Securing NETWORK WITH MAC ADDRESS
Rules that apply in the network to users sometimes become a threat for us as the network administrator. How not, when we have determined that the device PC or use the IP Address that we have set such a good idea is in use by other parties who are not responsible.
For instance, there is a director or manager in the place where we have the bandwidth quota larger than the IT support of a wanton. Support easily by using the IP Address of the Director to have the bandwidth capacity. Now he is the problem.
How does the solution, a solution that is easy to register the Mac Address of the PC / device to the Director of the Router and make sure that our router we only receive from the Mac's Address.
First we check first before the Mac Address of the Director.
could directly or through visiting via Router Mikrotik us. Use the following command :
[root@NOC] > /ip arp print
Flags: X - disabled, I - invalid, H - DHCP, D - dynamic
# ADDRESS MAC-ADDRESS INTERFACE
0 192.168.23.16 00:1D:60:6A:C2:E1 LAN
1 192.168.23.29 00:1D:60:6A:B2:74 LAN
2 20.20.20.9 00:13:10:0A:10:BA LAN
3 172.19.55.26 00:13:10:02:C8:5B LAN
4 172.19.55.30 00:1E:58:F6:32:D2 LAN
5 172.19.55.38 00:21:91:00:32:B1 LAN
6 172.19.55.42 00:0C:42:0D:1E:E9 LAN
From there we can see that in the IP owned by the Director and Mac Addressnya. Then we see there, add:
[root@NOC] ip arp> set 1 address=192.168.23.29 mac-address=00:1D:60:6A:B2:74 interface=LAN
After that we set to the interface of the router that we deal directly with the LAN only accept me or Reply data from a Mac Address that we created earlier on. How:
[root@NOC] ip arp>/interface ethernet set LAN arp=reply-only
From here on please try and use the PC / device Support the naughty line.
[root@NOC] > /ip arp print
Flags: X - disabled, I - invalid, H - DHCP, D - dynamic
# ADDRESS MAC-ADDRESS INTERFACE
0 192.168.23.16 00:1D:60:6A:C2:E1 LAN
1 192.168.23.29 00:1D:60:6A:B2:74 LAN
2 20.20.20.9 00:13:10:0A:10:BA LAN
3 172.19.55.26 00:13:10:02:C8:5B LAN
4 172.19.55.30 00:1E:58:F6:32:D2 LAN
5 172.19.55.38 00:21:91:00:32:B1 LAN
6 172.19.55.42 00:0C:42:0D:1E:E9 LAN
From there we can see that in the IP owned by the Director and Mac Addressnya. Then we see there, add:
[root@NOC] ip arp> set 1 address=192.168.23.29 mac-address=00:1D:60:6A:B2:74 interface=LAN
After that we set to the interface of the router that we deal directly with the LAN only accept me or Reply data from a Mac Address that we created earlier on. How:
[root@NOC] ip arp>/interface ethernet set LAN arp=reply-only
From here on please try and use the PC / device Support the naughty line.
Belum ada tanggapan untuk "Mengamankan Jaringan Dengan Mac Address"
Posting Komentar