Omada give client gateway address instead of DHCP ip address range

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Omada give client gateway address instead of DHCP ip address range

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Omada give client gateway address instead of DHCP ip address range
Omada give client gateway address instead of DHCP ip address range
2020-10-05 03:42:15 - last edited 2021-04-08 07:13:26
Model: EAP225  
Hardware Version: V3
Firmware Version: 2.20.1

Since Omada SDN (TL-R605 still "coming soon") doesn't have TP Link router as DHCP server, my ISP router act as DHCP server

I have PC as Omada SDN Server

 

4 EAP115

1 EAP225

 

But I don't understand why my EAP225 give client gateway address as ip address 192.168.1.1

is this some kind of hacking activity or what? because

  1. my ISP router DHCP Server range 192.168.1.21 - 254
  2. ISP router wifi connection never give 192.168.1.1 as ip address
  3. all other 4 EAP115 never give 192.168.1.1 as ip addres

 

Only EAP225 sometimes give gateway address as ip address, not once not twice but it has been 5th times

 

 

 

  1      
  1      
#1
Options
1 Accepted Solution
Re:Omada give client gateway address instead of DHCP ip address range-Solution
2020-10-09 07:21:14 - last edited 2021-04-08 07:13:26

 

puttskii wrote

1. There is an option for DHCP Option 82

is it the answer?

 

2. I read more about this attack, it similar or it is ARP Spoofing, right?

 

1. No, it's not a single option. You need to harden your network against ARP cheating attacks, this means you have to take several actions which depend on your devices, on our network topology and your use case. First is to bind your gateway's MAC address to its IP on the gateway and the switch(es). Next is to use ACLs to block all traffic from/to 192.168.1.1 if the origin/destination is not the gateway.

 

TP-Link has even a FAQ about mitigation of ARP cheating, but it might not fully fit to your network topology: https://www.tp-link.com/lk/support/faq/169/

 

2. Yes, it's a type of an ARP spoofing attack, the attacker either tries to capture the Internet traffic destined to the gateway or to just bring down your network.

 

Of course, you could alternatively use a WPA2 key to secure your WLAN if all valid clients are known to you.

༺ 0100 1101 0010 10ཏ1 0010 0110 1010 1110 ༻
Recommended Solution
  4  
  4  
#6
Options
5 Reply
Re:Omada give client gateway address instead of DHCP ip address range
2020-10-05 17:36:51 - last edited 2020-10-05 17:37:20

 

puttskii wrote

But I don't understand why my EAP225 give client gateway address as ip address 192.168.1.1

is this some kind of hacking activity or what?

 

EAPs do not have a DHCP server and thus do not assign IPs to client devices.

 

Maybe the client device has set IP 192.168.1.1 statically and intentionally ignores your DHCP server.

 

What's more, the MAC address is not a public OUI, but a locally assigned MAC address (MAC addresses of the form 02:XX:XX:XX:XX:XX are kind of »private« MACs similar to »private« IPs 192.168.X.X).

 

I would ban this device and wait until the person complains. Then you could ask him what he is doing and why.

༺ 0100 1101 0010 10ཏ1 0010 0110 1010 1110 ༻
  2  
  2  
#2
Options
Re:Omada give client gateway address instead of DHCP ip address range
2020-10-06 07:54:35

@R1D2 

 

You were right. I'm fighting this guy into a very long blocking list

 

 

Is there any way to prevent this?

Because everytime he log in with 192.168.1.1 all network is down, and I have manually block this guy to restore the connection

  0  
  0  
#3
Options
Re:Omada give client gateway address instead of DHCP ip address range
2020-10-06 15:06:50

@puttskii, you could prevent ARP cheating on your router by a static ARP binding of the gateway's IP address to its MAC. But I don't know how to do that on your router, please search the web for information how to enforce DHCP or how to prevent ARP cheating.

༺ 0100 1101 0010 10ཏ1 0010 0110 1010 1110 ༻
  1  
  1  
#4
Options
Re:Omada give client gateway address instead of DHCP ip address range
2020-10-07 15:05:40

@R1D2 my router is Huawei EG8245H5 

 

There is an option for DHCP Option 82

is it the answer?

 

I read more about this attack, it similar or it is ARP Spoofing, right?

  0  
  0  
#5
Options
Re:Omada give client gateway address instead of DHCP ip address range-Solution
2020-10-09 07:21:14 - last edited 2021-04-08 07:13:26

 

puttskii wrote

1. There is an option for DHCP Option 82

is it the answer?

 

2. I read more about this attack, it similar or it is ARP Spoofing, right?

 

1. No, it's not a single option. You need to harden your network against ARP cheating attacks, this means you have to take several actions which depend on your devices, on our network topology and your use case. First is to bind your gateway's MAC address to its IP on the gateway and the switch(es). Next is to use ACLs to block all traffic from/to 192.168.1.1 if the origin/destination is not the gateway.

 

TP-Link has even a FAQ about mitigation of ARP cheating, but it might not fully fit to your network topology: https://www.tp-link.com/lk/support/faq/169/

 

2. Yes, it's a type of an ARP spoofing attack, the attacker either tries to capture the Internet traffic destined to the gateway or to just bring down your network.

 

Of course, you could alternatively use a WPA2 key to secure your WLAN if all valid clients are known to you.

༺ 0100 1101 0010 10ཏ1 0010 0110 1010 1110 ༻
Recommended Solution
  4  
  4  
#6
Options