The AP gateway ip is 192.168.1.1
How to avoid that user use static IP assignment and set the IP to gateway ip(192.168.1.1)?
how to make the client(set static ip to 192.168.1.1) disconnected
should I check netlink or dhcp?
Thanks
What do you want to achieve?
You can't control the settings on other devices that you don't control. In most home network or small business contexts, if someone uses a static IP that conflicts with another device, you need to find that device and change it's configuration or physically disconnect it from the network,
If you are using a DHCP server, most users/devices won't need to even bother with static IP assignments on their local configuration. The DHCP server can assign addresses within a specific range and even can provide DHCP reservations (i.e. like a static IP but handled by the DHCP server so the client always just uses DHCP). If you're using the DHCP server in OpenWrt or generally any router, it will never try to assign the address of the router to any other device.
2 Likes
Hi frollic,
We want to reject the connection of client(set static ip to gateway ip 192.168.1.1).
Currently, the client(set static ip to 192.168.1.1) can connect to our AP.
However, other client can not access webui(http://192.168.1.1). We would like to avoid thie situation.
If the static ip client disconnected, other client can access WebUI again.
any suggestion?
Thanks
Hi psherman,
We are using DHCP server, DHCP server does not assign ip to the client(set static ip 192.168.1.1).
but client(static ip 192.168.1.1) still can connect to AP.
Is there any way to ignore the connection request if the client set static ip to gateway ip(192.168.1.1)?
any suggestion
Thanks
No. As I said before:
If it is always the same client(s) you can block the MAC address
How? Unless the OP has an external managed switch, blocking a MAC on the router only impacts that host's ability to obtain an address via DHCP (or it can be used in the firewall, too). But the problem is that any host that has a manually configured static IP address will conflict at L2 (switching) and therefore cannot be blocked without controls on the switch itself.
EDIT: I'm assuming a wired host. If the OP is dealing with a wifi host that is being configured in a way that conflicts, yes, a MAC address block could prevent the offending host from joining wifi. However, if the conflict is intentional and malicious, the person who is attempting to disrupt the network may be knowledgable enough to change the MAC address of their wifi interface on the host, thus making it a cat and mouse situation.
You need to find other methods to secure your network (EAPOL, guest interfaces, ...).
1 Like
Your right, i was assuming wifi too
As mentioned by @psherman, you cannot control the settings on other devices.
But you can control your router's settings.
Change the router's ip to another subnet, for example 192.168.2.1
Now if the rogue device is some IoT device with a static address, then that will be the last you hear of it.
If it re-appears, then someone is doing something not so benign, for example trying to intercept traffic.
1 Like
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.