Omada give client gateway address instead of DHCP ip address range
Since Omada SDN (TL-R605 still "coming soon") doesn't have TP Link router as DHCP server, my ISP router act as DHCP server
I have PC as Omada SDN Server
4 EAP115
1 EAP225
But I don't understand why my EAP225 give client gateway address as ip address 192.168.1.1
is this some kind of hacking activity or what? because
- my ISP router DHCP Server range 192.168.1.21 - 254
- ISP router wifi connection never give 192.168.1.1 as ip address
- all other 4 EAP115 never give 192.168.1.1 as ip addres
Only EAP225 sometimes give gateway address as ip address, not once not twice but it has been 5th times
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
puttskii wrote
1. There is an option for DHCP Option 82
is it the answer?
2. I read more about this attack, it similar or it is ARP Spoofing, right?
1. No, it's not a single option. You need to harden your network against ARP cheating attacks, this means you have to take several actions which depend on your devices, on our network topology and your use case. First is to bind your gateway's MAC address to its IP on the gateway and the switch(es). Next is to use ACLs to block all traffic from/to 192.168.1.1 if the origin/destination is not the gateway.
TP-Link has even a FAQ about mitigation of ARP cheating, but it might not fully fit to your network topology: https://www.tp-link.com/lk/support/faq/169/
2. Yes, it's a type of an ARP spoofing attack, the attacker either tries to capture the Internet traffic destined to the gateway or to just bring down your network.
Of course, you could alternatively use a WPA2 key to secure your WLAN if all valid clients are known to you.
- Copy Link
- Report Inappropriate Content
puttskii wrote
But I don't understand why my EAP225 give client gateway address as ip address 192.168.1.1
is this some kind of hacking activity or what?
EAPs do not have a DHCP server and thus do not assign IPs to client devices.
Maybe the client device has set IP 192.168.1.1 statically and intentionally ignores your DHCP server.
What's more, the MAC address is not a public OUI, but a locally assigned MAC address (MAC addresses of the form 02:XX:XX:XX:XX:XX are kind of »private« MACs similar to »private« IPs 192.168.X.X).
I would ban this device and wait until the person complains. Then you could ask him what he is doing and why.
- Copy Link
- Report Inappropriate Content
You were right. I'm fighting this guy into a very long blocking list
Is there any way to prevent this?
Because everytime he log in with 192.168.1.1 all network is down, and I have manually block this guy to restore the connection
- Copy Link
- Report Inappropriate Content
@puttskii, you could prevent ARP cheating on your router by a static ARP binding of the gateway's IP address to its MAC. But I don't know how to do that on your router, please search the web for information how to enforce DHCP or how to prevent ARP cheating.
- Copy Link
- Report Inappropriate Content
@R1D2 my router is Huawei EG8245H5
There is an option for DHCP Option 82
is it the answer?
I read more about this attack, it similar or it is ARP Spoofing, right?
- Copy Link
- Report Inappropriate Content
puttskii wrote
1. There is an option for DHCP Option 82
is it the answer?
2. I read more about this attack, it similar or it is ARP Spoofing, right?
1. No, it's not a single option. You need to harden your network against ARP cheating attacks, this means you have to take several actions which depend on your devices, on our network topology and your use case. First is to bind your gateway's MAC address to its IP on the gateway and the switch(es). Next is to use ACLs to block all traffic from/to 192.168.1.1 if the origin/destination is not the gateway.
TP-Link has even a FAQ about mitigation of ARP cheating, but it might not fully fit to your network topology: https://www.tp-link.com/lk/support/faq/169/
2. Yes, it's a type of an ARP spoofing attack, the attacker either tries to capture the Internet traffic destined to the gateway or to just bring down your network.
Of course, you could alternatively use a WPA2 key to secure your WLAN if all valid clients are known to you.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 1
Views: 2285
Replies: 5
Voters 0
No one has voted for it yet.