This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
basic-static [2023/05/24 23:13] – [DHCP Reservation] -replace screenshot with "dhcp_reservation-2022.6.jpg" @ 849x214 hogwild | basic-static [2023/06/27 16:21] (current) – [Static ARP] -condense, clarity hogwild | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== DHCP Reservation ====== | ====== DHCP Reservation ====== | ||
- | The DHCP Reservation menu contains settings to configure DHCP Reservations, | + | The DHCP Reservation menu contains settings to configure DHCP Reservations, |
===== DHCP Reservation ===== | ===== DHCP Reservation ===== | ||
- | Since release 2020.8, what was previously | + | Since release 2020.8, what was called " |
- | DHCP Reservation is a simple way to ensure that FreshTomato offers certain client devices the same IP address each time they request a lease. Simply enter the MAC address for a client device (which you can find on the Device List), into the **MAC Address** field, enter the **IP Address** (and optionally, **Hostname**) you want to assign | + | DHCP Reservation is a simple way to ensure that FreshTomato offers certain client devices the same IP address each time they request a lease. Simply enter the MAC address for a client device (found in Device List), into the **MAC Address** field, enter the **IP Address** (and optionally, **Hostname**) you want to assign into the appropriate |
- | The **Bound to** button is not mandatory. Only check the **Bound to** button if you want to enable Static ARP binding. FreshTomato then offers | + | The **Bound to** button is optional. Only check the **Bound to** button if you want to enable Static ARP binding. FreshTomato |
- | === Configuring DHCP Reservations === | + | ==== Configuring DHCP Reservations |
- | When assigning DHCP Reservations, | + | When assigning DHCP Reservations, |
- | If you want to assign multiple hostnames to the same IP address (for example, you want the the server 10.0.1.3 to be known as both “galaxy” and “mail”, you put them in the Hostname field, separated by a space. A space isn't a valid DHCP Hostname character, so you must use a hyphen for a single, multi-word Hostname like “My-PC”. If a client has multiple network interfaces (for example, | + | If you want to assign multiple hostnames to the same IP address (for example, you want the the server 10.0.1.3 to be known as both “galaxy” and “mail”, you put them in the Hostname field, separated by a space. A space isn't a valid DHCP Hostname character, so you must use a hyphen for a single, multi-word Hostname like “My-PC”. If a client has multiple network interfaces (such as Ethernet and WiFi) with different MAC addresses, it might not assign |
If FreshTomato can't find a match for the device' | If FreshTomato can't find a match for the device' | ||
- | |||
- | \\ {{:: | ||
\\ | \\ | ||
- | === Security Limitations === | + | \\ {{:: |
+ | |||
+ | |||
+ | ==== Security Limitations | ||
As mentioned earlier, DHCP Reservation offers the mapped IP address (and Hostname) to the MAC address you specified every time it offers a lease. DHCP Reservation does not prevent a different client from being configured with the same IP address. This is because DHCP Reservation only offers a static mapping to client devices which request a lease. If another device were self-configured with a (true) static IP, or if the router/DHCP were disabled, the other device could take that IP address. Similarly, if the first client for which DHCP Reservation were then self-configured with a static IP, it could claim a different IP address than the one in FreshTomato' | As mentioned earlier, DHCP Reservation offers the mapped IP address (and Hostname) to the MAC address you specified every time it offers a lease. DHCP Reservation does not prevent a different client from being configured with the same IP address. This is because DHCP Reservation only offers a static mapping to client devices which request a lease. If another device were self-configured with a (true) static IP, or if the router/DHCP were disabled, the other device could take that IP address. Similarly, if the first client for which DHCP Reservation were then self-configured with a static IP, it could claim a different IP address than the one in FreshTomato' | ||
- | Even if everything else were working properly, only DHCP lease //offers// are made static. The router' | + | Even if everything else were working properly, only DHCP lease //offers// are made static. The router' |
- | === Inconsistent Terminology === | ||
- | Confusion sometimes | + | ==== Inconsistent Terminology ==== |
+ | |||
+ | Sometimes, confusion | ||
Second, the term " | Second, the term " | ||
Some terminology variations include: | Some terminology variations include: | ||
+ | |||
+ | \\ | ||
* //" | * //" | ||
+ | |||
* "// | * "// | ||
+ | |||
* //" | * //" | ||
- | | + | |
+ | | ||
* //"IP address reservation"// | * //"IP address reservation"// | ||
\\ | \\ | ||
- | To reduce | + | To reduce |
---- | ---- | ||
Line 69: | Line 76: | ||
=== Reduces ARP spoofing === | === Reduces ARP spoofing === | ||
- | By default, ARP gets its mapping information from other network | + | By default, ARP gets its mapping information from other clients. It works in a peer-to-peer fashion. ARP mappings are assumed to be " |
Here again, Static ARP binding can help. When enabled, Static ARP binding will ignore ARP spoofing attempts. FreshTomato will ignore all (broadcast) ARP replies of devices listed in the table. Instead, FreshTomato will check the Static DHCP tables to find the MAC address that belongs to a certain IP address. We assume this information is more accurate, since the Static DHCP table is maintained by the network administrator. | Here again, Static ARP binding can help. When enabled, Static ARP binding will ignore ARP spoofing attempts. FreshTomato will ignore all (broadcast) ARP replies of devices listed in the table. Instead, FreshTomato will check the Static DHCP tables to find the MAC address that belongs to a certain IP address. We assume this information is more accurate, since the Static DHCP table is maintained by the network administrator. | ||
- | **MAC Address: **Here | + | **MAC Address: |
- | **Bound To: **Checking this enables Static ARP binding for the IP - MAC address mapping. It adds a Static ARP entry for the mapping | + | **Bound To: **Checking this enables Static ARP binding for the IP - MAC address mapping. It adds a Static ARP entry for it in FreshTomato' |
- | **IP Address:** Here, enter the IP address you want bound to the MAC address entered. This is optional. If you leave the IP address empty, it will only link a Hostname to a MAC address, allowing for normal DHCP operations. This "lack of IP" might be helpful for devices that don't automatically have a Hostname assigned, but for which you still prefer a dynamic IP allocation. | + | **IP Address: |
- | **IP Traffic:** Checking this enables IP bandwidth | + | **IP Traffic:** Checking this enables IP Traffic |
- | **Hostname: | + | **Hostname: |
Traditionally, | Traditionally, | ||
- | These days, the client' | + | These days, the client' |
- | Hostname description derived from IETF (IETF.ORG) RFC2131 Standards Track, DHCP Protocol, page 8 | + | Hostname description derived from IETF (IETF.ORG) RFC2131 Standards Track, DHCP Protocol, page 8 [[https:// |
- | + | ||
- | [[https:// | + | |
Line 96: | Line 101: | ||
**Ignore DHCP Requests from unknown devices:** | **Ignore DHCP Requests from unknown devices:** | ||
- | Enabling this will ensure FreshTomato | + | Enabling this will ensure FreshTomato |
- | The //Ignore DHCP Requests from unknown devices// function only works for devices in subnets with (subnet)mask | + | The //Ignore DHCP Requests from unknown devices// function only works for devices in subnets with netmask |
+ | |||
+ | \\ {{:: | ||
\\ | \\ | ||
- | [[https:// | + | ARP only works with IPv4. IPv6 uses a different protocol for IP-to-MAC Address resolution |
- | + | ||
- | \\ | + | |
- | + | ||
- | ARP only works with IPv4. IPv6 uses a different protocol for IP-to-MAC Address resolution. | + | |
===== IPT ===== | ===== IPT ===== | ||
- | IPT stands for [[admin-iptraffic|IP Traffic Monitoring]]. Every client device not marked as ' | + | IPT stands for IP Traffic Monitoring. If Auto-Discovery is enabled in the [[admin-iptraffic|IP Traffic Monitoring]] |
\\ | \\ |