This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionLast revisionBoth sides next revision | ||
basic-static [2023/06/23 20:47] – -delete old, outdated version hogwild | basic-static [2023/06/27 16:15] – [Security Limitations] -formatting-change to Head3 hogwild | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== DHCP Reservation ====== | ||
+ | |||
+ | The DHCP Reservation menu contains settings to configure DHCP Reservations, | ||
+ | |||
+ | ===== DHCP Reservation ===== | ||
+ | |||
+ | Since release 2020.8, what was called " | ||
+ | |||
+ | DHCP Reservation is a simple way to ensure that FreshTomato offers certain client devices the same IP address each time they request a lease. Simply enter the MAC address for a client device (found in Device List), into the **MAC Address** field, enter the **IP Address** (and optionally, **Hostname**) you want to assign into the appropriate fields and click Save. | ||
+ | |||
+ | The **Bound to** button is optional. Only check the **Bound to** button if you want to enable Static ARP binding. FreshTomato will then offer that address (and hostname) to the MAC address you specified every time it offers a lease. In general, the client device will always get that IP address //whenever it requests one//. That last part, “whenever it requests one” is the key part here. See the explanation of the term Hostname later on this page. | ||
+ | |||
+ | ==== Configuring DHCP Reservations ==== | ||
+ | |||
+ | When assigning DHCP Reservations, | ||
+ | |||
+ | If you want to assign multiple hostnames to the same IP address (for example, you want the the server 10.0.1.3 to be known as both “galaxy” and “mail”, you put them in the Hostname field, separated by a space. A space isn't a valid DHCP Hostname character, so you must use a hyphen for a single, multi-word Hostname like “My-PC”. If a client has multiple network interfaces (such as Ethernet and WiFi) with different MAC addresses, it might not assign the hostname properly to both devices. You could get a “Duplicate name” error.[(ref_1)] | ||
+ | |||
+ | If FreshTomato can't find a match for the device' | ||
+ | |||
+ | \\ | ||
+ | |||
+ | \\ {{:: | ||
+ | |||
+ | |||
+ | ==== Security Limitations ==== | ||
+ | |||
+ | As mentioned earlier, DHCP Reservation offers the mapped IP address (and Hostname) to the MAC address you specified every time it offers a lease. DHCP Reservation does not prevent a different client from being configured with the same IP address. This is because DHCP Reservation only offers a static mapping to client devices which request a lease. If another device were self-configured with a (true) static IP, or if the router/DHCP were disabled, the other device could take that IP address. Similarly, if the first client for which DHCP Reservation were then self-configured with a static IP, it could claim a different IP address than the one in FreshTomato' | ||
+ | |||
+ | Even if everything else were working properly, only DHCP lease //offers// are made static. The router' | ||
+ | |||
+ | |||
+ | ==== Inconsistent Terminology ==== | ||
+ | |||
+ | Sometimes, confusion occurs because of imprecise or inconsistent terminology. First, DHCP Reservation is sometimes confused with //Static IP//. They are not the same. DHCP Reservation involves configuring an assigned IP address for the client device //within (FreshTomato' | ||
+ | |||
+ | Second, the term " | ||
+ | |||
+ | Some terminology variations include: | ||
+ | |||
+ | \\ | ||
+ | |||
+ | * //" | ||
+ | |||
+ | * "// | ||
+ | |||
+ | * //" | ||
+ | |||
+ | * Either// "DHCP Reservation" | ||
+ | |||
+ | * //"IP address reservation"// | ||
+ | |||
+ | \\ | ||
+ | |||
+ | To reduce confusion, you are advised to be precise with terminology relating to this subject. | ||
+ | |||
+ | ---- | ||
+ | |||
+ | ~~REFNOTES~~ | ||
+ | |||
+ | [(ref_1)] | ||
+ | |||
+ | FreshTomato can assign one IP/Hostname to 2 MAC addresses if the following steps here are taken: | ||
+ | |||
+ | [[https:// | ||
+ | |||
+ | |||
+ | ===== Static ARP ===== | ||
+ | |||
+ | ARP is a protocol that clients use to obtain the MAC address of another client, given its IP address. ARP is used so that clients can figure out how to address network packets to another client. If a network client needs to communicate with another client, it broadcasts an ARP request across the network asking for the other client' | ||
+ | |||
+ | === Reduces Broadcast Traffic === | ||
+ | |||
+ | Since ARP requests are broadcast across the network, they add to network traffic. Having FreshTomato as a centralized source of ARP resolution can help to limit those ARP broadcasts, reducing network traffic. | ||
+ | |||
+ | === Reduces ARP spoofing === | ||
+ | |||
+ | By default, ARP gets its mapping information from other network clients. It works in a peer-to-peer fashion. ARP mappings are assumed to be " | ||
+ | |||
+ | Here again, Static ARP binding can help. When enabled, Static ARP binding will ignore ARP spoofing attempts. FreshTomato will ignore all (broadcast) ARP replies of devices listed in the table. Instead, FreshTomato will check the Static DHCP tables to find the MAC address that belongs to a certain IP address. We assume this information is more accurate, since the Static DHCP table is maintained by the network administrator. | ||
+ | |||
+ | **MAC Address: **Here you enter the MAC Address you wish to bind. | ||
+ | |||
+ | **Bound To: **Checking this enables Static ARP binding for the IP - MAC address mapping. It adds a Static ARP entry for the mapping in FreshTomato' | ||
+ | |||
+ | **IP Address:** Here, enter the IP address you want bound to the MAC address entered. This is optional. If you leave the IP address empty, it will only link a Hostname to a MAC address, allowing for normal DHCP operations. This "lack of IP" might be helpful for devices that don't automatically have a Hostname assigned, but for which you still prefer a dynamic IP allocation. | ||
+ | |||
+ | **IP Traffic:** Checking this enables IP bandwidth Monitoring for the mapped MAC Address/IP address/ | ||
+ | |||
+ | **Hostname: | ||
+ | |||
+ | Traditionally, | ||
+ | |||
+ | These days, the client' | ||
+ | |||
+ | Hostname description derived from IETF (IETF.ORG) RFC2131 Standards Track, DHCP Protocol, page 8 | ||
+ | |||
+ | [[https:// | ||
+ | |||
+ | ===== Options ===== | ||
+ | |||
+ | **Ignore DHCP Requests from unknown devices:** | ||
+ | |||
+ | Enabling this will ensure FreshTomato won't offer a DHCP lease to any DHCP requests from unlisted MAC addresses/ | ||
+ | |||
+ | The //Ignore DHCP Requests from unknown devices// function only works for devices in subnets with netmask 255.255.255.0 (previously called “Class C” subnets). | ||
+ | |||
+ | \\ {{:: | ||
+ | |||
+ | \\ | ||
+ | |||
+ | ARP only works with IPv4. IPv6 uses a different protocol for IP-to-MAC Address resolution protocol. | ||
+ | |||
+ | |||
+ | ===== IPT ===== | ||
+ | |||
+ | IPT stands for IP Traffic Monitoring. If Auto-Discovery is enabled in the [[admin-iptraffic|IP Traffic Monitoring]] menu, every client device that is not marked as ' | ||
+ | |||
+ | \\ | ||
+ | |||
+ | \\ | ||
+ | |||
+ | \\ | ||
+ | |||