Securing Network With Mac Address

Posted in category: Interface, Networking at: 19 February 2009 by Teknisoft Network

Rules that apply in the network to users sometimes become a threat for us as the network administrator. How not, when we have determined that the device or PC using the IP Address that we have set such a good idea even in use by other parties who are not responsible.

For instance there is a director or manager in the place where we have the bandwidth quota is greater than an unprincipled support of IT. Support easily by using the IP Address of the Director to have the bandwidth capacity. Now he is problemnya.

How is the solution, a solution that is easy to register the Mac Address of the PC / device to the Director of the router and we make sure that we only receive the router from the Mac Address.

First we check first before the Mac Address of the Director. Can directly or through visiting Mikrotik Router through us. Use the following command:

[root@NOC] > /ip arp print
Flags: X – disabled, I – invalid, H – DHCP, D – dynamic
#   ADDRESS         MAC-ADDRESS       INTERFACE
0   192.168.23.16   00:1D:60:6A:C2:E1 LAN
1   192.168.23.29   00:1D:60:6A:B2:74 LAN
2   20.20.20.9      00:13:10:0A:10:BA LAN
3   172.19.55.26    00:13:10:02:C8:5B LAN
4   172.19.55.30    00:1E:58:F6:32:D2 LAN
5   172.19.55.38    00:21:91:00:32:B1 LAN
6   172.19.55.42    00:0C:42:0D:1E:E9 LAN

From there we can see that the IP owned by the Director and Mac Addressnya. Then we see there, add:

[root@NOC] ip arp> set 1 address=192.168.23.29 mac-address=00:1D:60:6A:B2:74 interface=LAN

After that we set to the interface of the router we are connected directly to the LAN only accept me or Reply data from the Mac Address that we created earlier on. How:

[root@NOC] ip arp>/interface ethernet set LAN arp=reply-only

From here on, please try and use the PC / device Support the naughty line.


Leave a Reply