or something like that
> >
> >
>
>
>

Re: [AFMUG] Mikrotik quick view for unknown subnets

[That One Guy /sarcasm]

How will that identify unroutable IP space?

On Feb 28, 2017 1:55 AM, "Rob Genovesi"  wrote:

Create a firewall address list of all known good subnets.
Create a forwarding rule in your firewall to accept known good subnets
to forward from customer side to WAN side
Create a forwarding rule to drop everything else coming from customer
side to WAN side

/ip firewall address-list add list="customer" address="x.x.x.x/x"
/ip firewall address-list add list="customer" address="y.y.y.y/y"
/ip firewall filter add chain=forward src-address-list="customers"
in-interface="LAN" out-interface="WAN" action="accept"
/ip firewall filter add chain=forward in-interface="LAN"
out-interface="WAN" action="drop"

You could start with a logging rule for unknown traffic first and
watch for what pops up.


-Rob


On Mon, Feb 27, 2017 at 2:18 PM, That One Guy /sarcasm
 wrote:
> Im mainly looking for IP space that shouldnt be present, DHCP or not.
> I can packet sniff and exclude all configured subnets on that bridge, but
> its a pain
> I didnt know if there was arp monitor or something along those lines.
> collecting gratuitous ARPs or something like that
>
>

Re: [AFMUG] Mikrotik quick view for unknown subnets

[Rob Genovesi]

Create a firewall address list of all known good subnets.
Create a forwarding rule in your firewall to accept known good subnets
to forward from customer side to WAN side
Create a forwarding rule to drop everything else coming from customer
side to WAN side

/ip firewall address-list add list="customer" address="x.x.x.x/x"
/ip firewall address-list add list="customer" address="y.y.y.y/y"
/ip firewall filter add chain=forward src-address-list="customers"
in-interface="LAN" out-interface="WAN" action="accept"
/ip firewall filter add chain=forward in-interface="LAN"
out-interface="WAN" action="drop"

You could start with a logging rule for unknown traffic first and
watch for what pops up.


-Rob


On Mon, Feb 27, 2017 at 2:18 PM, That One Guy /sarcasm
 wrote:
> Im mainly looking for IP space that shouldnt be present, DHCP or not.
> I can packet sniff and exclude all configured subnets on that bridge, but
> its a pain
> I didnt know if there was arp monitor or something along those lines.
> collecting gratuitous ARPs or something like that
>
>

Re: [AFMUG] Mikrotik quick view for unknown subnets

[Bill Prince]

Is that some sort of communist DHCP server?

   /As an adjective, rogue means moving away from the usual path or
   trajectory, being rebellious, divergent, or independent-thinking.
   ... Rouge is an adjective, it is French for “red.” In the cosmetics
   industry, rouge is another word for blush, the powder that is used
   to color cheeks and cheekbones./

bp
<part15sbs{at}gmail{dot}com>

On 2/27/2017 3:18 PM, Dennis Burgess wrote:


Rouge dhcp server along with mac and IP.

*/_Dennis Burgess_/**–**Network Solution Engineer – Consultant ***

MikroTik Certified Trainer/Consultant 
<http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> – 
MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE


For Wireless Hardware/Routers visit www.linktechs.net 
<http://www.linktechs.net/>


Radio Frequiency Coverages: www.towercoverage.com 
<http://www.towercoverage.com/>


Office: 314-735-0270

E-Mail: dmburg...@linktechs.net <mailto:dmburg...@linktechs.net>

*From:*Af [mailto:af-boun...@afmug.com] *On Behalf Of *That One Guy 
/sarcasm

*Sent:* Monday, February 27, 2017 4:54 PM
*To:* af@afmug.com
*Subject:* Re: [AFMUG] Mikrotik quick view for unknown subnets

DHCP alert will tell me if there is an IP thats not a DHCP server?

On Mon, Feb 27, 2017 at 4:51 PM, Dennis Burgess 
<dmburg...@linktechs.net <mailto:dmburg...@linktechs.net>> wrote:


ARPs will not come though as you don’t have anything on that
subnet.  DHCP-Alert is what you want.

*/_Dennis Burgess_/**–**Network Solution Engineer – Consultant *

MikroTik Certified Trainer/Consultant
<http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5>
– MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE

For Wireless Hardware/Routers visit www.linktechs.net
<http://www.linktechs.net/>

Radio Frequiency Coverages: www.towercoverage.com
<http://www.towercoverage.com/>

Office: 314-735-0270 <tel:%28314%29%20735-0270>

E-Mail: dmburg...@linktechs.net <mailto:dmburg...@linktechs.net>

*From:*Af [mailto:af-boun...@afmug.com
<mailto:af-boun...@afmug.com>] *On Behalf Of *That One Guy /sarcasm
*Sent:* Monday, February 27, 2017 4:19 PM
    *To:* af@afmug.com <mailto:af@afmug.com>
*Subject:* Re: [AFMUG] Mikrotik quick view for unknown subnets

Im mainly looking for IP space that shouldnt be present, DHCP or not.

I can packet sniff and exclude all configured subnets on that
bridge, but  its a pain

I didnt know if there was arp monitor or something along those
lines. collecting gratuitous ARPs or something like that

I see alot of false 192.168.1.1 when i stick that subnet on the
interface, it doesnt respond and often times has the customer IP
arp listed as well sometimes its the same mac, sometimes its one
digit off like a reboot cycling up in switch then into router mode
during boot cycle. I see it alot with netgear macs.

alot of times the 192.168.1.1 is persistent even though its not
responding or otherwise apparently even active

On Mon, Feb 27, 2017 at 4:04 PM, Adam Moffett <dmmoff...@gmail.com
<mailto:dmmoff...@gmail.com>> wrote:

Oh? I never noticed that feature.

If you get the offender's MAC address it should be trivial to
find them at that point.  That's really all you need.

-- Original Message --

From: "Dennis Burgess" <dmburg...@linktechs.net
<mailto:dmburg...@linktechs.net>>

To: "af@afmug.com <mailto:af@afmug.com>" <af@afmug.com
<mailto:af@afmug.com>>

Sent: 2/27/2017 5:01:12 PM

Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets

MIkroTik does have a dhcp alert detection as well.  It
will not detect the dhcp sever on the router.  It will
give you basic information such as MAC address etc, but
really don’t help you too much. But neither will turning a
DHCP client on.  You have to find where that client is and
turn them off.

*/_Dennis Burgess_/**–**Network Solution Engineer –
Consultant *

MikroTik Certified Trainer/Consultant
<http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5>–
MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE

For Wireless Hardware/Routers visit www.linktechs.net
<http://www.linktechs.net/>

Radio Frequiency Coverages: www.towercoverage.com
<http://www.towercoverage.com/>

Office: 314-735-0270 <tel:%28314%29%20735-0270>

E-Mail: dmburg...@linktechs.net
<mailto:dmburg...@linktechs.net>

*From:*Af [mailto:af-boun...@afmug.com
<mailto:af-boun...@afmug.com>] *On Behalf Of *Dennis Burgess
*Sent:* Monday, February 27

Re: [AFMUG] Mikrotik quick view for unknown subnets

[That One Guy /sarcasm]

How would that locate a static ip? I'm not understanding

On Feb 27, 2017 5:18 PM, "Dennis Burgess" <dmburg...@linktechs.net> wrote:

> Rouge dhcp server along with mac and IP.
>
>
>
>
>
> *Dennis Burgess** –** Network Solution Engineer – Consultant *
>
> MikroTik Certified Trainer/Consultant
> <http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> –
> MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE
>
>
>
> For Wireless Hardware/Routers visit www.linktechs.net
>
> Radio Frequiency Coverages: www.towercoverage.com
>
> Office: 314-735-0270 <(314)%20735-0270>
>
> E-Mail: dmburg...@linktechs.net
>
>
>
> *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *That One Guy
> /sarcasm
> *Sent:* Monday, February 27, 2017 4:54 PM
> *To:* af@afmug.com
> *Subject:* Re: [AFMUG] Mikrotik quick view for unknown subnets
>
>
>
> DHCP alert will tell me if there is an IP thats not a DHCP server?
>
>
>
> On Mon, Feb 27, 2017 at 4:51 PM, Dennis Burgess <dmburg...@linktechs.net>
> wrote:
>
> ARPs will not come though as you don’t have anything on that subnet.
> DHCP-Alert is what you want.
>
>
>
>
>
> *Dennis Burgess** –** Network Solution Engineer – Consultant *
>
> MikroTik Certified Trainer/Consultant
> <http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> –
> MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE
>
>
>
> For Wireless Hardware/Routers visit www.linktechs.net
>
> Radio Frequiency Coverages: www.towercoverage.com
>
> Office: 314-735-0270 <(314)%20735-0270>
>
> E-Mail: dmburg...@linktechs.net
>
>
>
> *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *That One Guy
> /sarcasm
> *Sent:* Monday, February 27, 2017 4:19 PM
> *To:* af@afmug.com
> *Subject:* Re: [AFMUG] Mikrotik quick view for unknown subnets
>
>
>
> Im mainly looking for IP space that shouldnt be present, DHCP or not.
>
> I can packet sniff and exclude all configured subnets on that bridge, but
>  its a pain
>
> I didnt know if there was arp monitor or something along those lines.
> collecting gratuitous ARPs or something like that
>
>
>
>
>
> I see alot of false 192.168.1.1 when i stick that subnet on the interface,
> it doesnt respond and often times has the customer IP arp listed as well
> sometimes its the same mac, sometimes its one digit off like a reboot
> cycling up in switch then into router mode during boot cycle. I see it alot
> with netgear macs.
>
>
>
> alot of times the 192.168.1.1 is persistent even though its not responding
> or otherwise apparently even active
>
>
>
> On Mon, Feb 27, 2017 at 4:04 PM, Adam Moffett <dmmoff...@gmail.com> wrote:
>
> Oh?  I never noticed that feature.
>
>
>
> If you get the offender's MAC address it should be trivial to find them at
> that point.  That's really all you need.
>
>
>
>
>
> -- Original Message --
>
> From: "Dennis Burgess" <dmburg...@linktechs.net>
>
> To: "af@afmug.com" <af@afmug.com>
>
> Sent: 2/27/2017 5:01:12 PM
>
> Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets
>
>
>
> MIkroTik does have a dhcp alert detection as well.  It will not detect the
> dhcp sever on the router.  It will give you basic information such as MAC
> address etc, but really don’t help you too much. But neither will turning a
> DHCP client on.  You have to find where that client is and turn them off.
>
>
>
>
>
> *Dennis Burgess** –** Network Solution Engineer – Consultant *
>
> MikroTik Certified Trainer/Consultant
> <http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> –
> MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE
>
>
>
> For Wireless Hardware/Routers visit www.linktechs.net
>
> Radio Frequiency Coverages: www.towercoverage.com
>
> Office: 314-735-0270 <(314)%20735-0270>
>
> E-Mail: dmburg...@linktechs.net
>
>
>
> *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *Dennis Burgess
> *Sent:* Monday, February 27, 2017 3:59 PM
> *To:* af@afmug.com
> *Subject:* Re: [AFMUG] Mikrotik quick view for unknown subnets
>
>
>
> Switch can do it too, port isolation! Lol  note, not a dumb switch
> though.   Nettoix I belive does it.
>
>
>
>
>
> *Dennis Burgess** –** Network Solution Engineer – Consultant *
>
> MikroTik Certified Trainer/Consultant
> <http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> –
> MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE
>
>
>
> For Wireless Hardware/Routers visit www.linktechs.net
>
> Radio Frequiency Coverages: www.towercoverage.com
>
> Office:

Re: [AFMUG] Mikrotik quick view for unknown subnets

[Dennis Burgess]

Rouge dhcp server along with mac and IP.


Dennis Burgess – Network Solution Engineer – Consultant
MikroTik Certified 
Trainer/Consultant<http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5>
 – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE

For Wireless Hardware/Routers visit www.linktechs.net<http://www.linktechs.net/>
Radio Frequiency Coverages: www.towercoverage.com<http://www.towercoverage.com/>
Office: 314-735-0270
E-Mail: dmburg...@linktechs.net<mailto:dmburg...@linktechs.net>

From: Af [mailto:af-boun...@afmug.com] On Behalf Of That One Guy /sarcasm
Sent: Monday, February 27, 2017 4:54 PM
To: af@afmug.com
Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets

DHCP alert will tell me if there is an IP thats not a DHCP server?

On Mon, Feb 27, 2017 at 4:51 PM, Dennis Burgess 
<dmburg...@linktechs.net<mailto:dmburg...@linktechs.net>> wrote:
ARPs will not come though as you don’t have anything on that subnet.  
DHCP-Alert is what you want.


Dennis Burgess – Network Solution Engineer – Consultant
MikroTik Certified 
Trainer/Consultant<http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5>
 – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE

For Wireless Hardware/Routers visit www.linktechs.net<http://www.linktechs.net/>
Radio Frequiency Coverages: www.towercoverage.com<http://www.towercoverage.com/>
Office: 314-735-0270<tel:(314)%20735-0270>
E-Mail: dmburg...@linktechs.net<mailto:dmburg...@linktechs.net>

From: Af [mailto:af-boun...@afmug.com<mailto:af-boun...@afmug.com>] On Behalf 
Of That One Guy /sarcasm
Sent: Monday, February 27, 2017 4:19 PM
To: af@afmug.com<mailto:af@afmug.com>
Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets

Im mainly looking for IP space that shouldnt be present, DHCP or not.
I can packet sniff and exclude all configured subnets on that bridge, but  its 
a pain
I didnt know if there was arp monitor or something along those lines. 
collecting gratuitous ARPs or something like that


I see alot of false 192.168.1.1 when i stick that subnet on the interface, it 
doesnt respond and often times has the customer IP arp listed as well sometimes 
its the same mac, sometimes its one digit off like a reboot cycling up in 
switch then into router mode during boot cycle. I see it alot with netgear macs.

alot of times the 192.168.1.1 is persistent even though its not responding or 
otherwise apparently even active

On Mon, Feb 27, 2017 at 4:04 PM, Adam Moffett 
<dmmoff...@gmail.com<mailto:dmmoff...@gmail.com>> wrote:
Oh?  I never noticed that feature.

If you get the offender's MAC address it should be trivial to find them at that 
point.  That's really all you need.


-- Original Message --
From: "Dennis Burgess" <dmburg...@linktechs.net<mailto:dmburg...@linktechs.net>>
To: "af@afmug.com<mailto:af@afmug.com>" <af@afmug.com<mailto:af@afmug.com>>
Sent: 2/27/2017 5:01:12 PM
Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets

MIkroTik does have a dhcp alert detection as well.  It will not detect the dhcp 
sever on the router.  It will give you basic information such as MAC address 
etc, but really don’t help you too much. But neither will turning a DHCP client 
on.  You have to find where that client is and turn them off.


Dennis Burgess – Network Solution Engineer – Consultant
MikroTik Certified 
Trainer/Consultant<http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5>
 – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE

For Wireless Hardware/Routers visit www.linktechs.net<http://www.linktechs.net/>
Radio Frequiency Coverages: www.towercoverage.com<http://www.towercoverage.com/>
Office: 314-735-0270<tel:(314)%20735-0270>
E-Mail: dmburg...@linktechs.net<mailto:dmburg...@linktechs.net>

From: Af [mailto:af-boun...@afmug.com<mailto:af-boun...@afmug.com>] On Behalf 
Of Dennis Burgess
Sent: Monday, February 27, 2017 3:59 PM
To: af@afmug.com<mailto:af@afmug.com>
Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets

Switch can do it too, port isolation! Lol  note, not a dumb switch though.   
Nettoix I belive does it.


Dennis Burgess – Network Solution Engineer – Consultant
MikroTik Certified 
Trainer/Consultant<http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5>
 – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE

For Wireless Hardware/Routers visit www.linktechs.net<http://www.linktechs.net/>
Radio Frequiency Coverages: www.towercoverage.com<http://www.towercoverage.com/>
Office: 314-735-0270<tel:(314)%20735-0270>
E-Mail: dmburg...@linktechs.net<mailto:dmburg...@linktechs.net>

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Adam Moffett
Sent: Monday, February 27, 2017 3:57 PM
To: af@afmug.com<mailto:af@afmug.com>
Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets

Only on two different router interfaces.  If they'r

Re: [AFMUG] Mikrotik quick view for unknown subnets

[Jesse DuPont]

  
  
In the capture you'll be able to see the ARP requests being sent out
by all hosts on that L2 segment, regardless if whether you have an
IP in that subnet on your router. If you see a "who has 192.168.1.x,
tell 192.168.1.1", that's a telltale sign of a reversed or bridged
router.


  
  
  
  
  
  
  
  
  
  
  
  
  
Jesse DuPont

  Network
  Architect
  email: jesse.dup...@celeritycorp.net
  Celerity Networks LLC
  Celerity
  Broadband LLC
Like us! facebook.com/celeritynetworksllc
  Like us! facebook.com/celeritybroadband
  

  

On 2/27/17 3:51 PM, Dennis Burgess
  wrote:


  
  
  
  
  
ARPs
will not come though as you don’t have anything on that
subnet.  DHCP-Alert is what you want.
 
 
Dennis
  Burgess –
  Network Solution Engineer – Consultant 
MikroTik Certified
Trainer/Consultant – MTCNA, MTCRE, MTCWE,
MTCTCE, MTCINE
 
For
Wireless Hardware/Routers visit
www.linktechs.net
Radio
Frequiency Coverages:
www.towercoverage.com

Office:
314-735-0270
E-Mail:
dmburg...@linktechs.net

 
From: Af
[mailto:af-boun...@afmug.com]
On Behalf Of That One Guy /sarcasm
Sent: Monday, February 27, 2017 4:19 PM
To: af@afmug.com
Subject: Re: [AFMUG] Mikrotik quick view for unknown
        subnets
 

  Im mainly looking for IP space that
shouldnt be present, DHCP or not.
  
I can packet sniff and exclude all
  configured subnets on that bridge, but  its a pain
  
  
I didnt know if there was arp monitor
  or something along those lines. collecting gratuitous ARPs
  or something like that
  
  
 
  
  
 
  
  
I see alot of false 192.168.1.1 when i
  stick that subnet on the interface, it doesnt respond and
  often times has the customer IP arp listed as well
  sometimes its the same mac, sometimes its one digit off
  like a reboot cycling up in switch then into router mode
  during boot cycle. I see it alot with netgear macs.
  
  
 
  
  
alot of times the 192.168.1.1 is
  persistent even though its not responding or otherwise
  apparently even active
  


   
  
On Mon, Feb 27, 2017 at 4:04 PM, Adam
  Moffett <dmmoff...@gmail.com>
  wrote:

  

  Oh?  I never noticed that
feature.


   


  If you get the offender's MAC
address it should be trivial to find them at that
point.  That's really all you need.


   


   


  -- Original Message --


  From: "Dennis Burgess" <dmburg...@linktechs.net>


  To: "af@afmug.com"
<af@afmug.com>


  Sent: 2/27/2017 5:01:12 PM

    
  Subject: Re: [AFMUG] Mikrotik
    quick view for unknown subnets


   


  

  MIkroTik
  does have a dhcp alert detection as well.  It
  will not detect the dhcp sever on the router. 
  It will give you basic information such as MAC
  address etc, but really don’t help you too
  much. But neither will turning a DHCP client
  on.  You have to find where that client is and
  turn them off. 

   
  
 
Dennis
  Burgess –
  Network Solution Engineer – Consultant
 

Re: [AFMUG] Mikrotik quick view for unknown subnets

[That One Guy /sarcasm]

DHCP alert will tell me if there is an IP thats not a DHCP server?

On Mon, Feb 27, 2017 at 4:51 PM, Dennis Burgess <dmburg...@linktechs.net>
wrote:

> ARPs will not come though as you don’t have anything on that subnet.
> DHCP-Alert is what you want.
>
>
>
>
>
> *Dennis Burgess** –** Network Solution Engineer – Consultant *
>
> MikroTik Certified Trainer/Consultant
> <http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> –
> MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE
>
>
>
> For Wireless Hardware/Routers visit www.linktechs.net
>
> Radio Frequiency Coverages: www.towercoverage.com
>
> Office: 314-735-0270 <(314)%20735-0270>
>
> E-Mail: dmburg...@linktechs.net
>
>
>
> *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *That One Guy
> /sarcasm
> *Sent:* Monday, February 27, 2017 4:19 PM
> *To:* af@afmug.com
> *Subject:* Re: [AFMUG] Mikrotik quick view for unknown subnets
>
>
>
> Im mainly looking for IP space that shouldnt be present, DHCP or not.
>
> I can packet sniff and exclude all configured subnets on that bridge, but
>  its a pain
>
> I didnt know if there was arp monitor or something along those lines.
> collecting gratuitous ARPs or something like that
>
>
>
>
>
> I see alot of false 192.168.1.1 when i stick that subnet on the interface,
> it doesnt respond and often times has the customer IP arp listed as well
> sometimes its the same mac, sometimes its one digit off like a reboot
> cycling up in switch then into router mode during boot cycle. I see it alot
> with netgear macs.
>
>
>
> alot of times the 192.168.1.1 is persistent even though its not responding
> or otherwise apparently even active
>
>
>
> On Mon, Feb 27, 2017 at 4:04 PM, Adam Moffett <dmmoff...@gmail.com> wrote:
>
> Oh?  I never noticed that feature.
>
>
>
> If you get the offender's MAC address it should be trivial to find them at
> that point.  That's really all you need.
>
>
>
>
>
> -- Original Message --
>
> From: "Dennis Burgess" <dmburg...@linktechs.net>
>
> To: "af@afmug.com" <af@afmug.com>
>
> Sent: 2/27/2017 5:01:12 PM
>
> Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets
>
>
>
> MIkroTik does have a dhcp alert detection as well.  It will not detect the
> dhcp sever on the router.  It will give you basic information such as MAC
> address etc, but really don’t help you too much. But neither will turning a
> DHCP client on.  You have to find where that client is and turn them off.
>
>
>
>
>
> *Dennis Burgess** –** Network Solution Engineer – Consultant *
>
> MikroTik Certified Trainer/Consultant
> <http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> –
> MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE
>
>
>
> For Wireless Hardware/Routers visit www.linktechs.net
>
> Radio Frequiency Coverages: www.towercoverage.com
>
> Office: 314-735-0270 <(314)%20735-0270>
>
> E-Mail: dmburg...@linktechs.net
>
>
>
> *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *Dennis Burgess
> *Sent:* Monday, February 27, 2017 3:59 PM
> *To:* af@afmug.com
> *Subject:* Re: [AFMUG] Mikrotik quick view for unknown subnets
>
>
>
> Switch can do it too, port isolation! Lol  note, not a dumb switch
> though.   Nettoix I belive does it.
>
>
>
>
>
> *Dennis Burgess** –** Network Solution Engineer – Consultant *
>
> MikroTik Certified Trainer/Consultant
> <http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> –
> MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE
>
>
>
> For Wireless Hardware/Routers visit www.linktechs.net
>
> Radio Frequiency Coverages: www.towercoverage.com
>
> Office: 314-735-0270 <(314)%20735-0270>
>
> E-Mail: dmburg...@linktechs.net
>
>
>
> *From:* Af [mailto:af-boun...@afmug.com <af-boun...@afmug.com>] *On
> Behalf Of *Adam Moffett
> *Sent:* Monday, February 27, 2017 3:57 PM
> *To:* af@afmug.com
> *Subject:* Re: [AFMUG] Mikrotik quick view for unknown subnets
>
>
>
> Only on two different router interfaces.  If they're on a switch, then no.
>
>
> I think Dennis may be referring to how you should ideally have things
> configured, and I think you're talking specifically about the feature in
> Canopy equipment labeled "SM Isolation".
>
> Ideally, yeah you should make it so one customer can't break everyone.
> That's a multi-faceted thing and SM Isolation is one component of it.
>
>
>
> If you're looking specifically for a router plugged in backwards, add a
> DHCP-client to the interface facing the AP, and (*critical*) uncheck th

Re: [AFMUG] Mikrotik quick view for unknown subnets

[chuck]

I used to have a way to figure it out.  I don’t remember how I did it other 
than link tests were involved.  I think I link tested every SM one by one on an 
AP until something happened...
Perhaps until a particular IP stopped pinging or ???

From: Dennis Burgess 
Sent: Monday, February 27, 2017 3:51 PM
To: af@afmug.com 
Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets

ARPs will not come though as you don’t have anything on that subnet.  
DHCP-Alert is what you want.

 

 

Dennis Burgess – Network Solution Engineer – Consultant 

MikroTik Certified Trainer/Consultant – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE

 

For Wireless Hardware/Routers visit www.linktechs.net

Radio Frequiency Coverages: www.towercoverage.com 

Office: 314-735-0270

E-Mail: dmburg...@linktechs.net 

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of That One Guy /sarcasm
Sent: Monday, February 27, 2017 4:19 PM
To: af@afmug.com
Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets

 

Im mainly looking for IP space that shouldnt be present, DHCP or not.

I can packet sniff and exclude all configured subnets on that bridge, but  its 
a pain

I didnt know if there was arp monitor or something along those lines. 
collecting gratuitous ARPs or something like that

 

 

I see alot of false 192.168.1.1 when i stick that subnet on the interface, it 
doesnt respond and often times has the customer IP arp listed as well sometimes 
its the same mac, sometimes its one digit off like a reboot cycling up in 
switch then into router mode during boot cycle. I see it alot with netgear macs.

 

alot of times the 192.168.1.1 is persistent even though its not responding or 
otherwise apparently even active

 

On Mon, Feb 27, 2017 at 4:04 PM, Adam Moffett <dmmoff...@gmail.com> wrote:

  Oh?  I never noticed that feature.

   

  If you get the offender's MAC address it should be trivial to find them at 
that point.  That's really all you need.

   

   

  -- Original Message --

  From: "Dennis Burgess" <dmburg...@linktechs.net>

  To: "af@afmug.com" <af@afmug.com>

  Sent: 2/27/2017 5:01:12 PM

  Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets

   

MIkroTik does have a dhcp alert detection as well.  It will not detect the 
dhcp sever on the router.  It will give you basic information such as MAC 
address etc, but really don’t help you too much. But neither will turning a 
DHCP client on.  You have to find where that client is and turn them off.  

 

 

Dennis Burgess – Network Solution Engineer – Consultant 

MikroTik Certified Trainer/Consultant – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE

 

For Wireless Hardware/Routers visit www.linktechs.net

Radio Frequiency Coverages: www.towercoverage.com 

Office: 314-735-0270

E-Mail: dmburg...@linktechs.net 

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Dennis Burgess
Sent: Monday, February 27, 2017 3:59 PM
    To: af@afmug.com
    Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets

 

Switch can do it too, port isolation! Lol  note, not a dumb switch though.  
 Nettoix I belive does it.

 

 

Dennis Burgess – Network Solution Engineer – Consultant 

MikroTik Certified Trainer/Consultant – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE

 

For Wireless Hardware/Routers visit www.linktechs.net

Radio Frequiency Coverages: www.towercoverage.com 

Office: 314-735-0270

E-Mail: dmburg...@linktechs.net 

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Adam Moffett
Sent: Monday, February 27, 2017 3:57 PM
    To: af@afmug.com
    Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets

 

Only on two different router interfaces.  If they're on a switch, then no.


I think Dennis may be referring to how you should ideally have things 
configured, and I think you're talking specifically about the feature in Canopy 
equipment labeled "SM Isolation".

Ideally, yeah you should make it so one customer can't break everyone.  
That's a multi-faceted thing and SM Isolation is one component of it.

 

If you're looking specifically for a router plugged in backwards, add a 
DHCP-client to the interface facing the AP, and (*critical*) uncheck the boxes 
for "add default route" and "add peer DNS".  That might be the kind of quick, 
simple test you're hoping for.

 

 

 

 

-- Original Message --

From: "That One Guy /sarcasm" <thatoneguyst...@gmail.com>

To: "af@afmug.com" <af@afmug.com>

Sent: 2/27/2017 4:42:02 PM

Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets

 

  clients on two different access points wil be blocked by client isolation?

   

  On Mon, Feb 27, 2017 at 3:35 PM, Dennis Burgess <dmburg...@linktechs.net>

Re: [AFMUG] Mikrotik quick view for unknown subnets

[Dennis Burgess]

ARPs will not come though as you don’t have anything on that subnet.  
DHCP-Alert is what you want.


Dennis Burgess – Network Solution Engineer – Consultant
MikroTik Certified 
Trainer/Consultant<http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5>
 – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE

For Wireless Hardware/Routers visit www.linktechs.net<http://www.linktechs.net/>
Radio Frequiency Coverages: www.towercoverage.com<http://www.towercoverage.com/>
Office: 314-735-0270
E-Mail: dmburg...@linktechs.net<mailto:dmburg...@linktechs.net>

From: Af [mailto:af-boun...@afmug.com] On Behalf Of That One Guy /sarcasm
Sent: Monday, February 27, 2017 4:19 PM
To: af@afmug.com
Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets

Im mainly looking for IP space that shouldnt be present, DHCP or not.
I can packet sniff and exclude all configured subnets on that bridge, but  its 
a pain
I didnt know if there was arp monitor or something along those lines. 
collecting gratuitous ARPs or something like that


I see alot of false 192.168.1.1 when i stick that subnet on the interface, it 
doesnt respond and often times has the customer IP arp listed as well sometimes 
its the same mac, sometimes its one digit off like a reboot cycling up in 
switch then into router mode during boot cycle. I see it alot with netgear macs.

alot of times the 192.168.1.1 is persistent even though its not responding or 
otherwise apparently even active

On Mon, Feb 27, 2017 at 4:04 PM, Adam Moffett 
<dmmoff...@gmail.com<mailto:dmmoff...@gmail.com>> wrote:
Oh?  I never noticed that feature.

If you get the offender's MAC address it should be trivial to find them at that 
point.  That's really all you need.


-- Original Message --
From: "Dennis Burgess" <dmburg...@linktechs.net<mailto:dmburg...@linktechs.net>>
To: "af@afmug.com<mailto:af@afmug.com>" <af@afmug.com<mailto:af@afmug.com>>
Sent: 2/27/2017 5:01:12 PM
Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets

MIkroTik does have a dhcp alert detection as well.  It will not detect the dhcp 
sever on the router.  It will give you basic information such as MAC address 
etc, but really don’t help you too much. But neither will turning a DHCP client 
on.  You have to find where that client is and turn them off.


Dennis Burgess – Network Solution Engineer – Consultant
MikroTik Certified 
Trainer/Consultant<http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5>
 – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE

For Wireless Hardware/Routers visit www.linktechs.net<http://www.linktechs.net/>
Radio Frequiency Coverages: www.towercoverage.com<http://www.towercoverage.com/>
Office: 314-735-0270<tel:(314)%20735-0270>
E-Mail: dmburg...@linktechs.net<mailto:dmburg...@linktechs.net>

From: Af [mailto:af-boun...@afmug.com<mailto:af-boun...@afmug.com>] On Behalf 
Of Dennis Burgess
Sent: Monday, February 27, 2017 3:59 PM
To: af@afmug.com<mailto:af@afmug.com>
Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets

Switch can do it too, port isolation! Lol  note, not a dumb switch though.   
Nettoix I belive does it.


Dennis Burgess – Network Solution Engineer – Consultant
MikroTik Certified 
Trainer/Consultant<http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5>
 – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE

For Wireless Hardware/Routers visit www.linktechs.net<http://www.linktechs.net/>
Radio Frequiency Coverages: www.towercoverage.com<http://www.towercoverage.com/>
Office: 314-735-0270<tel:(314)%20735-0270>
E-Mail: dmburg...@linktechs.net<mailto:dmburg...@linktechs.net>

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Adam Moffett
Sent: Monday, February 27, 2017 3:57 PM
To: af@afmug.com<mailto:af@afmug.com>
Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets

Only on two different router interfaces.  If they're on a switch, then no.

I think Dennis may be referring to how you should ideally have things 
configured, and I think you're talking specifically about the feature in Canopy 
equipment labeled "SM Isolation".
Ideally, yeah you should make it so one customer can't break everyone.  That's 
a multi-faceted thing and SM Isolation is one component of it.

If you're looking specifically for a router plugged in backwards, add a 
DHCP-client to the interface facing the AP, and (*critical*) uncheck the boxes 
for "add default route" and "add peer DNS".  That might be the kind of quick, 
simple test you're hoping for.




-- Original Message --
From: "That One Guy /sarcasm" 
<thatoneguyst...@gmail.com<mailto:thatoneguyst...@gmail.com>>
To: "af@afmug.com<mailto:af@afmug.com>" <af@afmug.com<mailto:af@afmug.com>>
Sent: 2/27/2017 4:42:02 PM
Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets

client

Re: [AFMUG] Mikrotik quick view for unknown subnets

[Ken Hohhof]

Depends, what do you see?

 

Some routers had a FW bug where they did UPnP on the WAN port.  I forget what 
brand and model.  I think older DLinks might have been one of them.

 

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of That One Guy /sarcasm
Sent: Monday, February 27, 2017 4:41 PM
To: af@afmug.com
Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets

 

could what i see be a component of bad upnp?

 

On Mon, Feb 27, 2017 at 4:25 PM, Jesse DuPont <jesse.dup...@celeritycorp.net 
<mailto:jesse.dup...@celeritycorp.net> > wrote:

There isn't really anything that does what you want other than looking at 
packets. Your best bet will be to capture and then filter just ARP packets or 
just DHCP server packets (UDP, source-port 67) to find rogue DHCP servers. It's 
a start.

Jesse DuPont

Network Architect
email: jesse.dup...@celeritycorp.net <mailto:jesse.dup...@celeritycorp.net> 
Celerity Networks LLC

Celerity Broadband LLC
Like us! facebook.com <http://facebook.com> /celeritynetworksllc

Like us! facebook.com <http://facebook.com> /celeritybroadband


On 2/27/17 3:18 PM, That One Guy /sarcasm wrote:

Im mainly looking for IP space that shouldnt be present, DHCP or not. 

I can packet sniff and exclude all configured subnets on that bridge, but  its 
a pain

I didnt know if there was arp monitor or something along those lines. 
collecting gratuitous ARPs or something like that

 

 

I see alot of false 192.168.1.1 when i stick that subnet on the interface, it 
doesnt respond and often times has the customer IP arp listed as well sometimes 
its the same mac, sometimes its one digit off like a reboot cycling up in 
switch then into router mode during boot cycle. I see it alot with netgear macs.

 

alot of times the 192.168.1.1 is persistent even though its not responding or 
otherwise apparently even active

 

On Mon, Feb 27, 2017 at 4:04 PM, Adam Moffett <dmmoff...@gmail.com 
<mailto:dmmoff...@gmail.com> > wrote:

Oh?  I never noticed that feature.

 

If you get the offender's MAC address it should be trivial to find them at that 
point.  That's really all you need.

 

 

-- Original Message --

From: "Dennis Burgess" <dmburg...@linktechs.net 
<mailto:dmburg...@linktechs.net> >

To: "af@afmug.com <mailto:af@afmug.com> " <af@afmug.com <mailto:af@afmug.com> >

Sent: 2/27/2017 5:01:12 PM

Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets

 

MIkroTik does have a dhcp alert detection as well.  It will not detect the dhcp 
sever on the router.  It will give you basic information such as MAC address 
etc, but really don’t help you too much. But neither will turning a DHCP client 
on.  You have to find where that client is and turn them off.  

 

 

Dennis Burgess – Network Solution Engineer – Consultant 

 <http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> MikroTik 
Certified Trainer/Consultant – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE

 

For Wireless Hardware/Routers visit  <http://www.linktechs.net/> 
www.linktechs.net

Radio Frequiency Coverages:  <http://www.towercoverage.com/> 
www.towercoverage.com 

Office: 314-735-0270 <tel:%28314%29%20735-0270> 

E-Mail:  <mailto:dmburg...@linktechs.net> dmburg...@linktechs.net 

 

From: Af [mailto:af-boun...@afmug.com <mailto:af-boun...@afmug.com> ] On Behalf 
Of Dennis Burgess
Sent: Monday, February 27, 2017 3:59 PM
To: af@afmug.com <mailto:af@afmug.com> 
Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets

 

Switch can do it too, port isolation! Lol  note, not a dumb switch though.   
Nettoix I belive does it.

 

 

Dennis Burgess – Network Solution Engineer – Consultant 

 <http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> MikroTik 
Certified Trainer/Consultant – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE

 

For Wireless Hardware/Routers visit  <http://www.linktechs.net/> 
www.linktechs.net

Radio Frequiency Coverages:  <http://www.towercoverage.com/> 
www.towercoverage.com 

Office: 314-735-0270 <tel:%28314%29%20735-0270> 

E-Mail:  <mailto:dmburg...@linktechs.net> dmburg...@linktechs.net 

 

From: Af [ <mailto:af-boun...@afmug.com> mailto:af-boun...@afmug.com] On Behalf 
Of Adam Moffett
Sent: Monday, February 27, 2017 3:57 PM
To:  <mailto:af@afmug.com> af@afmug.com
Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets

 

Only on two different router interfaces.  If they're on a switch, then no.


I think Dennis may be referring to how you should ideally have things 
configured, and I think you're talking specifically about the feature in Canopy 
equipment labeled "SM Isolation".

Ideally, yeah you should make it so one customer can't break everyone.  That's 
a multi-faceted thing and SM Isolation is one component of it.

 

If you're looking specifically for a router plugged in backwards, add a

Re: [AFMUG] Mikrotik quick view for unknown subnets

[Jesse DuPont]

  
  
Possibly, but more probable is reversed router, router who's NAT has
failed, or router in bridged-mode (or switch), as you've already
mentioned.


  
  
  
  
  
  
  
  
  
  
  
  
  
Jesse DuPont

  Network
  Architect
  email: jesse.dup...@celeritycorp.net
  Celerity Networks LLC
  Celerity
  Broadband LLC
Like us! facebook.com/celeritynetworksllc
  Like us! facebook.com/celeritybroadband
  

  

On 2/27/17 3:40 PM, That One Guy
  /sarcasm wrote:


  could what i see be a component of bad upnp?
  
On Mon, Feb 27, 2017 at 4:25 PM, Jesse
  DuPont <jesse.dup...@celeritycorp.net>
  wrote:
  
 There isn't really
  anything that does what you want other than looking at
  packets. Your best bet will be to capture and then filter
  just ARP packets or just DHCP server packets (UDP,
  source-port 67) to find rogue DHCP servers. It's a start.
  
  

  Jesse DuPont
  
Network Architect
email: jesse.dup...@celeritycorp.net
Celerity Networks LLC
Celerity Broadband LLC
  Like us! facebook.com/celeritynetworksllc
Like us! facebook.com/celeritybroadband

  

  
  
On
  2/27/17 3:18 PM, That One Guy /sarcasm wrote:

  
  
  Im mainly looking for IP space that
shouldnt be present, DHCP or not.
I can packet sniff and exclude all configured
  subnets on that bridge, but  its a pain
I didnt know if there was arp monitor or
  something along those lines. collecting gratuitous
  ARPs or something like that




I see alot of false 192.168.1.1 when i stick
  that subnet on the interface, it doesnt respond
  and often times has the customer IP arp listed as
  well sometimes its the same mac, sometimes its one
  digit off like a reboot cycling up in switch then
  into router mode during boot cycle. I see it alot
  with netgear macs.


alot of times the 192.168.1.1 is persistent
  even though its not responding or otherwise
  apparently even active
  


  On Mon, Feb
  27, 2017 at 4:04 PM, Adam Moffett <dmmoff...@gmail.com>
  wrote:


  

  
Oh?  I never noticed that feature.


If you get the offender's MAC address
  it should be trivial to find them at that
  point.  That's really all you need.

  
  
  
  
  -- Original Message --
  From: "Dennis Burgess" <dmburg...@linktechs.net>
  To: "af@afmug.com" <af@afmug.com>

  Sent: 2/27/2017 5:01:12 PM
      Subject: Re: [AFMUG] Mikrotik quick
    view for unknown subnets
  
  


  

MIkroTik
does have a dhcp alert detection
as well.  It will not detect the
dhcp sever on the router.  It
will give you basic information
such as MAC address etc, but
really don’t help you too much.
But neither will turning a DHCP

Re: [AFMUG] Mikrotik quick view for unknown subnets

[That One Guy /sarcasm]

could what i see be a component of bad upnp?

On Mon, Feb 27, 2017 at 4:25 PM, Jesse DuPont <jesse.dup...@celeritycorp.net
> wrote:

> There isn't really anything that does what you want other than looking at
> packets. Your best bet will be to capture and then filter just ARP packets
> or just DHCP server packets (UDP, source-port 67) to find rogue DHCP
> servers. It's a start.
>
> *Jesse DuPont*
>
> Network Architect
> email: jesse.dup...@celeritycorp.net
> Celerity Networks LLC
>
> Celerity Broadband LLC
> Like us! facebook.com/celeritynetworksllc
>
> Like us! facebook.com/celeritybroadband
> On 2/27/17 3:18 PM, That One Guy /sarcasm wrote:
>
> Im mainly looking for IP space that shouldnt be present, DHCP or not.
> I can packet sniff and exclude all configured subnets on that bridge, but
>  its a pain
> I didnt know if there was arp monitor or something along those lines.
> collecting gratuitous ARPs or something like that
>
>
> I see alot of false 192.168.1.1 when i stick that subnet on the interface,
> it doesnt respond and often times has the customer IP arp listed as well
> sometimes its the same mac, sometimes its one digit off like a reboot
> cycling up in switch then into router mode during boot cycle. I see it alot
> with netgear macs.
>
> alot of times the 192.168.1.1 is persistent even though its not responding
> or otherwise apparently even active
>
> On Mon, Feb 27, 2017 at 4:04 PM, Adam Moffett <dmmoff...@gmail.com> wrote:
>
>> Oh?  I never noticed that feature.
>>
>> If you get the offender's MAC address it should be trivial to find them
>> at that point.  That's really all you need.
>>
>>
>> -- Original Message --
>> From: "Dennis Burgess" <dmburg...@linktechs.net>
>> To: "af@afmug.com" <af@afmug.com>
>> Sent: 2/27/2017 5:01:12 PM
>> Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets
>>
>> MIkroTik does have a dhcp alert detection as well.  It will not detect
>> the dhcp sever on the router.  It will give you basic information such as
>> MAC address etc, but really don’t help you too much. But neither will
>> turning a DHCP client on.  You have to find where that client is and turn
>> them off.
>>
>>
>>
>>
>>
>> *Dennis Burgess** –** Network Solution Engineer – Consultant *
>>
>> MikroTik Certified Trainer/Consultant
>> <http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> –
>> MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE
>>
>>
>>
>> For Wireless Hardware/Routers visit www.linktechs.net
>>
>> Radio Frequiency Coverages: www.towercoverage.com
>>
>> Office: 314-735-0270 <%28314%29%20735-0270>
>>
>> E-Mail: dmburg...@linktechs.net
>>
>>
>>
>> *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *Dennis Burgess
>> *Sent:* Monday, February 27, 2017 3:59 PM
>> *To:* af@afmug.com
>> *Subject:* Re: [AFMUG] Mikrotik quick view for unknown subnets
>>
>>
>>
>> Switch can do it too, port isolation! Lol  note, not a dumb switch
>> though.   Nettoix I belive does it.
>>
>>
>>
>>
>>
>> *Dennis Burgess** –** Network Solution Engineer – Consultant *
>>
>> MikroTik Certified Trainer/Consultant
>> <http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> –
>> MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE
>>
>>
>>
>> For Wireless Hardware/Routers visit www.linktechs.net
>>
>> Radio Frequiency Coverages: www.towercoverage.com
>>
>> Office: 314-735-0270 <%28314%29%20735-0270>
>>
>> E-Mail: dmburg...@linktechs.net
>>
>>
>>
>> *From:* Af [mailto:af-boun...@afmug.com <af-boun...@afmug.com>] *On
>> Behalf Of *Adam Moffett
>> *Sent:* Monday, February 27, 2017 3:57 PM
>> *To:* af@afmug.com
>> *Subject:* Re: [AFMUG] Mikrotik quick view for unknown subnets
>>
>>
>>
>> Only on two different router interfaces.  If they're on a switch, then no.
>>
>>
>> I think Dennis may be referring to how you should ideally have things
>> configured, and I think you're talking specifically about the feature in
>> Canopy equipment labeled "SM Isolation".
>>
>> Ideally, yeah you should make it so one customer can't break everyone.
>> That's a multi-faceted thing and SM Isolation is one component of it.
>>
>>
>>
>> If you're looking specifically for a router plugged in backwards, add a
>> DHCP-client to the interface facing the AP, and (*critical*) uncheck the
>> 

Re: [AFMUG] Mikrotik quick view for unknown subnets

[Jesse DuPont]

  
  
There isn't really anything that does what you want other than
looking at packets. Your best bet will be to capture and then filter
just ARP packets or just DHCP server packets (UDP, source-port 67)
to find rogue DHCP servers. It's a start.


  
  
  
  
  
  
  
  
  
  
  
  
  
Jesse DuPont

  Network
  Architect
  email: jesse.dup...@celeritycorp.net
  Celerity Networks LLC
  Celerity
  Broadband LLC
Like us! facebook.com/celeritynetworksllc
  Like us! facebook.com/celeritybroadband
  

  

On 2/27/17 3:18 PM, That One Guy
  /sarcasm wrote:


  Im mainly looking for IP space that shouldnt be
present, DHCP or not.
I can packet sniff and exclude all configured subnets on
  that bridge, but  its a pain
I didnt know if there was arp monitor or something along
  those lines. collecting gratuitous ARPs or something like that




I see alot of false 192.168.1.1 when i stick that subnet on
  the interface, it doesnt respond and often times has the
  customer IP arp listed as well sometimes its the same mac,
  sometimes its one digit off like a reboot cycling up in switch
  then into router mode during boot cycle. I see it alot with
  netgear macs.


alot of times the 192.168.1.1 is persistent even though its
  not responding or otherwise apparently even active
  
  
On Mon, Feb 27, 2017 at 4:04 PM, Adam
  Moffett <dmmoff...@gmail.com>
  wrote:
  

  Oh?  I never noticed that feature.
  
  
  If you get the offender's MAC address it should be
trivial to find them at that point.  That's really all
you need.
  




-- Original Message --
From: "Dennis Burgess" <dmburg...@linktechs.net>
To: "af@afmug.com"
  <af@afmug.com>
  
Sent: 2/27/2017 5:01:12 PM
        Subject: Re: [AFMUG] Mikrotik quick view for
  unknown subnets


  
  

  
  MIkroTik
  does have a dhcp alert detection as well.  It
  will not detect the dhcp sever on the router. 
  It will give you basic information such as MAC
  address etc, but really don’t help you too
  much. But neither will turning a DHCP client
  on.  You have to find where that client is and
  turn them off. 

   


   
  Dennis
Burgess –
Network Solution Engineer – Consultant 
  
MikroTik
  Certified Trainer/Consultant
– MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE
 
For
Wireless Hardware/Routers visit
  www.linktechs.net
Radio
Frequiency Coverages:
  www.towercoverage.com
  
Office:
314-735-0270
E-Mail:
  dmburg...@linktechs.net
  
  
 

  
From: Af
[mailto:af-boun...@afmug.com]
On Behalf Of Dennis Burgess
Sent: Monday, February 27, 2017 3:59
PM
  To: af@afmug.com
          Subject: Re: [AFMUG] Mikrotik quick
          view for unknown subnets
  

 
Switch
can do it too, port isolation! Lol  note, not a
dumb switch though.   Nettoix I belive does it.
 

   
  Dennis
Burgess –
Network Solution Engineer – Consultant 
 

Re: [AFMUG] Mikrotik quick view for unknown subnets

[That One Guy /sarcasm]

Im mainly looking for IP space that shouldnt be present, DHCP or not.
I can packet sniff and exclude all configured subnets on that bridge, but
 its a pain
I didnt know if there was arp monitor or something along those lines.
collecting gratuitous ARPs or something like that


I see alot of false 192.168.1.1 when i stick that subnet on the interface,
it doesnt respond and often times has the customer IP arp listed as well
sometimes its the same mac, sometimes its one digit off like a reboot
cycling up in switch then into router mode during boot cycle. I see it alot
with netgear macs.

alot of times the 192.168.1.1 is persistent even though its not responding
or otherwise apparently even active

On Mon, Feb 27, 2017 at 4:04 PM, Adam Moffett <dmmoff...@gmail.com> wrote:

> Oh?  I never noticed that feature.
>
> If you get the offender's MAC address it should be trivial to find them at
> that point.  That's really all you need.
>
>
> -- Original Message --
> From: "Dennis Burgess" <dmburg...@linktechs.net>
> To: "af@afmug.com" <af@afmug.com>
> Sent: 2/27/2017 5:01:12 PM
> Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets
>
> MIkroTik does have a dhcp alert detection as well.  It will not detect the
> dhcp sever on the router.  It will give you basic information such as MAC
> address etc, but really don’t help you too much. But neither will turning a
> DHCP client on.  You have to find where that client is and turn them off.
>
>
>
>
>
> *Dennis Burgess** –** Network Solution Engineer – Consultant *
>
> MikroTik Certified Trainer/Consultant
> <http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> –
> MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE
>
>
>
> For Wireless Hardware/Routers visit www.linktechs.net
>
> Radio Frequiency Coverages: www.towercoverage.com
>
> Office: 314-735-0270 <(314)%20735-0270>
>
> E-Mail: dmburg...@linktechs.net
>
>
>
> *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *Dennis Burgess
> *Sent:* Monday, February 27, 2017 3:59 PM
> *To:* af@afmug.com
> *Subject:* Re: [AFMUG] Mikrotik quick view for unknown subnets
>
>
>
> Switch can do it too, port isolation! Lol  note, not a dumb switch
> though.   Nettoix I belive does it.
>
>
>
>
>
> *Dennis Burgess** –** Network Solution Engineer – Consultant *
>
> MikroTik Certified Trainer/Consultant
> <http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> –
> MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE
>
>
>
> For Wireless Hardware/Routers visit www.linktechs.net
>
> Radio Frequiency Coverages: www.towercoverage.com
>
> Office: 314-735-0270 <(314)%20735-0270>
>
> E-Mail: dmburg...@linktechs.net
>
>
>
> *From:* Af [mailto:af-boun...@afmug.com <af-boun...@afmug.com>] *On
> Behalf Of *Adam Moffett
> *Sent:* Monday, February 27, 2017 3:57 PM
> *To:* af@afmug.com
> *Subject:* Re: [AFMUG] Mikrotik quick view for unknown subnets
>
>
>
> Only on two different router interfaces.  If they're on a switch, then no.
>
>
> I think Dennis may be referring to how you should ideally have things
> configured, and I think you're talking specifically about the feature in
> Canopy equipment labeled "SM Isolation".
>
> Ideally, yeah you should make it so one customer can't break everyone.
> That's a multi-faceted thing and SM Isolation is one component of it.
>
>
>
> If you're looking specifically for a router plugged in backwards, add a
> DHCP-client to the interface facing the AP, and (*critical*) uncheck the
> boxes for "add default route" and "add peer DNS".  That might be the kind
> of quick, simple test you're hoping for.
>
>
>
>
>
>
>
>
>
> -- Original Message --
>
> From: "That One Guy /sarcasm" <thatoneguyst...@gmail.com>
>
> To: "af@afmug.com" <af@afmug.com>
>
> Sent: 2/27/2017 4:42:02 PM
>
> Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets
>
>
>
> clients on two different access points wil be blocked by client isolation?
>
>
>
> On Mon, Feb 27, 2017 at 3:35 PM, Dennis Burgess <dmburg...@linktechs.net>
> wrote:
>
> There is no reason why it would and should not .  J  You can easily allow
> the one offs …
>
>
>
>
>
> *Dennis Burgess** –** Network Solution Engineer – Consultant *
>
> MikroTik Certified Trainer/Consultant
> <http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> –
> MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE
>
>
>
> For Wireless Hardware/Routers visit www.linktechs.net
>
> Radio Frequiency Coverages: www.towercoverage.com
>
> Of

Re: [AFMUG] Mikrotik quick view for unknown subnets

[Mike Hammett]

Most PtMP platforms have their own variation of SM Isolation. 




- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 




- Original Message -

From: "Adam Moffett" <dmmoff...@gmail.com> 
To: af@afmug.com 
Sent: Monday, February 27, 2017 3:57:04 PM 
Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets 


Only on two different router interfaces. If they're on a switch, then no. 

I think Dennis may be referring to how you should ideally have things 
configured, and I think you're talking specifically about the feature in Canopy 
equipment labeled "SM Isolation". 
Ideally, yeah you should make it so one customer can't break everyone. That's a 
multi-faceted thing and SM Isolation is one component of it. 


If you're looking specifically for a router plugged in backwards, add a 
DHCP-client to the interface facing the AP, and (*critical*) uncheck the boxes 
for "add default route" and "add peer DNS". That might be the kind of quick, 
simple test you're hoping for. 








-- Original Message -- 
From: "That One Guy /sarcasm" < thatoneguyst...@gmail.com > 
To: "af@afmug.com" < af@afmug.com > 
Sent: 2/27/2017 4:42:02 PM 
Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets 





clients on two different access points wil be blocked by client isolation? 


On Mon, Feb 27, 2017 at 3:35 PM, Dennis Burgess < dmburg...@linktechs.net > 
wrote: 





There is no reason why it would and should not . J You can easily allow the one 
offs … 


Dennis Burgess – Network Solution Engineer – Consultant 
MikroTik Certified Trainer/Consultant – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE 

For Wireless Hardware/Routers visit www.linktechs.net 
Radio Frequiency Coverages: www.towercoverage.com 
Office: 314-735-0270 
E-Mail: dmburg...@linktechs.net 

From: Af [mailto: af-boun...@afmug.com ] On Behalf Of That One Guy /sarcasm 
Sent: Monday, February 27, 2017 1:13 PM 
To: af@afmug.com 
Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets 


A. we have some locations where we dont use client isolation and B client 
isolation doesnt apply to two access points as far as I know 



On Mon, Feb 27, 2017 at 12:42 PM, Dennis Burgess < dmburg...@linktechs.net > 
wrote: 






Your client isolation should take care of that. FYI. 


Dennis Burgess – Network Solution Engineer – Consultant 
MikroTik Certified Trainer/Consultant – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE 

For Wireless Hardware/Routers visit www.linktechs.net 
Radio Frequiency Coverages: www.towercoverage.com 
Office: 314-735-0270 
E-Mail: dmburg...@linktechs.net 

From: Af [mailto: af-boun...@afmug.com ] On Behalf Of That One Guy /sarcasm 
Sent: Monday, February 27, 2017 12:42 PM 
To: af@afmug.com 
Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets 


I wasnt clear, I was actually looking for rogue subnets in general 

another issue example is that a customer with some time clocks recently had a 
slick tech put a switch in before the router at multiple locations from the 
same site, different APs, we bridge the APs at the POP, so they were directly 
communicating 



On Mon, Feb 27, 2017 at 12:33 PM, Faisal Imtiaz < fai...@snappytelecom.net > 
wrote: 







You might find the useful. 



https://forum.mikrotik.com/viewtopic.php?t=23640 





Regards. 



Faisal Imtiaz 
Snappy Internet & Telecom 
7266 SW 48 Street 
Miami, FL 33155 
Tel: 305 663 5518 x 232 

Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net 







From: "That One Guy /sarcasm" < thatoneguyst...@gmail.com > 
To: af@afmug.com 
Sent: Monday, February 27, 2017 11:34:59 AM 
Subject: [AFMUG] Mikrotik quick view for unknown subnets 






If, for example a customer has a router connected backward, is there an 
arp(ish) check aside from packet sniffing to see this since its not a subnet on 
the interface and there wont be an arp entry? 



-- 




If you only see yourself as part of the team but you don't see your team as 
part of yourself you have already failed as part of the team. 












-- 




If you only see yourself as part of the team but you don't see your team as 
part of yourself you have already failed as part of the team. 









-- 




If you only see yourself as part of the team but you don't see your team as 
part of yourself you have already failed as part of the team. 





-- 




If you only see yourself as part of the team but you don't see your team as 
part of yourself you have already failed as part of the team. 

Re: [AFMUG] Mikrotik quick view for unknown subnets

[Dennis Burgess]

Yep.. it will take a bit but it will work.


Dennis Burgess – Network Solution Engineer – Consultant
MikroTik Certified 
Trainer/Consultant<http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5>
 – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE

For Wireless Hardware/Routers visit www.linktechs.net<http://www.linktechs.net/>
Radio Frequiency Coverages: www.towercoverage.com<http://www.towercoverage.com/>
Office: 314-735-0270
E-Mail: dmburg...@linktechs.net<mailto:dmburg...@linktechs.net>

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Adam Moffett
Sent: Monday, February 27, 2017 4:04 PM
To: af@afmug.com; af@afmug.com
Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets

Oh?  I never noticed that feature.

If you get the offender's MAC address it should be trivial to find them at that 
point.  That's really all you need.


-- Original Message --
From: "Dennis Burgess" <dmburg...@linktechs.net<mailto:dmburg...@linktechs.net>>
To: "af@afmug.com<mailto:af@afmug.com>" <af@afmug.com<mailto:af@afmug.com>>
Sent: 2/27/2017 5:01:12 PM
Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets

MIkroTik does have a dhcp alert detection as well.  It will not detect the dhcp 
sever on the router.  It will give you basic information such as MAC address 
etc, but really don’t help you too much. But neither will turning a DHCP client 
on.  You have to find where that client is and turn them off.


Dennis Burgess – Network Solution Engineer – Consultant
MikroTik Certified 
Trainer/Consultant<http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5>
 – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE

For Wireless Hardware/Routers visit www.linktechs.net<http://www.linktechs.net/>
Radio Frequiency Coverages: www.towercoverage.com<http://www.towercoverage.com/>
Office: 314-735-0270
E-Mail: dmburg...@linktechs.net<mailto:dmburg...@linktechs.net>

From: Af [mailto:af-boun...@afmug.com<mailto:af-boun...@afmug.com>] On Behalf 
Of Dennis Burgess
Sent: Monday, February 27, 2017 3:59 PM
To: af@afmug.com<mailto:af@afmug.com>
Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets

Switch can do it too, port isolation! Lol  note, not a dumb switch though.   
Nettoix I belive does it.


Dennis Burgess – Network Solution Engineer – Consultant
MikroTik Certified 
Trainer/Consultant<http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5>
 – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE

For Wireless Hardware/Routers visit www.linktechs.net<http://www.linktechs.net/>
Radio Frequiency Coverages: www.towercoverage.com<http://www.towercoverage.com/>
Office: 314-735-0270
E-Mail: dmburg...@linktechs.net<mailto:dmburg...@linktechs.net>

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Adam Moffett
Sent: Monday, February 27, 2017 3:57 PM
To: af@afmug.com<mailto:af@afmug.com>
Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets

Only on two different router interfaces.  If they're on a switch, then no.

I think Dennis may be referring to how you should ideally have things 
configured, and I think you're talking specifically about the feature in Canopy 
equipment labeled "SM Isolation".
Ideally, yeah you should make it so one customer can't break everyone.  That's 
a multi-faceted thing and SM Isolation is one component of it.

If you're looking specifically for a router plugged in backwards, add a 
DHCP-client to the interface facing the AP, and (*critical*) uncheck the boxes 
for "add default route" and "add peer DNS".  That might be the kind of quick, 
simple test you're hoping for.




-- Original Message --
From: "That One Guy /sarcasm" 
<thatoneguyst...@gmail.com<mailto:thatoneguyst...@gmail.com>>
To: "af@afmug.com<mailto:af@afmug.com>" <af@afmug.com<mailto:af@afmug.com>>
Sent: 2/27/2017 4:42:02 PM
Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets

clients on two different access points wil be blocked by client isolation?

On Mon, Feb 27, 2017 at 3:35 PM, Dennis Burgess 
<dmburg...@linktechs.net<mailto:dmburg...@linktechs.net>> wrote:
There is no reason why it would and should not .  ☺  You can easily allow the 
one offs …


Dennis Burgess – Network Solution Engineer – Consultant
MikroTik Certified 
Trainer/Consultant<http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5>
 – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE

For Wireless Hardware/Routers visit www.linktechs.net<http://www.linktechs.net/>
Radio Frequiency Coverages: www.towercoverage.com<http://www.towercoverage.com/>
Office: 314-735-0270<tel:(314)%20735-0270>
E-Mail: dmburg...@linktechs.net<mailto:dmburg...@linktechs.net>

From: Af [mailto:af-boun...@afmug.com<mailto:af-boun...@afmug.com>] On Behalf 
Of That One Guy /sarcasm
Sent: Monday, February 27, 2017 1:1

Re: [AFMUG] Mikrotik quick view for unknown subnets

[Dennis Burgess]

Note, that should NOT affect it.  The DHCP-client trick should work, and it 
will get you the MAC address, the DHCP-ALERT will get you the mac as well. But 
you should NEVER distribute all connected subnets, this is a prime example of 
why not. ☺Don’t get me wrong, there is a time and place for it, but 99% of 
the time, it always comes back to bite you.  What networks are for! ☺


Dennis Burgess – Network Solution Engineer – Consultant
MikroTik Certified 
Trainer/Consultant<http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5>
 – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE

For Wireless Hardware/Routers visit www.linktechs.net<http://www.linktechs.net/>
Radio Frequiency Coverages: www.towercoverage.com<http://www.towercoverage.com/>
Office: 314-735-0270
E-Mail: dmburg...@linktechs.net<mailto:dmburg...@linktechs.net>

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Adam Moffett
Sent: Monday, February 27, 2017 4:03 PM
To: af@afmug.com
Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets

I should probably addif you're distributing all connected subnets via ospf, 
then the dhcp-client trick will distribute a route to the customer's LAN 
subnet.  You might not want that.
That might be obvious depending on how much Keystone Ice we've already had.


-- Original Message --
From: "Adam Moffett" <dmmoff...@gmail.com<mailto:dmmoff...@gmail.com>>
To: af@afmug.com<mailto:af@afmug.com>
Sent: 2/27/2017 4:57:04 PM
Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets

Only on two different router interfaces.  If they're on a switch, then no.

I think Dennis may be referring to how you should ideally have things 
configured, and I think you're talking specifically about the feature in Canopy 
equipment labeled "SM Isolation".
Ideally, yeah you should make it so one customer can't break everyone.  That's 
a multi-faceted thing and SM Isolation is one component of it.

If you're looking specifically for a router plugged in backwards, add a 
DHCP-client to the interface facing the AP, and (*critical*) uncheck the boxes 
for "add default route" and "add peer DNS".  That might be the kind of quick, 
simple test you're hoping for.




-- Original Message --
From: "That One Guy /sarcasm" 
<thatoneguyst...@gmail.com<mailto:thatoneguyst...@gmail.com>>
To: "af@afmug.com<mailto:af@afmug.com>" <af@afmug.com<mailto:af@afmug.com>>
Sent: 2/27/2017 4:42:02 PM
Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets

clients on two different access points wil be blocked by client isolation?

On Mon, Feb 27, 2017 at 3:35 PM, Dennis Burgess 
<dmburg...@linktechs.net<mailto:dmburg...@linktechs.net>> wrote:
There is no reason why it would and should not .  ☺  You can easily allow the 
one offs …


Dennis Burgess – Network Solution Engineer – Consultant
MikroTik Certified 
Trainer/Consultant<http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5>
 – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE

For Wireless Hardware/Routers visit www.linktechs.net<http://www.linktechs.net/>
Radio Frequiency Coverages: www.towercoverage.com<http://www.towercoverage.com/>
Office: 314-735-0270<tel:(314)%20735-0270>
E-Mail: dmburg...@linktechs.net<mailto:dmburg...@linktechs.net>

From: Af [mailto:af-boun...@afmug.com<mailto:af-boun...@afmug.com>] On Behalf 
Of That One Guy /sarcasm
Sent: Monday, February 27, 2017 1:13 PM
To: af@afmug.com<mailto:af@afmug.com>
Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets

A. we have some locations where we dont use client isolation and B client 
isolation doesnt apply to two access points as far as I know

On Mon, Feb 27, 2017 at 12:42 PM, Dennis Burgess 
<dmburg...@linktechs.net<mailto:dmburg...@linktechs.net>> wrote:
Your client isolation should take care of that.  FYI.


Dennis Burgess – Network Solution Engineer – Consultant
MikroTik Certified 
Trainer/Consultant<http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5>
 – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE

For Wireless Hardware/Routers visit www.linktechs.net<http://www.linktechs.net/>
Radio Frequiency Coverages: www.towercoverage.com<http://www.towercoverage.com/>
Office: 314-735-0270<tel:(314)%20735-0270>
E-Mail: dmburg...@linktechs.net<mailto:dmburg...@linktechs.net>

From: Af [mailto:af-boun...@afmug.com<mailto:af-boun...@afmug.com>] On Behalf 
Of That One Guy /sarcasm
Sent: Monday, February 27, 2017 12:42 PM
To: af@afmug.com<mailto:af@afmug.com>
Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets

I wasnt clear, I was actually looking for rogue subnets in general
another issue example is that a customer with some time clocks recently had a 
slick tech put a switch in before the router at multiple locations from the 
same site, different APs

Re: [AFMUG] Mikrotik quick view for unknown subnets

[Adam Moffett]

Oh?  I never noticed that feature.

If you get the offender's MAC address it should be trivial to find them 
at that point.  That's really all you need.



-- Original Message --
From: "Dennis Burgess" <dmburg...@linktechs.net>
To: "af@afmug.com" <af@afmug.com>
Sent: 2/27/2017 5:01:12 PM
Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets

MIkroTik does have a dhcp alert detection as well.  It will not detect 
the dhcp sever on the router.  It will give you basic information such 
as MAC address etc, but really don’t help you too much. But neither 
will turning a DHCP client on.  You have to find where that client is 
and turn them off.






Dennis Burgess – Network Solution Engineer – Consultant

MikroTik Certified Trainer/Consultant 
<http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> – 
MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE




For Wireless Hardware/Routers visit www.linktechs.net

Radio Frequiency Coverages: www.towercoverage.com

Office: 314-735-0270

E-Mail: dmburg...@linktechs.net



From: Af [mailto:af-boun...@afmug.com] On Behalf Of Dennis Burgess
Sent: Monday, February 27, 2017 3:59 PM
To:af@afmug.com
Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets



Switch can do it too, port isolation! Lol  note, not a dumb switch 
though.   Nettoix I belive does it.






Dennis Burgess – Network Solution Engineer – Consultant

MikroTik Certified Trainer/Consultant 
<http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> – 
MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE




For Wireless Hardware/Routers visit www.linktechs.net

Radio Frequiency Coverages: www.towercoverage.com

Office: 314-735-0270

E-Mail: dmburg...@linktechs.net



From: Af [mailto:af-boun...@afmug.com] On Behalf Of Adam Moffett
Sent: Monday, February 27, 2017 3:57 PM
To:af@afmug.com
Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets



Only on two different router interfaces.  If they're on a switch, then 
no.



I think Dennis may be referring to how you should ideally have things 
configured, and I think you're talking specifically about the feature 
in Canopy equipment labeled "SM Isolation".


Ideally, yeah you should make it so one customer can't break everyone.  
That's a multi-faceted thing and SM Isolation is one component of it.




If you're looking specifically for a router plugged in backwards, add a 
DHCP-client to the interface facing the AP, and (*critical*) uncheck 
the boxes for "add default route" and "add peer DNS".  That might be 
the kind of quick, simple test you're hoping for.










-- Original Message --

From: "That One Guy /sarcasm" <thatoneguyst...@gmail.com>

To: "af@afmug.com" <af@afmug.com>

Sent: 2/27/2017 4:42:02 PM

Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets



clients on two different access points wil be blocked by client 
isolation?




On Mon, Feb 27, 2017 at 3:35 PM, Dennis Burgess 
<dmburg...@linktechs.net> wrote:


There is no reason why it would and should not .  J  You can easily 
allow the one offs …






Dennis Burgess – Network Solution Engineer – Consultant

MikroTik Certified Trainer/Consultant 
<http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> – 
MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE




For Wireless Hardware/Routers visit www.linktechs.net

Radio Frequiency Coverages: www.towercoverage.com

Office: 314-735-0270 <tel:(314)%20735-0270>

E-Mail: dmburg...@linktechs.net



From: Af [mailto:af-boun...@afmug.com] On Behalf Of That One Guy 
/sarcasm

Sent: Monday, February 27, 2017 1:13 PM
To:af@afmug.com
Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets



A. we have some locations where we dont use client isolation and B 
client isolation doesnt apply to two access points as far as I know




On Mon, Feb 27, 2017 at 12:42 PM, Dennis Burgess 
<dmburg...@linktechs.net> wrote:



Your client isolation should take care of that.  FYI.





Dennis Burgess – Network Solution Engineer – Consultant

MikroTik Certified Trainer/Consultant 
<http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> – 
MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE




For Wireless Hardware/Routers visit www.linktechs.net

Radio Frequiency Coverages: www.towercoverage.com

Office: 314-735-0270 <tel:(314)%20735-0270>

E-Mail: dmburg...@linktechs.net



From: Af [mailto:af-boun...@afmug.com] On Behalf Of That One Guy 
/sarcasm

Sent: Monday, February 27, 2017 12:42 PM
To:af@afmug.com
Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets



I wasnt clear, I was actually looking for rogue subnets in general

another issue example is that a customer with some time clocks 
recently had a slick tech put a switch in before the router at 
multiple locations from the same site, different APs, we bridge the 
APs at the POP, so they were directly communicating




On Mon, Feb 27, 

Re: [AFMUG] Mikrotik quick view for unknown subnets

[Adam Moffett]

I should probably addif you're distributing all connected subnets 
via ospf, then the dhcp-client trick will distribute a route to the 
customer's LAN subnet.  You might not want that.
That might be obvious depending on how much Keystone Ice we've already 
had.



-- Original Message --
From: "Adam Moffett" <dmmoff...@gmail.com>
To: af@afmug.com
Sent: 2/27/2017 4:57:04 PM
Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets

Only on two different router interfaces.  If they're on a switch, then 
no.


I think Dennis may be referring to how you should ideally have things 
configured, and I think you're talking specifically about the feature 
in Canopy equipment labeled "SM Isolation".
Ideally, yeah you should make it so one customer can't break everyone.  
That's a multi-faceted thing and SM Isolation is one component of it.


If you're looking specifically for a router plugged in backwards, add a 
DHCP-client to the interface facing the AP, and (*critical*) uncheck 
the boxes for "add default route" and "add peer DNS".  That might be 
the kind of quick, simple test you're hoping for.





-- Original Message --
From: "That One Guy /sarcasm" <thatoneguyst...@gmail.com>
To: "af@afmug.com" <af@afmug.com>
Sent: 2/27/2017 4:42:02 PM
Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets

clients on two different access points wil be blocked by client 
isolation?


On Mon, Feb 27, 2017 at 3:35 PM, Dennis Burgess 
<dmburg...@linktechs.net> wrote:
There is no reason why it would and should not .  J  You can easily 
allow the one offs …






Dennis Burgess – Network Solution Engineer – Consultant

MikroTik Certified Trainer/Consultant 
<http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> – 
MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE




For Wireless Hardware/Routers visit www.linktechs.net

Radio Frequiency Coverages: www.towercoverage.com

Office: 314-735-0270 <tel:(314)%20735-0270>

E-Mail: dmburg...@linktechs.net



From: Af [mailto:af-boun...@afmug.com] On Behalf Of That One Guy 
/sarcasm

Sent: Monday, February 27, 2017 1:13 PM
To:af@afmug.com
Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets



A. we have some locations where we dont use client isolation and B 
client isolation doesnt apply to two access points as far as I know




On Mon, Feb 27, 2017 at 12:42 PM, Dennis Burgess 
<dmburg...@linktechs.net> wrote:



Your client isolation should take care of that.  FYI.





Dennis Burgess – Network Solution Engineer – Consultant

MikroTik Certified Trainer/Consultant 
<http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> – 
MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE




For Wireless Hardware/Routers visit www.linktechs.net

Radio Frequiency Coverages: www.towercoverage.com

Office: 314-735-0270 <tel:(314)%20735-0270>

E-Mail: dmburg...@linktechs.net



From: Af [mailto:af-boun...@afmug.com] On Behalf Of That One Guy 
/sarcasm

Sent: Monday, February 27, 2017 12:42 PM
To:af@afmug.com
Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets



I wasnt clear, I was actually looking for rogue subnets in general

another issue example is that a customer with some time clocks 
recently had a slick tech put a switch in before the router at 
multiple locations from the same site, different APs, we bridge the 
APs at the POP, so they were directly communicating




On Mon, Feb 27, 2017 at 12:33 PM, Faisal Imtiaz 
<fai...@snappytelecom.net> wrote:



You might find the useful.



https://forum.mikrotik.com/viewtopic.php?t=23640 
<https://forum.mikrotik.com/viewtopic.php?t=23640>






Regards.



Faisal Imtiaz
Snappy Internet & Telecom
7266 SW 48 Street
Miami, FL 33155
Tel: 305 663 5518 x 232 <tel:(305)%20663-5518>

Help-desk: (305)663-5518 <tel:(305)%20663-5518> Option 2 or Email: 
supp...@snappytelecom.net




----

From: "That One Guy /sarcasm" <thatoneguyst...@gmail.com>
To: af@afmug.com
Sent: Monday, February 27, 2017 11:34:59 AM
Subject: [AFMUG] Mikrotik quick view for unknown subnets

If, for example a customer has a router connected backward, is 
there an arp(ish) check aside from packet sniffing to see this 
since its not a subnet on the interface and there wont be an arp 
entry?




--

If you only see yourself as part of the team but you don't see 
your team as part of yourself you have already failed as part of 
the team.










--

If you only see yourself as part of the team but you don't see your 
team as part of yourself you have already failed as part of the 
team.








--

If you only see yourself as part of the team but you don't see your 
team as part of yourself you have already failed as part of the team.






--
If you only see yourself as part of the team but you don't see your 
team as part of yourself you have already failed as part of the team.

Re: [AFMUG] Mikrotik quick view for unknown subnets

[Dennis Burgess]

MIkroTik does have a dhcp alert detection as well.  It will not detect the dhcp 
sever on the router.  It will give you basic information such as MAC address 
etc, but really don’t help you too much. But neither will turning a DHCP client 
on.  You have to find where that client is and turn them off.


Dennis Burgess – Network Solution Engineer – Consultant
MikroTik Certified 
Trainer/Consultant<http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5>
 – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE

For Wireless Hardware/Routers visit www.linktechs.net<http://www.linktechs.net/>
Radio Frequiency Coverages: www.towercoverage.com<http://www.towercoverage.com/>
Office: 314-735-0270
E-Mail: dmburg...@linktechs.net<mailto:dmburg...@linktechs.net>

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Dennis Burgess
Sent: Monday, February 27, 2017 3:59 PM
To: af@afmug.com
Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets

Switch can do it too, port isolation! Lol  note, not a dumb switch though.   
Nettoix I belive does it.


Dennis Burgess – Network Solution Engineer – Consultant
MikroTik Certified 
Trainer/Consultant<http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5>
 – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE

For Wireless Hardware/Routers visit www.linktechs.net<http://www.linktechs.net/>
Radio Frequiency Coverages: www.towercoverage.com<http://www.towercoverage.com/>
Office: 314-735-0270
E-Mail: dmburg...@linktechs.net<mailto:dmburg...@linktechs.net>

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Adam Moffett
Sent: Monday, February 27, 2017 3:57 PM
To: af@afmug.com<mailto:af@afmug.com>
Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets

Only on two different router interfaces.  If they're on a switch, then no.

I think Dennis may be referring to how you should ideally have things 
configured, and I think you're talking specifically about the feature in Canopy 
equipment labeled "SM Isolation".
Ideally, yeah you should make it so one customer can't break everyone.  That's 
a multi-faceted thing and SM Isolation is one component of it.

If you're looking specifically for a router plugged in backwards, add a 
DHCP-client to the interface facing the AP, and (*critical*) uncheck the boxes 
for "add default route" and "add peer DNS".  That might be the kind of quick, 
simple test you're hoping for.




-- Original Message --
From: "That One Guy /sarcasm" 
<thatoneguyst...@gmail.com<mailto:thatoneguyst...@gmail.com>>
To: "af@afmug.com<mailto:af@afmug.com>" <af@afmug.com<mailto:af@afmug.com>>
Sent: 2/27/2017 4:42:02 PM
Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets

clients on two different access points wil be blocked by client isolation?

On Mon, Feb 27, 2017 at 3:35 PM, Dennis Burgess 
<dmburg...@linktechs.net<mailto:dmburg...@linktechs.net>> wrote:
There is no reason why it would and should not .  ☺  You can easily allow the 
one offs …


Dennis Burgess – Network Solution Engineer – Consultant
MikroTik Certified 
Trainer/Consultant<http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5>
 – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE

For Wireless Hardware/Routers visit www.linktechs.net<http://www.linktechs.net/>
Radio Frequiency Coverages: www.towercoverage.com<http://www.towercoverage.com/>
Office: 314-735-0270<tel:(314)%20735-0270>
E-Mail: dmburg...@linktechs.net<mailto:dmburg...@linktechs.net>

From: Af [mailto:af-boun...@afmug.com<mailto:af-boun...@afmug.com>] On Behalf 
Of That One Guy /sarcasm
Sent: Monday, February 27, 2017 1:13 PM
To: af@afmug.com<mailto:af@afmug.com>
Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets

A. we have some locations where we dont use client isolation and B client 
isolation doesnt apply to two access points as far as I know

On Mon, Feb 27, 2017 at 12:42 PM, Dennis Burgess 
<dmburg...@linktechs.net<mailto:dmburg...@linktechs.net>> wrote:
Your client isolation should take care of that.  FYI.


Dennis Burgess – Network Solution Engineer – Consultant
MikroTik Certified 
Trainer/Consultant<http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5>
 – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE

For Wireless Hardware/Routers visit www.linktechs.net<http://www.linktechs.net/>
Radio Frequiency Coverages: www.towercoverage.com<http://www.towercoverage.com/>
Office: 314-735-0270<tel:(314)%20735-0270>
E-Mail: dmburg...@linktechs.net<mailto:dmburg...@linktechs.net>

From: Af [mailto:af-boun...@afmug.com<mailto:af-boun...@afmug.com>] On Behalf 
Of That One Guy /sarcasm
Sent: Monday, February 27, 2017 12:42 PM
To: af@afmug.com<mailto:af@afmug.com>
Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets

I wasnt clear, I was actually looking for rogue subnets in general
anothe

Re: [AFMUG] Mikrotik quick view for unknown subnets

[Adam Moffett]

Yup that's true.

-- Original Message --
From: "Dennis Burgess" <dmburg...@linktechs.net>
To: "af@afmug.com" <af@afmug.com>
Sent: 2/27/2017 4:59:18 PM
Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets

Switch can do it too, port isolation! Lol  note, not a dumb switch 
though.   Nettoix I belive does it.






Dennis Burgess – Network Solution Engineer – Consultant

MikroTik Certified Trainer/Consultant 
<http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> – 
MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE




For Wireless Hardware/Routers visit www.linktechs.net

Radio Frequiency Coverages: www.towercoverage.com

Office: 314-735-0270

E-Mail: dmburg...@linktechs.net



From: Af [mailto:af-boun...@afmug.com] On Behalf Of Adam Moffett
Sent: Monday, February 27, 2017 3:57 PM
To:af@afmug.com
Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets



Only on two different router interfaces.  If they're on a switch, then 
no.



I think Dennis may be referring to how you should ideally have things 
configured, and I think you're talking specifically about the feature 
in Canopy equipment labeled "SM Isolation".


Ideally, yeah you should make it so one customer can't break everyone.  
That's a multi-faceted thing and SM Isolation is one component of it.




If you're looking specifically for a router plugged in backwards, add a 
DHCP-client to the interface facing the AP, and (*critical*) uncheck 
the boxes for "add default route" and "add peer DNS".  That might be 
the kind of quick, simple test you're hoping for.










-- Original Message --

From: "That One Guy /sarcasm" <thatoneguyst...@gmail.com>

To: "af@afmug.com" <af@afmug.com>

Sent: 2/27/2017 4:42:02 PM

Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets



clients on two different access points wil be blocked by client 
isolation?




On Mon, Feb 27, 2017 at 3:35 PM, Dennis Burgess 
<dmburg...@linktechs.net> wrote:


There is no reason why it would and should not .  J  You can easily 
allow the one offs …






Dennis Burgess – Network Solution Engineer – Consultant

MikroTik Certified Trainer/Consultant 
<http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> – 
MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE




For Wireless Hardware/Routers visit www.linktechs.net

Radio Frequiency Coverages: www.towercoverage.com

Office: 314-735-0270 <tel:(314)%20735-0270>

E-Mail: dmburg...@linktechs.net



From: Af [mailto:af-boun...@afmug.com] On Behalf Of That One Guy 
/sarcasm

Sent: Monday, February 27, 2017 1:13 PM
To:af@afmug.com
Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets



A. we have some locations where we dont use client isolation and B 
client isolation doesnt apply to two access points as far as I know




On Mon, Feb 27, 2017 at 12:42 PM, Dennis Burgess 
<dmburg...@linktechs.net> wrote:



Your client isolation should take care of that.  FYI.





Dennis Burgess – Network Solution Engineer – Consultant

MikroTik Certified Trainer/Consultant 
<http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> – 
MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE




For Wireless Hardware/Routers visit www.linktechs.net

Radio Frequiency Coverages: www.towercoverage.com

Office: 314-735-0270 <tel:(314)%20735-0270>

E-Mail: dmburg...@linktechs.net



From: Af [mailto:af-boun...@afmug.com] On Behalf Of That One Guy 
/sarcasm

Sent: Monday, February 27, 2017 12:42 PM
To:af@afmug.com
Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets



I wasnt clear, I was actually looking for rogue subnets in general

another issue example is that a customer with some time clocks 
recently had a slick tech put a switch in before the router at 
multiple locations from the same site, different APs, we bridge the 
APs at the POP, so they were directly communicating




On Mon, Feb 27, 2017 at 12:33 PM, Faisal Imtiaz 
<fai...@snappytelecom.net> wrote:



You might find the useful.



https://forum.mikrotik.com/viewtopic.php?t=23640





Regards.



Faisal Imtiaz
Snappy Internet & Telecom
7266 SW 48 Street
Miami, FL 33155
Tel: 305 663 5518 x 232 <tel:(305)%20663-5518>

Help-desk: (305)663-5518 <tel:(305)%20663-5518> Option 2 or Email: 
supp...@snappytelecom.net <mailto:supp...@snappytelecom.net>




------------

From: "That One Guy /sarcasm" <thatoneguyst...@gmail.com>
To: af@afmug.com
Sent: Monday, February 27, 2017 11:34:59 AM
Subject: [AFMUG] Mikrotik quick view for unknown subnets

If, for example a customer has a router connected backward, is 
there an arp(ish) check aside from packet sniffing to see this 
since its not a subnet on the interface and there wont be an arp 
entry?




--

If you only see yourself as part of the team but you don't see 
your team as

Re: [AFMUG] Mikrotik quick view for unknown subnets

[Dennis Burgess]

Rephrase.

Any managed switch should be able to do that.
A MIkroTik can of course, all with one bridge group.. There are many different 
ways of doing it there.
The SM isolation should be turned on as well.


Dennis Burgess – Network Solution Engineer – Consultant
MikroTik Certified 
Trainer/Consultant<http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5>
 – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE

For Wireless Hardware/Routers visit www.linktechs.net<http://www.linktechs.net/>
Radio Frequiency Coverages: www.towercoverage.com<http://www.towercoverage.com/>
Office: 314-735-0270
E-Mail: dmburg...@linktechs.net<mailto:dmburg...@linktechs.net>

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Adam Moffett
Sent: Monday, February 27, 2017 3:57 PM
To: af@afmug.com
Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets

Only on two different router interfaces.  If they're on a switch, then no.

I think Dennis may be referring to how you should ideally have things 
configured, and I think you're talking specifically about the feature in Canopy 
equipment labeled "SM Isolation".
Ideally, yeah you should make it so one customer can't break everyone.  That's 
a multi-faceted thing and SM Isolation is one component of it.

If you're looking specifically for a router plugged in backwards, add a 
DHCP-client to the interface facing the AP, and (*critical*) uncheck the boxes 
for "add default route" and "add peer DNS".  That might be the kind of quick, 
simple test you're hoping for.




-- Original Message --
From: "That One Guy /sarcasm" 
<thatoneguyst...@gmail.com<mailto:thatoneguyst...@gmail.com>>
To: "af@afmug.com<mailto:af@afmug.com>" <af@afmug.com<mailto:af@afmug.com>>
Sent: 2/27/2017 4:42:02 PM
Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets

clients on two different access points wil be blocked by client isolation?

On Mon, Feb 27, 2017 at 3:35 PM, Dennis Burgess 
<dmburg...@linktechs.net<mailto:dmburg...@linktechs.net>> wrote:
There is no reason why it would and should not .  ☺  You can easily allow the 
one offs …


Dennis Burgess – Network Solution Engineer – Consultant
MikroTik Certified 
Trainer/Consultant<http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5>
 – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE

For Wireless Hardware/Routers visit www.linktechs.net<http://www.linktechs.net/>
Radio Frequiency Coverages: www.towercoverage.com<http://www.towercoverage.com/>
Office: 314-735-0270<tel:(314)%20735-0270>
E-Mail: dmburg...@linktechs.net<mailto:dmburg...@linktechs.net>

From: Af [mailto:af-boun...@afmug.com<mailto:af-boun...@afmug.com>] On Behalf 
Of That One Guy /sarcasm
Sent: Monday, February 27, 2017 1:13 PM
To: af@afmug.com<mailto:af@afmug.com>
Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets

A. we have some locations where we dont use client isolation and B client 
isolation doesnt apply to two access points as far as I know

On Mon, Feb 27, 2017 at 12:42 PM, Dennis Burgess 
<dmburg...@linktechs.net<mailto:dmburg...@linktechs.net>> wrote:
Your client isolation should take care of that.  FYI.


Dennis Burgess – Network Solution Engineer – Consultant
MikroTik Certified 
Trainer/Consultant<http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5>
 – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE

For Wireless Hardware/Routers visit www.linktechs.net<http://www.linktechs.net/>
Radio Frequiency Coverages: www.towercoverage.com<http://www.towercoverage.com/>
Office: 314-735-0270<tel:(314)%20735-0270>
E-Mail: dmburg...@linktechs.net<mailto:dmburg...@linktechs.net>

From: Af [mailto:af-boun...@afmug.com<mailto:af-boun...@afmug.com>] On Behalf 
Of That One Guy /sarcasm
Sent: Monday, February 27, 2017 12:42 PM
To: af@afmug.com<mailto:af@afmug.com>
Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets

I wasnt clear, I was actually looking for rogue subnets in general
another issue example is that a customer with some time clocks recently had a 
slick tech put a switch in before the router at multiple locations from the 
same site, different APs, we bridge the APs at the POP, so they were directly 
communicating

On Mon, Feb 27, 2017 at 12:33 PM, Faisal Imtiaz 
<fai...@snappytelecom.net<mailto:fai...@snappytelecom.net>> wrote:
You might find the useful.

https://forum.mikrotik.com/viewtopic.php?t=23640


Regards.

Faisal Imtiaz
Snappy Internet & Telecom
7266 SW 48 Street
Miami, FL 33155
Tel: 305 663 5518 x 232<tel:(305)%20663-5518>

Help-desk: (305)663-5518<tel:(305)%20663-5518> Option 2 or Email: 
supp...@snappytelecom.net<mailto:supp...@snappytelecom.net>

____________
From: "That One Guy /sarcasm" 
<thatoneguyst...@gmail.com<mailto:thatoneguyst...@gmail.com>>
To: af@

Re: [AFMUG] Mikrotik quick view for unknown subnets

[Dennis Burgess]

Switch can do it too, port isolation! Lol  note, not a dumb switch though.   
Nettoix I belive does it.


Dennis Burgess – Network Solution Engineer – Consultant
MikroTik Certified 
Trainer/Consultant<http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5>
 – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE

For Wireless Hardware/Routers visit www.linktechs.net<http://www.linktechs.net/>
Radio Frequiency Coverages: www.towercoverage.com<http://www.towercoverage.com/>
Office: 314-735-0270
E-Mail: dmburg...@linktechs.net<mailto:dmburg...@linktechs.net>

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Adam Moffett
Sent: Monday, February 27, 2017 3:57 PM
To: af@afmug.com
Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets

Only on two different router interfaces.  If they're on a switch, then no.

I think Dennis may be referring to how you should ideally have things 
configured, and I think you're talking specifically about the feature in Canopy 
equipment labeled "SM Isolation".
Ideally, yeah you should make it so one customer can't break everyone.  That's 
a multi-faceted thing and SM Isolation is one component of it.

If you're looking specifically for a router plugged in backwards, add a 
DHCP-client to the interface facing the AP, and (*critical*) uncheck the boxes 
for "add default route" and "add peer DNS".  That might be the kind of quick, 
simple test you're hoping for.




-- Original Message --
From: "That One Guy /sarcasm" 
<thatoneguyst...@gmail.com<mailto:thatoneguyst...@gmail.com>>
To: "af@afmug.com<mailto:af@afmug.com>" <af@afmug.com<mailto:af@afmug.com>>
Sent: 2/27/2017 4:42:02 PM
Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets

clients on two different access points wil be blocked by client isolation?

On Mon, Feb 27, 2017 at 3:35 PM, Dennis Burgess 
<dmburg...@linktechs.net<mailto:dmburg...@linktechs.net>> wrote:
There is no reason why it would and should not .  ☺  You can easily allow the 
one offs …


Dennis Burgess – Network Solution Engineer – Consultant
MikroTik Certified 
Trainer/Consultant<http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5>
 – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE

For Wireless Hardware/Routers visit www.linktechs.net<http://www.linktechs.net/>
Radio Frequiency Coverages: www.towercoverage.com<http://www.towercoverage.com/>
Office: 314-735-0270<tel:(314)%20735-0270>
E-Mail: dmburg...@linktechs.net<mailto:dmburg...@linktechs.net>

From: Af [mailto:af-boun...@afmug.com<mailto:af-boun...@afmug.com>] On Behalf 
Of That One Guy /sarcasm
Sent: Monday, February 27, 2017 1:13 PM
To: af@afmug.com<mailto:af@afmug.com>
Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets

A. we have some locations where we dont use client isolation and B client 
isolation doesnt apply to two access points as far as I know

On Mon, Feb 27, 2017 at 12:42 PM, Dennis Burgess 
<dmburg...@linktechs.net<mailto:dmburg...@linktechs.net>> wrote:
Your client isolation should take care of that.  FYI.


Dennis Burgess – Network Solution Engineer – Consultant
MikroTik Certified 
Trainer/Consultant<http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5>
 – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE

For Wireless Hardware/Routers visit www.linktechs.net<http://www.linktechs.net/>
Radio Frequiency Coverages: www.towercoverage.com<http://www.towercoverage.com/>
Office: 314-735-0270<tel:(314)%20735-0270>
E-Mail: dmburg...@linktechs.net<mailto:dmburg...@linktechs.net>

From: Af [mailto:af-boun...@afmug.com<mailto:af-boun...@afmug.com>] On Behalf 
Of That One Guy /sarcasm
Sent: Monday, February 27, 2017 12:42 PM
To: af@afmug.com<mailto:af@afmug.com>
Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets

I wasnt clear, I was actually looking for rogue subnets in general
another issue example is that a customer with some time clocks recently had a 
slick tech put a switch in before the router at multiple locations from the 
same site, different APs, we bridge the APs at the POP, so they were directly 
communicating

On Mon, Feb 27, 2017 at 12:33 PM, Faisal Imtiaz 
<fai...@snappytelecom.net<mailto:fai...@snappytelecom.net>> wrote:
You might find the useful.

https://forum.mikrotik.com/viewtopic.php?t=23640


Regards.

Faisal Imtiaz
Snappy Internet & Telecom
7266 SW 48 Street
Miami, FL 33155
Tel: 305 663 5518 x 232<tel:(305)%20663-5518>

Help-desk: (305)663-5518<tel:(305)%20663-5518> Option 2 or Email: 
supp...@snappytelecom.net<mailto:supp...@snappytelecom.net>

____________
From: "That One Guy /sarcasm" 
<thatoneguyst...@gmail.com<mailto:thatoneguyst...@gmail.com>>
To: af@afmug.com<mailto:af@afmug.com>
Sent: Monday, February 27, 2017 11:34:59 AM
Subject: [AFMUG] Mik

Re: [AFMUG] Mikrotik quick view for unknown subnets

[Adam Moffett]

Only on two different router interfaces.  If they're on a switch, then 
no.


I think Dennis may be referring to how you should ideally have things 
configured, and I think you're talking specifically about the feature in 
Canopy equipment labeled "SM Isolation".
Ideally, yeah you should make it so one customer can't break everyone.  
That's a multi-faceted thing and SM Isolation is one component of it.


If you're looking specifically for a router plugged in backwards, add a 
DHCP-client to the interface facing the AP, and (*critical*) uncheck the 
boxes for "add default route" and "add peer DNS".  That might be the 
kind of quick, simple test you're hoping for.





-- Original Message --
From: "That One Guy /sarcasm" <thatoneguyst...@gmail.com>
To: "af@afmug.com" <af@afmug.com>
Sent: 2/27/2017 4:42:02 PM
Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets

clients on two different access points wil be blocked by client 
isolation?


On Mon, Feb 27, 2017 at 3:35 PM, Dennis Burgess 
<dmburg...@linktechs.net> wrote:
There is no reason why it would and should not .  J  You can easily 
allow the one offs …






Dennis Burgess – Network Solution Engineer – Consultant

MikroTik Certified Trainer/Consultant 
<http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> – 
MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE




For Wireless Hardware/Routers visit www.linktechs.net

Radio Frequiency Coverages: www.towercoverage.com

Office: 314-735-0270 <tel:(314)%20735-0270>

E-Mail: dmburg...@linktechs.net



From: Af [mailto:af-boun...@afmug.com] On Behalf Of That One Guy 
/sarcasm

Sent: Monday, February 27, 2017 1:13 PM
To:af@afmug.com
Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets



A. we have some locations where we dont use client isolation and B 
client isolation doesnt apply to two access points as far as I know




On Mon, Feb 27, 2017 at 12:42 PM, Dennis Burgess 
<dmburg...@linktechs.net> wrote:



Your client isolation should take care of that.  FYI.





Dennis Burgess – Network Solution Engineer – Consultant

MikroTik Certified Trainer/Consultant 
<http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> – 
MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE




For Wireless Hardware/Routers visit www.linktechs.net

Radio Frequiency Coverages: www.towercoverage.com

Office: 314-735-0270 <tel:(314)%20735-0270>

E-Mail: dmburg...@linktechs.net



From: Af [mailto:af-boun...@afmug.com] On Behalf Of That One Guy 
/sarcasm

Sent: Monday, February 27, 2017 12:42 PM
To:af@afmug.com
Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets



I wasnt clear, I was actually looking for rogue subnets in general

another issue example is that a customer with some time clocks 
recently had a slick tech put a switch in before the router at 
multiple locations from the same site, different APs, we bridge the 
APs at the POP, so they were directly communicating




On Mon, Feb 27, 2017 at 12:33 PM, Faisal Imtiaz 
<fai...@snappytelecom.net> wrote:



You might find the useful.



https://forum.mikrotik.com/viewtopic.php?t=23640 
<https://forum.mikrotik.com/viewtopic.php?t=23640>






Regards.



Faisal Imtiaz
Snappy Internet & Telecom
7266 SW 48 Street
Miami, FL 33155
Tel: 305 663 5518 x 232 <tel:(305)%20663-5518>

Help-desk: (305)663-5518 <tel:(305)%20663-5518> Option 2 or Email: 
supp...@snappytelecom.net






From: "That One Guy /sarcasm" <thatoneguyst...@gmail.com>
To: af@afmug.com
Sent: Monday, February 27, 2017 11:34:59 AM
Subject: [AFMUG] Mikrotik quick view for unknown subnets

If, for example a customer has a router connected backward, is 
there an arp(ish) check aside from packet sniffing to see this 
since its not a subnet on the interface and there wont be an arp 
entry?




--

If you only see yourself as part of the team but you don't see your 
team as part of yourself you have already failed as part of the 
team.










--

If you only see yourself as part of the team but you don't see your 
team as part of yourself you have already failed as part of the team.








--

If you only see yourself as part of the team but you don't see your 
team as part of yourself you have already failed as part of the team.






--
If you only see yourself as part of the team but you don't see your 
team as part of yourself you have already failed as part of the team.

Re: [AFMUG] Mikrotik quick view for unknown subnets

[Josh Luthman]

No it wouldn't be stopped by client isolation.

You could stop it with VLANs pretty easily.


Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

On Mon, Feb 27, 2017 at 4:53 PM, Dennis Burgess <dmburg...@linktechs.net>
wrote:

> Yep Clients should only be able to reach the Router that is in
> question, that it . J
>
>
>
>
>
> *Dennis Burgess** –** Network Solution Engineer – Consultant *
>
> MikroTik Certified Trainer/Consultant
> <http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> –
> MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE
>
>
>
> For Wireless Hardware/Routers visit www.linktechs.net
>
> Radio Frequiency Coverages: www.towercoverage.com
>
> Office: 314-735-0270 <(314)%20735-0270>
>
> E-Mail: dmburg...@linktechs.net
>
>
>
> *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *That One Guy
> /sarcasm
> *Sent:* Monday, February 27, 2017 3:42 PM
>
> *To:* af@afmug.com
> *Subject:* Re: [AFMUG] Mikrotik quick view for unknown subnets
>
>
>
> clients on two different access points wil be blocked by client isolation?
>
>
>
> On Mon, Feb 27, 2017 at 3:35 PM, Dennis Burgess <dmburg...@linktechs.net>
> wrote:
>
> There is no reason why it would and should not .  J  You can easily allow
> the one offs …
>
>
>
>
>
> *Dennis Burgess** –** Network Solution Engineer – Consultant *
>
> MikroTik Certified Trainer/Consultant
> <http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> –
> MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE
>
>
>
> For Wireless Hardware/Routers visit www.linktechs.net
>
> Radio Frequiency Coverages: www.towercoverage.com
>
> Office: 314-735-0270 <(314)%20735-0270>
>
> E-Mail: dmburg...@linktechs.net
>
>
>
> *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *That One Guy
> /sarcasm
> *Sent:* Monday, February 27, 2017 1:13 PM
> *To:* af@afmug.com
> *Subject:* Re: [AFMUG] Mikrotik quick view for unknown subnets
>
>
>
> A. we have some locations where we dont use client isolation and B client
> isolation doesnt apply to two access points as far as I know
>
>
>
> On Mon, Feb 27, 2017 at 12:42 PM, Dennis Burgess <dmburg...@linktechs.net>
> wrote:
>
> Your client isolation should take care of that.  FYI.
>
>
>
>
>
> *Dennis Burgess** –** Network Solution Engineer – Consultant *
>
> MikroTik Certified Trainer/Consultant
> <http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> –
> MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE
>
>
>
> For Wireless Hardware/Routers visit www.linktechs.net
>
> Radio Frequiency Coverages: www.towercoverage.com
>
> Office: 314-735-0270 <(314)%20735-0270>
>
> E-Mail: dmburg...@linktechs.net
>
>
>
> *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *That One Guy
> /sarcasm
> *Sent:* Monday, February 27, 2017 12:42 PM
> *To:* af@afmug.com
> *Subject:* Re: [AFMUG] Mikrotik quick view for unknown subnets
>
>
>
> I wasnt clear, I was actually looking for rogue subnets in general
>
> another issue example is that a customer with some time clocks recently
> had a slick tech put a switch in before the router at multiple locations
> from the same site, different APs, we bridge the APs at the POP, so they
> were directly communicating
>
>
>
> On Mon, Feb 27, 2017 at 12:33 PM, Faisal Imtiaz <fai...@snappytelecom.net>
> wrote:
>
> You might find the useful.
>
>
>
> https://forum.mikrotik.com/viewtopic.php?t=23640
>
>
>
>
>
> Regards.
>
>
>
> Faisal Imtiaz
> Snappy Internet & Telecom
> 7266 SW 48 Street
> Miami, FL 33155
> Tel: 305 663 5518 x 232 <(305)%20663-5518>
>
> Help-desk: (305)663-5518 <(305)%20663-5518> Option 2 or Email:
> supp...@snappytelecom.net
>
>
> --
>
> *From: *"That One Guy /sarcasm" <thatoneguyst...@gmail.com>
> *To: *af@afmug.com
> *Sent: *Monday, February 27, 2017 11:34:59 AM
> *Subject: *[AFMUG] Mikrotik quick view for unknown subnets
>
> If, for example a customer has a router connected backward, is there an
> arp(ish) check aside from packet sniffing to see this since its not a
> subnet on the interface and there wont be an arp entry?
>
>
>
> --
>
> If you only see yourself as part of the team but you don't see your team
> as part of yourself you have already failed as part of the team.
>
>
>
>
>
>
>
> --
>
> If you only see yourself as part of the team but you don't see your team
> as part of yourself you have already failed as part of the team.
>
>
>
>
>
> --
>
> If you only see yourself as part of the team but you don't see your team
> as part of yourself you have already failed as part of the team.
>
>
>
>
>
> --
>
> If you only see yourself as part of the team but you don't see your team
> as part of yourself you have already failed as part of the team.
>

Re: [AFMUG] Mikrotik quick view for unknown subnets

[That One Guy /sarcasm]

cool
but back to the original question, without doing packet sniffing is there a
way to see rogue subnets?

On Mon, Feb 27, 2017 at 3:53 PM, Dennis Burgess <dmburg...@linktechs.net>
wrote:

> Yep Clients should only be able to reach the Router that is in
> question, that it . J
>
>
>
>
>
> *Dennis Burgess** –** Network Solution Engineer – Consultant *
>
> MikroTik Certified Trainer/Consultant
> <http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> –
> MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE
>
>
>
> For Wireless Hardware/Routers visit www.linktechs.net
>
> Radio Frequiency Coverages: www.towercoverage.com
>
> Office: 314-735-0270 <(314)%20735-0270>
>
> E-Mail: dmburg...@linktechs.net
>
>
>
> *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *That One Guy
> /sarcasm
> *Sent:* Monday, February 27, 2017 3:42 PM
> *To:* af@afmug.com
> *Subject:* Re: [AFMUG] Mikrotik quick view for unknown subnets
>
>
>
> clients on two different access points wil be blocked by client isolation?
>
>
>
> On Mon, Feb 27, 2017 at 3:35 PM, Dennis Burgess <dmburg...@linktechs.net>
> wrote:
>
> There is no reason why it would and should not .  J  You can easily allow
> the one offs …
>
>
>
>
>
> *Dennis Burgess** –** Network Solution Engineer – Consultant *
>
> MikroTik Certified Trainer/Consultant
> <http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> –
> MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE
>
>
>
> For Wireless Hardware/Routers visit www.linktechs.net
>
> Radio Frequiency Coverages: www.towercoverage.com
>
> Office: 314-735-0270 <(314)%20735-0270>
>
> E-Mail: dmburg...@linktechs.net
>
>
>
> *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *That One Guy
> /sarcasm
> *Sent:* Monday, February 27, 2017 1:13 PM
> *To:* af@afmug.com
> *Subject:* Re: [AFMUG] Mikrotik quick view for unknown subnets
>
>
>
> A. we have some locations where we dont use client isolation and B client
> isolation doesnt apply to two access points as far as I know
>
>
>
> On Mon, Feb 27, 2017 at 12:42 PM, Dennis Burgess <dmburg...@linktechs.net>
> wrote:
>
> Your client isolation should take care of that.  FYI.
>
>
>
>
>
> *Dennis Burgess** –** Network Solution Engineer – Consultant *
>
> MikroTik Certified Trainer/Consultant
> <http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> –
> MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE
>
>
>
> For Wireless Hardware/Routers visit www.linktechs.net
>
> Radio Frequiency Coverages: www.towercoverage.com
>
> Office: 314-735-0270 <(314)%20735-0270>
>
> E-Mail: dmburg...@linktechs.net
>
>
>
> *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *That One Guy
> /sarcasm
> *Sent:* Monday, February 27, 2017 12:42 PM
> *To:* af@afmug.com
> *Subject:* Re: [AFMUG] Mikrotik quick view for unknown subnets
>
>
>
> I wasnt clear, I was actually looking for rogue subnets in general
>
> another issue example is that a customer with some time clocks recently
> had a slick tech put a switch in before the router at multiple locations
> from the same site, different APs, we bridge the APs at the POP, so they
> were directly communicating
>
>
>
> On Mon, Feb 27, 2017 at 12:33 PM, Faisal Imtiaz <fai...@snappytelecom.net>
> wrote:
>
> You might find the useful.
>
>
>
> https://forum.mikrotik.com/viewtopic.php?t=23640
>
>
>
>
>
> Regards.
>
>
>
> Faisal Imtiaz
> Snappy Internet & Telecom
> 7266 SW 48 Street
> Miami, FL 33155
> Tel: 305 663 5518 x 232 <(305)%20663-5518>
>
> Help-desk: (305)663-5518 <(305)%20663-5518> Option 2 or Email:
> supp...@snappytelecom.net
>
>
> --
>
> *From: *"That One Guy /sarcasm" <thatoneguyst...@gmail.com>
> *To: *af@afmug.com
> *Sent: *Monday, February 27, 2017 11:34:59 AM
> *Subject: *[AFMUG] Mikrotik quick view for unknown subnets
>
> If, for example a customer has a router connected backward, is there an
> arp(ish) check aside from packet sniffing to see this since its not a
> subnet on the interface and there wont be an arp entry?
>
>
>
> --
>
> If you only see yourself as part of the team but you don't see your team
> as part of yourself you have already failed as part of the team.
>
>
>
>
>
>
>
> --
>
> If you only see yourself as part of the team but you don't see your team
> as part of yourself you have already failed as part of the team.
>
>
>
>
>
> --
>
> If you only see yourself as part of the team but you don't see your team
> as part of yourself you have already failed as part of the team.
>
>
>
>
>
> --
>
> If you only see yourself as part of the team but you don't see your team
> as part of yourself you have already failed as part of the team.
>



-- 
If you only see yourself as part of the team but you don't see your team as
part of yourself you have already failed as part of the team.

Re: [AFMUG] Mikrotik quick view for unknown subnets

[Dennis Burgess]

Yep Clients should only be able to reach the Router that is in question, 
that it . ☺


Dennis Burgess – Network Solution Engineer – Consultant
MikroTik Certified 
Trainer/Consultant<http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5>
 – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE

For Wireless Hardware/Routers visit www.linktechs.net<http://www.linktechs.net/>
Radio Frequiency Coverages: www.towercoverage.com<http://www.towercoverage.com/>
Office: 314-735-0270
E-Mail: dmburg...@linktechs.net<mailto:dmburg...@linktechs.net>

From: Af [mailto:af-boun...@afmug.com] On Behalf Of That One Guy /sarcasm
Sent: Monday, February 27, 2017 3:42 PM
To: af@afmug.com
Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets

clients on two different access points wil be blocked by client isolation?

On Mon, Feb 27, 2017 at 3:35 PM, Dennis Burgess 
<dmburg...@linktechs.net<mailto:dmburg...@linktechs.net>> wrote:
There is no reason why it would and should not .  ☺  You can easily allow the 
one offs …


Dennis Burgess – Network Solution Engineer – Consultant
MikroTik Certified 
Trainer/Consultant<http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5>
 – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE

For Wireless Hardware/Routers visit www.linktechs.net<http://www.linktechs.net/>
Radio Frequiency Coverages: www.towercoverage.com<http://www.towercoverage.com/>
Office: 314-735-0270<tel:(314)%20735-0270>
E-Mail: dmburg...@linktechs.net<mailto:dmburg...@linktechs.net>

From: Af [mailto:af-boun...@afmug.com<mailto:af-boun...@afmug.com>] On Behalf 
Of That One Guy /sarcasm
Sent: Monday, February 27, 2017 1:13 PM
To: af@afmug.com<mailto:af@afmug.com>
Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets

A. we have some locations where we dont use client isolation and B client 
isolation doesnt apply to two access points as far as I know

On Mon, Feb 27, 2017 at 12:42 PM, Dennis Burgess 
<dmburg...@linktechs.net<mailto:dmburg...@linktechs.net>> wrote:
Your client isolation should take care of that.  FYI.


Dennis Burgess – Network Solution Engineer – Consultant
MikroTik Certified 
Trainer/Consultant<http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5>
 – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE

For Wireless Hardware/Routers visit www.linktechs.net<http://www.linktechs.net/>
Radio Frequiency Coverages: www.towercoverage.com<http://www.towercoverage.com/>
Office: 314-735-0270<tel:(314)%20735-0270>
E-Mail: dmburg...@linktechs.net<mailto:dmburg...@linktechs.net>

From: Af [mailto:af-boun...@afmug.com<mailto:af-boun...@afmug.com>] On Behalf 
Of That One Guy /sarcasm
Sent: Monday, February 27, 2017 12:42 PM
To: af@afmug.com<mailto:af@afmug.com>
Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets

I wasnt clear, I was actually looking for rogue subnets in general
another issue example is that a customer with some time clocks recently had a 
slick tech put a switch in before the router at multiple locations from the 
same site, different APs, we bridge the APs at the POP, so they were directly 
communicating

On Mon, Feb 27, 2017 at 12:33 PM, Faisal Imtiaz 
<fai...@snappytelecom.net<mailto:fai...@snappytelecom.net>> wrote:
You might find the useful.

https://forum.mikrotik.com/viewtopic.php?t=23640


Regards.

Faisal Imtiaz
Snappy Internet & Telecom
7266 SW 48 Street
Miami, FL 33155
Tel: 305 663 5518 x 232<tel:(305)%20663-5518>

Help-desk: (305)663-5518<tel:(305)%20663-5518> Option 2 or Email: 
supp...@snappytelecom.net<mailto:supp...@snappytelecom.net>


From: "That One Guy /sarcasm" 
<thatoneguyst...@gmail.com<mailto:thatoneguyst...@gmail.com>>
To: af@afmug.com<mailto:af@afmug.com>
Sent: Monday, February 27, 2017 11:34:59 AM
Subject: [AFMUG] Mikrotik quick view for unknown subnets
If, for example a customer has a router connected backward, is there an 
arp(ish) check aside from packet sniffing to see this since its not a subnet on 
the interface and there wont be an arp entry?


--
If you only see yourself as part of the team but you don't see your team as 
part of yourself you have already failed as part of the team.




--
If you only see yourself as part of the team but you don't see your team as 
part of yourself you have already failed as part of the team.



--
If you only see yourself as part of the team but you don't see your team as 
part of yourself you have already failed as part of the team.



--
If you only see yourself as part of the team but you don't see your team as 
part of yourself you have already failed as part of the team.

Re: [AFMUG] Mikrotik quick view for unknown subnets

[That One Guy /sarcasm]

clients on two different access points wil be blocked by client isolation?

On Mon, Feb 27, 2017 at 3:35 PM, Dennis Burgess <dmburg...@linktechs.net>
wrote:

> There is no reason why it would and should not .  J  You can easily allow
> the one offs …
>
>
>
>
>
> *Dennis Burgess** –** Network Solution Engineer – Consultant *
>
> MikroTik Certified Trainer/Consultant
> <http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> –
> MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE
>
>
>
> For Wireless Hardware/Routers visit www.linktechs.net
>
> Radio Frequiency Coverages: www.towercoverage.com
>
> Office: 314-735-0270 <(314)%20735-0270>
>
> E-Mail: dmburg...@linktechs.net
>
>
>
> *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *That One Guy
> /sarcasm
> *Sent:* Monday, February 27, 2017 1:13 PM
> *To:* af@afmug.com
> *Subject:* Re: [AFMUG] Mikrotik quick view for unknown subnets
>
>
>
> A. we have some locations where we dont use client isolation and B client
> isolation doesnt apply to two access points as far as I know
>
>
>
> On Mon, Feb 27, 2017 at 12:42 PM, Dennis Burgess <dmburg...@linktechs.net>
> wrote:
>
> Your client isolation should take care of that.  FYI.
>
>
>
>
>
> *Dennis Burgess** –** Network Solution Engineer – Consultant *
>
> MikroTik Certified Trainer/Consultant
> <http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> –
> MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE
>
>
>
> For Wireless Hardware/Routers visit www.linktechs.net
>
> Radio Frequiency Coverages: www.towercoverage.com
>
> Office: 314-735-0270 <(314)%20735-0270>
>
> E-Mail: dmburg...@linktechs.net
>
>
>
> *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *That One Guy
> /sarcasm
> *Sent:* Monday, February 27, 2017 12:42 PM
> *To:* af@afmug.com
> *Subject:* Re: [AFMUG] Mikrotik quick view for unknown subnets
>
>
>
> I wasnt clear, I was actually looking for rogue subnets in general
>
> another issue example is that a customer with some time clocks recently
> had a slick tech put a switch in before the router at multiple locations
> from the same site, different APs, we bridge the APs at the POP, so they
> were directly communicating
>
>
>
> On Mon, Feb 27, 2017 at 12:33 PM, Faisal Imtiaz <fai...@snappytelecom.net>
> wrote:
>
> You might find the useful.
>
>
>
> https://forum.mikrotik.com/viewtopic.php?t=23640
>
>
>
>
>
> Regards.
>
>
>
> Faisal Imtiaz
> Snappy Internet & Telecom
> 7266 SW 48 Street
> Miami, FL 33155
> Tel: 305 663 5518 x 232 <(305)%20663-5518>
>
> Help-desk: (305)663-5518 <(305)%20663-5518> Option 2 or Email:
> supp...@snappytelecom.net
>
>
> --
>
> *From: *"That One Guy /sarcasm" <thatoneguyst...@gmail.com>
> *To: *af@afmug.com
> *Sent: *Monday, February 27, 2017 11:34:59 AM
> *Subject: *[AFMUG] Mikrotik quick view for unknown subnets
>
> If, for example a customer has a router connected backward, is there an
> arp(ish) check aside from packet sniffing to see this since its not a
> subnet on the interface and there wont be an arp entry?
>
>
>
> --
>
> If you only see yourself as part of the team but you don't see your team
> as part of yourself you have already failed as part of the team.
>
>
>
>
>
>
>
> --
>
> If you only see yourself as part of the team but you don't see your team
> as part of yourself you have already failed as part of the team.
>
>
>
>
>
> --
>
> If you only see yourself as part of the team but you don't see your team
> as part of yourself you have already failed as part of the team.
>



-- 
If you only see yourself as part of the team but you don't see your team as
part of yourself you have already failed as part of the team.

Re: [AFMUG] Mikrotik quick view for unknown subnets

[Dennis Burgess]

There is no reason why it would and should not .  ☺  You can easily allow the 
one offs …


Dennis Burgess – Network Solution Engineer – Consultant
MikroTik Certified 
Trainer/Consultant<http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5>
 – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE

For Wireless Hardware/Routers visit www.linktechs.net<http://www.linktechs.net/>
Radio Frequiency Coverages: www.towercoverage.com<http://www.towercoverage.com/>
Office: 314-735-0270
E-Mail: dmburg...@linktechs.net<mailto:dmburg...@linktechs.net>

From: Af [mailto:af-boun...@afmug.com] On Behalf Of That One Guy /sarcasm
Sent: Monday, February 27, 2017 1:13 PM
To: af@afmug.com
Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets

A. we have some locations where we dont use client isolation and B client 
isolation doesnt apply to two access points as far as I know

On Mon, Feb 27, 2017 at 12:42 PM, Dennis Burgess 
<dmburg...@linktechs.net<mailto:dmburg...@linktechs.net>> wrote:
Your client isolation should take care of that.  FYI.


Dennis Burgess – Network Solution Engineer – Consultant
MikroTik Certified 
Trainer/Consultant<http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5>
 – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE

For Wireless Hardware/Routers visit www.linktechs.net<http://www.linktechs.net/>
Radio Frequiency Coverages: www.towercoverage.com<http://www.towercoverage.com/>
Office: 314-735-0270<tel:(314)%20735-0270>
E-Mail: dmburg...@linktechs.net<mailto:dmburg...@linktechs.net>

From: Af [mailto:af-boun...@afmug.com<mailto:af-boun...@afmug.com>] On Behalf 
Of That One Guy /sarcasm
Sent: Monday, February 27, 2017 12:42 PM
To: af@afmug.com<mailto:af@afmug.com>
Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets

I wasnt clear, I was actually looking for rogue subnets in general
another issue example is that a customer with some time clocks recently had a 
slick tech put a switch in before the router at multiple locations from the 
same site, different APs, we bridge the APs at the POP, so they were directly 
communicating

On Mon, Feb 27, 2017 at 12:33 PM, Faisal Imtiaz 
<fai...@snappytelecom.net<mailto:fai...@snappytelecom.net>> wrote:
You might find the useful.

https://forum.mikrotik.com/viewtopic.php?t=23640


Regards.

Faisal Imtiaz
Snappy Internet & Telecom
7266 SW 48 Street
Miami, FL 33155
Tel: 305 663 5518 x 232<tel:(305)%20663-5518>

Help-desk: (305)663-5518<tel:(305)%20663-5518> Option 2 or Email: 
supp...@snappytelecom.net<mailto:supp...@snappytelecom.net>


From: "That One Guy /sarcasm" 
<thatoneguyst...@gmail.com<mailto:thatoneguyst...@gmail.com>>
To: af@afmug.com<mailto:af@afmug.com>
Sent: Monday, February 27, 2017 11:34:59 AM
Subject: [AFMUG] Mikrotik quick view for unknown subnets
If, for example a customer has a router connected backward, is there an 
arp(ish) check aside from packet sniffing to see this since its not a subnet on 
the interface and there wont be an arp entry?


--
If you only see yourself as part of the team but you don't see your team as 
part of yourself you have already failed as part of the team.




--
If you only see yourself as part of the team but you don't see your team as 
part of yourself you have already failed as part of the team.



--
If you only see yourself as part of the team but you don't see your team as 
part of yourself you have already failed as part of the team.

Re: [AFMUG] Mikrotik quick view for unknown subnets

[That One Guy /sarcasm]

A. we have some locations where we dont use client isolation and B client
isolation doesnt apply to two access points as far as I know

On Mon, Feb 27, 2017 at 12:42 PM, Dennis Burgess <dmburg...@linktechs.net>
wrote:

> Your client isolation should take care of that.  FYI.
>
>
>
>
>
> *Dennis Burgess** –** Network Solution Engineer – Consultant *
>
> MikroTik Certified Trainer/Consultant
> <http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> –
> MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE
>
>
>
> For Wireless Hardware/Routers visit www.linktechs.net
>
> Radio Frequiency Coverages: www.towercoverage.com
>
> Office: 314-735-0270 <(314)%20735-0270>
>
> E-Mail: dmburg...@linktechs.net
>
>
>
> *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *That One Guy
> /sarcasm
> *Sent:* Monday, February 27, 2017 12:42 PM
> *To:* af@afmug.com
> *Subject:* Re: [AFMUG] Mikrotik quick view for unknown subnets
>
>
>
> I wasnt clear, I was actually looking for rogue subnets in general
>
> another issue example is that a customer with some time clocks recently
> had a slick tech put a switch in before the router at multiple locations
> from the same site, different APs, we bridge the APs at the POP, so they
> were directly communicating
>
>
>
> On Mon, Feb 27, 2017 at 12:33 PM, Faisal Imtiaz <fai...@snappytelecom.net>
> wrote:
>
> You might find the useful.
>
>
>
> https://forum.mikrotik.com/viewtopic.php?t=23640
>
>
>
>
>
> Regards.
>
>
>
> Faisal Imtiaz
> Snappy Internet & Telecom
> 7266 SW 48 Street
> Miami, FL 33155
> Tel: 305 663 5518 x 232 <(305)%20663-5518>
>
> Help-desk: (305)663-5518 <(305)%20663-5518> Option 2 or Email:
> supp...@snappytelecom.net
>
>
> --
>
> *From: *"That One Guy /sarcasm" <thatoneguyst...@gmail.com>
> *To: *af@afmug.com
> *Sent: *Monday, February 27, 2017 11:34:59 AM
> *Subject: *[AFMUG] Mikrotik quick view for unknown subnets
>
> If, for example a customer has a router connected backward, is there an
> arp(ish) check aside from packet sniffing to see this since its not a
> subnet on the interface and there wont be an arp entry?
>
>
>
> --
>
> If you only see yourself as part of the team but you don't see your team
> as part of yourself you have already failed as part of the team.
>
>
>
>
>
>
>
> --
>
> If you only see yourself as part of the team but you don't see your team
> as part of yourself you have already failed as part of the team.
>



-- 
If you only see yourself as part of the team but you don't see your team as
part of yourself you have already failed as part of the team.

Re: [AFMUG] Mikrotik quick view for unknown subnets

[Dennis Burgess]

Your client isolation should take care of that.  FYI.


Dennis Burgess – Network Solution Engineer – Consultant
MikroTik Certified 
Trainer/Consultant<http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5>
 – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE

For Wireless Hardware/Routers visit www.linktechs.net<http://www.linktechs.net/>
Radio Frequiency Coverages: www.towercoverage.com<http://www.towercoverage.com/>
Office: 314-735-0270
E-Mail: dmburg...@linktechs.net<mailto:dmburg...@linktechs.net>

From: Af [mailto:af-boun...@afmug.com] On Behalf Of That One Guy /sarcasm
Sent: Monday, February 27, 2017 12:42 PM
To: af@afmug.com
Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets

I wasnt clear, I was actually looking for rogue subnets in general
another issue example is that a customer with some time clocks recently had a 
slick tech put a switch in before the router at multiple locations from the 
same site, different APs, we bridge the APs at the POP, so they were directly 
communicating

On Mon, Feb 27, 2017 at 12:33 PM, Faisal Imtiaz 
<fai...@snappytelecom.net<mailto:fai...@snappytelecom.net>> wrote:
You might find the useful.

https://forum.mikrotik.com/viewtopic.php?t=23640


Regards.

Faisal Imtiaz
Snappy Internet & Telecom
7266 SW 48 Street
Miami, FL 33155
Tel: 305 663 5518 x 232<tel:(305)%20663-5518>

Help-desk: (305)663-5518<tel:(305)%20663-5518> Option 2 or Email: 
supp...@snappytelecom.net<mailto:supp...@snappytelecom.net>


From: "That One Guy /sarcasm" 
<thatoneguyst...@gmail.com<mailto:thatoneguyst...@gmail.com>>
To: af@afmug.com<mailto:af@afmug.com>
Sent: Monday, February 27, 2017 11:34:59 AM
Subject: [AFMUG] Mikrotik quick view for unknown subnets
If, for example a customer has a router connected backward, is there an 
arp(ish) check aside from packet sniffing to see this since its not a subnet on 
the interface and there wont be an arp entry?


--
If you only see yourself as part of the team but you don't see your team as 
part of yourself you have already failed as part of the team.




--
If you only see yourself as part of the team but you don't see your team as 
part of yourself you have already failed as part of the team.

Re: [AFMUG] Mikrotik quick view for unknown subnets

[That One Guy /sarcasm]

I wasnt clear, I was actually looking for rogue subnets in general
another issue example is that a customer with some time clocks recently had
a slick tech put a switch in before the router at multiple locations from
the same site, different APs, we bridge the APs at the POP, so they were
directly communicating

On Mon, Feb 27, 2017 at 12:33 PM, Faisal Imtiaz <fai...@snappytelecom.net>
wrote:

> You might find the useful.
>
> https://forum.mikrotik.com/viewtopic.php?t=23640
>
>
> Regards.
>
> Faisal Imtiaz
> Snappy Internet & Telecom
> 7266 SW 48 Street
> Miami, FL 33155
> Tel: 305 663 5518 x 232 <(305)%20663-5518>
>
> Help-desk: (305)663-5518 <(305)%20663-5518> Option 2 or Email:
> supp...@snappytelecom.net
>
> --
>
> *From: *"That One Guy /sarcasm" <thatoneguyst...@gmail.com>
> *To: *af@afmug.com
> *Sent: *Monday, February 27, 2017 11:34:59 AM
> *Subject: *[AFMUG] Mikrotik quick view for unknown subnets
>
> If, for example a customer has a router connected backward, is there an
> arp(ish) check aside from packet sniffing to see this since its not a
> subnet on the interface and there wont be an arp entry?
>
>
> --
> If you only see yourself as part of the team but you don't see your team
> as part of yourself you have already failed as part of the team.
>
>


-- 
If you only see yourself as part of the team but you don't see your team as
part of yourself you have already failed as part of the team.

Re: [AFMUG] Mikrotik quick view for unknown subnets

[Faisal Imtiaz]

You might find the useful. 

https://forum.mikrotik.com/viewtopic.php?t=23640 

Regards. 

Faisal Imtiaz 
Snappy Internet & Telecom 
7266 SW 48 Street 
Miami, FL 33155 
Tel: 305 663 5518 x 232 

Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net 

> From: "That One Guy /sarcasm" <thatoneguyst...@gmail.com>
> To: af@afmug.com
> Sent: Monday, February 27, 2017 11:34:59 AM
> Subject: [AFMUG] Mikrotik quick view for unknown subnets

> If, for example a customer has a router connected backward, is there an 
> arp(ish)
> check aside from packet sniffing to see this since its not a subnet on the
> interface and there wont be an arp entry?

> --
> If you only see yourself as part of the team but you don't see your team as 
> part
> of yourself you have already failed as part of the team.

[AFMUG] Mikrotik quick view for unknown subnets

[That One Guy /sarcasm]

If, for example a customer has a router connected backward, is there an
arp(ish) check aside from packet sniffing to see this since its not a
subnet on the interface and there wont be an arp entry?



-- 
If you only see yourself as part of the team but you don't see your team as
part of yourself you have already failed as part of the team.