beautypg.com

7 dhcp alert, 8 dhcp option – Allied Telesis AT-WR4500 User Manual

Page 123

background image

AT-WR4500 Series - IEEE 802.11abgh Outdoor Wireless Routers

123

RouterOS v3 Configuration and User Guide

Example

To assign 10.5.2.100 static IP address for the existing DHCP client (shown in the lease table as item #0):

[admin@AT-WR4562] ip dhcp-server lease> print
Flags: X - disabled, R - radius, D - dynamic, B - blocked
# ADDRESS MAC-ADDRESS HOST-NAME SERVER RATE-LIMIT STATUS
0 D 10.5.2.90 00:04:EA:C6:0E:40 switch bound
1 D 10.5.2.91 00:04:EA:99:63:C0 switch bound
[admin@AT-WR4562] ip dhcp-server lease> add copy-from=0 address=10.5.2.100
[admin@AT-WR4562] ip dhcp-server lease> print
Flags: X - disabled, R - radius, D - dynamic, B - blocked
# ADDRESS MAC-ADDRESS HOST-NAME SERVER RATE-LIMIT STATUS
0 D 10.5.2.91 00:04:EA:99:63:C0 switch bound
1 10.5.2.100 00:04:EA:C6:0E:40 switch bound
[admin@AT-WR4562] ip dhcp-server lease>

6.1.7

DHCP Alert

Submenu level: /ip dhcp-server alert

Description

To find any rogue DHCP servers as soon as they appear in your network, DHCP Alert tool can be used.
It will monitor ethernet for all DHCP replies and check, whether this reply comes from a valid DHCP
server. If reply from unknown DHCP server is detected, alert gets triggered:

[admin@AT-WR4562] ip dhcp-server alert>/log print
00:34:23 dhcp,critical,error,warning,info,debug dhcp alert on Public:
discovered unknown dhcp server, mac 00:02:29:60:36:E7, ip 10.5.8.236
[admin@AT-WR4562] ip dhcp-server alert>


When the system alerts about a rogue DHCP server, it can execute a custom script.
As DHCP replies can be unicast, rogue dhcp detector may not receive any offer to other dhcp clients at
all. To deal with this, rogue dhcp server acts as a dhcp client as well - it sends out dhcp discover requests
once a minute

Property Description

alert-timeout (none/time; default: none) - time, after which alert will be forgotten. If after that time the
same server will be detected, new alert will be generated
none - infinite time
interface (name) - interface, on which to run rogue DHCP server finder
invalid-server (read-only: text) - list of MAC addresses of detected unknown DHCP servers. Server is
removed from this list after alert-timeout
on-alert (text) - script to run, when an unknown DHCP server is detected
valid-server (text) - list of MAC addresses of valid DHCP servers

All alerts on an interface can be cleared at any time using command: /ip dhcp-server alert reset-
alert
Note, that e-mail can be sent, using /system logging action add target=email

6.1.8

DHCP Option

Submenu level: /ip dhcp-server option

Description

With help of DHCP Option, it is possible to define additional custom options for DHCP Server to
advertise..

This manual is related to the following products:
See also other documents in the category Allied Telesis Hardware: