Hello,
As I am tidying up my network by segregating it into secure, general inet
access and guest networks.
I would like to keep tabs on the MAC/IP addresses in my secure net.
I do know how to do this, but keeping track of ethernet MAC addresses seems
quite cumbersome in OpenBSD, not that it is more convenient in any other
general purpose operating system but many interfaces for ex. routers make it
easy to manage, especially MAC filtering.
At the moment we have:
/etc/ethers file #not the same as arp -s and arp -f !!
arp -a output
arp -s and arp -f input # not the same as /etc/ethers!!
So what have I tried:
ifconfig em0 -arp #in order to prevent discovery of unauthorized hosts
arp -ad
echo > /etc/ethers
ping - ping: sendmsg: Host is down
arp -s
ping - response
PS: after running ifconfig em0 -arp my Allied Telesis AT-GS950-16 managed
switch took the link down and refuses to bring it back up on the same port
without a reset. Other ports work fine.
What can I do:
Probably find some bloated program that introduces way more risc than the gain
by keeping tabs on MAC addresses.
Make a simple script that creates a hosts/unbound file and a file suitable for
arp -f from a single master file containing MAC, IPv4 and hostname and then
loads them.
As I have already mentioned I can manage by myself, but it seems to me that
this is something that a lot of people would want.
Would it make sense to have arp read /etc/ethers?
Is there another way than ifconfig em0 -arp to prevent auto-learning mac
addresses from the ethernet network and have the mac addresses added as
"static"?
Awaiting imput if I am missing something, if there already is an elegant
solution to my problem or if it is something that more people would like to
have a solution for.
Thanks, Dimitrios
