FreshTomato Wiki

User Tools

Site Tools

Trace:
dhcp_reservation

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
dhcp_reservation [2021/03/31 15:07] – [IPT] hogwilddhcp_reservation [2023/06/23 16:12] (current) – [IPT] -update broken Device List link hogwild
Line 1: Line 1:
-====== DHCP Reservation (prev. Static DHCP/ARP/IPT) ======+====== DHCP Reservation ====== 
 + 
 +The DHCP Reservation menu contains settings to configure DHCP Reservations, Static ARP bindings and enabling/disabling of IP Traffic monitoring for clients with the above mappings.
  
-The Static DHCP/ARP/IPT menu contains settings to configure Static DHCP and Static ARP address assignments. It's divided into sections, including Static DHCP Reservations, Static ARP cache settings and enabling/disabling of IP Traffic monitoring for Static DHCP/Static ARP mapped clients. 
  
 ===== DHCP Reservation ===== ===== DHCP Reservation =====
  
-Since Tomato version 2020.8, what was previously called Static DHCP is now called DHCP Reservation. Please see the last paragraph in this section for further clarification and differentiation of terminology.+Since FreshTomato version 2020.8, what was previously called Static DHCP is now called DHCP Reservation. Please see "Inconsistent Terminology" in this section for further clarification and differentiation of terminology
 + 
 +DHCP Reservation is a simple way to ensure that FreshTomato offers certain client devices the same IP address each time they request a lease. Simply enter the MAC address for a client device (which you can find on the Device List), into the **MAC Address** field, enter the **IP Address** (and optionally, **Hostname**) you want to assign to this device into those respective fields and click Save. NOTE that you don't need to check the **Bound to** button. Only check the **Bound to** button if you want to enable Static ARP binding. FreshTomato then offers that IP address (and hostname) to the MAC address you specified every time it offers a lease. This means that, in general, the client device will always get that IP address //whenever it requests one//. That last part, “whenever it requests one” is the key part here. See the explanation of the term Hostname later on this page.
  
-DHCP Reservation is a simple way to ensure that Tomato offers certain client devices the same IP address each time they request a lease. Simply enter the MAC address for a client device (which you can find on the Device List), into the **MAC Address** field, enter the **IP Address** (and optionally, **Hostname**) you want to assign to this device into those respective fields and click Save. NOTE that you don't need to check the **Bound to** button. Only check the **Bound to** button if you want to enable Static ARP binding. Tomato then offers that IP address (and hostname) to the MAC address you specified every time it offers a lease. This means that, in general, the client device will always get that IP address //whenever it requests one//. That last part, “whenever it requests one” is the key part here. See the explanation of the term Hostname later on this page. 
 === Configuring Static DHCP === === Configuring Static DHCP ===
  
-When assigning Static DHCP leases, you should use an IP address within Tomato's main subnet, but outside the normal DHCP pool scope (assignment range). This avoids potential IP address conflicts. For example, if you have the DHCP server set to assign addresses in the range of 10.0.1.1 - 10.0.1.100, then choosing Static DHCP assignments of 10.0.1.101 - 10.0.1.254 might work well.+When assigning Static DHCP leases, you should use an IP address within FreshTomato's main subnet, but outside the normal DHCP pool scope (assignment range). This avoids potential IP address conflicts. For example, if you have the DHCP server set to assign addresses in the range of 10.0.1.1 - 10.0.1.100, then choosing Static DHCP assignments of 10.0.1.101 - 10.0.1.254 might work well.
  
-If you want to assign multiple hostnames to the same IP address (for example, you want the the server 10.0.1.3 to be known as both “galaxy” and “mail”, you must separate them in the hostname field with a space. A space isn't a valid DHCP Hostname character, so you must use a hyphen for a single, multi-word hostname like “My-PC”. If a client device has multiple network interfaces (for example, Ethernet and Wi-Fi) with different MAC addresses, there's no way to assign the same hostname to both devices. You will get a “Duplicate name” error.+If you want to assign multiple hostnames to the same IP address (for example, you want the the server 10.0.1.3 to be known as both “galaxy” and “mail”, you must separate them in the hostname field with a space. A space isn't a valid DHCP Hostname character, so you must use a hyphen for a single, multi-word hostname like “My-PC”. If a client device has multiple network interfaces (for example, Ethernet and Wi-Fi) with different MAC addresses, it might not have the hostname properly assigned to both devices. You could get a “Duplicate name” error.[(ref_1)]
  
-If Tomato can't find a match for the device's Hostname (first priority) or [[https://en.wikipedia.org/wiki/MAC_address|MAC address]] (second priority), the server may fall back to either Dynamic or Automatic allocation. For an explanation of the term //Hostname//, see later on this page.+If FreshTomato can't find a match for the device's Hostname (first priority) or [[https://en.wikipedia.org/wiki/MAC_address|MAC address]] (second priority), the server may fall back to either Dynamic or Automatic allocation. For an explanation of the term //Hostname//, see later on this page.
  
 [[https://wiki.freshtomato.org/lib/exe/detail.php?id=static_dhcp_arp_ipt&media=aead7e2e6a4928421e9a3bd59e3b7568.png|{{:aead7e2e6a4928421e9a3bd59e3b7568.png}}]] [[https://wiki.freshtomato.org/lib/exe/detail.php?id=static_dhcp_arp_ipt&media=aead7e2e6a4928421e9a3bd59e3b7568.png|{{:aead7e2e6a4928421e9a3bd59e3b7568.png}}]]
Line 20: Line 22:
 === Security Limitations === === Security Limitations ===
  
-As mentioned earlier, Static DHCP offers the mapped IP address (and Hostname) to the MAC address you specified every time it offers a lease. Static DHCP does not prevent a different client from being configured with the same IP address. This is because Static DHCP only offers a static mapping to client devices which request a lease. If another device were to use Static IP, or the router or DHCP were disabled, the other device could take the IP address for itself. Similarly, if the first client for which Static DHCP were then configured for Static IP, it could claim a different IP address than the one in Tomato's Static DHCP mapping.+As mentioned earlier, Static DHCP offers the mapped IP address (and Hostname) to the MAC address you specified every time it offers a lease. Static DHCP does not prevent a different client from being configured with the same IP address. This is because Static DHCP only offers a static mapping to client devices which request a lease. If another device were to use Static IP, or the router or DHCP were disabled, the other device could take the IP address for itself. Similarly, if the first client for which Static DHCP were then configured for Static IP, it could claim a different IP address than the one in FreshTomato's Static DHCP mapping
 + 
 +Even if everything else were working properly, only DHCP lease //offers// are made static. The router's IP→MAC neighbour cache (aka ARP cache) is still filled in dynamically using ARP broadcasts. That means that unless we add something else, FreshTomato is relying on client devices to be honest about their MAC addresses. The source of ARP mapping information is assumed to be “honest” and accurate, even though that source is often the network clients themselves. In these circumstances, there's not much stopping unathorized or malicious clients from pretending to be a different MAC address (ARP spoofing). ARP spoofing could even include spoofing the router or gateway's MAC address. All this could have serious consequences. This is where Static ARP becomes useful.
  
-Even if everything else were working properly, only DHCP lease //offers// are made static. The router's IP→MAC neighbour cache (aka ARP cache) is still filled in dynamically using ARP broadcasts. That means that unless we add something else, Tomato is relying on client devices to be honest about their MAC addresses. The source of ARP mapping information is assumed to be “honest” and accurate, even though that source is often the network clients themselves. In these circumstances, there's not much stopping unathorized or malicious clients from pretending to be a different MAC address (ARP spoofing). ARP spoofing could even include spoofing the router or gateway's MAC address. All this could have serious consequences. This is where Static ARP becomes useful. 
 === Inconsistent Terminology === === Inconsistent Terminology ===
  
-Technically, Tomato's Static DHCP function is a form of //DHCP Reservation// or //DHCP Manual Allocation//. Confusion sometimes occurs because of imprecise or inconsistent terminology. First, it is sometimes confused with //Static IP//. It is not that. Static IP is the setting of an IP address manually from the client device itself. By contrast, Static DHCP involves configuring an assigned IP address for the client device within (Tomato's) DHCP server (for when client devices request a DHCP lease).+Technically, FreshTomato's Static DHCP function is a form of //DHCP Reservation// or //DHCP Manual Allocation//. Confusion sometimes occurs because of imprecise or inconsistent terminology. First, it is sometimes confused with //Static IP//. It is not that. Static IP is the setting of an IP address manually from the client device itself. By contrast, Static DHCP involves configuring an assigned IP address for the client device within (FreshTomato's) DHCP server (for when client devices request a DHCP lease). 
 + 
 +Second, Static DHCP is also given different names by different hardware vendors. To make things more confusing, this feature is called //static DHCP assignment// in DD-WRT, //fixed-address// in the Linux dhcp daemon (dhcpd) documentation, //Address Reservation// by Netgear, //DHCP Reservation// or //Static DHCP// by Cisco and Linksys and //IP address reservation// or //MAC/IP address binding// by other router vendors. Hence, one should be precise here, to reduce confusion. 
 + 
 +---- 
 + 
 +~~REFNOTES~~ 
 + 
 +[(ref_1)] 
 + 
 +FreshTomato will use input for 2 MAC addresses per IP/hostname, if the advice here is followed: 
 + 
 +[[https://www.linksysinfo.org/index.php?threads/official-freshtomato-org-website.75333/post-322397]] 
  
-Second, Static DHCP is also given different names by different hardware vendors. This feature is called //static DHCP assignment// in DD-WRT, //fixed-address// in the Linux dhcp daemon (dhcpd) documentation, //Address Reservation// by Netgear, //DHCP Reservation// or //Static DHCP// by Cisco and Linksys and //IP address reservation// or //MAC/IP address binding// by other router vendors. Hence, one should be precise here, to reduce confusion. 
 ===== Static ARP ===== ===== Static ARP =====
  
-ARP is a protocol that clients use to obtain the MAC address of another client, given its IP address. ARP is used so that clients can figure out how to address network packets to another client. If a network client needs to communicate with another client, it broadcasts an ARP request across the network asking for the other client's MAC address. The "other client" should just reply honestly. With Static DHCP, only DHCP lease //offers// were made static. The router's IP - MAC neighbour cache (aka ARP cache) is still filled in dynamically using ARP. This means that unless we add something else, Tomato is relying on client devices to be honest when reporting their own MAC addresses. This has several repercussions.+ARP is a protocol that clients use to obtain the MAC address of another client, given its IP address. ARP is used so that clients can figure out how to address network packets to another client. If a network client needs to communicate with another client, it broadcasts an ARP request across the network asking for the other client's MAC address. The "other client" should just reply honestly. With Static DHCP, only DHCP lease //offers// were made static. The router's IP - MAC neighbour cache (aka ARP cache) is still filled in dynamically using ARP. This means that unless we add something else, FreshTomato is relying on client devices to be honest when reporting their own MAC addresses. This has several repercussions.
 === Reduces Broadcast Traffic === === Reduces Broadcast Traffic ===
  
-Since ARP requests are broadcast across the network, they add to network traffic. Having Tomato as a centralized source of ARP resolution can help to limit those ARP broadcasts, reducing network traffic.+Since ARP requests are broadcast across the network, they add to network traffic. Having FreshTomato as a centralized source of ARP resolution can help to limit those ARP broadcasts, reducing network traffic.
  
 === Reduces ARP spoofing === === Reduces ARP spoofing ===
Line 39: Line 54:
 By default, ARP gets its mapping information from other clients on the network. It works in a peer-to-peer fashion. ARP mappings are assumed to be "honest" and accurate, even though the source of that information is often the network clients themselves. In that scenario, there's little stopping unathorized or malicious clients from pretending to be a different MAC address (ARP spoofing). This reduces the reliability/security of Static DHCP mappings. After all, what good is a mapping if a client can spoof another MAC address? ARP spoofing could even include spoofing the router or gateway's MAC address. That could have dangerous consequences. By default, ARP gets its mapping information from other clients on the network. It works in a peer-to-peer fashion. ARP mappings are assumed to be "honest" and accurate, even though the source of that information is often the network clients themselves. In that scenario, there's little stopping unathorized or malicious clients from pretending to be a different MAC address (ARP spoofing). This reduces the reliability/security of Static DHCP mappings. After all, what good is a mapping if a client can spoof another MAC address? ARP spoofing could even include spoofing the router or gateway's MAC address. That could have dangerous consequences.
  
-Here again, Static ARP binding can help. When enabled, Static ARP binding will ignore ARP spoofing attempts. Tomato will ignore all (broadcast) ARP replies of devices listed in the table. Instead, Tomato will check the Static DHCP tables to find the MAC address that belongs to a certain IP address. We assume this information is more accurate, since the Static DHCP table is maintained by the network administrator.+Here again, Static ARP binding can help. When enabled, Static ARP binding will ignore ARP spoofing attempts. FreshTomato will ignore all (broadcast) ARP replies of devices listed in the table. Instead, FreshTomato will check the Static DHCP tables to find the MAC address that belongs to a certain IP address. We assume this information is more accurate, since the Static DHCP table is maintained by the network administrator.
  
 **MAC Address: **Here you enter the MAC Address you wish to bind. **MAC Address: **Here you enter the MAC Address you wish to bind.
  
-**Bound To: **This checkbox enables Static ARP binding for the IP - MAC address mapping. It adds a Static ARP entry for the mapping in Tomato's ARP table based on data it finds in the Static DHCP table. (Default: Disabled).+**Bound To: **This checkbox enables Static ARP binding for the IP - MAC address mapping. It adds a Static ARP entry for the mapping in FreshTomato's ARP table based on data it finds in the Static DHCP table. (Default: Disabled).
  
 **IP Address:** Here you enter the IP address you wish to be bound to the MAC address you entered. **IP Address:** Here you enter the IP address you wish to be bound to the MAC address you entered.
Line 69: Line 84:
 ===== IPT ===== ===== IPT =====
  
-IPT stands for IP Traffic Monitoring. Every client device not marked as 'Disconnected' on the Status/[[:device_list|Device List]] menu will be on the IP Traffic Monitoring list. Enabling this checkbox puts client devices on the IP Traffic Monitoring list even if they are inactive or disconnected.+IPT stands for IP Traffic Monitoring. Every client device not marked as 'Disconnected' on the //Status///[[status-devices|Device List]] menu will be on the IP Traffic Monitoring list. Enabling this checkbox puts client devices on the IP Traffic Monitoring list even if they are inactive or disconnected.
  
  
dhcp_reservation.1617199657.txt.gz · Last modified: 2021/03/31 15:07 by hogwild

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki