Differences

This shows you the differences between two versions of the page.

--- basic-static [2024/09/29 21:26] – [Configuring DHCP Reservations] -Condense, formatting hogwild
+++ basic-static [2024/11/27 00:14] (current) – [Static ARP] -formatting, condense hogwild
@@ Line 4: / Line 4: @@
-===== DHCP Reservation =====
+===== Basic Concepts =====
 Since release 2020.8, what was called "Static DHCP" is now more accurately named "DHCP Reservation". Please see "Inconsistent Terminology" in this section for clarification and differentiation of terminology.
@@ Line 10: / Line 10: @@
 DHCP Reservation is a simple way to ensure that FreshTomato offers certain client devices the same IP address each time they request a lease. Simply enter the MAC address for a client device (found in [[status-devices|Device List]]), into the **MAC Address** field, enter the **IP Address** (and optionally, **Hostname**) you want to assign into the appropriate fields and click "Save".
-The **Bound to** button is optional. Only check the **Bound to** button if you want to enable Static ARP binding. FreshTomato will then offer that address (and hostname) to the MAC address you specified every time it offers a lease. In general, the client device will always get that IP address //whenever it requests one//. That last part, “whenever it requests one” is the key part here. See the explanation of the term //Hostname// later on this page.
+The **Bound to** button is optional. Check the **Bound to** button only if you want to enable Static ARP binding. FreshTomato will then offer that address (and hostname) to the MAC address you specified every time it offers a lease. In general, the client device will always get that IP address //whenever it requests one//. That last part, “whenever it requests one” is the key part here. See the explanation of the term //Hostname// later on this page.
@@ Line 29: / Line 29: @@
   - Find a match for the device's Hostname (first priority).
   - Find a match for the device's MAC address (second priority).
-  - Failing the first two options, the dnsmasq server may fall back \\ to either Dynamic or Automatic allocation. \\ For details about \\ the term //Hostname//, see later on this page.
+  - If the first two options fail, the dnsmasq server may fall back \\ to either Dynamic or Automatic allocation. For details about \\ the term //Hostname//, see later on this page.
  \\
-{{::basic-dhcp_reservation-2024.1.png?909}}\\ \\  \\
+{{::basic-dhcp_reservation-2024.1.png?833}}\\ \\  \\
 ==== Security Limitations ====
-As mentioned earlier, DHCP Reservation offers the mapped IP address (and Hostname) to the MAC address you specified every time it offers a lease. DHCP Reservation does not prevent a different client from being configured with the same IP address. This is because DHCP Reservation only offers a static mapping to client devices which request a lease. If another device were self-configured with a (true) static IP, or if the router/DHCP were disabled, the other device could take that IP address. Similarly, if the first client for which DHCP Reservation were then self-configured with a static IP, it could claim a different IP address than the one in FreshTomato's DHCP Reservation mapping.
+Again, DHCP Reservation offers the mapped IP address (and Hostname) to the MAC address you specified every time it offers a lease. DHCP Reservation does not prevent a different client from being configured with the same IP address. This is because DHCP Reservation only offers a static mapping to client devices which //request// a lease. If another device were self-configured with a static IP, or if the router/DHCP were disabled, the other device could take that address. Similarly, if the first client with a DHCP Reservation were then self-configured with a static address, it could claim a different IP address than the DHCP Reservation.
-Even if everything else were working properly, only DHCP lease //offers// are made static. The router's IP→MAC neighbour cache (ARP cache) is still filled in dynamically using ARP broadcasts. That means that unless we add something else, FreshTomato is relying on client devices to be honest about their MAC addresses. The data source for ARP mappings is assumed to be “honest” and accurate, even though that source is often the network clients themselves. Under such conditions, there's not much to stop unauthorized or malicious clients from pretending to be a different MAC address (ARP spoofing). ARP spoofing could even include spoofing the router's or gateway's MAC address. All this could have serious consequences. This is where Static ARP becomes useful.
+Even if everything else were working properly, only DHCP lease //offers// are made static. The router's IP→MAC neighbour cache (ARP cache) is still filled dynamically using ARP broadcasts. Thus, unless we add something else, FreshTomato will rely on client devices to be honest about their MAC addresses. The data source for ARP mappings is assumed to be “honest” and accurate, even though that source is often the clients themselves. Under such conditions, there's little to stop unauthorized or malicious clients from pretending to be a different MAC address (ARP spoofing). ARP spoofing could even include spoofing the MAC address of the router or gateway. This could have serious consequences. This is where Static ARP becomes useful.
 ==== Inconsistent Terminology ====
-Sometimes, confusion occurs because of imprecise or inconsistent terminology. First, DHCP Reservation is sometimes confused with //Static IP//. They are not the same. DHCP Reservation involves configuring an assigned IP address for the client device //within (FreshTomato's) DHCP server//. This causes the client to receive a specific address when it requests a DHCP lease. Static IP is the configuration of an IP address manually //from within the client device itself//.
+Sometimes, confusion occurs because of imprecise or inconsistent terminology. First, DHCP Reservation is sometimes confused with //Static IP//. They are not the same. DHCP Reservation involves configuring an assigned IP address for the client device //within FreshTomato's DHCP server//. This causes the client to receive a specific address when it requests a lease. Static IP is the configuration of an IP address manually //from within the client device itself//.
-Second, the term "Static DHCP" is given different names by different vendors/projects.
+Also, the term "Static DHCP" is given different names by different vendors/projects.
 Some terminology variations include:
@@ Line 53: / Line 53: @@
  \\
-  * //"static DHCP assignment"// in DD-WRT,
+  * //"static DHCP assignment"// in DD-WRT.
-  * "//fixed-address"// in the Linux dhcp daemon (dhcpd) documentation
+  * "//fixed-address"// in the Linux dhcp daemon (dhcpd) documentation.
-  * //"Address Reservation"// by Netgear
+  * //"Address Reservation"// by Netgear.
-  * Either// "DHCP Reservation" //or "//Static DHCP"// by Cisco/Linksys
+  * //"DHCP Reservation" //or "//Static DHCP"// by Cisco/Linksys.
-  * //"IP address reservation"// or "//MAC/IP address binding"// by other router vendors.
+  * //"IP address reservation"// or "//MAC/IP address binding"// \\ by other vendors.
  \\
-To reduce confusion, you are advised to be precise with terminology relating to this subject.
+To reduce confusion, it is wise to to be precise with terminology relating to this subject.
 ----
@@ Line 80: / Line 80: @@
 ===== Static ARP =====
-ARP is a protocol that clients use to obtain the MAC address of another client, given its IP address. ARP is used so that clients can figure out how to address network packets to another client. If a network client needs to communicate with another client, it broadcasts an ARP request across the network asking for the other client's MAC address. The "other client" should just reply honestly. With Static DHCP, only DHCP lease //offers// were made static. The router's IP - MAC neighbour cache (aka ARP cache) is still filled in dynamically using ARP. This means that unless we add something else, FreshTomato is relying on client devices to be honest when reporting their own MAC addresses. This has several repercussions.
+ARP is used so clients can figure out how to address network packets to another client. Clients use the ARP protocol when they have another client's IP address, but not its MAC address. If a client needs to communicate with another client, it broadcasts an ARP request across the network asking for the other client's MAC address. The "other client" should reply honestly. With DHCP Reservation, only DHCP lease //offers// were made static. The router's IP - MAC neighbour cache (ARP cache) is still filled dynamically using ARP. Unless we add something else, FreshTomato is relying on client devices to be honest when reporting their own MAC addresses. This has several repercussions.
 === Reduces Broadcast Traffic ===
-Since ARP requests are broadcast across the network, they add to network traffic. Having FreshTomato as a centralized source of ARP resolution can help to limit those ARP broadcasts, reducing network traffic.
+Since ARP requests are broadcast on the network, they add network traffic. Using FreshTomato as a central source of ARP resolution can help to limit ARP broadcasts, reducing network traffic.
 === Reduces ARP spoofing ===
@@ Line 92: / Line 92: @@
 Here again, Static ARP binding can help. When enabled, Static ARP binding will ignore ARP spoofing attempts. FreshTomato will ignore all (broadcast) ARP replies of devices listed in the table. Instead, FreshTomato will check the Static DHCP tables to find the MAC address that belongs to a certain IP address. We assume this information is more accurate, since the Static DHCP table is maintained by the network administrator.
-**MAC Address:  **Here, enter the MAC Address you wish to bind.
+ \\
-**Bound To:  **This enables Static ARP binding for the IP - MAC address mapping. It adds a Static ARP entry for it in FreshTomato's ARP table, based on data found in the Static DHCP table. (Default: Disabled).
+**MAC Address:  **here, enter the MAC Address you wish to bind.
-**IP Address:**  Here, enter the address you want bound to the MAC address entered. This is optional. If you leave the IP address empty, it will only link a Hostname to a MAC address, allowing for normal DHCP operations. This "lack of IP" might be helpful for devices that don't automatically have a Hostname assigned, but for which you still prefer a dynamic IP allocation.
+ \\
-**IP Traffic:** This enables IP Traffic Monitoring for the mapped MAC Address/IP address/Hostname combination. (Default: Disabled).
+**Bound To:  **enables Static ARP binding for the IP - MAC mapping.
-**Hostname:**  This is an (optional) DHCP Client Identifier to be mapped to the client device. It is an arbitrary human-readable nickname to make it easier to identify the device on the network.
+This adds a Static ARP entry for it in FreshTomato's ARP table, using data found in the DHCP Reservation table.
-Traditionally, devices were identified within DHCP by a //hardware type// code and //a client hardware (MAC) address//. Later, the optional Hostname field allowed more freedom when mapping device names in DHCP. Ironically, many people still used the //hardware type// followed by the //client hardware address// (for example: 01 00 01 02 a0 bc d3.) as a Hostname. However, you can use whatever (valid) naming scheme you wish.
+(Default: Disabled).
-The client's DNS/Netbios name is often used as the Hostname. Every client device must have a unique Hostname on the broadcast domain. Otherwise, conflicts could occur.
+ \\
-Hostname description derived from IETF (IETF.ORG) RFC2131 Standards Track, DHCP Protocol, page 8  [[https://tools.ietf.org/html/rfc2131|https://tools.ietf.org/html/rfc2131]]
+**IP Address:** the (optional) address to bind to the MAC address entered.
+Leaving this empty will link only a Hostname to a MAC address, allowing normal DHCP operations. This "lack of IP" can be helpful for devices that don't automatically have a Hostname assigned, but for which you still prefer a dynamic IP allocation.
+ \\
+**IP Traffic:** enables IP Traffic Monitoring for the mapped MAC Address/IP/Hostname combination.
+(Default: Disabled).
+ \\
+**Hostname:**  an optional DHCP Client Identifier to be mapped to the client device.
+This is an arbitrary human-readable nickname to make it easier to identify the device on the network.
+Traditionally, devices were identified within DHCP by a //hardware type// code and //a client hardware (MAC) address//. Later, the optional Hostname field allowed more freedom when mapping device names in DHCP. Ironically, many people still used the //hardware type// followed by the //client hardware address// as a Hostname.
+ \\
+For example: "''01 00 01 02 a0 bc d3''"). However, you can use whatever (valid) naming scheme you wish.
+Often, the client DNS/Netbios name is used as the Hostname. Every client must have a unique Hostname on the broadcast domain to avoid conflicts.
+ \\
+The Hostname description was derived from:
+IETF (IETF.ORG) RFC2131 Standards Track, DHCP Protocol, page 8  [[https://tools.ietf.org/html/rfc2131|RFC2131]]
@@ Line 113: / Line 141: @@
 **Ignore DHCP Requests from unknown devices:**
-Enabling this will ensure FreshTomato won't offer a DHCP lease to any DHCP requests from unlisted MAC addresses/Hostnames. A MAC address is considered unknown when there is no [[dhcp_reservation|DHCP Reservation]] for it. Again, this won't apply to a client device configured with a (true) Static IP. By default, it will still be allowed on the network, unless further measures are taken.
+Enabling this ensures FreshTomato won't offer a DHCP lease to any requests from unlisted MAC addresses/Hostnames. A MAC address is considered unknown when there's no [[dhcp_reservation|DHCP Reservation]] for it. Again, this won't apply to a client configured with a (true) Static IP. By default, it will still be allowed on the network, unless further measures are taken.
 The //Ignore DHCP Requests from unknown devices// function only works for devices in subnets with netmask 255.255.255.0 (previously called “Class C” subnets).
- \\ {{::dhcp_reservation-options-2022.6.jpg?611}}\\
+ \\ {{::dhcp_reservation-options-2022.6.jpg?529}}\\
  \\
@@ Line 126: / Line 154: @@
 ===== IPT =====
-IPT stands for IP Traffic Monitoring. If Auto-Discovery is enabled in the [[admin-iptraffic|IP Traffic Monitoring]] menu, every client device that is not marked as 'Disconnected' in [[:status-devices|Device List]] will be on the monitoring list. Enabling IPT puts inactive or disconnected client devices on the IP Traffic Monitoring list.
+IPT stands for IP Traffic Monitoring. Enabling IPT puts inactive/disconnected client devices on the IP Traffic Monitoring list. If Auto-Discovery is enabled in the [[admin-iptraffic|IP Traffic Monitoring]] menu, every client not marked as 'Disconnected' in [[:status-devices|Device List]] will be on the monitoring list. \\
- \\
  \\

FreshTomato Wiki

User Tools

Site Tools

Differences

Page Tools