Differences

This shows you the differences between two versions of the page.

--- basic-static [2024/10/04 22:52] – [Basic Concepts] -Grammar hogwild
+++ basic-static [2024/11/27 00:14] (current) – [Static ARP] -formatting, condense hogwild
@@ Line 33: / Line 33: @@
  \\
-{{::basic-dhcp_reservation-2024.1.png?909}}\\ \\  \\
+{{::basic-dhcp_reservation-2024.1.png?833}}\\ \\  \\
 ==== Security Limitations ====
-As mentioned earlier, DHCP Reservation offers the mapped IP address (and Hostname) to the MAC address you specified every time it offers a lease. DHCP Reservation does not prevent a different client from being configured with the same IP address. This is because DHCP Reservation only offers a static mapping to client devices which request a lease. If another device were self-configured with a (true) static IP, or if the router/DHCP were disabled, the other device could take that IP address. Similarly, if the first client for which DHCP Reservation were then self-configured with a static IP, it could claim a different IP address than the one in FreshTomato's DHCP Reservation mapping.
+Again, DHCP Reservation offers the mapped IP address (and Hostname) to the MAC address you specified every time it offers a lease. DHCP Reservation does not prevent a different client from being configured with the same IP address. This is because DHCP Reservation only offers a static mapping to client devices which //request// a lease. If another device were self-configured with a static IP, or if the router/DHCP were disabled, the other device could take that address. Similarly, if the first client with a DHCP Reservation were then self-configured with a static address, it could claim a different IP address than the DHCP Reservation.
-Even if everything else were working properly, only DHCP lease //offers// are made static. The router's IP→MAC neighbour cache (ARP cache) is still filled in dynamically using ARP broadcasts. That means that unless we add something else, FreshTomato is relying on client devices to be honest about their MAC addresses. The data source for ARP mappings is assumed to be “honest” and accurate, even though that source is often the network clients themselves. Under such conditions, there's not much to stop unauthorized or malicious clients from pretending to be a different MAC address (ARP spoofing). ARP spoofing could even include spoofing the router's or gateway's MAC address. All this could have serious consequences. This is where Static ARP becomes useful.
+Even if everything else were working properly, only DHCP lease //offers// are made static. The router's IP→MAC neighbour cache (ARP cache) is still filled dynamically using ARP broadcasts. Thus, unless we add something else, FreshTomato will rely on client devices to be honest about their MAC addresses. The data source for ARP mappings is assumed to be “honest” and accurate, even though that source is often the clients themselves. Under such conditions, there's little to stop unauthorized or malicious clients from pretending to be a different MAC address (ARP spoofing). ARP spoofing could even include spoofing the MAC address of the router or gateway. This could have serious consequences. This is where Static ARP becomes useful.
 ==== Inconsistent Terminology ====
-Sometimes, confusion occurs because of imprecise or inconsistent terminology. First, DHCP Reservation is sometimes confused with //Static IP//. They are not the same. DHCP Reservation involves configuring an assigned IP address for the client device //within (FreshTomato's) DHCP server//. This causes the client to receive a specific address when it requests a DHCP lease. Static IP is the configuration of an IP address manually //from within the client device itself//.
+Sometimes, confusion occurs because of imprecise or inconsistent terminology. First, DHCP Reservation is sometimes confused with //Static IP//. They are not the same. DHCP Reservation involves configuring an assigned IP address for the client device //within FreshTomato's DHCP server//. This causes the client to receive a specific address when it requests a lease. Static IP is the configuration of an IP address manually //from within the client device itself//.
-Second, the term "Static DHCP" is given different names by different vendors/projects.
+Also, the term "Static DHCP" is given different names by different vendors/projects.
 Some terminology variations include:
@@ Line 53: / Line 53: @@
  \\
-  * //"static DHCP assignment"// in DD-WRT,
+  * //"static DHCP assignment"// in DD-WRT.
-  * "//fixed-address"// in the Linux dhcp daemon (dhcpd) documentation
+  * "//fixed-address"// in the Linux dhcp daemon (dhcpd) documentation.
-  * //"Address Reservation"// by Netgear
+  * //"Address Reservation"// by Netgear.
-  * Either// "DHCP Reservation" //or "//Static DHCP"// by Cisco/Linksys
+  * //"DHCP Reservation" //or "//Static DHCP"// by Cisco/Linksys.
-  * //"IP address reservation"// or "//MAC/IP address binding"// by other router vendors.
+  * //"IP address reservation"// or "//MAC/IP address binding"// \\ by other vendors.
  \\
-To reduce confusion, you are advised to be precise with terminology relating to this subject.
+To reduce confusion, it is wise to to be precise with terminology relating to this subject.
 ----
@@ Line 80: / Line 80: @@
 ===== Static ARP =====
-ARP is a protocol that clients use to obtain the MAC address of another client, given its IP address. ARP is used so that clients can figure out how to address network packets to another client. If a network client needs to communicate with another client, it broadcasts an ARP request across the network asking for the other client's MAC address. The "other client" should just reply honestly. With Static DHCP, only DHCP lease //offers// were made static. The router's IP - MAC neighbour cache (aka ARP cache) is still filled in dynamically using ARP. This means that unless we add something else, FreshTomato is relying on client devices to be honest when reporting their own MAC addresses. This has several repercussions.
+ARP is used so clients can figure out how to address network packets to another client. Clients use the ARP protocol when they have another client's IP address, but not its MAC address. If a client needs to communicate with another client, it broadcasts an ARP request across the network asking for the other client's MAC address. The "other client" should reply honestly. With DHCP Reservation, only DHCP lease //offers// were made static. The router's IP - MAC neighbour cache (ARP cache) is still filled dynamically using ARP. Unless we add something else, FreshTomato is relying on client devices to be honest when reporting their own MAC addresses. This has several repercussions.
 === Reduces Broadcast Traffic ===
-Since ARP requests are broadcast across the network, they add to network traffic. Having FreshTomato as a centralized source of ARP resolution can help to limit those ARP broadcasts, reducing network traffic.
+Since ARP requests are broadcast on the network, they add network traffic. Using FreshTomato as a central source of ARP resolution can help to limit ARP broadcasts, reducing network traffic.
 === Reduces ARP spoofing ===
@@ Line 94: / Line 94: @@
  \\
-**MAC Address:  **Here, enter the MAC Address you wish to bind.
+**MAC Address:  **here, enter the MAC Address you wish to bind.
  \\
-**Bound To:  **This enables Static ARP binding for the IP - MAC address mapping. It adds a Static ARP entry for it in FreshTomato's ARP table, based on data found in the Static DHCP table. (Default: Disabled).
+**Bound To:  **enables Static ARP binding for the IP - MAC mapping.
+This adds a Static ARP entry for it in FreshTomato's ARP table, using data found in the DHCP Reservation table.
+(Default: Disabled).
  \\
-**IP Address:**  Here, enter the address you want bound to the MAC address entered. This is optional. If you leave the IP address empty, it will only link a Hostname to a MAC address, allowing for normal DHCP operations. This "lack of IP" might be helpful for devices that don't automatically have a Hostname assigned, but for which you still prefer a dynamic IP allocation.
+**IP Address:** the (optional) address to bind to the MAC address entered.
+Leaving this empty will link only a Hostname to a MAC address, allowing normal DHCP operations. This "lack of IP" can be helpful for devices that don't automatically have a Hostname assigned, but for which you still prefer a dynamic IP allocation.
  \\
-**IP Traffic:** This enables IP Traffic Monitoring for the mapped MAC Address/IP/Hostname combination.
+**IP Traffic:** enables IP Traffic Monitoring for the mapped MAC Address/IP/Hostname combination.
 (Default: Disabled).
@@ Line 112: / Line 118: @@
  \\
-**Hostname:**  This is optional DHCP Client Identifier will be mapped to the client device.
+**Hostname:**  an optional DHCP Client Identifier to be mapped to the client device.
-It is an arbitrary human-readable nickname to make it easier to identify the device on the network.
+This is an arbitrary human-readable nickname to make it easier to identify the device on the network.
-Traditionally, devices were identified within DHCP by a //hardware type// code and //a client hardware (MAC) address//. Later, the optional Hostname field allowed more freedom when mapping device names in DHCP.
+Traditionally, devices were identified within DHCP by a //hardware type// code and //a client hardware (MAC) address//. Later, the optional Hostname field allowed more freedom when mapping device names in DHCP. Ironically, many people still used the //hardware type// followed by the //client hardware address// as a Hostname.
-Ironically, many people still used the //hardware type// followed by the //client hardware address// as a Hostname.
+ \\
-For example: "01 00 01 02 a0 bc d3"). However, you can use whatever (valid) naming scheme you wish.
+For example: "''01 00 01 02 a0 bc d3''"). However, you can use whatever (valid) naming scheme you wish.
-Often, the client DNS/Netbios name is used as the Hostname. Every client device must have a unique Hostname on the broadcast domain, or conflicts could occur.
+Often, the client DNS/Netbios name is used as the Hostname. Every client must have a unique Hostname on the broadcast domain to avoid conflicts.
+ \\
 The Hostname description was derived from:
@@ Line 133: / Line 141: @@
 **Ignore DHCP Requests from unknown devices:**
-Enabling this will ensure FreshTomato won't offer a DHCP lease to any DHCP requests from unlisted MAC addresses/Hostnames. A MAC address is considered unknown when there is no [[dhcp_reservation|DHCP Reservation]] for it. Again, this won't apply to a client device configured with a (true) Static IP. By default, it will still be allowed on the network, unless further measures are taken.
+Enabling this ensures FreshTomato won't offer a DHCP lease to any requests from unlisted MAC addresses/Hostnames. A MAC address is considered unknown when there's no [[dhcp_reservation|DHCP Reservation]] for it. Again, this won't apply to a client configured with a (true) Static IP. By default, it will still be allowed on the network, unless further measures are taken.
 The //Ignore DHCP Requests from unknown devices// function only works for devices in subnets with netmask 255.255.255.0 (previously called “Class C” subnets).
- \\ {{::dhcp_reservation-options-2022.6.jpg?611}}\\
+ \\ {{::dhcp_reservation-options-2022.6.jpg?529}}\\
  \\
@@ Line 146: / Line 154: @@
 ===== IPT =====
-IPT stands for IP Traffic Monitoring. If Auto-Discovery is enabled in the [[admin-iptraffic|IP Traffic Monitoring]] menu, every client device that is not marked as 'Disconnected' in [[:status-devices|Device List]] will be on the monitoring list. Enabling IPT puts inactive or disconnected client devices on the IP Traffic Monitoring list.
+IPT stands for IP Traffic Monitoring. Enabling IPT puts inactive/disconnected client devices on the IP Traffic Monitoring list. If Auto-Discovery is enabled in the [[admin-iptraffic|IP Traffic Monitoring]] menu, every client not marked as 'Disconnected' in [[:status-devices|Device List]] will be on the monitoring list. \\
- \\
  \\

FreshTomato Wiki

User Tools

Site Tools

Differences

Page Tools