This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
basic-static [2023/05/24 22:51] – [DHCP Reservation] hogwild | basic-static [2023/06/27 16:21] (current) – [Static ARP] -condense, clarity hogwild | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== DHCP Reservation ====== | ====== DHCP Reservation ====== | ||
- | The DHCP Reservation menu contains settings to configure DHCP Reservations, | + | The DHCP Reservation menu contains settings to configure DHCP Reservations, |
===== DHCP Reservation ===== | ===== DHCP Reservation ===== | ||
- | Since release 2020.8, what was previously | + | Since release 2020.8, what was called " |
- | DHCP Reservation is a simple way to ensure that FreshTomato offers certain client devices the same IP address each time they request a lease. Simply enter the MAC address for a client device (which you can find on the Device List), into the **MAC Address** field, enter the **IP Address** (and optionally, **Hostname**) you want to assign | + | DHCP Reservation is a simple way to ensure that FreshTomato offers certain client devices the same IP address each time they request a lease. Simply enter the MAC address for a client device (found in Device List), into the **MAC Address** field, enter the **IP Address** (and optionally, **Hostname**) you want to assign into the appropriate |
- | The **Bound to** button is not mandatory. Only check the **Bound to** button if you want to enable Static ARP binding. FreshTomato then offers | + | The **Bound to** button is optional. Only check the **Bound to** button if you want to enable Static ARP binding. FreshTomato |
- | === Configuring DHCP Reservations === | + | ==== Configuring DHCP Reservations |
- | When assigning DHCP Reservations, | + | When assigning DHCP Reservations, |
- | If you want to assign multiple hostnames to the same IP address (for example, you want the the server 10.0.1.3 to be known as both “galaxy” and “mail”, you put them in the Hostname field, separated by a space. A space isn't a valid DHCP Hostname character, so you must use a hyphen for a single, multi-word Hostname like “My-PC”. If a client has multiple network interfaces (for example, | + | If you want to assign multiple hostnames to the same IP address (for example, you want the the server 10.0.1.3 to be known as both “galaxy” and “mail”, you put them in the Hostname field, separated by a space. A space isn't a valid DHCP Hostname character, so you must use a hyphen for a single, multi-word Hostname like “My-PC”. If a client has multiple network interfaces (such as Ethernet and WiFi) with different MAC addresses, it might not assign |
If FreshTomato can't find a match for the device' | If FreshTomato can't find a match for the device' | ||
Line 22: | Line 21: | ||
\\ | \\ | ||
- | [[https://wiki.freshtomato.org/ | + | \\ {{:: |
- | \\ | ||
- | === Security Limitations === | + | ==== Security Limitations |
As mentioned earlier, DHCP Reservation offers the mapped IP address (and Hostname) to the MAC address you specified every time it offers a lease. DHCP Reservation does not prevent a different client from being configured with the same IP address. This is because DHCP Reservation only offers a static mapping to client devices which request a lease. If another device were self-configured with a (true) static IP, or if the router/DHCP were disabled, the other device could take that IP address. Similarly, if the first client for which DHCP Reservation were then self-configured with a static IP, it could claim a different IP address than the one in FreshTomato' | As mentioned earlier, DHCP Reservation offers the mapped IP address (and Hostname) to the MAC address you specified every time it offers a lease. DHCP Reservation does not prevent a different client from being configured with the same IP address. This is because DHCP Reservation only offers a static mapping to client devices which request a lease. If another device were self-configured with a (true) static IP, or if the router/DHCP were disabled, the other device could take that IP address. Similarly, if the first client for which DHCP Reservation were then self-configured with a static IP, it could claim a different IP address than the one in FreshTomato' | ||
- | Even if everything else were working properly, only DHCP lease //offers// are made static. The router' | + | Even if everything else were working properly, only DHCP lease //offers// are made static. The router' |
- | === Inconsistent Terminology === | ||
- | Confusion sometimes | + | ==== Inconsistent Terminology ==== |
+ | |||
+ | Sometimes, confusion | ||
Second, the term " | Second, the term " | ||
Some terminology variations include: | Some terminology variations include: | ||
+ | |||
+ | \\ | ||
* //" | * //" | ||
+ | |||
* "// | * "// | ||
+ | |||
* //" | * //" | ||
- | | + | |
+ | | ||
* //"IP address reservation"// | * //"IP address reservation"// | ||
\\ | \\ | ||
- | To reduce | + | To reduce |
---- | ---- | ||
Line 64: | Line 69: | ||
ARP is a protocol that clients use to obtain the MAC address of another client, given its IP address. ARP is used so that clients can figure out how to address network packets to another client. If a network client needs to communicate with another client, it broadcasts an ARP request across the network asking for the other client' | ARP is a protocol that clients use to obtain the MAC address of another client, given its IP address. ARP is used so that clients can figure out how to address network packets to another client. If a network client needs to communicate with another client, it broadcasts an ARP request across the network asking for the other client' | ||
+ | |||
=== Reduces Broadcast Traffic === | === Reduces Broadcast Traffic === | ||
Line 70: | Line 76: | ||
=== Reduces ARP spoofing === | === Reduces ARP spoofing === | ||
- | By default, ARP gets its mapping information from other clients | + | By default, ARP gets its mapping information from other clients. It works in a peer-to-peer fashion. ARP mappings are assumed to be " |
Here again, Static ARP binding can help. When enabled, Static ARP binding will ignore ARP spoofing attempts. FreshTomato will ignore all (broadcast) ARP replies of devices listed in the table. Instead, FreshTomato will check the Static DHCP tables to find the MAC address that belongs to a certain IP address. We assume this information is more accurate, since the Static DHCP table is maintained by the network administrator. | Here again, Static ARP binding can help. When enabled, Static ARP binding will ignore ARP spoofing attempts. FreshTomato will ignore all (broadcast) ARP replies of devices listed in the table. Instead, FreshTomato will check the Static DHCP tables to find the MAC address that belongs to a certain IP address. We assume this information is more accurate, since the Static DHCP table is maintained by the network administrator. | ||
- | **MAC Address: **Here | + | **MAC Address: |
- | **Bound To: **This checkbox | + | **Bound To: **Checking this enables Static ARP binding for the IP - MAC address mapping. It adds a Static ARP entry for it in FreshTomato' |
- | **IP Address:** Here you enter the IP address you wish to be bound to the MAC address | + | **IP Address: |
- | **IP Traffic:** Checking this box enables IP bandwidth | + | **IP Traffic:** Checking this enables IP Traffic |
- | **Hostname: | + | **Hostname: |
- | Hostname description derived from International Engineering Task Force (IETF.ORG) RFC2131 Standards Track, DHCP Protocol, page 8 | + | Traditionally, |
+ | |||
+ | These days, the client' | ||
+ | |||
+ | Hostname description derived from IETF (IETF.ORG) RFC2131 Standards Track, DHCP Protocol, page 8 | ||
- | [[https:// | ||
===== Options ===== | ===== Options ===== | ||
Line 92: | Line 101: | ||
**Ignore DHCP Requests from unknown devices:** | **Ignore DHCP Requests from unknown devices:** | ||
- | Enabling this will ensure FreshTomato | + | Enabling this will ensure FreshTomato |
- | The //Ignore DHCP Requests from unknown devices// function only works for devices in subnets with (subnet)mask | + | The //Ignore DHCP Requests from unknown devices// function only works for devices in subnets with netmask |
- | \\ | + | \\ {{:: |
- | [[https:// | + | \\ |
- | + | ||
- | \\ | + | |
- | ARP only works with IPv4. IPv6 uses a different protocol for IP-to-MAC Address resolution. | + | ARP only works with IPv4. IPv6 uses a different protocol for IP-to-MAC Address resolution |
===== IPT ===== | ===== IPT ===== | ||
- | IPT stands for [[admin-iptraffic|IP Traffic Monitoring]]. Every client device not marked as ' | + | IPT stands for IP Traffic Monitoring. If Auto-Discovery is enabled in the [[admin-iptraffic|IP Traffic Monitoring]] |
\\ | \\ |