Re: [AFMUG] Mikrotik quick view for unknown subnets
A logging firewall rule Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Tue, Feb 28, 2017 at 9:56 AM, That One Guy /sarcasm < thatoneguyst...@gmail.com> wrote: > How will that identify unroutable IP space? > > On Feb 28, 2017 1:55 AM, "Rob Genovesi"wrote: > > Create a firewall address list of all known good subnets. > Create a forwarding rule in your firewall to accept known good subnets > to forward from customer side to WAN side > Create a forwarding rule to drop everything else coming from customer > side to WAN side > > /ip firewall address-list add list="customer" address="x.x.x.x/x" > /ip firewall address-list add list="customer" address="y.y.y.y/y" > /ip firewall filter add chain=forward src-address-list="customers" > in-interface="LAN" out-interface="WAN" action="accept" > /ip firewall filter add chain=forward in-interface="LAN" > out-interface="WAN" action="drop" > > You could start with a logging rule for unknown traffic first and > watch for what pops up. > > > -Rob > > > On Mon, Feb 27, 2017 at 2:18 PM, That One Guy /sarcasm > wrote: > > Im mainly looking for IP space that shouldnt be present, DHCP or not. > > I can packet sniff and exclude all configured subnets on that bridge, but > > its a pain > > I didnt know if there was arp monitor or something along those lines. > > collecting gratuitous ARPs or something like that > > > > > > >
Re: [AFMUG] Mikrotik quick view for unknown subnets
How will that identify unroutable IP space? On Feb 28, 2017 1:55 AM, "Rob Genovesi"wrote: Create a firewall address list of all known good subnets. Create a forwarding rule in your firewall to accept known good subnets to forward from customer side to WAN side Create a forwarding rule to drop everything else coming from customer side to WAN side /ip firewall address-list add list="customer" address="x.x.x.x/x" /ip firewall address-list add list="customer" address="y.y.y.y/y" /ip firewall filter add chain=forward src-address-list="customers" in-interface="LAN" out-interface="WAN" action="accept" /ip firewall filter add chain=forward in-interface="LAN" out-interface="WAN" action="drop" You could start with a logging rule for unknown traffic first and watch for what pops up. -Rob On Mon, Feb 27, 2017 at 2:18 PM, That One Guy /sarcasm wrote: > Im mainly looking for IP space that shouldnt be present, DHCP or not. > I can packet sniff and exclude all configured subnets on that bridge, but > its a pain > I didnt know if there was arp monitor or something along those lines. > collecting gratuitous ARPs or something like that > >
Re: [AFMUG] Mikrotik quick view for unknown subnets
Create a firewall address list of all known good subnets. Create a forwarding rule in your firewall to accept known good subnets to forward from customer side to WAN side Create a forwarding rule to drop everything else coming from customer side to WAN side /ip firewall address-list add list="customer" address="x.x.x.x/x" /ip firewall address-list add list="customer" address="y.y.y.y/y" /ip firewall filter add chain=forward src-address-list="customers" in-interface="LAN" out-interface="WAN" action="accept" /ip firewall filter add chain=forward in-interface="LAN" out-interface="WAN" action="drop" You could start with a logging rule for unknown traffic first and watch for what pops up. -Rob On Mon, Feb 27, 2017 at 2:18 PM, That One Guy /sarcasmwrote: > Im mainly looking for IP space that shouldnt be present, DHCP or not. > I can packet sniff and exclude all configured subnets on that bridge, but > its a pain > I didnt know if there was arp monitor or something along those lines. > collecting gratuitous ARPs or something like that > >
Re: [AFMUG] Mikrotik quick view for unknown subnets
Is that some sort of communist DHCP server? /As an adjective, rogue means moving away from the usual path or trajectory, being rebellious, divergent, or independent-thinking. ... Rouge is an adjective, it is French for “red.” In the cosmetics industry, rouge is another word for blush, the powder that is used to color cheeks and cheekbones./ bp <part15sbs{at}gmail{dot}com> On 2/27/2017 3:18 PM, Dennis Burgess wrote: Rouge dhcp server along with mac and IP. */_Dennis Burgess_/**–**Network Solution Engineer – Consultant *** MikroTik Certified Trainer/Consultant <http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE For Wireless Hardware/Routers visit www.linktechs.net <http://www.linktechs.net/> Radio Frequiency Coverages: www.towercoverage.com <http://www.towercoverage.com/> Office: 314-735-0270 E-Mail: dmburg...@linktechs.net <mailto:dmburg...@linktechs.net> *From:*Af [mailto:af-boun...@afmug.com] *On Behalf Of *That One Guy /sarcasm *Sent:* Monday, February 27, 2017 4:54 PM *To:* af@afmug.com *Subject:* Re: [AFMUG] Mikrotik quick view for unknown subnets DHCP alert will tell me if there is an IP thats not a DHCP server? On Mon, Feb 27, 2017 at 4:51 PM, Dennis Burgess <dmburg...@linktechs.net <mailto:dmburg...@linktechs.net>> wrote: ARPs will not come though as you don’t have anything on that subnet. DHCP-Alert is what you want. */_Dennis Burgess_/**–**Network Solution Engineer – Consultant * MikroTik Certified Trainer/Consultant <http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE For Wireless Hardware/Routers visit www.linktechs.net <http://www.linktechs.net/> Radio Frequiency Coverages: www.towercoverage.com <http://www.towercoverage.com/> Office: 314-735-0270 <tel:%28314%29%20735-0270> E-Mail: dmburg...@linktechs.net <mailto:dmburg...@linktechs.net> *From:*Af [mailto:af-boun...@afmug.com <mailto:af-boun...@afmug.com>] *On Behalf Of *That One Guy /sarcasm *Sent:* Monday, February 27, 2017 4:19 PM *To:* af@afmug.com <mailto:af@afmug.com> *Subject:* Re: [AFMUG] Mikrotik quick view for unknown subnets Im mainly looking for IP space that shouldnt be present, DHCP or not. I can packet sniff and exclude all configured subnets on that bridge, but its a pain I didnt know if there was arp monitor or something along those lines. collecting gratuitous ARPs or something like that I see alot of false 192.168.1.1 when i stick that subnet on the interface, it doesnt respond and often times has the customer IP arp listed as well sometimes its the same mac, sometimes its one digit off like a reboot cycling up in switch then into router mode during boot cycle. I see it alot with netgear macs. alot of times the 192.168.1.1 is persistent even though its not responding or otherwise apparently even active On Mon, Feb 27, 2017 at 4:04 PM, Adam Moffett <dmmoff...@gmail.com <mailto:dmmoff...@gmail.com>> wrote: Oh? I never noticed that feature. If you get the offender's MAC address it should be trivial to find them at that point. That's really all you need. -- Original Message -- From: "Dennis Burgess" <dmburg...@linktechs.net <mailto:dmburg...@linktechs.net>> To: "af@afmug.com <mailto:af@afmug.com>" <af@afmug.com <mailto:af@afmug.com>> Sent: 2/27/2017 5:01:12 PM Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets MIkroTik does have a dhcp alert detection as well. It will not detect the dhcp sever on the router. It will give you basic information such as MAC address etc, but really don’t help you too much. But neither will turning a DHCP client on. You have to find where that client is and turn them off. */_Dennis Burgess_/**–**Network Solution Engineer – Consultant * MikroTik Certified Trainer/Consultant <http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5>– MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE For Wireless Hardware/Routers visit www.linktechs.net <http://www.linktechs.net/> Radio Frequiency Coverages: www.towercoverage.com <http://www.towercoverage.com/> Office: 314-735-0270 <tel:%28314%29%20735-0270> E-Mail: dmburg...@linktechs.net <mailto:dmburg...@linktechs.net> *From:*Af [mailto:af-boun...@afmug.com <mailto:af-boun...@afmug.com>] *On Behalf Of *Dennis Burgess *Sent:* Monday, February 27
Re: [AFMUG] Mikrotik quick view for unknown subnets
How would that locate a static ip? I'm not understanding On Feb 27, 2017 5:18 PM, "Dennis Burgess" <dmburg...@linktechs.net> wrote: > Rouge dhcp server along with mac and IP. > > > > > > *Dennis Burgess** –** Network Solution Engineer – Consultant * > > MikroTik Certified Trainer/Consultant > <http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> – > MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE > > > > For Wireless Hardware/Routers visit www.linktechs.net > > Radio Frequiency Coverages: www.towercoverage.com > > Office: 314-735-0270 <(314)%20735-0270> > > E-Mail: dmburg...@linktechs.net > > > > *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *That One Guy > /sarcasm > *Sent:* Monday, February 27, 2017 4:54 PM > *To:* af@afmug.com > *Subject:* Re: [AFMUG] Mikrotik quick view for unknown subnets > > > > DHCP alert will tell me if there is an IP thats not a DHCP server? > > > > On Mon, Feb 27, 2017 at 4:51 PM, Dennis Burgess <dmburg...@linktechs.net> > wrote: > > ARPs will not come though as you don’t have anything on that subnet. > DHCP-Alert is what you want. > > > > > > *Dennis Burgess** –** Network Solution Engineer – Consultant * > > MikroTik Certified Trainer/Consultant > <http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> – > MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE > > > > For Wireless Hardware/Routers visit www.linktechs.net > > Radio Frequiency Coverages: www.towercoverage.com > > Office: 314-735-0270 <(314)%20735-0270> > > E-Mail: dmburg...@linktechs.net > > > > *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *That One Guy > /sarcasm > *Sent:* Monday, February 27, 2017 4:19 PM > *To:* af@afmug.com > *Subject:* Re: [AFMUG] Mikrotik quick view for unknown subnets > > > > Im mainly looking for IP space that shouldnt be present, DHCP or not. > > I can packet sniff and exclude all configured subnets on that bridge, but > its a pain > > I didnt know if there was arp monitor or something along those lines. > collecting gratuitous ARPs or something like that > > > > > > I see alot of false 192.168.1.1 when i stick that subnet on the interface, > it doesnt respond and often times has the customer IP arp listed as well > sometimes its the same mac, sometimes its one digit off like a reboot > cycling up in switch then into router mode during boot cycle. I see it alot > with netgear macs. > > > > alot of times the 192.168.1.1 is persistent even though its not responding > or otherwise apparently even active > > > > On Mon, Feb 27, 2017 at 4:04 PM, Adam Moffett <dmmoff...@gmail.com> wrote: > > Oh? I never noticed that feature. > > > > If you get the offender's MAC address it should be trivial to find them at > that point. That's really all you need. > > > > > > -- Original Message -- > > From: "Dennis Burgess" <dmburg...@linktechs.net> > > To: "af@afmug.com" <af@afmug.com> > > Sent: 2/27/2017 5:01:12 PM > > Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets > > > > MIkroTik does have a dhcp alert detection as well. It will not detect the > dhcp sever on the router. It will give you basic information such as MAC > address etc, but really don’t help you too much. But neither will turning a > DHCP client on. You have to find where that client is and turn them off. > > > > > > *Dennis Burgess** –** Network Solution Engineer – Consultant * > > MikroTik Certified Trainer/Consultant > <http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> – > MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE > > > > For Wireless Hardware/Routers visit www.linktechs.net > > Radio Frequiency Coverages: www.towercoverage.com > > Office: 314-735-0270 <(314)%20735-0270> > > E-Mail: dmburg...@linktechs.net > > > > *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *Dennis Burgess > *Sent:* Monday, February 27, 2017 3:59 PM > *To:* af@afmug.com > *Subject:* Re: [AFMUG] Mikrotik quick view for unknown subnets > > > > Switch can do it too, port isolation! Lol note, not a dumb switch > though. Nettoix I belive does it. > > > > > > *Dennis Burgess** –** Network Solution Engineer – Consultant * > > MikroTik Certified Trainer/Consultant > <http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> – > MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE > > > > For Wireless Hardware/Routers visit www.linktechs.net > > Radio Frequiency Coverages: www.towercoverage.com > > Office:
Re: [AFMUG] Mikrotik quick view for unknown subnets
Rouge dhcp server along with mac and IP. Dennis Burgess – Network Solution Engineer – Consultant MikroTik Certified Trainer/Consultant<http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE For Wireless Hardware/Routers visit www.linktechs.net<http://www.linktechs.net/> Radio Frequiency Coverages: www.towercoverage.com<http://www.towercoverage.com/> Office: 314-735-0270 E-Mail: dmburg...@linktechs.net<mailto:dmburg...@linktechs.net> From: Af [mailto:af-boun...@afmug.com] On Behalf Of That One Guy /sarcasm Sent: Monday, February 27, 2017 4:54 PM To: af@afmug.com Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets DHCP alert will tell me if there is an IP thats not a DHCP server? On Mon, Feb 27, 2017 at 4:51 PM, Dennis Burgess <dmburg...@linktechs.net<mailto:dmburg...@linktechs.net>> wrote: ARPs will not come though as you don’t have anything on that subnet. DHCP-Alert is what you want. Dennis Burgess – Network Solution Engineer – Consultant MikroTik Certified Trainer/Consultant<http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE For Wireless Hardware/Routers visit www.linktechs.net<http://www.linktechs.net/> Radio Frequiency Coverages: www.towercoverage.com<http://www.towercoverage.com/> Office: 314-735-0270<tel:(314)%20735-0270> E-Mail: dmburg...@linktechs.net<mailto:dmburg...@linktechs.net> From: Af [mailto:af-boun...@afmug.com<mailto:af-boun...@afmug.com>] On Behalf Of That One Guy /sarcasm Sent: Monday, February 27, 2017 4:19 PM To: af@afmug.com<mailto:af@afmug.com> Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets Im mainly looking for IP space that shouldnt be present, DHCP or not. I can packet sniff and exclude all configured subnets on that bridge, but its a pain I didnt know if there was arp monitor or something along those lines. collecting gratuitous ARPs or something like that I see alot of false 192.168.1.1 when i stick that subnet on the interface, it doesnt respond and often times has the customer IP arp listed as well sometimes its the same mac, sometimes its one digit off like a reboot cycling up in switch then into router mode during boot cycle. I see it alot with netgear macs. alot of times the 192.168.1.1 is persistent even though its not responding or otherwise apparently even active On Mon, Feb 27, 2017 at 4:04 PM, Adam Moffett <dmmoff...@gmail.com<mailto:dmmoff...@gmail.com>> wrote: Oh? I never noticed that feature. If you get the offender's MAC address it should be trivial to find them at that point. That's really all you need. -- Original Message -- From: "Dennis Burgess" <dmburg...@linktechs.net<mailto:dmburg...@linktechs.net>> To: "af@afmug.com<mailto:af@afmug.com>" <af@afmug.com<mailto:af@afmug.com>> Sent: 2/27/2017 5:01:12 PM Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets MIkroTik does have a dhcp alert detection as well. It will not detect the dhcp sever on the router. It will give you basic information such as MAC address etc, but really don’t help you too much. But neither will turning a DHCP client on. You have to find where that client is and turn them off. Dennis Burgess – Network Solution Engineer – Consultant MikroTik Certified Trainer/Consultant<http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE For Wireless Hardware/Routers visit www.linktechs.net<http://www.linktechs.net/> Radio Frequiency Coverages: www.towercoverage.com<http://www.towercoverage.com/> Office: 314-735-0270<tel:(314)%20735-0270> E-Mail: dmburg...@linktechs.net<mailto:dmburg...@linktechs.net> From: Af [mailto:af-boun...@afmug.com<mailto:af-boun...@afmug.com>] On Behalf Of Dennis Burgess Sent: Monday, February 27, 2017 3:59 PM To: af@afmug.com<mailto:af@afmug.com> Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets Switch can do it too, port isolation! Lol note, not a dumb switch though. Nettoix I belive does it. Dennis Burgess – Network Solution Engineer – Consultant MikroTik Certified Trainer/Consultant<http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE For Wireless Hardware/Routers visit www.linktechs.net<http://www.linktechs.net/> Radio Frequiency Coverages: www.towercoverage.com<http://www.towercoverage.com/> Office: 314-735-0270<tel:(314)%20735-0270> E-Mail: dmburg...@linktechs.net<mailto:dmburg...@linktechs.net> From: Af [mailto:af-boun...@afmug.com] On Behalf Of Adam Moffett Sent: Monday, February 27, 2017 3:57 PM To: af@afmug.com<mailto:af@afmug.com> Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets Only on two different router interfaces. If they'r
Re: [AFMUG] Mikrotik quick view for unknown subnets
In the capture you'll be able to see the ARP requests being sent out by all hosts on that L2 segment, regardless if whether you have an IP in that subnet on your router. If you see a "who has 192.168.1.x, tell 192.168.1.1", that's a telltale sign of a reversed or bridged router. Jesse DuPont Network Architect email: jesse.dup...@celeritycorp.net Celerity Networks LLC Celerity Broadband LLC Like us! facebook.com/celeritynetworksllc Like us! facebook.com/celeritybroadband On 2/27/17 3:51 PM, Dennis Burgess wrote: ARPs will not come though as you don’t have anything on that subnet. DHCP-Alert is what you want. Dennis Burgess – Network Solution Engineer – Consultant MikroTik Certified Trainer/Consultant – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE For Wireless Hardware/Routers visit www.linktechs.net Radio Frequiency Coverages: www.towercoverage.com Office: 314-735-0270 E-Mail: dmburg...@linktechs.net From: Af [mailto:af-boun...@afmug.com] On Behalf Of That One Guy /sarcasm Sent: Monday, February 27, 2017 4:19 PM To: af@afmug.com Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets Im mainly looking for IP space that shouldnt be present, DHCP or not. I can packet sniff and exclude all configured subnets on that bridge, but its a pain I didnt know if there was arp monitor or something along those lines. collecting gratuitous ARPs or something like that I see alot of false 192.168.1.1 when i stick that subnet on the interface, it doesnt respond and often times has the customer IP arp listed as well sometimes its the same mac, sometimes its one digit off like a reboot cycling up in switch then into router mode during boot cycle. I see it alot with netgear macs. alot of times the 192.168.1.1 is persistent even though its not responding or otherwise apparently even active On Mon, Feb 27, 2017 at 4:04 PM, Adam Moffett <dmmoff...@gmail.com> wrote: Oh? I never noticed that feature. If you get the offender's MAC address it should be trivial to find them at that point. That's really all you need. -- Original Message -- From: "Dennis Burgess" <dmburg...@linktechs.net> To: "af@afmug.com" <af@afmug.com> Sent: 2/27/2017 5:01:12 PM Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets MIkroTik does have a dhcp alert detection as well. It will not detect the dhcp sever on the router. It will give you basic information such as MAC address etc, but really don’t help you too much. But neither will turning a DHCP client on. You have to find where that client is and turn them off. Dennis Burgess – Network Solution Engineer – Consultant
Re: [AFMUG] Mikrotik quick view for unknown subnets
DHCP alert will tell me if there is an IP thats not a DHCP server? On Mon, Feb 27, 2017 at 4:51 PM, Dennis Burgess <dmburg...@linktechs.net> wrote: > ARPs will not come though as you don’t have anything on that subnet. > DHCP-Alert is what you want. > > > > > > *Dennis Burgess** –** Network Solution Engineer – Consultant * > > MikroTik Certified Trainer/Consultant > <http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> – > MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE > > > > For Wireless Hardware/Routers visit www.linktechs.net > > Radio Frequiency Coverages: www.towercoverage.com > > Office: 314-735-0270 <(314)%20735-0270> > > E-Mail: dmburg...@linktechs.net > > > > *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *That One Guy > /sarcasm > *Sent:* Monday, February 27, 2017 4:19 PM > *To:* af@afmug.com > *Subject:* Re: [AFMUG] Mikrotik quick view for unknown subnets > > > > Im mainly looking for IP space that shouldnt be present, DHCP or not. > > I can packet sniff and exclude all configured subnets on that bridge, but > its a pain > > I didnt know if there was arp monitor or something along those lines. > collecting gratuitous ARPs or something like that > > > > > > I see alot of false 192.168.1.1 when i stick that subnet on the interface, > it doesnt respond and often times has the customer IP arp listed as well > sometimes its the same mac, sometimes its one digit off like a reboot > cycling up in switch then into router mode during boot cycle. I see it alot > with netgear macs. > > > > alot of times the 192.168.1.1 is persistent even though its not responding > or otherwise apparently even active > > > > On Mon, Feb 27, 2017 at 4:04 PM, Adam Moffett <dmmoff...@gmail.com> wrote: > > Oh? I never noticed that feature. > > > > If you get the offender's MAC address it should be trivial to find them at > that point. That's really all you need. > > > > > > -- Original Message -- > > From: "Dennis Burgess" <dmburg...@linktechs.net> > > To: "af@afmug.com" <af@afmug.com> > > Sent: 2/27/2017 5:01:12 PM > > Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets > > > > MIkroTik does have a dhcp alert detection as well. It will not detect the > dhcp sever on the router. It will give you basic information such as MAC > address etc, but really don’t help you too much. But neither will turning a > DHCP client on. You have to find where that client is and turn them off. > > > > > > *Dennis Burgess** –** Network Solution Engineer – Consultant * > > MikroTik Certified Trainer/Consultant > <http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> – > MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE > > > > For Wireless Hardware/Routers visit www.linktechs.net > > Radio Frequiency Coverages: www.towercoverage.com > > Office: 314-735-0270 <(314)%20735-0270> > > E-Mail: dmburg...@linktechs.net > > > > *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *Dennis Burgess > *Sent:* Monday, February 27, 2017 3:59 PM > *To:* af@afmug.com > *Subject:* Re: [AFMUG] Mikrotik quick view for unknown subnets > > > > Switch can do it too, port isolation! Lol note, not a dumb switch > though. Nettoix I belive does it. > > > > > > *Dennis Burgess** –** Network Solution Engineer – Consultant * > > MikroTik Certified Trainer/Consultant > <http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> – > MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE > > > > For Wireless Hardware/Routers visit www.linktechs.net > > Radio Frequiency Coverages: www.towercoverage.com > > Office: 314-735-0270 <(314)%20735-0270> > > E-Mail: dmburg...@linktechs.net > > > > *From:* Af [mailto:af-boun...@afmug.com <af-boun...@afmug.com>] *On > Behalf Of *Adam Moffett > *Sent:* Monday, February 27, 2017 3:57 PM > *To:* af@afmug.com > *Subject:* Re: [AFMUG] Mikrotik quick view for unknown subnets > > > > Only on two different router interfaces. If they're on a switch, then no. > > > I think Dennis may be referring to how you should ideally have things > configured, and I think you're talking specifically about the feature in > Canopy equipment labeled "SM Isolation". > > Ideally, yeah you should make it so one customer can't break everyone. > That's a multi-faceted thing and SM Isolation is one component of it. > > > > If you're looking specifically for a router plugged in backwards, add a > DHCP-client to the interface facing the AP, and (*critical*) uncheck th
Re: [AFMUG] Mikrotik quick view for unknown subnets
I used to have a way to figure it out. I don’t remember how I did it other than link tests were involved. I think I link tested every SM one by one on an AP until something happened... Perhaps until a particular IP stopped pinging or ??? From: Dennis Burgess Sent: Monday, February 27, 2017 3:51 PM To: af@afmug.com Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets ARPs will not come though as you don’t have anything on that subnet. DHCP-Alert is what you want. Dennis Burgess – Network Solution Engineer – Consultant MikroTik Certified Trainer/Consultant – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE For Wireless Hardware/Routers visit www.linktechs.net Radio Frequiency Coverages: www.towercoverage.com Office: 314-735-0270 E-Mail: dmburg...@linktechs.net From: Af [mailto:af-boun...@afmug.com] On Behalf Of That One Guy /sarcasm Sent: Monday, February 27, 2017 4:19 PM To: af@afmug.com Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets Im mainly looking for IP space that shouldnt be present, DHCP or not. I can packet sniff and exclude all configured subnets on that bridge, but its a pain I didnt know if there was arp monitor or something along those lines. collecting gratuitous ARPs or something like that I see alot of false 192.168.1.1 when i stick that subnet on the interface, it doesnt respond and often times has the customer IP arp listed as well sometimes its the same mac, sometimes its one digit off like a reboot cycling up in switch then into router mode during boot cycle. I see it alot with netgear macs. alot of times the 192.168.1.1 is persistent even though its not responding or otherwise apparently even active On Mon, Feb 27, 2017 at 4:04 PM, Adam Moffett <dmmoff...@gmail.com> wrote: Oh? I never noticed that feature. If you get the offender's MAC address it should be trivial to find them at that point. That's really all you need. -- Original Message -- From: "Dennis Burgess" <dmburg...@linktechs.net> To: "af@afmug.com" <af@afmug.com> Sent: 2/27/2017 5:01:12 PM Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets MIkroTik does have a dhcp alert detection as well. It will not detect the dhcp sever on the router. It will give you basic information such as MAC address etc, but really don’t help you too much. But neither will turning a DHCP client on. You have to find where that client is and turn them off. Dennis Burgess – Network Solution Engineer – Consultant MikroTik Certified Trainer/Consultant – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE For Wireless Hardware/Routers visit www.linktechs.net Radio Frequiency Coverages: www.towercoverage.com Office: 314-735-0270 E-Mail: dmburg...@linktechs.net From: Af [mailto:af-boun...@afmug.com] On Behalf Of Dennis Burgess Sent: Monday, February 27, 2017 3:59 PM To: af@afmug.com Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets Switch can do it too, port isolation! Lol note, not a dumb switch though. Nettoix I belive does it. Dennis Burgess – Network Solution Engineer – Consultant MikroTik Certified Trainer/Consultant – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE For Wireless Hardware/Routers visit www.linktechs.net Radio Frequiency Coverages: www.towercoverage.com Office: 314-735-0270 E-Mail: dmburg...@linktechs.net From: Af [mailto:af-boun...@afmug.com] On Behalf Of Adam Moffett Sent: Monday, February 27, 2017 3:57 PM To: af@afmug.com Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets Only on two different router interfaces. If they're on a switch, then no. I think Dennis may be referring to how you should ideally have things configured, and I think you're talking specifically about the feature in Canopy equipment labeled "SM Isolation". Ideally, yeah you should make it so one customer can't break everyone. That's a multi-faceted thing and SM Isolation is one component of it. If you're looking specifically for a router plugged in backwards, add a DHCP-client to the interface facing the AP, and (*critical*) uncheck the boxes for "add default route" and "add peer DNS". That might be the kind of quick, simple test you're hoping for. -- Original Message -- From: "That One Guy /sarcasm" <thatoneguyst...@gmail.com> To: "af@afmug.com" <af@afmug.com> Sent: 2/27/2017 4:42:02 PM Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets clients on two different access points wil be blocked by client isolation? On Mon, Feb 27, 2017 at 3:35 PM, Dennis Burgess <dmburg...@linktechs.net>
Re: [AFMUG] Mikrotik quick view for unknown subnets
ARPs will not come though as you don’t have anything on that subnet. DHCP-Alert is what you want. Dennis Burgess – Network Solution Engineer – Consultant MikroTik Certified Trainer/Consultant<http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE For Wireless Hardware/Routers visit www.linktechs.net<http://www.linktechs.net/> Radio Frequiency Coverages: www.towercoverage.com<http://www.towercoverage.com/> Office: 314-735-0270 E-Mail: dmburg...@linktechs.net<mailto:dmburg...@linktechs.net> From: Af [mailto:af-boun...@afmug.com] On Behalf Of That One Guy /sarcasm Sent: Monday, February 27, 2017 4:19 PM To: af@afmug.com Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets Im mainly looking for IP space that shouldnt be present, DHCP or not. I can packet sniff and exclude all configured subnets on that bridge, but its a pain I didnt know if there was arp monitor or something along those lines. collecting gratuitous ARPs or something like that I see alot of false 192.168.1.1 when i stick that subnet on the interface, it doesnt respond and often times has the customer IP arp listed as well sometimes its the same mac, sometimes its one digit off like a reboot cycling up in switch then into router mode during boot cycle. I see it alot with netgear macs. alot of times the 192.168.1.1 is persistent even though its not responding or otherwise apparently even active On Mon, Feb 27, 2017 at 4:04 PM, Adam Moffett <dmmoff...@gmail.com<mailto:dmmoff...@gmail.com>> wrote: Oh? I never noticed that feature. If you get the offender's MAC address it should be trivial to find them at that point. That's really all you need. -- Original Message -- From: "Dennis Burgess" <dmburg...@linktechs.net<mailto:dmburg...@linktechs.net>> To: "af@afmug.com<mailto:af@afmug.com>" <af@afmug.com<mailto:af@afmug.com>> Sent: 2/27/2017 5:01:12 PM Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets MIkroTik does have a dhcp alert detection as well. It will not detect the dhcp sever on the router. It will give you basic information such as MAC address etc, but really don’t help you too much. But neither will turning a DHCP client on. You have to find where that client is and turn them off. Dennis Burgess – Network Solution Engineer – Consultant MikroTik Certified Trainer/Consultant<http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE For Wireless Hardware/Routers visit www.linktechs.net<http://www.linktechs.net/> Radio Frequiency Coverages: www.towercoverage.com<http://www.towercoverage.com/> Office: 314-735-0270<tel:(314)%20735-0270> E-Mail: dmburg...@linktechs.net<mailto:dmburg...@linktechs.net> From: Af [mailto:af-boun...@afmug.com<mailto:af-boun...@afmug.com>] On Behalf Of Dennis Burgess Sent: Monday, February 27, 2017 3:59 PM To: af@afmug.com<mailto:af@afmug.com> Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets Switch can do it too, port isolation! Lol note, not a dumb switch though. Nettoix I belive does it. Dennis Burgess – Network Solution Engineer – Consultant MikroTik Certified Trainer/Consultant<http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE For Wireless Hardware/Routers visit www.linktechs.net<http://www.linktechs.net/> Radio Frequiency Coverages: www.towercoverage.com<http://www.towercoverage.com/> Office: 314-735-0270<tel:(314)%20735-0270> E-Mail: dmburg...@linktechs.net<mailto:dmburg...@linktechs.net> From: Af [mailto:af-boun...@afmug.com] On Behalf Of Adam Moffett Sent: Monday, February 27, 2017 3:57 PM To: af@afmug.com<mailto:af@afmug.com> Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets Only on two different router interfaces. If they're on a switch, then no. I think Dennis may be referring to how you should ideally have things configured, and I think you're talking specifically about the feature in Canopy equipment labeled "SM Isolation". Ideally, yeah you should make it so one customer can't break everyone. That's a multi-faceted thing and SM Isolation is one component of it. If you're looking specifically for a router plugged in backwards, add a DHCP-client to the interface facing the AP, and (*critical*) uncheck the boxes for "add default route" and "add peer DNS". That might be the kind of quick, simple test you're hoping for. -- Original Message -- From: "That One Guy /sarcasm" <thatoneguyst...@gmail.com<mailto:thatoneguyst...@gmail.com>> To: "af@afmug.com<mailto:af@afmug.com>" <af@afmug.com<mailto:af@afmug.com>> Sent: 2/27/2017 4:42:02 PM Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets client
Re: [AFMUG] Mikrotik quick view for unknown subnets
Depends, what do you see? Some routers had a FW bug where they did UPnP on the WAN port. I forget what brand and model. I think older DLinks might have been one of them. From: Af [mailto:af-boun...@afmug.com] On Behalf Of That One Guy /sarcasm Sent: Monday, February 27, 2017 4:41 PM To: af@afmug.com Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets could what i see be a component of bad upnp? On Mon, Feb 27, 2017 at 4:25 PM, Jesse DuPont <jesse.dup...@celeritycorp.net <mailto:jesse.dup...@celeritycorp.net> > wrote: There isn't really anything that does what you want other than looking at packets. Your best bet will be to capture and then filter just ARP packets or just DHCP server packets (UDP, source-port 67) to find rogue DHCP servers. It's a start. Jesse DuPont Network Architect email: jesse.dup...@celeritycorp.net <mailto:jesse.dup...@celeritycorp.net> Celerity Networks LLC Celerity Broadband LLC Like us! facebook.com <http://facebook.com> /celeritynetworksllc Like us! facebook.com <http://facebook.com> /celeritybroadband On 2/27/17 3:18 PM, That One Guy /sarcasm wrote: Im mainly looking for IP space that shouldnt be present, DHCP or not. I can packet sniff and exclude all configured subnets on that bridge, but its a pain I didnt know if there was arp monitor or something along those lines. collecting gratuitous ARPs or something like that I see alot of false 192.168.1.1 when i stick that subnet on the interface, it doesnt respond and often times has the customer IP arp listed as well sometimes its the same mac, sometimes its one digit off like a reboot cycling up in switch then into router mode during boot cycle. I see it alot with netgear macs. alot of times the 192.168.1.1 is persistent even though its not responding or otherwise apparently even active On Mon, Feb 27, 2017 at 4:04 PM, Adam Moffett <dmmoff...@gmail.com <mailto:dmmoff...@gmail.com> > wrote: Oh? I never noticed that feature. If you get the offender's MAC address it should be trivial to find them at that point. That's really all you need. -- Original Message -- From: "Dennis Burgess" <dmburg...@linktechs.net <mailto:dmburg...@linktechs.net> > To: "af@afmug.com <mailto:af@afmug.com> " <af@afmug.com <mailto:af@afmug.com> > Sent: 2/27/2017 5:01:12 PM Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets MIkroTik does have a dhcp alert detection as well. It will not detect the dhcp sever on the router. It will give you basic information such as MAC address etc, but really don’t help you too much. But neither will turning a DHCP client on. You have to find where that client is and turn them off. Dennis Burgess – Network Solution Engineer – Consultant <http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> MikroTik Certified Trainer/Consultant – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE For Wireless Hardware/Routers visit <http://www.linktechs.net/> www.linktechs.net Radio Frequiency Coverages: <http://www.towercoverage.com/> www.towercoverage.com Office: 314-735-0270 <tel:%28314%29%20735-0270> E-Mail: <mailto:dmburg...@linktechs.net> dmburg...@linktechs.net From: Af [mailto:af-boun...@afmug.com <mailto:af-boun...@afmug.com> ] On Behalf Of Dennis Burgess Sent: Monday, February 27, 2017 3:59 PM To: af@afmug.com <mailto:af@afmug.com> Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets Switch can do it too, port isolation! Lol note, not a dumb switch though. Nettoix I belive does it. Dennis Burgess – Network Solution Engineer – Consultant <http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> MikroTik Certified Trainer/Consultant – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE For Wireless Hardware/Routers visit <http://www.linktechs.net/> www.linktechs.net Radio Frequiency Coverages: <http://www.towercoverage.com/> www.towercoverage.com Office: 314-735-0270 <tel:%28314%29%20735-0270> E-Mail: <mailto:dmburg...@linktechs.net> dmburg...@linktechs.net From: Af [ <mailto:af-boun...@afmug.com> mailto:af-boun...@afmug.com] On Behalf Of Adam Moffett Sent: Monday, February 27, 2017 3:57 PM To: <mailto:af@afmug.com> af@afmug.com Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets Only on two different router interfaces. If they're on a switch, then no. I think Dennis may be referring to how you should ideally have things configured, and I think you're talking specifically about the feature in Canopy equipment labeled "SM Isolation". Ideally, yeah you should make it so one customer can't break everyone. That's a multi-faceted thing and SM Isolation is one component of it. If you're looking specifically for a router plugged in backwards, add a
Re: [AFMUG] Mikrotik quick view for unknown subnets
Possibly, but more probable is reversed router, router who's NAT has failed, or router in bridged-mode (or switch), as you've already mentioned. Jesse DuPont Network Architect email: jesse.dup...@celeritycorp.net Celerity Networks LLC Celerity Broadband LLC Like us! facebook.com/celeritynetworksllc Like us! facebook.com/celeritybroadband On 2/27/17 3:40 PM, That One Guy /sarcasm wrote: could what i see be a component of bad upnp? On Mon, Feb 27, 2017 at 4:25 PM, Jesse DuPont <jesse.dup...@celeritycorp.net> wrote: There isn't really anything that does what you want other than looking at packets. Your best bet will be to capture and then filter just ARP packets or just DHCP server packets (UDP, source-port 67) to find rogue DHCP servers. It's a start. Jesse DuPont Network Architect email: jesse.dup...@celeritycorp.net Celerity Networks LLC Celerity Broadband LLC Like us! facebook.com/celeritynetworksllc Like us! facebook.com/celeritybroadband On 2/27/17 3:18 PM, That One Guy /sarcasm wrote: Im mainly looking for IP space that shouldnt be present, DHCP or not. I can packet sniff and exclude all configured subnets on that bridge, but its a pain I didnt know if there was arp monitor or something along those lines. collecting gratuitous ARPs or something like that I see alot of false 192.168.1.1 when i stick that subnet on the interface, it doesnt respond and often times has the customer IP arp listed as well sometimes its the same mac, sometimes its one digit off like a reboot cycling up in switch then into router mode during boot cycle. I see it alot with netgear macs. alot of times the 192.168.1.1 is persistent even though its not responding or otherwise apparently even active On Mon, Feb 27, 2017 at 4:04 PM, Adam Moffett <dmmoff...@gmail.com> wrote: Oh? I never noticed that feature. If you get the offender's MAC address it should be trivial to find them at that point. That's really all you need. -- Original Message -- From: "Dennis Burgess" <dmburg...@linktechs.net> To: "af@afmug.com" <af@afmug.com> Sent: 2/27/2017 5:01:12 PM Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets MIkroTik does have a dhcp alert detection as well. It will not detect the dhcp sever on the router. It will give you basic information such as MAC address etc, but really don’t help you too much. But neither will turning a DHCP
Re: [AFMUG] Mikrotik quick view for unknown subnets
could what i see be a component of bad upnp? On Mon, Feb 27, 2017 at 4:25 PM, Jesse DuPont <jesse.dup...@celeritycorp.net > wrote: > There isn't really anything that does what you want other than looking at > packets. Your best bet will be to capture and then filter just ARP packets > or just DHCP server packets (UDP, source-port 67) to find rogue DHCP > servers. It's a start. > > *Jesse DuPont* > > Network Architect > email: jesse.dup...@celeritycorp.net > Celerity Networks LLC > > Celerity Broadband LLC > Like us! facebook.com/celeritynetworksllc > > Like us! facebook.com/celeritybroadband > On 2/27/17 3:18 PM, That One Guy /sarcasm wrote: > > Im mainly looking for IP space that shouldnt be present, DHCP or not. > I can packet sniff and exclude all configured subnets on that bridge, but > its a pain > I didnt know if there was arp monitor or something along those lines. > collecting gratuitous ARPs or something like that > > > I see alot of false 192.168.1.1 when i stick that subnet on the interface, > it doesnt respond and often times has the customer IP arp listed as well > sometimes its the same mac, sometimes its one digit off like a reboot > cycling up in switch then into router mode during boot cycle. I see it alot > with netgear macs. > > alot of times the 192.168.1.1 is persistent even though its not responding > or otherwise apparently even active > > On Mon, Feb 27, 2017 at 4:04 PM, Adam Moffett <dmmoff...@gmail.com> wrote: > >> Oh? I never noticed that feature. >> >> If you get the offender's MAC address it should be trivial to find them >> at that point. That's really all you need. >> >> >> -- Original Message -- >> From: "Dennis Burgess" <dmburg...@linktechs.net> >> To: "af@afmug.com" <af@afmug.com> >> Sent: 2/27/2017 5:01:12 PM >> Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets >> >> MIkroTik does have a dhcp alert detection as well. It will not detect >> the dhcp sever on the router. It will give you basic information such as >> MAC address etc, but really don’t help you too much. But neither will >> turning a DHCP client on. You have to find where that client is and turn >> them off. >> >> >> >> >> >> *Dennis Burgess** –** Network Solution Engineer – Consultant * >> >> MikroTik Certified Trainer/Consultant >> <http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> – >> MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE >> >> >> >> For Wireless Hardware/Routers visit www.linktechs.net >> >> Radio Frequiency Coverages: www.towercoverage.com >> >> Office: 314-735-0270 <%28314%29%20735-0270> >> >> E-Mail: dmburg...@linktechs.net >> >> >> >> *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *Dennis Burgess >> *Sent:* Monday, February 27, 2017 3:59 PM >> *To:* af@afmug.com >> *Subject:* Re: [AFMUG] Mikrotik quick view for unknown subnets >> >> >> >> Switch can do it too, port isolation! Lol note, not a dumb switch >> though. Nettoix I belive does it. >> >> >> >> >> >> *Dennis Burgess** –** Network Solution Engineer – Consultant * >> >> MikroTik Certified Trainer/Consultant >> <http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> – >> MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE >> >> >> >> For Wireless Hardware/Routers visit www.linktechs.net >> >> Radio Frequiency Coverages: www.towercoverage.com >> >> Office: 314-735-0270 <%28314%29%20735-0270> >> >> E-Mail: dmburg...@linktechs.net >> >> >> >> *From:* Af [mailto:af-boun...@afmug.com <af-boun...@afmug.com>] *On >> Behalf Of *Adam Moffett >> *Sent:* Monday, February 27, 2017 3:57 PM >> *To:* af@afmug.com >> *Subject:* Re: [AFMUG] Mikrotik quick view for unknown subnets >> >> >> >> Only on two different router interfaces. If they're on a switch, then no. >> >> >> I think Dennis may be referring to how you should ideally have things >> configured, and I think you're talking specifically about the feature in >> Canopy equipment labeled "SM Isolation". >> >> Ideally, yeah you should make it so one customer can't break everyone. >> That's a multi-faceted thing and SM Isolation is one component of it. >> >> >> >> If you're looking specifically for a router plugged in backwards, add a >> DHCP-client to the interface facing the AP, and (*critical*) uncheck the >>
Re: [AFMUG] Mikrotik quick view for unknown subnets
There isn't really anything that does what you want other than looking at packets. Your best bet will be to capture and then filter just ARP packets or just DHCP server packets (UDP, source-port 67) to find rogue DHCP servers. It's a start. Jesse DuPont Network Architect email: jesse.dup...@celeritycorp.net Celerity Networks LLC Celerity Broadband LLC Like us! facebook.com/celeritynetworksllc Like us! facebook.com/celeritybroadband On 2/27/17 3:18 PM, That One Guy /sarcasm wrote: Im mainly looking for IP space that shouldnt be present, DHCP or not. I can packet sniff and exclude all configured subnets on that bridge, but its a pain I didnt know if there was arp monitor or something along those lines. collecting gratuitous ARPs or something like that I see alot of false 192.168.1.1 when i stick that subnet on the interface, it doesnt respond and often times has the customer IP arp listed as well sometimes its the same mac, sometimes its one digit off like a reboot cycling up in switch then into router mode during boot cycle. I see it alot with netgear macs. alot of times the 192.168.1.1 is persistent even though its not responding or otherwise apparently even active On Mon, Feb 27, 2017 at 4:04 PM, Adam Moffett <dmmoff...@gmail.com> wrote: Oh? I never noticed that feature. If you get the offender's MAC address it should be trivial to find them at that point. That's really all you need. -- Original Message -- From: "Dennis Burgess" <dmburg...@linktechs.net> To: "af@afmug.com" <af@afmug.com> Sent: 2/27/2017 5:01:12 PM Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets MIkroTik does have a dhcp alert detection as well. It will not detect the dhcp sever on the router. It will give you basic information such as MAC address etc, but really don’t help you too much. But neither will turning a DHCP client on. You have to find where that client is and turn them off. Dennis Burgess – Network Solution Engineer – Consultant MikroTik Certified Trainer/Consultant – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE For Wireless Hardware/Routers visit www.linktechs.net Radio Frequiency Coverages: www.towercoverage.com Office: 314-735-0270 E-Mail: dmburg...@linktechs.net From: Af [mailto:af-boun...@afmug.com] On Behalf Of Dennis Burgess Sent: Monday, February 27, 2017 3:59 PM To: af@afmug.com Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets Switch can do it too, port isolation! Lol note, not a dumb switch though. Nettoix I belive does it. Dennis Burgess – Network Solution Engineer – Consultant
Re: [AFMUG] Mikrotik quick view for unknown subnets
Im mainly looking for IP space that shouldnt be present, DHCP or not. I can packet sniff and exclude all configured subnets on that bridge, but its a pain I didnt know if there was arp monitor or something along those lines. collecting gratuitous ARPs or something like that I see alot of false 192.168.1.1 when i stick that subnet on the interface, it doesnt respond and often times has the customer IP arp listed as well sometimes its the same mac, sometimes its one digit off like a reboot cycling up in switch then into router mode during boot cycle. I see it alot with netgear macs. alot of times the 192.168.1.1 is persistent even though its not responding or otherwise apparently even active On Mon, Feb 27, 2017 at 4:04 PM, Adam Moffett <dmmoff...@gmail.com> wrote: > Oh? I never noticed that feature. > > If you get the offender's MAC address it should be trivial to find them at > that point. That's really all you need. > > > -- Original Message -- > From: "Dennis Burgess" <dmburg...@linktechs.net> > To: "af@afmug.com" <af@afmug.com> > Sent: 2/27/2017 5:01:12 PM > Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets > > MIkroTik does have a dhcp alert detection as well. It will not detect the > dhcp sever on the router. It will give you basic information such as MAC > address etc, but really don’t help you too much. But neither will turning a > DHCP client on. You have to find where that client is and turn them off. > > > > > > *Dennis Burgess** –** Network Solution Engineer – Consultant * > > MikroTik Certified Trainer/Consultant > <http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> – > MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE > > > > For Wireless Hardware/Routers visit www.linktechs.net > > Radio Frequiency Coverages: www.towercoverage.com > > Office: 314-735-0270 <(314)%20735-0270> > > E-Mail: dmburg...@linktechs.net > > > > *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *Dennis Burgess > *Sent:* Monday, February 27, 2017 3:59 PM > *To:* af@afmug.com > *Subject:* Re: [AFMUG] Mikrotik quick view for unknown subnets > > > > Switch can do it too, port isolation! Lol note, not a dumb switch > though. Nettoix I belive does it. > > > > > > *Dennis Burgess** –** Network Solution Engineer – Consultant * > > MikroTik Certified Trainer/Consultant > <http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> – > MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE > > > > For Wireless Hardware/Routers visit www.linktechs.net > > Radio Frequiency Coverages: www.towercoverage.com > > Office: 314-735-0270 <(314)%20735-0270> > > E-Mail: dmburg...@linktechs.net > > > > *From:* Af [mailto:af-boun...@afmug.com <af-boun...@afmug.com>] *On > Behalf Of *Adam Moffett > *Sent:* Monday, February 27, 2017 3:57 PM > *To:* af@afmug.com > *Subject:* Re: [AFMUG] Mikrotik quick view for unknown subnets > > > > Only on two different router interfaces. If they're on a switch, then no. > > > I think Dennis may be referring to how you should ideally have things > configured, and I think you're talking specifically about the feature in > Canopy equipment labeled "SM Isolation". > > Ideally, yeah you should make it so one customer can't break everyone. > That's a multi-faceted thing and SM Isolation is one component of it. > > > > If you're looking specifically for a router plugged in backwards, add a > DHCP-client to the interface facing the AP, and (*critical*) uncheck the > boxes for "add default route" and "add peer DNS". That might be the kind > of quick, simple test you're hoping for. > > > > > > > > > > -- Original Message -- > > From: "That One Guy /sarcasm" <thatoneguyst...@gmail.com> > > To: "af@afmug.com" <af@afmug.com> > > Sent: 2/27/2017 4:42:02 PM > > Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets > > > > clients on two different access points wil be blocked by client isolation? > > > > On Mon, Feb 27, 2017 at 3:35 PM, Dennis Burgess <dmburg...@linktechs.net> > wrote: > > There is no reason why it would and should not . J You can easily allow > the one offs … > > > > > > *Dennis Burgess** –** Network Solution Engineer – Consultant * > > MikroTik Certified Trainer/Consultant > <http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> – > MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE > > > > For Wireless Hardware/Routers visit www.linktechs.net > > Radio Frequiency Coverages: www.towercoverage.com > > Of
Re: [AFMUG] Mikrotik quick view for unknown subnets
Most PtMP platforms have their own variation of SM Isolation. - Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP - Original Message - From: "Adam Moffett" <dmmoff...@gmail.com> To: af@afmug.com Sent: Monday, February 27, 2017 3:57:04 PM Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets Only on two different router interfaces. If they're on a switch, then no. I think Dennis may be referring to how you should ideally have things configured, and I think you're talking specifically about the feature in Canopy equipment labeled "SM Isolation". Ideally, yeah you should make it so one customer can't break everyone. That's a multi-faceted thing and SM Isolation is one component of it. If you're looking specifically for a router plugged in backwards, add a DHCP-client to the interface facing the AP, and (*critical*) uncheck the boxes for "add default route" and "add peer DNS". That might be the kind of quick, simple test you're hoping for. -- Original Message -- From: "That One Guy /sarcasm" < thatoneguyst...@gmail.com > To: "af@afmug.com" < af@afmug.com > Sent: 2/27/2017 4:42:02 PM Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets clients on two different access points wil be blocked by client isolation? On Mon, Feb 27, 2017 at 3:35 PM, Dennis Burgess < dmburg...@linktechs.net > wrote: There is no reason why it would and should not . J You can easily allow the one offs … Dennis Burgess – Network Solution Engineer – Consultant MikroTik Certified Trainer/Consultant – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE For Wireless Hardware/Routers visit www.linktechs.net Radio Frequiency Coverages: www.towercoverage.com Office: 314-735-0270 E-Mail: dmburg...@linktechs.net From: Af [mailto: af-boun...@afmug.com ] On Behalf Of That One Guy /sarcasm Sent: Monday, February 27, 2017 1:13 PM To: af@afmug.com Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets A. we have some locations where we dont use client isolation and B client isolation doesnt apply to two access points as far as I know On Mon, Feb 27, 2017 at 12:42 PM, Dennis Burgess < dmburg...@linktechs.net > wrote: Your client isolation should take care of that. FYI. Dennis Burgess – Network Solution Engineer – Consultant MikroTik Certified Trainer/Consultant – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE For Wireless Hardware/Routers visit www.linktechs.net Radio Frequiency Coverages: www.towercoverage.com Office: 314-735-0270 E-Mail: dmburg...@linktechs.net From: Af [mailto: af-boun...@afmug.com ] On Behalf Of That One Guy /sarcasm Sent: Monday, February 27, 2017 12:42 PM To: af@afmug.com Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets I wasnt clear, I was actually looking for rogue subnets in general another issue example is that a customer with some time clocks recently had a slick tech put a switch in before the router at multiple locations from the same site, different APs, we bridge the APs at the POP, so they were directly communicating On Mon, Feb 27, 2017 at 12:33 PM, Faisal Imtiaz < fai...@snappytelecom.net > wrote: You might find the useful. https://forum.mikrotik.com/viewtopic.php?t=23640 Regards. Faisal Imtiaz Snappy Internet & Telecom 7266 SW 48 Street Miami, FL 33155 Tel: 305 663 5518 x 232 Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net From: "That One Guy /sarcasm" < thatoneguyst...@gmail.com > To: af@afmug.com Sent: Monday, February 27, 2017 11:34:59 AM Subject: [AFMUG] Mikrotik quick view for unknown subnets If, for example a customer has a router connected backward, is there an arp(ish) check aside from packet sniffing to see this since its not a subnet on the interface and there wont be an arp entry? -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team. -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team. -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team. -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team.
Re: [AFMUG] Mikrotik quick view for unknown subnets
Yep.. it will take a bit but it will work. Dennis Burgess – Network Solution Engineer – Consultant MikroTik Certified Trainer/Consultant<http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE For Wireless Hardware/Routers visit www.linktechs.net<http://www.linktechs.net/> Radio Frequiency Coverages: www.towercoverage.com<http://www.towercoverage.com/> Office: 314-735-0270 E-Mail: dmburg...@linktechs.net<mailto:dmburg...@linktechs.net> From: Af [mailto:af-boun...@afmug.com] On Behalf Of Adam Moffett Sent: Monday, February 27, 2017 4:04 PM To: af@afmug.com; af@afmug.com Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets Oh? I never noticed that feature. If you get the offender's MAC address it should be trivial to find them at that point. That's really all you need. -- Original Message -- From: "Dennis Burgess" <dmburg...@linktechs.net<mailto:dmburg...@linktechs.net>> To: "af@afmug.com<mailto:af@afmug.com>" <af@afmug.com<mailto:af@afmug.com>> Sent: 2/27/2017 5:01:12 PM Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets MIkroTik does have a dhcp alert detection as well. It will not detect the dhcp sever on the router. It will give you basic information such as MAC address etc, but really don’t help you too much. But neither will turning a DHCP client on. You have to find where that client is and turn them off. Dennis Burgess – Network Solution Engineer – Consultant MikroTik Certified Trainer/Consultant<http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE For Wireless Hardware/Routers visit www.linktechs.net<http://www.linktechs.net/> Radio Frequiency Coverages: www.towercoverage.com<http://www.towercoverage.com/> Office: 314-735-0270 E-Mail: dmburg...@linktechs.net<mailto:dmburg...@linktechs.net> From: Af [mailto:af-boun...@afmug.com<mailto:af-boun...@afmug.com>] On Behalf Of Dennis Burgess Sent: Monday, February 27, 2017 3:59 PM To: af@afmug.com<mailto:af@afmug.com> Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets Switch can do it too, port isolation! Lol note, not a dumb switch though. Nettoix I belive does it. Dennis Burgess – Network Solution Engineer – Consultant MikroTik Certified Trainer/Consultant<http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE For Wireless Hardware/Routers visit www.linktechs.net<http://www.linktechs.net/> Radio Frequiency Coverages: www.towercoverage.com<http://www.towercoverage.com/> Office: 314-735-0270 E-Mail: dmburg...@linktechs.net<mailto:dmburg...@linktechs.net> From: Af [mailto:af-boun...@afmug.com] On Behalf Of Adam Moffett Sent: Monday, February 27, 2017 3:57 PM To: af@afmug.com<mailto:af@afmug.com> Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets Only on two different router interfaces. If they're on a switch, then no. I think Dennis may be referring to how you should ideally have things configured, and I think you're talking specifically about the feature in Canopy equipment labeled "SM Isolation". Ideally, yeah you should make it so one customer can't break everyone. That's a multi-faceted thing and SM Isolation is one component of it. If you're looking specifically for a router plugged in backwards, add a DHCP-client to the interface facing the AP, and (*critical*) uncheck the boxes for "add default route" and "add peer DNS". That might be the kind of quick, simple test you're hoping for. -- Original Message -- From: "That One Guy /sarcasm" <thatoneguyst...@gmail.com<mailto:thatoneguyst...@gmail.com>> To: "af@afmug.com<mailto:af@afmug.com>" <af@afmug.com<mailto:af@afmug.com>> Sent: 2/27/2017 4:42:02 PM Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets clients on two different access points wil be blocked by client isolation? On Mon, Feb 27, 2017 at 3:35 PM, Dennis Burgess <dmburg...@linktechs.net<mailto:dmburg...@linktechs.net>> wrote: There is no reason why it would and should not . ☺ You can easily allow the one offs … Dennis Burgess – Network Solution Engineer – Consultant MikroTik Certified Trainer/Consultant<http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE For Wireless Hardware/Routers visit www.linktechs.net<http://www.linktechs.net/> Radio Frequiency Coverages: www.towercoverage.com<http://www.towercoverage.com/> Office: 314-735-0270<tel:(314)%20735-0270> E-Mail: dmburg...@linktechs.net<mailto:dmburg...@linktechs.net> From: Af [mailto:af-boun...@afmug.com<mailto:af-boun...@afmug.com>] On Behalf Of That One Guy /sarcasm Sent: Monday, February 27, 2017 1:1
Re: [AFMUG] Mikrotik quick view for unknown subnets
Note, that should NOT affect it. The DHCP-client trick should work, and it will get you the MAC address, the DHCP-ALERT will get you the mac as well. But you should NEVER distribute all connected subnets, this is a prime example of why not. ☺Don’t get me wrong, there is a time and place for it, but 99% of the time, it always comes back to bite you. What networks are for! ☺ Dennis Burgess – Network Solution Engineer – Consultant MikroTik Certified Trainer/Consultant<http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE For Wireless Hardware/Routers visit www.linktechs.net<http://www.linktechs.net/> Radio Frequiency Coverages: www.towercoverage.com<http://www.towercoverage.com/> Office: 314-735-0270 E-Mail: dmburg...@linktechs.net<mailto:dmburg...@linktechs.net> From: Af [mailto:af-boun...@afmug.com] On Behalf Of Adam Moffett Sent: Monday, February 27, 2017 4:03 PM To: af@afmug.com Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets I should probably addif you're distributing all connected subnets via ospf, then the dhcp-client trick will distribute a route to the customer's LAN subnet. You might not want that. That might be obvious depending on how much Keystone Ice we've already had. -- Original Message -- From: "Adam Moffett" <dmmoff...@gmail.com<mailto:dmmoff...@gmail.com>> To: af@afmug.com<mailto:af@afmug.com> Sent: 2/27/2017 4:57:04 PM Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets Only on two different router interfaces. If they're on a switch, then no. I think Dennis may be referring to how you should ideally have things configured, and I think you're talking specifically about the feature in Canopy equipment labeled "SM Isolation". Ideally, yeah you should make it so one customer can't break everyone. That's a multi-faceted thing and SM Isolation is one component of it. If you're looking specifically for a router plugged in backwards, add a DHCP-client to the interface facing the AP, and (*critical*) uncheck the boxes for "add default route" and "add peer DNS". That might be the kind of quick, simple test you're hoping for. -- Original Message -- From: "That One Guy /sarcasm" <thatoneguyst...@gmail.com<mailto:thatoneguyst...@gmail.com>> To: "af@afmug.com<mailto:af@afmug.com>" <af@afmug.com<mailto:af@afmug.com>> Sent: 2/27/2017 4:42:02 PM Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets clients on two different access points wil be blocked by client isolation? On Mon, Feb 27, 2017 at 3:35 PM, Dennis Burgess <dmburg...@linktechs.net<mailto:dmburg...@linktechs.net>> wrote: There is no reason why it would and should not . ☺ You can easily allow the one offs … Dennis Burgess – Network Solution Engineer – Consultant MikroTik Certified Trainer/Consultant<http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE For Wireless Hardware/Routers visit www.linktechs.net<http://www.linktechs.net/> Radio Frequiency Coverages: www.towercoverage.com<http://www.towercoverage.com/> Office: 314-735-0270<tel:(314)%20735-0270> E-Mail: dmburg...@linktechs.net<mailto:dmburg...@linktechs.net> From: Af [mailto:af-boun...@afmug.com<mailto:af-boun...@afmug.com>] On Behalf Of That One Guy /sarcasm Sent: Monday, February 27, 2017 1:13 PM To: af@afmug.com<mailto:af@afmug.com> Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets A. we have some locations where we dont use client isolation and B client isolation doesnt apply to two access points as far as I know On Mon, Feb 27, 2017 at 12:42 PM, Dennis Burgess <dmburg...@linktechs.net<mailto:dmburg...@linktechs.net>> wrote: Your client isolation should take care of that. FYI. Dennis Burgess – Network Solution Engineer – Consultant MikroTik Certified Trainer/Consultant<http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE For Wireless Hardware/Routers visit www.linktechs.net<http://www.linktechs.net/> Radio Frequiency Coverages: www.towercoverage.com<http://www.towercoverage.com/> Office: 314-735-0270<tel:(314)%20735-0270> E-Mail: dmburg...@linktechs.net<mailto:dmburg...@linktechs.net> From: Af [mailto:af-boun...@afmug.com<mailto:af-boun...@afmug.com>] On Behalf Of That One Guy /sarcasm Sent: Monday, February 27, 2017 12:42 PM To: af@afmug.com<mailto:af@afmug.com> Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets I wasnt clear, I was actually looking for rogue subnets in general another issue example is that a customer with some time clocks recently had a slick tech put a switch in before the router at multiple locations from the same site, different APs
Re: [AFMUG] Mikrotik quick view for unknown subnets
Oh? I never noticed that feature. If you get the offender's MAC address it should be trivial to find them at that point. That's really all you need. -- Original Message -- From: "Dennis Burgess" <dmburg...@linktechs.net> To: "af@afmug.com" <af@afmug.com> Sent: 2/27/2017 5:01:12 PM Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets MIkroTik does have a dhcp alert detection as well. It will not detect the dhcp sever on the router. It will give you basic information such as MAC address etc, but really don’t help you too much. But neither will turning a DHCP client on. You have to find where that client is and turn them off. Dennis Burgess – Network Solution Engineer – Consultant MikroTik Certified Trainer/Consultant <http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE For Wireless Hardware/Routers visit www.linktechs.net Radio Frequiency Coverages: www.towercoverage.com Office: 314-735-0270 E-Mail: dmburg...@linktechs.net From: Af [mailto:af-boun...@afmug.com] On Behalf Of Dennis Burgess Sent: Monday, February 27, 2017 3:59 PM To:af@afmug.com Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets Switch can do it too, port isolation! Lol note, not a dumb switch though. Nettoix I belive does it. Dennis Burgess – Network Solution Engineer – Consultant MikroTik Certified Trainer/Consultant <http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE For Wireless Hardware/Routers visit www.linktechs.net Radio Frequiency Coverages: www.towercoverage.com Office: 314-735-0270 E-Mail: dmburg...@linktechs.net From: Af [mailto:af-boun...@afmug.com] On Behalf Of Adam Moffett Sent: Monday, February 27, 2017 3:57 PM To:af@afmug.com Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets Only on two different router interfaces. If they're on a switch, then no. I think Dennis may be referring to how you should ideally have things configured, and I think you're talking specifically about the feature in Canopy equipment labeled "SM Isolation". Ideally, yeah you should make it so one customer can't break everyone. That's a multi-faceted thing and SM Isolation is one component of it. If you're looking specifically for a router plugged in backwards, add a DHCP-client to the interface facing the AP, and (*critical*) uncheck the boxes for "add default route" and "add peer DNS". That might be the kind of quick, simple test you're hoping for. -- Original Message -- From: "That One Guy /sarcasm" <thatoneguyst...@gmail.com> To: "af@afmug.com" <af@afmug.com> Sent: 2/27/2017 4:42:02 PM Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets clients on two different access points wil be blocked by client isolation? On Mon, Feb 27, 2017 at 3:35 PM, Dennis Burgess <dmburg...@linktechs.net> wrote: There is no reason why it would and should not . J You can easily allow the one offs … Dennis Burgess – Network Solution Engineer – Consultant MikroTik Certified Trainer/Consultant <http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE For Wireless Hardware/Routers visit www.linktechs.net Radio Frequiency Coverages: www.towercoverage.com Office: 314-735-0270 <tel:(314)%20735-0270> E-Mail: dmburg...@linktechs.net From: Af [mailto:af-boun...@afmug.com] On Behalf Of That One Guy /sarcasm Sent: Monday, February 27, 2017 1:13 PM To:af@afmug.com Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets A. we have some locations where we dont use client isolation and B client isolation doesnt apply to two access points as far as I know On Mon, Feb 27, 2017 at 12:42 PM, Dennis Burgess <dmburg...@linktechs.net> wrote: Your client isolation should take care of that. FYI. Dennis Burgess – Network Solution Engineer – Consultant MikroTik Certified Trainer/Consultant <http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE For Wireless Hardware/Routers visit www.linktechs.net Radio Frequiency Coverages: www.towercoverage.com Office: 314-735-0270 <tel:(314)%20735-0270> E-Mail: dmburg...@linktechs.net From: Af [mailto:af-boun...@afmug.com] On Behalf Of That One Guy /sarcasm Sent: Monday, February 27, 2017 12:42 PM To:af@afmug.com Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets I wasnt clear, I was actually looking for rogue subnets in general another issue example is that a customer with some time clocks recently had a slick tech put a switch in before the router at multiple locations from the same site, different APs, we bridge the APs at the POP, so they were directly communicating On Mon, Feb 27,
Re: [AFMUG] Mikrotik quick view for unknown subnets
I should probably addif you're distributing all connected subnets via ospf, then the dhcp-client trick will distribute a route to the customer's LAN subnet. You might not want that. That might be obvious depending on how much Keystone Ice we've already had. -- Original Message -- From: "Adam Moffett" <dmmoff...@gmail.com> To: af@afmug.com Sent: 2/27/2017 4:57:04 PM Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets Only on two different router interfaces. If they're on a switch, then no. I think Dennis may be referring to how you should ideally have things configured, and I think you're talking specifically about the feature in Canopy equipment labeled "SM Isolation". Ideally, yeah you should make it so one customer can't break everyone. That's a multi-faceted thing and SM Isolation is one component of it. If you're looking specifically for a router plugged in backwards, add a DHCP-client to the interface facing the AP, and (*critical*) uncheck the boxes for "add default route" and "add peer DNS". That might be the kind of quick, simple test you're hoping for. -- Original Message -- From: "That One Guy /sarcasm" <thatoneguyst...@gmail.com> To: "af@afmug.com" <af@afmug.com> Sent: 2/27/2017 4:42:02 PM Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets clients on two different access points wil be blocked by client isolation? On Mon, Feb 27, 2017 at 3:35 PM, Dennis Burgess <dmburg...@linktechs.net> wrote: There is no reason why it would and should not . J You can easily allow the one offs … Dennis Burgess – Network Solution Engineer – Consultant MikroTik Certified Trainer/Consultant <http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE For Wireless Hardware/Routers visit www.linktechs.net Radio Frequiency Coverages: www.towercoverage.com Office: 314-735-0270 <tel:(314)%20735-0270> E-Mail: dmburg...@linktechs.net From: Af [mailto:af-boun...@afmug.com] On Behalf Of That One Guy /sarcasm Sent: Monday, February 27, 2017 1:13 PM To:af@afmug.com Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets A. we have some locations where we dont use client isolation and B client isolation doesnt apply to two access points as far as I know On Mon, Feb 27, 2017 at 12:42 PM, Dennis Burgess <dmburg...@linktechs.net> wrote: Your client isolation should take care of that. FYI. Dennis Burgess – Network Solution Engineer – Consultant MikroTik Certified Trainer/Consultant <http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE For Wireless Hardware/Routers visit www.linktechs.net Radio Frequiency Coverages: www.towercoverage.com Office: 314-735-0270 <tel:(314)%20735-0270> E-Mail: dmburg...@linktechs.net From: Af [mailto:af-boun...@afmug.com] On Behalf Of That One Guy /sarcasm Sent: Monday, February 27, 2017 12:42 PM To:af@afmug.com Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets I wasnt clear, I was actually looking for rogue subnets in general another issue example is that a customer with some time clocks recently had a slick tech put a switch in before the router at multiple locations from the same site, different APs, we bridge the APs at the POP, so they were directly communicating On Mon, Feb 27, 2017 at 12:33 PM, Faisal Imtiaz <fai...@snappytelecom.net> wrote: You might find the useful. https://forum.mikrotik.com/viewtopic.php?t=23640 <https://forum.mikrotik.com/viewtopic.php?t=23640> Regards. Faisal Imtiaz Snappy Internet & Telecom 7266 SW 48 Street Miami, FL 33155 Tel: 305 663 5518 x 232 <tel:(305)%20663-5518> Help-desk: (305)663-5518 <tel:(305)%20663-5518> Option 2 or Email: supp...@snappytelecom.net ---- From: "That One Guy /sarcasm" <thatoneguyst...@gmail.com> To: af@afmug.com Sent: Monday, February 27, 2017 11:34:59 AM Subject: [AFMUG] Mikrotik quick view for unknown subnets If, for example a customer has a router connected backward, is there an arp(ish) check aside from packet sniffing to see this since its not a subnet on the interface and there wont be an arp entry? -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team. -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team. -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team. -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team.
Re: [AFMUG] Mikrotik quick view for unknown subnets
MIkroTik does have a dhcp alert detection as well. It will not detect the dhcp sever on the router. It will give you basic information such as MAC address etc, but really don’t help you too much. But neither will turning a DHCP client on. You have to find where that client is and turn them off. Dennis Burgess – Network Solution Engineer – Consultant MikroTik Certified Trainer/Consultant<http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE For Wireless Hardware/Routers visit www.linktechs.net<http://www.linktechs.net/> Radio Frequiency Coverages: www.towercoverage.com<http://www.towercoverage.com/> Office: 314-735-0270 E-Mail: dmburg...@linktechs.net<mailto:dmburg...@linktechs.net> From: Af [mailto:af-boun...@afmug.com] On Behalf Of Dennis Burgess Sent: Monday, February 27, 2017 3:59 PM To: af@afmug.com Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets Switch can do it too, port isolation! Lol note, not a dumb switch though. Nettoix I belive does it. Dennis Burgess – Network Solution Engineer – Consultant MikroTik Certified Trainer/Consultant<http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE For Wireless Hardware/Routers visit www.linktechs.net<http://www.linktechs.net/> Radio Frequiency Coverages: www.towercoverage.com<http://www.towercoverage.com/> Office: 314-735-0270 E-Mail: dmburg...@linktechs.net<mailto:dmburg...@linktechs.net> From: Af [mailto:af-boun...@afmug.com] On Behalf Of Adam Moffett Sent: Monday, February 27, 2017 3:57 PM To: af@afmug.com<mailto:af@afmug.com> Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets Only on two different router interfaces. If they're on a switch, then no. I think Dennis may be referring to how you should ideally have things configured, and I think you're talking specifically about the feature in Canopy equipment labeled "SM Isolation". Ideally, yeah you should make it so one customer can't break everyone. That's a multi-faceted thing and SM Isolation is one component of it. If you're looking specifically for a router plugged in backwards, add a DHCP-client to the interface facing the AP, and (*critical*) uncheck the boxes for "add default route" and "add peer DNS". That might be the kind of quick, simple test you're hoping for. -- Original Message -- From: "That One Guy /sarcasm" <thatoneguyst...@gmail.com<mailto:thatoneguyst...@gmail.com>> To: "af@afmug.com<mailto:af@afmug.com>" <af@afmug.com<mailto:af@afmug.com>> Sent: 2/27/2017 4:42:02 PM Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets clients on two different access points wil be blocked by client isolation? On Mon, Feb 27, 2017 at 3:35 PM, Dennis Burgess <dmburg...@linktechs.net<mailto:dmburg...@linktechs.net>> wrote: There is no reason why it would and should not . ☺ You can easily allow the one offs … Dennis Burgess – Network Solution Engineer – Consultant MikroTik Certified Trainer/Consultant<http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE For Wireless Hardware/Routers visit www.linktechs.net<http://www.linktechs.net/> Radio Frequiency Coverages: www.towercoverage.com<http://www.towercoverage.com/> Office: 314-735-0270<tel:(314)%20735-0270> E-Mail: dmburg...@linktechs.net<mailto:dmburg...@linktechs.net> From: Af [mailto:af-boun...@afmug.com<mailto:af-boun...@afmug.com>] On Behalf Of That One Guy /sarcasm Sent: Monday, February 27, 2017 1:13 PM To: af@afmug.com<mailto:af@afmug.com> Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets A. we have some locations where we dont use client isolation and B client isolation doesnt apply to two access points as far as I know On Mon, Feb 27, 2017 at 12:42 PM, Dennis Burgess <dmburg...@linktechs.net<mailto:dmburg...@linktechs.net>> wrote: Your client isolation should take care of that. FYI. Dennis Burgess – Network Solution Engineer – Consultant MikroTik Certified Trainer/Consultant<http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE For Wireless Hardware/Routers visit www.linktechs.net<http://www.linktechs.net/> Radio Frequiency Coverages: www.towercoverage.com<http://www.towercoverage.com/> Office: 314-735-0270<tel:(314)%20735-0270> E-Mail: dmburg...@linktechs.net<mailto:dmburg...@linktechs.net> From: Af [mailto:af-boun...@afmug.com<mailto:af-boun...@afmug.com>] On Behalf Of That One Guy /sarcasm Sent: Monday, February 27, 2017 12:42 PM To: af@afmug.com<mailto:af@afmug.com> Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets I wasnt clear, I was actually looking for rogue subnets in general anothe
Re: [AFMUG] Mikrotik quick view for unknown subnets
Yup that's true. -- Original Message -- From: "Dennis Burgess" <dmburg...@linktechs.net> To: "af@afmug.com" <af@afmug.com> Sent: 2/27/2017 4:59:18 PM Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets Switch can do it too, port isolation! Lol note, not a dumb switch though. Nettoix I belive does it. Dennis Burgess – Network Solution Engineer – Consultant MikroTik Certified Trainer/Consultant <http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE For Wireless Hardware/Routers visit www.linktechs.net Radio Frequiency Coverages: www.towercoverage.com Office: 314-735-0270 E-Mail: dmburg...@linktechs.net From: Af [mailto:af-boun...@afmug.com] On Behalf Of Adam Moffett Sent: Monday, February 27, 2017 3:57 PM To:af@afmug.com Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets Only on two different router interfaces. If they're on a switch, then no. I think Dennis may be referring to how you should ideally have things configured, and I think you're talking specifically about the feature in Canopy equipment labeled "SM Isolation". Ideally, yeah you should make it so one customer can't break everyone. That's a multi-faceted thing and SM Isolation is one component of it. If you're looking specifically for a router plugged in backwards, add a DHCP-client to the interface facing the AP, and (*critical*) uncheck the boxes for "add default route" and "add peer DNS". That might be the kind of quick, simple test you're hoping for. -- Original Message -- From: "That One Guy /sarcasm" <thatoneguyst...@gmail.com> To: "af@afmug.com" <af@afmug.com> Sent: 2/27/2017 4:42:02 PM Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets clients on two different access points wil be blocked by client isolation? On Mon, Feb 27, 2017 at 3:35 PM, Dennis Burgess <dmburg...@linktechs.net> wrote: There is no reason why it would and should not . J You can easily allow the one offs … Dennis Burgess – Network Solution Engineer – Consultant MikroTik Certified Trainer/Consultant <http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE For Wireless Hardware/Routers visit www.linktechs.net Radio Frequiency Coverages: www.towercoverage.com Office: 314-735-0270 <tel:(314)%20735-0270> E-Mail: dmburg...@linktechs.net From: Af [mailto:af-boun...@afmug.com] On Behalf Of That One Guy /sarcasm Sent: Monday, February 27, 2017 1:13 PM To:af@afmug.com Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets A. we have some locations where we dont use client isolation and B client isolation doesnt apply to two access points as far as I know On Mon, Feb 27, 2017 at 12:42 PM, Dennis Burgess <dmburg...@linktechs.net> wrote: Your client isolation should take care of that. FYI. Dennis Burgess – Network Solution Engineer – Consultant MikroTik Certified Trainer/Consultant <http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE For Wireless Hardware/Routers visit www.linktechs.net Radio Frequiency Coverages: www.towercoverage.com Office: 314-735-0270 <tel:(314)%20735-0270> E-Mail: dmburg...@linktechs.net From: Af [mailto:af-boun...@afmug.com] On Behalf Of That One Guy /sarcasm Sent: Monday, February 27, 2017 12:42 PM To:af@afmug.com Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets I wasnt clear, I was actually looking for rogue subnets in general another issue example is that a customer with some time clocks recently had a slick tech put a switch in before the router at multiple locations from the same site, different APs, we bridge the APs at the POP, so they were directly communicating On Mon, Feb 27, 2017 at 12:33 PM, Faisal Imtiaz <fai...@snappytelecom.net> wrote: You might find the useful. https://forum.mikrotik.com/viewtopic.php?t=23640 Regards. Faisal Imtiaz Snappy Internet & Telecom 7266 SW 48 Street Miami, FL 33155 Tel: 305 663 5518 x 232 <tel:(305)%20663-5518> Help-desk: (305)663-5518 <tel:(305)%20663-5518> Option 2 or Email: supp...@snappytelecom.net <mailto:supp...@snappytelecom.net> ------------ From: "That One Guy /sarcasm" <thatoneguyst...@gmail.com> To: af@afmug.com Sent: Monday, February 27, 2017 11:34:59 AM Subject: [AFMUG] Mikrotik quick view for unknown subnets If, for example a customer has a router connected backward, is there an arp(ish) check aside from packet sniffing to see this since its not a subnet on the interface and there wont be an arp entry? -- If you only see yourself as part of the team but you don't see your team as
Re: [AFMUG] Mikrotik quick view for unknown subnets
Rephrase. Any managed switch should be able to do that. A MIkroTik can of course, all with one bridge group.. There are many different ways of doing it there. The SM isolation should be turned on as well. Dennis Burgess – Network Solution Engineer – Consultant MikroTik Certified Trainer/Consultant<http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE For Wireless Hardware/Routers visit www.linktechs.net<http://www.linktechs.net/> Radio Frequiency Coverages: www.towercoverage.com<http://www.towercoverage.com/> Office: 314-735-0270 E-Mail: dmburg...@linktechs.net<mailto:dmburg...@linktechs.net> From: Af [mailto:af-boun...@afmug.com] On Behalf Of Adam Moffett Sent: Monday, February 27, 2017 3:57 PM To: af@afmug.com Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets Only on two different router interfaces. If they're on a switch, then no. I think Dennis may be referring to how you should ideally have things configured, and I think you're talking specifically about the feature in Canopy equipment labeled "SM Isolation". Ideally, yeah you should make it so one customer can't break everyone. That's a multi-faceted thing and SM Isolation is one component of it. If you're looking specifically for a router plugged in backwards, add a DHCP-client to the interface facing the AP, and (*critical*) uncheck the boxes for "add default route" and "add peer DNS". That might be the kind of quick, simple test you're hoping for. -- Original Message -- From: "That One Guy /sarcasm" <thatoneguyst...@gmail.com<mailto:thatoneguyst...@gmail.com>> To: "af@afmug.com<mailto:af@afmug.com>" <af@afmug.com<mailto:af@afmug.com>> Sent: 2/27/2017 4:42:02 PM Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets clients on two different access points wil be blocked by client isolation? On Mon, Feb 27, 2017 at 3:35 PM, Dennis Burgess <dmburg...@linktechs.net<mailto:dmburg...@linktechs.net>> wrote: There is no reason why it would and should not . ☺ You can easily allow the one offs … Dennis Burgess – Network Solution Engineer – Consultant MikroTik Certified Trainer/Consultant<http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE For Wireless Hardware/Routers visit www.linktechs.net<http://www.linktechs.net/> Radio Frequiency Coverages: www.towercoverage.com<http://www.towercoverage.com/> Office: 314-735-0270<tel:(314)%20735-0270> E-Mail: dmburg...@linktechs.net<mailto:dmburg...@linktechs.net> From: Af [mailto:af-boun...@afmug.com<mailto:af-boun...@afmug.com>] On Behalf Of That One Guy /sarcasm Sent: Monday, February 27, 2017 1:13 PM To: af@afmug.com<mailto:af@afmug.com> Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets A. we have some locations where we dont use client isolation and B client isolation doesnt apply to two access points as far as I know On Mon, Feb 27, 2017 at 12:42 PM, Dennis Burgess <dmburg...@linktechs.net<mailto:dmburg...@linktechs.net>> wrote: Your client isolation should take care of that. FYI. Dennis Burgess – Network Solution Engineer – Consultant MikroTik Certified Trainer/Consultant<http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE For Wireless Hardware/Routers visit www.linktechs.net<http://www.linktechs.net/> Radio Frequiency Coverages: www.towercoverage.com<http://www.towercoverage.com/> Office: 314-735-0270<tel:(314)%20735-0270> E-Mail: dmburg...@linktechs.net<mailto:dmburg...@linktechs.net> From: Af [mailto:af-boun...@afmug.com<mailto:af-boun...@afmug.com>] On Behalf Of That One Guy /sarcasm Sent: Monday, February 27, 2017 12:42 PM To: af@afmug.com<mailto:af@afmug.com> Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets I wasnt clear, I was actually looking for rogue subnets in general another issue example is that a customer with some time clocks recently had a slick tech put a switch in before the router at multiple locations from the same site, different APs, we bridge the APs at the POP, so they were directly communicating On Mon, Feb 27, 2017 at 12:33 PM, Faisal Imtiaz <fai...@snappytelecom.net<mailto:fai...@snappytelecom.net>> wrote: You might find the useful. https://forum.mikrotik.com/viewtopic.php?t=23640 Regards. Faisal Imtiaz Snappy Internet & Telecom 7266 SW 48 Street Miami, FL 33155 Tel: 305 663 5518 x 232<tel:(305)%20663-5518> Help-desk: (305)663-5518<tel:(305)%20663-5518> Option 2 or Email: supp...@snappytelecom.net<mailto:supp...@snappytelecom.net> ____________ From: "That One Guy /sarcasm" <thatoneguyst...@gmail.com<mailto:thatoneguyst...@gmail.com>> To: af@
Re: [AFMUG] Mikrotik quick view for unknown subnets
Switch can do it too, port isolation! Lol note, not a dumb switch though. Nettoix I belive does it. Dennis Burgess – Network Solution Engineer – Consultant MikroTik Certified Trainer/Consultant<http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE For Wireless Hardware/Routers visit www.linktechs.net<http://www.linktechs.net/> Radio Frequiency Coverages: www.towercoverage.com<http://www.towercoverage.com/> Office: 314-735-0270 E-Mail: dmburg...@linktechs.net<mailto:dmburg...@linktechs.net> From: Af [mailto:af-boun...@afmug.com] On Behalf Of Adam Moffett Sent: Monday, February 27, 2017 3:57 PM To: af@afmug.com Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets Only on two different router interfaces. If they're on a switch, then no. I think Dennis may be referring to how you should ideally have things configured, and I think you're talking specifically about the feature in Canopy equipment labeled "SM Isolation". Ideally, yeah you should make it so one customer can't break everyone. That's a multi-faceted thing and SM Isolation is one component of it. If you're looking specifically for a router plugged in backwards, add a DHCP-client to the interface facing the AP, and (*critical*) uncheck the boxes for "add default route" and "add peer DNS". That might be the kind of quick, simple test you're hoping for. -- Original Message -- From: "That One Guy /sarcasm" <thatoneguyst...@gmail.com<mailto:thatoneguyst...@gmail.com>> To: "af@afmug.com<mailto:af@afmug.com>" <af@afmug.com<mailto:af@afmug.com>> Sent: 2/27/2017 4:42:02 PM Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets clients on two different access points wil be blocked by client isolation? On Mon, Feb 27, 2017 at 3:35 PM, Dennis Burgess <dmburg...@linktechs.net<mailto:dmburg...@linktechs.net>> wrote: There is no reason why it would and should not . ☺ You can easily allow the one offs … Dennis Burgess – Network Solution Engineer – Consultant MikroTik Certified Trainer/Consultant<http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE For Wireless Hardware/Routers visit www.linktechs.net<http://www.linktechs.net/> Radio Frequiency Coverages: www.towercoverage.com<http://www.towercoverage.com/> Office: 314-735-0270<tel:(314)%20735-0270> E-Mail: dmburg...@linktechs.net<mailto:dmburg...@linktechs.net> From: Af [mailto:af-boun...@afmug.com<mailto:af-boun...@afmug.com>] On Behalf Of That One Guy /sarcasm Sent: Monday, February 27, 2017 1:13 PM To: af@afmug.com<mailto:af@afmug.com> Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets A. we have some locations where we dont use client isolation and B client isolation doesnt apply to two access points as far as I know On Mon, Feb 27, 2017 at 12:42 PM, Dennis Burgess <dmburg...@linktechs.net<mailto:dmburg...@linktechs.net>> wrote: Your client isolation should take care of that. FYI. Dennis Burgess – Network Solution Engineer – Consultant MikroTik Certified Trainer/Consultant<http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE For Wireless Hardware/Routers visit www.linktechs.net<http://www.linktechs.net/> Radio Frequiency Coverages: www.towercoverage.com<http://www.towercoverage.com/> Office: 314-735-0270<tel:(314)%20735-0270> E-Mail: dmburg...@linktechs.net<mailto:dmburg...@linktechs.net> From: Af [mailto:af-boun...@afmug.com<mailto:af-boun...@afmug.com>] On Behalf Of That One Guy /sarcasm Sent: Monday, February 27, 2017 12:42 PM To: af@afmug.com<mailto:af@afmug.com> Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets I wasnt clear, I was actually looking for rogue subnets in general another issue example is that a customer with some time clocks recently had a slick tech put a switch in before the router at multiple locations from the same site, different APs, we bridge the APs at the POP, so they were directly communicating On Mon, Feb 27, 2017 at 12:33 PM, Faisal Imtiaz <fai...@snappytelecom.net<mailto:fai...@snappytelecom.net>> wrote: You might find the useful. https://forum.mikrotik.com/viewtopic.php?t=23640 Regards. Faisal Imtiaz Snappy Internet & Telecom 7266 SW 48 Street Miami, FL 33155 Tel: 305 663 5518 x 232<tel:(305)%20663-5518> Help-desk: (305)663-5518<tel:(305)%20663-5518> Option 2 or Email: supp...@snappytelecom.net<mailto:supp...@snappytelecom.net> ____________ From: "That One Guy /sarcasm" <thatoneguyst...@gmail.com<mailto:thatoneguyst...@gmail.com>> To: af@afmug.com<mailto:af@afmug.com> Sent: Monday, February 27, 2017 11:34:59 AM Subject: [AFMUG] Mik
Re: [AFMUG] Mikrotik quick view for unknown subnets
Only on two different router interfaces. If they're on a switch, then no. I think Dennis may be referring to how you should ideally have things configured, and I think you're talking specifically about the feature in Canopy equipment labeled "SM Isolation". Ideally, yeah you should make it so one customer can't break everyone. That's a multi-faceted thing and SM Isolation is one component of it. If you're looking specifically for a router plugged in backwards, add a DHCP-client to the interface facing the AP, and (*critical*) uncheck the boxes for "add default route" and "add peer DNS". That might be the kind of quick, simple test you're hoping for. -- Original Message -- From: "That One Guy /sarcasm" <thatoneguyst...@gmail.com> To: "af@afmug.com" <af@afmug.com> Sent: 2/27/2017 4:42:02 PM Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets clients on two different access points wil be blocked by client isolation? On Mon, Feb 27, 2017 at 3:35 PM, Dennis Burgess <dmburg...@linktechs.net> wrote: There is no reason why it would and should not . J You can easily allow the one offs … Dennis Burgess – Network Solution Engineer – Consultant MikroTik Certified Trainer/Consultant <http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE For Wireless Hardware/Routers visit www.linktechs.net Radio Frequiency Coverages: www.towercoverage.com Office: 314-735-0270 <tel:(314)%20735-0270> E-Mail: dmburg...@linktechs.net From: Af [mailto:af-boun...@afmug.com] On Behalf Of That One Guy /sarcasm Sent: Monday, February 27, 2017 1:13 PM To:af@afmug.com Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets A. we have some locations where we dont use client isolation and B client isolation doesnt apply to two access points as far as I know On Mon, Feb 27, 2017 at 12:42 PM, Dennis Burgess <dmburg...@linktechs.net> wrote: Your client isolation should take care of that. FYI. Dennis Burgess – Network Solution Engineer – Consultant MikroTik Certified Trainer/Consultant <http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE For Wireless Hardware/Routers visit www.linktechs.net Radio Frequiency Coverages: www.towercoverage.com Office: 314-735-0270 <tel:(314)%20735-0270> E-Mail: dmburg...@linktechs.net From: Af [mailto:af-boun...@afmug.com] On Behalf Of That One Guy /sarcasm Sent: Monday, February 27, 2017 12:42 PM To:af@afmug.com Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets I wasnt clear, I was actually looking for rogue subnets in general another issue example is that a customer with some time clocks recently had a slick tech put a switch in before the router at multiple locations from the same site, different APs, we bridge the APs at the POP, so they were directly communicating On Mon, Feb 27, 2017 at 12:33 PM, Faisal Imtiaz <fai...@snappytelecom.net> wrote: You might find the useful. https://forum.mikrotik.com/viewtopic.php?t=23640 <https://forum.mikrotik.com/viewtopic.php?t=23640> Regards. Faisal Imtiaz Snappy Internet & Telecom 7266 SW 48 Street Miami, FL 33155 Tel: 305 663 5518 x 232 <tel:(305)%20663-5518> Help-desk: (305)663-5518 <tel:(305)%20663-5518> Option 2 or Email: supp...@snappytelecom.net From: "That One Guy /sarcasm" <thatoneguyst...@gmail.com> To: af@afmug.com Sent: Monday, February 27, 2017 11:34:59 AM Subject: [AFMUG] Mikrotik quick view for unknown subnets If, for example a customer has a router connected backward, is there an arp(ish) check aside from packet sniffing to see this since its not a subnet on the interface and there wont be an arp entry? -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team. -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team. -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team. -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team.
Re: [AFMUG] Mikrotik quick view for unknown subnets
No it wouldn't be stopped by client isolation. You could stop it with VLANs pretty easily. Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mon, Feb 27, 2017 at 4:53 PM, Dennis Burgess <dmburg...@linktechs.net> wrote: > Yep Clients should only be able to reach the Router that is in > question, that it . J > > > > > > *Dennis Burgess** –** Network Solution Engineer – Consultant * > > MikroTik Certified Trainer/Consultant > <http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> – > MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE > > > > For Wireless Hardware/Routers visit www.linktechs.net > > Radio Frequiency Coverages: www.towercoverage.com > > Office: 314-735-0270 <(314)%20735-0270> > > E-Mail: dmburg...@linktechs.net > > > > *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *That One Guy > /sarcasm > *Sent:* Monday, February 27, 2017 3:42 PM > > *To:* af@afmug.com > *Subject:* Re: [AFMUG] Mikrotik quick view for unknown subnets > > > > clients on two different access points wil be blocked by client isolation? > > > > On Mon, Feb 27, 2017 at 3:35 PM, Dennis Burgess <dmburg...@linktechs.net> > wrote: > > There is no reason why it would and should not . J You can easily allow > the one offs … > > > > > > *Dennis Burgess** –** Network Solution Engineer – Consultant * > > MikroTik Certified Trainer/Consultant > <http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> – > MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE > > > > For Wireless Hardware/Routers visit www.linktechs.net > > Radio Frequiency Coverages: www.towercoverage.com > > Office: 314-735-0270 <(314)%20735-0270> > > E-Mail: dmburg...@linktechs.net > > > > *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *That One Guy > /sarcasm > *Sent:* Monday, February 27, 2017 1:13 PM > *To:* af@afmug.com > *Subject:* Re: [AFMUG] Mikrotik quick view for unknown subnets > > > > A. we have some locations where we dont use client isolation and B client > isolation doesnt apply to two access points as far as I know > > > > On Mon, Feb 27, 2017 at 12:42 PM, Dennis Burgess <dmburg...@linktechs.net> > wrote: > > Your client isolation should take care of that. FYI. > > > > > > *Dennis Burgess** –** Network Solution Engineer – Consultant * > > MikroTik Certified Trainer/Consultant > <http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> – > MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE > > > > For Wireless Hardware/Routers visit www.linktechs.net > > Radio Frequiency Coverages: www.towercoverage.com > > Office: 314-735-0270 <(314)%20735-0270> > > E-Mail: dmburg...@linktechs.net > > > > *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *That One Guy > /sarcasm > *Sent:* Monday, February 27, 2017 12:42 PM > *To:* af@afmug.com > *Subject:* Re: [AFMUG] Mikrotik quick view for unknown subnets > > > > I wasnt clear, I was actually looking for rogue subnets in general > > another issue example is that a customer with some time clocks recently > had a slick tech put a switch in before the router at multiple locations > from the same site, different APs, we bridge the APs at the POP, so they > were directly communicating > > > > On Mon, Feb 27, 2017 at 12:33 PM, Faisal Imtiaz <fai...@snappytelecom.net> > wrote: > > You might find the useful. > > > > https://forum.mikrotik.com/viewtopic.php?t=23640 > > > > > > Regards. > > > > Faisal Imtiaz > Snappy Internet & Telecom > 7266 SW 48 Street > Miami, FL 33155 > Tel: 305 663 5518 x 232 <(305)%20663-5518> > > Help-desk: (305)663-5518 <(305)%20663-5518> Option 2 or Email: > supp...@snappytelecom.net > > > -- > > *From: *"That One Guy /sarcasm" <thatoneguyst...@gmail.com> > *To: *af@afmug.com > *Sent: *Monday, February 27, 2017 11:34:59 AM > *Subject: *[AFMUG] Mikrotik quick view for unknown subnets > > If, for example a customer has a router connected backward, is there an > arp(ish) check aside from packet sniffing to see this since its not a > subnet on the interface and there wont be an arp entry? > > > > -- > > If you only see yourself as part of the team but you don't see your team > as part of yourself you have already failed as part of the team. > > > > > > > > -- > > If you only see yourself as part of the team but you don't see your team > as part of yourself you have already failed as part of the team. > > > > > > -- > > If you only see yourself as part of the team but you don't see your team > as part of yourself you have already failed as part of the team. > > > > > > -- > > If you only see yourself as part of the team but you don't see your team > as part of yourself you have already failed as part of the team. >
Re: [AFMUG] Mikrotik quick view for unknown subnets
cool but back to the original question, without doing packet sniffing is there a way to see rogue subnets? On Mon, Feb 27, 2017 at 3:53 PM, Dennis Burgess <dmburg...@linktechs.net> wrote: > Yep Clients should only be able to reach the Router that is in > question, that it . J > > > > > > *Dennis Burgess** –** Network Solution Engineer – Consultant * > > MikroTik Certified Trainer/Consultant > <http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> – > MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE > > > > For Wireless Hardware/Routers visit www.linktechs.net > > Radio Frequiency Coverages: www.towercoverage.com > > Office: 314-735-0270 <(314)%20735-0270> > > E-Mail: dmburg...@linktechs.net > > > > *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *That One Guy > /sarcasm > *Sent:* Monday, February 27, 2017 3:42 PM > *To:* af@afmug.com > *Subject:* Re: [AFMUG] Mikrotik quick view for unknown subnets > > > > clients on two different access points wil be blocked by client isolation? > > > > On Mon, Feb 27, 2017 at 3:35 PM, Dennis Burgess <dmburg...@linktechs.net> > wrote: > > There is no reason why it would and should not . J You can easily allow > the one offs … > > > > > > *Dennis Burgess** –** Network Solution Engineer – Consultant * > > MikroTik Certified Trainer/Consultant > <http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> – > MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE > > > > For Wireless Hardware/Routers visit www.linktechs.net > > Radio Frequiency Coverages: www.towercoverage.com > > Office: 314-735-0270 <(314)%20735-0270> > > E-Mail: dmburg...@linktechs.net > > > > *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *That One Guy > /sarcasm > *Sent:* Monday, February 27, 2017 1:13 PM > *To:* af@afmug.com > *Subject:* Re: [AFMUG] Mikrotik quick view for unknown subnets > > > > A. we have some locations where we dont use client isolation and B client > isolation doesnt apply to two access points as far as I know > > > > On Mon, Feb 27, 2017 at 12:42 PM, Dennis Burgess <dmburg...@linktechs.net> > wrote: > > Your client isolation should take care of that. FYI. > > > > > > *Dennis Burgess** –** Network Solution Engineer – Consultant * > > MikroTik Certified Trainer/Consultant > <http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> – > MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE > > > > For Wireless Hardware/Routers visit www.linktechs.net > > Radio Frequiency Coverages: www.towercoverage.com > > Office: 314-735-0270 <(314)%20735-0270> > > E-Mail: dmburg...@linktechs.net > > > > *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *That One Guy > /sarcasm > *Sent:* Monday, February 27, 2017 12:42 PM > *To:* af@afmug.com > *Subject:* Re: [AFMUG] Mikrotik quick view for unknown subnets > > > > I wasnt clear, I was actually looking for rogue subnets in general > > another issue example is that a customer with some time clocks recently > had a slick tech put a switch in before the router at multiple locations > from the same site, different APs, we bridge the APs at the POP, so they > were directly communicating > > > > On Mon, Feb 27, 2017 at 12:33 PM, Faisal Imtiaz <fai...@snappytelecom.net> > wrote: > > You might find the useful. > > > > https://forum.mikrotik.com/viewtopic.php?t=23640 > > > > > > Regards. > > > > Faisal Imtiaz > Snappy Internet & Telecom > 7266 SW 48 Street > Miami, FL 33155 > Tel: 305 663 5518 x 232 <(305)%20663-5518> > > Help-desk: (305)663-5518 <(305)%20663-5518> Option 2 or Email: > supp...@snappytelecom.net > > > -- > > *From: *"That One Guy /sarcasm" <thatoneguyst...@gmail.com> > *To: *af@afmug.com > *Sent: *Monday, February 27, 2017 11:34:59 AM > *Subject: *[AFMUG] Mikrotik quick view for unknown subnets > > If, for example a customer has a router connected backward, is there an > arp(ish) check aside from packet sniffing to see this since its not a > subnet on the interface and there wont be an arp entry? > > > > -- > > If you only see yourself as part of the team but you don't see your team > as part of yourself you have already failed as part of the team. > > > > > > > > -- > > If you only see yourself as part of the team but you don't see your team > as part of yourself you have already failed as part of the team. > > > > > > -- > > If you only see yourself as part of the team but you don't see your team > as part of yourself you have already failed as part of the team. > > > > > > -- > > If you only see yourself as part of the team but you don't see your team > as part of yourself you have already failed as part of the team. > -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team.
Re: [AFMUG] Mikrotik quick view for unknown subnets
Yep Clients should only be able to reach the Router that is in question, that it . ☺ Dennis Burgess – Network Solution Engineer – Consultant MikroTik Certified Trainer/Consultant<http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE For Wireless Hardware/Routers visit www.linktechs.net<http://www.linktechs.net/> Radio Frequiency Coverages: www.towercoverage.com<http://www.towercoverage.com/> Office: 314-735-0270 E-Mail: dmburg...@linktechs.net<mailto:dmburg...@linktechs.net> From: Af [mailto:af-boun...@afmug.com] On Behalf Of That One Guy /sarcasm Sent: Monday, February 27, 2017 3:42 PM To: af@afmug.com Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets clients on two different access points wil be blocked by client isolation? On Mon, Feb 27, 2017 at 3:35 PM, Dennis Burgess <dmburg...@linktechs.net<mailto:dmburg...@linktechs.net>> wrote: There is no reason why it would and should not . ☺ You can easily allow the one offs … Dennis Burgess – Network Solution Engineer – Consultant MikroTik Certified Trainer/Consultant<http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE For Wireless Hardware/Routers visit www.linktechs.net<http://www.linktechs.net/> Radio Frequiency Coverages: www.towercoverage.com<http://www.towercoverage.com/> Office: 314-735-0270<tel:(314)%20735-0270> E-Mail: dmburg...@linktechs.net<mailto:dmburg...@linktechs.net> From: Af [mailto:af-boun...@afmug.com<mailto:af-boun...@afmug.com>] On Behalf Of That One Guy /sarcasm Sent: Monday, February 27, 2017 1:13 PM To: af@afmug.com<mailto:af@afmug.com> Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets A. we have some locations where we dont use client isolation and B client isolation doesnt apply to two access points as far as I know On Mon, Feb 27, 2017 at 12:42 PM, Dennis Burgess <dmburg...@linktechs.net<mailto:dmburg...@linktechs.net>> wrote: Your client isolation should take care of that. FYI. Dennis Burgess – Network Solution Engineer – Consultant MikroTik Certified Trainer/Consultant<http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE For Wireless Hardware/Routers visit www.linktechs.net<http://www.linktechs.net/> Radio Frequiency Coverages: www.towercoverage.com<http://www.towercoverage.com/> Office: 314-735-0270<tel:(314)%20735-0270> E-Mail: dmburg...@linktechs.net<mailto:dmburg...@linktechs.net> From: Af [mailto:af-boun...@afmug.com<mailto:af-boun...@afmug.com>] On Behalf Of That One Guy /sarcasm Sent: Monday, February 27, 2017 12:42 PM To: af@afmug.com<mailto:af@afmug.com> Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets I wasnt clear, I was actually looking for rogue subnets in general another issue example is that a customer with some time clocks recently had a slick tech put a switch in before the router at multiple locations from the same site, different APs, we bridge the APs at the POP, so they were directly communicating On Mon, Feb 27, 2017 at 12:33 PM, Faisal Imtiaz <fai...@snappytelecom.net<mailto:fai...@snappytelecom.net>> wrote: You might find the useful. https://forum.mikrotik.com/viewtopic.php?t=23640 Regards. Faisal Imtiaz Snappy Internet & Telecom 7266 SW 48 Street Miami, FL 33155 Tel: 305 663 5518 x 232<tel:(305)%20663-5518> Help-desk: (305)663-5518<tel:(305)%20663-5518> Option 2 or Email: supp...@snappytelecom.net<mailto:supp...@snappytelecom.net> From: "That One Guy /sarcasm" <thatoneguyst...@gmail.com<mailto:thatoneguyst...@gmail.com>> To: af@afmug.com<mailto:af@afmug.com> Sent: Monday, February 27, 2017 11:34:59 AM Subject: [AFMUG] Mikrotik quick view for unknown subnets If, for example a customer has a router connected backward, is there an arp(ish) check aside from packet sniffing to see this since its not a subnet on the interface and there wont be an arp entry? -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team. -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team. -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team. -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team.
Re: [AFMUG] Mikrotik quick view for unknown subnets
clients on two different access points wil be blocked by client isolation? On Mon, Feb 27, 2017 at 3:35 PM, Dennis Burgess <dmburg...@linktechs.net> wrote: > There is no reason why it would and should not . J You can easily allow > the one offs … > > > > > > *Dennis Burgess** –** Network Solution Engineer – Consultant * > > MikroTik Certified Trainer/Consultant > <http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> – > MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE > > > > For Wireless Hardware/Routers visit www.linktechs.net > > Radio Frequiency Coverages: www.towercoverage.com > > Office: 314-735-0270 <(314)%20735-0270> > > E-Mail: dmburg...@linktechs.net > > > > *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *That One Guy > /sarcasm > *Sent:* Monday, February 27, 2017 1:13 PM > *To:* af@afmug.com > *Subject:* Re: [AFMUG] Mikrotik quick view for unknown subnets > > > > A. we have some locations where we dont use client isolation and B client > isolation doesnt apply to two access points as far as I know > > > > On Mon, Feb 27, 2017 at 12:42 PM, Dennis Burgess <dmburg...@linktechs.net> > wrote: > > Your client isolation should take care of that. FYI. > > > > > > *Dennis Burgess** –** Network Solution Engineer – Consultant * > > MikroTik Certified Trainer/Consultant > <http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> – > MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE > > > > For Wireless Hardware/Routers visit www.linktechs.net > > Radio Frequiency Coverages: www.towercoverage.com > > Office: 314-735-0270 <(314)%20735-0270> > > E-Mail: dmburg...@linktechs.net > > > > *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *That One Guy > /sarcasm > *Sent:* Monday, February 27, 2017 12:42 PM > *To:* af@afmug.com > *Subject:* Re: [AFMUG] Mikrotik quick view for unknown subnets > > > > I wasnt clear, I was actually looking for rogue subnets in general > > another issue example is that a customer with some time clocks recently > had a slick tech put a switch in before the router at multiple locations > from the same site, different APs, we bridge the APs at the POP, so they > were directly communicating > > > > On Mon, Feb 27, 2017 at 12:33 PM, Faisal Imtiaz <fai...@snappytelecom.net> > wrote: > > You might find the useful. > > > > https://forum.mikrotik.com/viewtopic.php?t=23640 > > > > > > Regards. > > > > Faisal Imtiaz > Snappy Internet & Telecom > 7266 SW 48 Street > Miami, FL 33155 > Tel: 305 663 5518 x 232 <(305)%20663-5518> > > Help-desk: (305)663-5518 <(305)%20663-5518> Option 2 or Email: > supp...@snappytelecom.net > > > -- > > *From: *"That One Guy /sarcasm" <thatoneguyst...@gmail.com> > *To: *af@afmug.com > *Sent: *Monday, February 27, 2017 11:34:59 AM > *Subject: *[AFMUG] Mikrotik quick view for unknown subnets > > If, for example a customer has a router connected backward, is there an > arp(ish) check aside from packet sniffing to see this since its not a > subnet on the interface and there wont be an arp entry? > > > > -- > > If you only see yourself as part of the team but you don't see your team > as part of yourself you have already failed as part of the team. > > > > > > > > -- > > If you only see yourself as part of the team but you don't see your team > as part of yourself you have already failed as part of the team. > > > > > > -- > > If you only see yourself as part of the team but you don't see your team > as part of yourself you have already failed as part of the team. > -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team.
Re: [AFMUG] Mikrotik quick view for unknown subnets
There is no reason why it would and should not . ☺ You can easily allow the one offs … Dennis Burgess – Network Solution Engineer – Consultant MikroTik Certified Trainer/Consultant<http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE For Wireless Hardware/Routers visit www.linktechs.net<http://www.linktechs.net/> Radio Frequiency Coverages: www.towercoverage.com<http://www.towercoverage.com/> Office: 314-735-0270 E-Mail: dmburg...@linktechs.net<mailto:dmburg...@linktechs.net> From: Af [mailto:af-boun...@afmug.com] On Behalf Of That One Guy /sarcasm Sent: Monday, February 27, 2017 1:13 PM To: af@afmug.com Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets A. we have some locations where we dont use client isolation and B client isolation doesnt apply to two access points as far as I know On Mon, Feb 27, 2017 at 12:42 PM, Dennis Burgess <dmburg...@linktechs.net<mailto:dmburg...@linktechs.net>> wrote: Your client isolation should take care of that. FYI. Dennis Burgess – Network Solution Engineer – Consultant MikroTik Certified Trainer/Consultant<http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE For Wireless Hardware/Routers visit www.linktechs.net<http://www.linktechs.net/> Radio Frequiency Coverages: www.towercoverage.com<http://www.towercoverage.com/> Office: 314-735-0270<tel:(314)%20735-0270> E-Mail: dmburg...@linktechs.net<mailto:dmburg...@linktechs.net> From: Af [mailto:af-boun...@afmug.com<mailto:af-boun...@afmug.com>] On Behalf Of That One Guy /sarcasm Sent: Monday, February 27, 2017 12:42 PM To: af@afmug.com<mailto:af@afmug.com> Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets I wasnt clear, I was actually looking for rogue subnets in general another issue example is that a customer with some time clocks recently had a slick tech put a switch in before the router at multiple locations from the same site, different APs, we bridge the APs at the POP, so they were directly communicating On Mon, Feb 27, 2017 at 12:33 PM, Faisal Imtiaz <fai...@snappytelecom.net<mailto:fai...@snappytelecom.net>> wrote: You might find the useful. https://forum.mikrotik.com/viewtopic.php?t=23640 Regards. Faisal Imtiaz Snappy Internet & Telecom 7266 SW 48 Street Miami, FL 33155 Tel: 305 663 5518 x 232<tel:(305)%20663-5518> Help-desk: (305)663-5518<tel:(305)%20663-5518> Option 2 or Email: supp...@snappytelecom.net<mailto:supp...@snappytelecom.net> From: "That One Guy /sarcasm" <thatoneguyst...@gmail.com<mailto:thatoneguyst...@gmail.com>> To: af@afmug.com<mailto:af@afmug.com> Sent: Monday, February 27, 2017 11:34:59 AM Subject: [AFMUG] Mikrotik quick view for unknown subnets If, for example a customer has a router connected backward, is there an arp(ish) check aside from packet sniffing to see this since its not a subnet on the interface and there wont be an arp entry? -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team. -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team. -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team.
Re: [AFMUG] Mikrotik quick view for unknown subnets
A. we have some locations where we dont use client isolation and B client isolation doesnt apply to two access points as far as I know On Mon, Feb 27, 2017 at 12:42 PM, Dennis Burgess <dmburg...@linktechs.net> wrote: > Your client isolation should take care of that. FYI. > > > > > > *Dennis Burgess** –** Network Solution Engineer – Consultant * > > MikroTik Certified Trainer/Consultant > <http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> – > MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE > > > > For Wireless Hardware/Routers visit www.linktechs.net > > Radio Frequiency Coverages: www.towercoverage.com > > Office: 314-735-0270 <(314)%20735-0270> > > E-Mail: dmburg...@linktechs.net > > > > *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *That One Guy > /sarcasm > *Sent:* Monday, February 27, 2017 12:42 PM > *To:* af@afmug.com > *Subject:* Re: [AFMUG] Mikrotik quick view for unknown subnets > > > > I wasnt clear, I was actually looking for rogue subnets in general > > another issue example is that a customer with some time clocks recently > had a slick tech put a switch in before the router at multiple locations > from the same site, different APs, we bridge the APs at the POP, so they > were directly communicating > > > > On Mon, Feb 27, 2017 at 12:33 PM, Faisal Imtiaz <fai...@snappytelecom.net> > wrote: > > You might find the useful. > > > > https://forum.mikrotik.com/viewtopic.php?t=23640 > > > > > > Regards. > > > > Faisal Imtiaz > Snappy Internet & Telecom > 7266 SW 48 Street > Miami, FL 33155 > Tel: 305 663 5518 x 232 <(305)%20663-5518> > > Help-desk: (305)663-5518 <(305)%20663-5518> Option 2 or Email: > supp...@snappytelecom.net > > > -- > > *From: *"That One Guy /sarcasm" <thatoneguyst...@gmail.com> > *To: *af@afmug.com > *Sent: *Monday, February 27, 2017 11:34:59 AM > *Subject: *[AFMUG] Mikrotik quick view for unknown subnets > > If, for example a customer has a router connected backward, is there an > arp(ish) check aside from packet sniffing to see this since its not a > subnet on the interface and there wont be an arp entry? > > > > -- > > If you only see yourself as part of the team but you don't see your team > as part of yourself you have already failed as part of the team. > > > > > > > > -- > > If you only see yourself as part of the team but you don't see your team > as part of yourself you have already failed as part of the team. > -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team.
Re: [AFMUG] Mikrotik quick view for unknown subnets
Your client isolation should take care of that. FYI. Dennis Burgess – Network Solution Engineer – Consultant MikroTik Certified Trainer/Consultant<http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE For Wireless Hardware/Routers visit www.linktechs.net<http://www.linktechs.net/> Radio Frequiency Coverages: www.towercoverage.com<http://www.towercoverage.com/> Office: 314-735-0270 E-Mail: dmburg...@linktechs.net<mailto:dmburg...@linktechs.net> From: Af [mailto:af-boun...@afmug.com] On Behalf Of That One Guy /sarcasm Sent: Monday, February 27, 2017 12:42 PM To: af@afmug.com Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets I wasnt clear, I was actually looking for rogue subnets in general another issue example is that a customer with some time clocks recently had a slick tech put a switch in before the router at multiple locations from the same site, different APs, we bridge the APs at the POP, so they were directly communicating On Mon, Feb 27, 2017 at 12:33 PM, Faisal Imtiaz <fai...@snappytelecom.net<mailto:fai...@snappytelecom.net>> wrote: You might find the useful. https://forum.mikrotik.com/viewtopic.php?t=23640 Regards. Faisal Imtiaz Snappy Internet & Telecom 7266 SW 48 Street Miami, FL 33155 Tel: 305 663 5518 x 232<tel:(305)%20663-5518> Help-desk: (305)663-5518<tel:(305)%20663-5518> Option 2 or Email: supp...@snappytelecom.net<mailto:supp...@snappytelecom.net> From: "That One Guy /sarcasm" <thatoneguyst...@gmail.com<mailto:thatoneguyst...@gmail.com>> To: af@afmug.com<mailto:af@afmug.com> Sent: Monday, February 27, 2017 11:34:59 AM Subject: [AFMUG] Mikrotik quick view for unknown subnets If, for example a customer has a router connected backward, is there an arp(ish) check aside from packet sniffing to see this since its not a subnet on the interface and there wont be an arp entry? -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team. -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team.
Re: [AFMUG] Mikrotik quick view for unknown subnets
I wasnt clear, I was actually looking for rogue subnets in general another issue example is that a customer with some time clocks recently had a slick tech put a switch in before the router at multiple locations from the same site, different APs, we bridge the APs at the POP, so they were directly communicating On Mon, Feb 27, 2017 at 12:33 PM, Faisal Imtiaz <fai...@snappytelecom.net> wrote: > You might find the useful. > > https://forum.mikrotik.com/viewtopic.php?t=23640 > > > Regards. > > Faisal Imtiaz > Snappy Internet & Telecom > 7266 SW 48 Street > Miami, FL 33155 > Tel: 305 663 5518 x 232 <(305)%20663-5518> > > Help-desk: (305)663-5518 <(305)%20663-5518> Option 2 or Email: > supp...@snappytelecom.net > > -- > > *From: *"That One Guy /sarcasm" <thatoneguyst...@gmail.com> > *To: *af@afmug.com > *Sent: *Monday, February 27, 2017 11:34:59 AM > *Subject: *[AFMUG] Mikrotik quick view for unknown subnets > > If, for example a customer has a router connected backward, is there an > arp(ish) check aside from packet sniffing to see this since its not a > subnet on the interface and there wont be an arp entry? > > > -- > If you only see yourself as part of the team but you don't see your team > as part of yourself you have already failed as part of the team. > > -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team.
Re: [AFMUG] Mikrotik quick view for unknown subnets
You might find the useful. https://forum.mikrotik.com/viewtopic.php?t=23640 Regards. Faisal Imtiaz Snappy Internet & Telecom 7266 SW 48 Street Miami, FL 33155 Tel: 305 663 5518 x 232 Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net > From: "That One Guy /sarcasm" <thatoneguyst...@gmail.com> > To: af@afmug.com > Sent: Monday, February 27, 2017 11:34:59 AM > Subject: [AFMUG] Mikrotik quick view for unknown subnets > If, for example a customer has a router connected backward, is there an > arp(ish) > check aside from packet sniffing to see this since its not a subnet on the > interface and there wont be an arp entry? > -- > If you only see yourself as part of the team but you don't see your team as > part > of yourself you have already failed as part of the team.
[AFMUG] Mikrotik quick view for unknown subnets
If, for example a customer has a router connected backward, is there an arp(ish) check aside from packet sniffing to see this since its not a subnet on the interface and there wont be an arp entry? -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team.