FreshTomato Wiki

User Tools

Site Tools

Trace:
basic-static

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Last revisionBoth sides next revision
basic-static [2023/05/24 23:29] – [IPT] -clarity hogwildbasic-static [2023/06/27 16:15] – [Security Limitations] -formatting-change to Head3 hogwild
Line 1: Line 1:
 ====== DHCP Reservation ====== ====== DHCP Reservation ======
  
-The DHCP Reservation menu contains settings to configure DHCP Reservations, Static ARP bindings and enabling/disabling of IP Traffic monitoring for clients with the above mappings. +The DHCP Reservation menu contains settings to configure DHCP Reservations, Static ARP bindings and enable/disable IP Traffic monitoring for clients with the above mappings.
  
 ===== DHCP Reservation ===== ===== DHCP Reservation =====
  
-Since release 2020.8, what was previously called "Static DHCP" is now more accurately called "DHCP Reservation". Please see "Inconsistent Terminology" in this section for further clarification and differentiation of terminology.+Since release 2020.8, what was called "Static DHCP" is now more accurately named "DHCP Reservation". Please see "Inconsistent Terminology" in this section for further clarification and differentiation of terminology.
  
-DHCP Reservation is a simple way to ensure that FreshTomato offers certain client devices the same IP address each time they request a lease. Simply enter the MAC address for a client device (which you can find on the Device List), into the **MAC Address** field, enter the **IP Address** (and optionally, **Hostname**) you want to assign to this device into those respective fields and click Save.+DHCP Reservation is a simple way to ensure that FreshTomato offers certain client devices the same IP address each time they request a lease. Simply enter the MAC address for a client device (found in Device List), into the **MAC Address** field, enter the **IP Address** (and optionally, **Hostname**) you want to assign into the appropriate fields and click Save.
  
-The **Bound to** button is not mandatory. Only check the **Bound to** button if you want to enable Static ARP binding. FreshTomato then offers that IP address (and hostname) to the MAC address you specified every time it offers a lease. In general, the client device will always get that IP address //whenever it requests one//. That last part, “whenever it requests one” is the key part here. See the explanation of the term Hostname later on this page.+The **Bound to** button is optional. Only check the **Bound to** button if you want to enable Static ARP binding. FreshTomato will then offer that address (and hostname) to the MAC address you specified every time it offers a lease. In general, the client device will always get that IP address //whenever it requests one//. That last part, “whenever it requests one” is the key part here. See the explanation of the term Hostname later on this page.
  
-=== Configuring DHCP Reservations ===+==== Configuring DHCP Reservations ====
  
-When assigning DHCP Reservations, you should use an IP address in FreshTomato's main subnet, but outside the normal DHCP pool (range). This avoids potential address conflicts. For example, if your DHCP server is set to assign addresses in the range: 10.0.1.1 - 10.0.1.100, then choosing DHCP Reservation assignments of 10.0.1.101 - 10.0.1.254 might work well.+When assigning DHCP Reservations, you should use an IP address in FreshTomato's main subnet, but outside the normal //IP Range //(in the Network menu). This avoids potential address conflicts. For example, if your DHCP server is set to assign addresses in the range: 10.0.1.1 - 10.0.1.100, then choosing DHCP Reservation assignments of 10.0.1.101 - 10.0.1.254 might work well.
  
-If you want to assign multiple hostnames to the same IP address (for example, you want the the server 10.0.1.3 to be known as both “galaxy” and “mail”, you put them in the Hostname field, separated by a space. A space isn't a valid DHCP Hostname character, so you must use a hyphen for a single, multi-word Hostname like “My-PC”. If a client has multiple network interfaces (for example, Ethernet and WiFi) with different MAC addresses, it might not have the hostname properly assigned to both devices. You could get a “Duplicate name” error.[(ref_1)]+If you want to assign multiple hostnames to the same IP address (for example, you want the the server 10.0.1.3 to be known as both “galaxy” and “mail”, you put them in the Hostname field, separated by a space. A space isn't a valid DHCP Hostname character, so you must use a hyphen for a single, multi-word Hostname like “My-PC”. If a client has multiple network interfaces (such as Ethernet and WiFi) with different MAC addresses, it might not assign the hostname properly to both devices. You could get a “Duplicate name” error.[(ref_1)]
  
 If FreshTomato can't find a match for the device's Hostname (first priority) or [[https://en.wikipedia.org/wiki/MAC_address|MAC address]] (second priority), the server may fall back to either Dynamic or Automatic allocation. For an explanation of the term //Hostname//, see later on this page. If FreshTomato can't find a match for the device's Hostname (first priority) or [[https://en.wikipedia.org/wiki/MAC_address|MAC address]] (second priority), the server may fall back to either Dynamic or Automatic allocation. For an explanation of the term //Hostname//, see later on this page.
- 
- \\ {{::dhcp_reservation-2022.6.jpg?849}} 
  
  \\  \\
  
-=== Security Limitations ===+ \\ {{::dhcp_reservation-2023.2.jpg?877}} \\  \\ 
 + 
 + 
 +==== Security Limitations ====
  
 As mentioned earlier, DHCP Reservation offers the mapped IP address (and Hostname) to the MAC address you specified every time it offers a lease. DHCP Reservation does not prevent a different client from being configured with the same IP address. This is because DHCP Reservation only offers a static mapping to client devices which request a lease. If another device were self-configured with a (true) static IP, or if the router/DHCP were disabled, the other device could take that IP address. Similarly, if the first client for which DHCP Reservation were then self-configured with a static IP, it could claim a different IP address than the one in FreshTomato's DHCP Reservation mapping. As mentioned earlier, DHCP Reservation offers the mapped IP address (and Hostname) to the MAC address you specified every time it offers a lease. DHCP Reservation does not prevent a different client from being configured with the same IP address. This is because DHCP Reservation only offers a static mapping to client devices which request a lease. If another device were self-configured with a (true) static IP, or if the router/DHCP were disabled, the other device could take that IP address. Similarly, if the first client for which DHCP Reservation were then self-configured with a static IP, it could claim a different IP address than the one in FreshTomato's DHCP Reservation mapping.
  
-Even if everything else were working properly, only DHCP lease //offers// are made static. The router's IP→MAC neighbour cache (aka ARP cache) is still filled in dynamically using ARP broadcasts. That means that unless we add something else, FreshTomato is relying on client devices to be honest about their MAC addresses. The data source for ARP mappings is assumed to be “honest” and accurate, even though that source is often the network clients themselves. In such circumstances, there's not much to stop unauthorized or malicious clients from pretending to be a different MAC address (ARP spoofing). ARP spoofing could even include spoofing the router or gateway's MAC address. All this could have serious consequences. This is where Static ARP becomes useful.+Even if everything else were working properly, only DHCP lease //offers// are made static. The router's IP→MAC neighbour cache (ARP cache) is still filled in dynamically using ARP broadcasts. That means that unless we add something else, FreshTomato is relying on client devices to be honest about their MAC addresses. The data source for ARP mappings is assumed to be “honest” and accurate, even though that source is often the network clients themselves. Under such conditions, there's not much to stop unauthorized or malicious clients from pretending to be a different MAC address (ARP spoofing). ARP spoofing could even include spoofing the router or gateway's MAC address. All this could have serious consequences. This is where Static ARP becomes useful.
  
-=== Inconsistent Terminology === 
  
-Confusion sometimes occurs because of imprecise or inconsistent terminology. First, DHCP Reservation is sometimes confused with //Static IP//. They are not the same. DHCP Reservation involves configuring an assigned IP address for the client device //within (FreshTomato's) DHCP server//. This causes the client to receive a specific address when it requests a DHCP lease. Static IP is the configuration of an IP address manually //from within the client device itself//.+==== Inconsistent Terminology ==== 
 + 
 +Sometimes, confusion occurs because of imprecise or inconsistent terminology. First, DHCP Reservation is sometimes confused with //Static IP//. They are not the same. DHCP Reservation involves configuring an assigned IP address for the client device //within (FreshTomato's) DHCP server//. This causes the client to receive a specific address when it requests a DHCP lease. Static IP is the configuration of an IP address manually //from within the client device itself//.
  
 Second, the term "Static DHCP" is given different names by different vendors/projects. Second, the term "Static DHCP" is given different names by different vendors/projects.
  
 Some terminology variations include: Some terminology variations include:
 +
 + \\
  
   * //"static DHCP assignment"// in DD-WRT,   * //"static DHCP assignment"// in DD-WRT,
 +
   * "//fixed-address"// in the Linux dhcp daemon (dhcpd) documentation   * "//fixed-address"// in the Linux dhcp daemon (dhcpd) documentation
 +
   * //"Address Reservation"// by Netgear   * //"Address Reservation"// by Netgear
-  * //Either "DHCP Reservation" //or "//Static DHCP"// by Cisco/Linksys and;+ 
 +  Either// "DHCP Reservation" //or "//Static DHCP"// by Cisco/Linksys 
   * //"IP address reservation"// or "//MAC/IP address binding"// by other router vendors.   * //"IP address reservation"// or "//MAC/IP address binding"// by other router vendors.
  
  \\  \\
  
-To reduce confusingone should be precise with terminology relating to this subject.+To reduce confusionyou are advised to be precise with terminology relating to this subject.
  
 ---- ----
Line 90: Line 97:
  
 [[https://tools.ietf.org/html/rfc2131|https://tools.ietf.org/html/rfc2131]] [[https://tools.ietf.org/html/rfc2131|https://tools.ietf.org/html/rfc2131]]
- 
  
 ===== Options ===== ===== Options =====
Line 96: Line 102:
 **Ignore DHCP Requests from unknown devices:** **Ignore DHCP Requests from unknown devices:**
  
-Enabling this will ensure FreshTomato wont' offer a DHCP lease to any DHCP requests from unlisted MAC addresses/Hostnames. A MAC address is considered unknown when there is no [[dhcp_reservation|DHCP Reservation]] for it. Again, this doesn't apply to a client device that has been configured with a (true) Static IP. By default, it will still be allowed on the network, unless further measures are taken.+Enabling this will ensure FreshTomato won'offer a DHCP lease to any DHCP requests from unlisted MAC addresses/Hostnames. A MAC address is considered unknown when there is no [[dhcp_reservation|DHCP Reservation]] for it. Again, this won't apply to a client device configured with a (true) Static IP. By default, it will still be allowed on the network, unless further measures are taken.
  
-The //Ignore DHCP Requests from unknown devices// function only works for devices in subnets with (subnet)mask 255.255.255.0 (previously called “Class C” subnets).+The //Ignore DHCP Requests from unknown devices// function only works for devices in subnets with netmask 255.255.255.0 (previously called “Class C” subnets).
  
  \\ {{::dhcp_reservation-options-2022.6.jpg?611}}\\  \\ {{::dhcp_reservation-options-2022.6.jpg?611}}\\
Line 109: Line 115:
 ===== IPT ===== ===== IPT =====
  
-IPT stands for IP Traffic Monitoring. If Auto-Discovery is enabled in the [[admin-iptraffic|IP Traffic Monitoring]] menu, every client device that is not marked as 'Disconnected' in [[:device_list|Device List]] will be on the monitoring list. Enabling IPT puts inactive or disconnected client devices on the IP Traffic Monitoring list.+IPT stands for IP Traffic Monitoring. If Auto-Discovery is enabled in the [[admin-iptraffic|IP Traffic Monitoring]] menu, every client device that is not marked as 'Disconnected' in [[:status-devices|Device List]] will be on the monitoring list. Enabling IPT puts inactive or disconnected client devices on the IP Traffic Monitoring list.
  
  \\  \\
basic-static.txt · Last modified: 2023/06/27 16:21 by hogwild

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki