[opensuse] How to enforce IP's regardless of the clients setup.
Hi, My current setup has multiple IP ranges where I use mac filtering to specify what IP ranges specific computers will get. The same server will be the gateway to the Internet. What I am looking for is a way to enforce specific MAC Addresses to only be allowed to use specific IP's. Like I said above I have it locked down in DHCP, but its a simple matter of setting a static IP to bypass the dhcp server. I have been reading through SuSEfirewall2 and haven't found anything apparent that I could use to enforce this. Can anyone point me in the right direction on how to use iptables / SuSEfirewall2 to only permit traffic from a mac address when its using a specific IP or IP Range? -- Thanks, Shawn -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
So it looks like from reading up on iptables a little, I should be able to use: iptables -A INPUT -m mac --mac-source xx:xx:xx:xx:xx:xx -j ACCEPT But I would need to set the default policy to DROP: iptables -P INPUT DROP Does anyone know a different way or will this work. Also where can I put in such rules. -- Thanks, Shawn On Mon, 2008-05-12 at 17:02 -0300, Shawn Holland wrote:
Hi,
My current setup has multiple IP ranges where I use mac filtering to specify what IP ranges specific computers will get.
The same server will be the gateway to the Internet.
What I am looking for is a way to enforce specific MAC Addresses to only be allowed to use specific IP's.
Like I said above I have it locked down in DHCP, but its a simple matter of setting a static IP to bypass the dhcp server.
I have been reading through SuSEfirewall2 and haven't found anything apparent that I could use to enforce this.
Can anyone point me in the right direction on how to use iptables / SuSEfirewall2 to only permit traffic from a mac address when its using a specific IP or IP Range?
-- Thanks, Shawn
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Shawn Holland wrote:
Hi,
My current setup has multiple IP ranges where I use mac filtering to specify what IP ranges specific computers will get.
The same server will be the gateway to the Internet.
What I am looking for is a way to enforce specific MAC Addresses to only be allowed to use specific IP's.
Like I said above I have it locked down in DHCP, but its a simple matter of setting a static IP to bypass the dhcp server.
I have been reading through SuSEfirewall2 and haven't found anything apparent that I could use to enforce this.
Can anyone point me in the right direction on how to use iptables / SuSEfirewall2 to only permit traffic from a mac address when its using a specific IP or IP Range?
With the amount of work it requires to get the mac address of a specific machine, why don't you just NOT USE DHCP and assign each machine a static address. Unless you're constantly shuffling their IP addresses by hand, that would seem to be the simple, effective solution. Using DHCP to make static addresses is like driving a tractor-trailer truck to borrow a cup of sugar from your neighbor.
-- Thanks, Shawn
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Sometimes you don't have the luxury of a perfect network where everyone is configured exactly how you want. I use allow and deny statements to put specific mac addresses into a specific pool. I then need to use iptables to use those same mac addresses and enforce the ip pool they are in. This will keep unknown clients from setting a static IP and utilizing the server as a gateway without registering their computer first. I believe that using: /etc/sysconfig/scripts/SuSEfirewall2-custom I can put in rules like: iptables -A INPUT -s xxx.xxx.xxx.xxx -m mac --mac-source XX:XX:XX:XX:XX:XX -j ACCEPT and setting the default INPUT to DROP, will do what I am looking for. Thanks for the encouragement. Shawn On Mon, 2008-05-12 at 16:48 -0400, Sam Clemens wrote:
With the amount of work it requires to get the mac address of a specific machine, why don't you just NOT USE DHCP and assign each machine a static address.
Unless you're constantly shuffling their IP addresses by hand, that would seem to be the simple, effective solution.
Using DHCP to make static addresses is like driving a tractor-trailer truck to borrow a cup of sugar from your neighbor.
-- Thanks, Shawn
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Shawn Holland schreef:
Sometimes you don't have the luxury of a perfect network where everyone is configured exactly how you want.
I use allow and deny statements to put specific mac addresses into a specific pool.
... Hi Shawn, I'm late in reading this thread, but I'm interested in your dhcp-configuration. I would also like to setup different ranges for different MAC-address-ranges, but for different purposes. We assemble devices with NIC's and need to test them. I could make a separate network, but I'm using my main network to hand out IP-addresses, but for those devices I'm giving addresses with very short leases (5 minutes), so they can be reused fast. I'm using this : class "short-lease" { match if substring (binary-to-ascii(16,8,":",hardware),0,9) = "1:0:1:c0:"; max-lease-time 600; default-lease-time 300; # range 192.168.4.1 192.168.4.20; log (info, concat("short lease : ",binary-to-ascii(16,8,":",hardware))); } but the "range" statement seems not to work, that's why it's commented out. I was reading about the pooling, but I don't fully understand it yet. -- Met vriendelijke groeten, Koenraad Lelong R&D Manager ACE electronics n.v. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Mon, 2008-05-19 at 09:53 +0200, Koenraad Lelong wrote:
Hi Shawn,
I'm late in reading this thread, but I'm interested in your dhcp-configuration. I would also like to setup different ranges for different MAC-address-ranges, but for different purposes. We assemble devices with NIC's and need to test them. I could make a separate network, but I'm using my main network to hand out IP-addresses, but for those devices I'm giving addresses with very short leases (5 minutes), so they can be reused fast. I'm using this : class "short-lease" { match if substring (binary-to-ascii(16,8,":",hardware),0,9) = "1:0:1:c0:"; max-lease-time 600; default-lease-time 300; # range 192.168.4.1 192.168.4.20; log (info, concat("short lease : ",binary-to-ascii(16,8,":",hardware))); } but the "range" statement seems not to work, that's why it's commented out. I was reading about the pooling, but I don't fully understand it yet. -- Met vriendelijke groeten, Koenraad Lelong R&D Manager ACE electronics n.v.
Sure no problem. This is strictly a test machine. I'm sure there are much more effective ways of doing this but it works great so far. If anyone would like to comment and make CONSTRUCTIVE criticism I would appreciate it. I read somewhere that subclassing is faster then classing. But I haven't done much to this config since I got it working. Also I use the substring (hardware, 1, 6) but I'm not overly sure exactly how it matches. I have to admit I just found this example and used it. If anyone could explain how it works that would be great too. Here you go: authoritative; option domain-name "sandara.ca"; ddns-update-style none; class "nat-range-1" { match if ( (substring (hardware, 1, 6) = 00:17:42:8e:f4:32) or (substring (hardware, 1, 6) = 00:17:42:8e:f4:33) ); } class "nat-range-2" { match if ( (substring (hardware, 1, 6) = 00:17:42:8e:f4:34) ); } class "route-range-1" { match if ( (substring (hardware, 1, 6) = 00:17:42:8e:f4:35) ); } shared-network clients { subnet 10.250.15.0 netmask 255.255.255.0 { pool { allow members of "nat-range-1"; range 10.250.15.20 10.250.15.54; option domain-name-servers 10.250.15.1; option routers 10.250.15.1; default-lease-time 20; max-lease-time 20; } } subnet 10.0.0.0 netmask 255.255.255.0 { pool { deny members of "nat-range-1"; deny members of "nat-range-2"; deny members of "route-range-1"; range 10.0.0.2 10.0.0.254; option domain-name-servers 10.0.0.1; option routers 10.0.0.1; default-lease-time 20; max-lease-time 20; } } subnet 172.16.1.0 netmask 255.255.255.0 { pool { allow members of "route-range-1"; range 172.16.1.2 172.16.1.254; option domain-name-servers 172.16.1.1; option routers 172.16.1.1; default-lease-time 20; max-lease-time 20; } } } -- Regards, Shawn Holland -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Mon, May 12, 2008 at 1:48 PM, Sam Clemens <clemens.sam1@gmail.com> wrote:
Shawn Holland wrote:
Hi,
My current setup has multiple IP ranges where I use mac filtering to specify what IP ranges specific computers will get. The same server will be the gateway to the Internet. What I am looking for is a way to enforce specific MAC Addresses to only be allowed to use specific IP's. Like I said above I have it locked down in DHCP, but its a simple matter of setting a static IP to bypass the dhcp server. I have been reading through SuSEfirewall2 and haven't found anything apparent that I could use to enforce this.
Can anyone point me in the right direction on how to use iptables / SuSEfirewall2 to only permit traffic from a mac address when its using a specific IP or IP Range?
With the amount of work it requires to get the mac address of a specific machine, why don't you just NOT USE DHCP and assign each machine a static address.
Unless you're constantly shuffling their IP addresses by hand, that would seem to be the simple, effective solution.
Using DHCP to make static addresses is like driving a tractor-trailer truck to borrow a cup of sugar from your neighbor.
1) First, assigning static ips does not help him control who uses what IP to gain access to a specific route. Any user could simply reset his own IP. 2) Second its only EASY to get all IPs if you shop is very small and the hardware is very stable. 3) Running a dhcp server is not inefficient, as you imply. It uses virtually no resoruces, is drop dead simple to set up and maintain. Besides, and in-house dhcp server has many additional side benefits to just handing out IPs. If any roaming laptops are involved, you will find a great deal of resistance from users that don't want to convert back and forth from static to dynamic each time the machine enteres or leaves the premises. Further with a dhcp server you can do nifty things like split dns so things like your internal Imap server appears at the appropriate interface depending on where you are (inside or outside). Same for company web servers. -- ----------JSA--------- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
John Andersen wrote:
On Mon, May 12, 2008 at 1:48 PM, Sam Clemens <clemens.sam1@gmail.com> wrote:
Shawn Holland wrote:
Hi,
My current setup has multiple IP ranges where I use mac filtering to specify what IP ranges specific computers will get. The same server will be the gateway to the Internet. What I am looking for is a way to enforce specific MAC Addresses to only be allowed to use specific IP's. Like I said above I have it locked down in DHCP, but its a simple matter of setting a static IP to bypass the dhcp server. I have been reading through SuSEfirewall2 and haven't found anything apparent that I could use to enforce this.
Can anyone point me in the right direction on how to use iptables / SuSEfirewall2 to only permit traffic from a mac address when its using a specific IP or IP Range?
With the amount of work it requires to get the mac address of a specific machine, why don't you just NOT USE DHCP and assign each machine a static address.
Unless you're constantly shuffling their IP addresses by hand, that would seem to be the simple, effective solution.
Using DHCP to make static addresses is like driving a tractor-trailer truck to borrow a cup of sugar from your neighbor.
1) First, assigning static ips does not help him control who uses what IP to gain access to a specific route. Any user could simply reset his own IP.
2) Second its only EASY to get all IPs if you shop is very small and the hardware is very stable.
3) Running a dhcp server is not inefficient, as you imply. It uses virtually no resoruces, is drop dead simple to set up and maintain.
I wasn't talking about CPU resources, I was talking about HIM... having to go around from machine to machine to collect MAC addresses...and then type them in.
Besides, and in-house dhcp server has many additional side benefits to just handing out IPs. If any roaming laptops are involved, you will find a great deal of resistance from users that don't want to convert back and forth from static to dynamic each time the machine enteres or leaves the premises.
Further with a dhcp server you can do nifty things like split dns so things like your internal Imap server appears at the appropriate interface depending on where you are (inside or outside). Same for company web servers.
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
I don't need to go around asking for MAC Addresses. I just need to enforce existing ones so that any unknown will not have access through the server until they are registered. The registration process and the obtaining of MAC addresses is of no concern here. Just the enforcement. -- Thanks, Shawn
I wasn't talking about CPU resources, I was talking about HIM... having to go around from machine to machine to collect MAC addresses...and then type them in.
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Monday 2008-05-12 at 18:36 -0300, Shawn Holland wrote:
I don't need to go around asking for MAC Addresses. I just need to enforce existing ones so that any unknown will not have access through the server until they are registered. The registration process and the obtaining of MAC addresses is of no concern here. Just the enforcement.
Not very good: if they can change their IPs, they can also change their MACs. You might have a script checking a table of IPs and MACs: if one changes, beep your beeper, and fire the employee. Hang him from the top mast, so the rest learn their possible fate :-p - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFIKMjxtTMYHG2NR9URAvEcAKCMJDc3KDW89fhAnj7aIeTgU3KPVgCfcq0n VR6E/T+8UWj2u++Ft7biSrk= =NRen -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Tue, 2008-05-13 at 00:47 +0200, Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
The Monday 2008-05-12 at 18:36 -0300, Shawn Holland wrote:
I don't need to go around asking for MAC Addresses. I just need to enforce existing ones so that any unknown will not have access through the server until they are registered. The registration process and the obtaining of MAC addresses is of no concern here. Just the enforcement.
Not very good: if they can change their IPs, they can also change their MACs.
You might have a script checking a table of IPs and MACs: if one changes, beep your beeper, and fire the employee. Hang him from the top mast, so the rest learn their possible fate :-p
- -- Cheers, Carlos E. R.
Yes this comes later. But for now I still need to figure out how to do this. I know the rules but I just can't seem to find where to put them. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
* Shawn Holland <sholland@sandara.ca> [05-12-08 19:03]:
On Tue, 2008-05-13 at 00:47 +0200, Carlos E. R. wrote:
You might have a script checking a table of IPs and MACs: if one changes, beep your beeper, and fire the employee. Hang him from the top mast, so the rest learn their possible fate :-p
Yes this comes later. But for now I still need to figure out how to do this.
I know the rules but I just can't seem to find where to put them.
in /etc/sysconfig/SuSEfirewall2 FW_CUSTOMRULES="/etc/sysconfig/scripts/SuSEfirewall2-custom" in /etc/sysconfig/scripts/SuSEfirewall2-custom put your custom rules -- Patrick Shanahan Plainfield, Indiana, USA HOG # US1244711 http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2 Registered Linux User #207535 @ http://counter.li.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Shawn Holland wrote:
I don't need to go around asking for MAC Addresses. I just need to enforce existing ones so that any unknown will not have access through the server until they are registered. The registration process and the obtaining of MAC addresses is of no concern here. Just the enforcement.
I seem to recall reading a while ago, about a method where any computer that wasn't registered with the dhcp server was blocked. So, you might be able to do something that way. Also, bear in mind that anything coming through a router will not have the original computer's mac. -- Use OpenOffice.org <http://www.openoffice.org> -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Tuesday 2008-05-13 at 07:27 -0400, James Knott wrote:
I seem to recall reading a while ago, about a method where any computer that wasn't registered with the dhcp server was blocked. So, you might be able to do something that way. Also, bear in mind that anything coming through a router will not have the original computer's mac.
I think there are switches with some intelligence: if the MAC changes on one of the ports, it is blocked. Something of the sort, I don't have the details. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFIKYI+tTMYHG2NR9URAq7/AJ9PVZmnZS2mgt+qgPZNVYI+33fp7wCfdjTk JzDL8J8BhbfHJh5pTXsGYhU= =Bp7j -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
The Tuesday 2008-05-13 at 07:27 -0400, James Knott wrote:
I seem to recall reading a while ago, about a method where any computer that wasn't registered with the dhcp server was blocked. So, you might be able to do something that way. Also, bear in mind that anything coming through a router will not have the original computer's mac.
I think there are switches with some intelligence: if the MAC changes on one of the ports, it is blocked. Something of the sort, I don't have the details.
nearly any wireless router do so (or can do) however be warned than fake Mac (HW) adress are easy: even virtualbox can setup any HW adress you want, and any wireless device begin by advertising the world with it Mac's, so stoling a Mac adress is extremely easy. jdd -- Jean-Daniel Dodin Président du CULTe www.culte.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Tuesday 2008-05-13 at 14:06 +0200, jdd sur free wrote:
I think there are switches with some intelligence: if the MAC changes on one of the ports, it is blocked. Something of the sort, I don't have the details.
nearly any wireless router do so (or can do)
however be warned than fake Mac (HW) adress are easy: even virtualbox can setup any HW adress you want, and any wireless device begin by advertising the world with it Mac's, so stoling a Mac adress is extremely easy.
Yes, but: - If the PC has the proper MAC, the dhcp gives the correct IP. - If the user sets another MAC, the switch denies entry. There remains the case that the user tries to force the wrong IP. I have heard of (windows) programs that scan the network with a list of IPs and corresponding MACs, reporting to the network manager if a discrepancy is found. It could be used to block that IP in the router. I think it could be done via arp and rarp and some scripting in cron. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFIKY50tTMYHG2NR9URAiniAKCRSv9gECq+82X7jABh1Sy64EofQQCeP3Uf v4mUw/j6JLGYtqwGmgJzSwY= =8cb+ -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Carlos E. R. wrote:
Yes, but:
- If the PC has the proper MAC, the dhcp gives the correct IP. - If the user sets another MAC, the switch denies entry.
How do you go about changing the MAC address Carlos? AFAIK, none of my network cards allow that. I've seen VoIP telephones which allowed MAC-mirroring and such. /Per Jessen, Zürich -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Tuesday 2008-05-13 at 15:24 +0200, Per Jessen wrote:
Carlos E. R. wrote:
Yes, but:
- If the PC has the proper MAC, the dhcp gives the correct IP. - If the user sets another MAC, the switch denies entry.
How do you go about changing the MAC address Carlos? AFAIK, none of my network cards allow that. I've seen VoIP telephones which allowed MAC-mirroring and such.
I don't know. I didn't have much chance to study the machine, it wasn't mine. I suppose you connect the new PC on a port, and previously you enter the switch configuration to open up that port. By port I mean the physical plug socket. After the new PC is working, you lock it up again. I think it was a Cisco switch, but I'm unsure. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFIKaRRtTMYHG2NR9URAp72AKCO6MjQBz+aYOcplYjNEQuzKz9figCfSXg8 n0TiWPmzu62LHSo208tJXTg= =yhd9 -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Per Jessen wrote:
Carlos E. R. wrote:
Yes, but:
- If the PC has the proper MAC, the dhcp gives the correct IP. - If the user sets another MAC, the switch denies entry.
How do you go about changing the MAC address Carlos? AFAIK, none of my network cards allow that. I've seen VoIP telephones which allowed MAC-mirroring and such.
here is one jdd -- Jean-Daniel Dodin Président du CULTe www.culte.org
jdd sur free wrote:
Per Jessen wrote:
Carlos E. R. wrote:
Yes, but:
- If the PC has the proper MAC, the dhcp gives the correct IP. - If the user sets another MAC, the switch denies entry.
How do you go about changing the MAC address Carlos? AFAIK, none of my network cards allow that. I've seen VoIP telephones which allowed MAC-mirroring and such.
here is one
jdd
jdd - very funny :-) Changing the MAC on a virtual NIC behind a NAT scheme doesn't count ... /Per Jessen, Zürich -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Per Jessen wrote:
jdd - very funny :-) Changing the MAC on a virtual NIC behind a NAT scheme doesn't count ...
nat is only an option, any net config have the same option. and virtual machine is exacltly seen as a normal one on the net It's only to quote that, alas, mac filter is of little value for security. large wap key should be nice for wireless, but for eth, the man in the middle attack is quite easy I see so many open nets, that... (I don't speak for you, of course) jdd -- Jean-Daniel Dodin Président du CULTe www.culte.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Tue, 2008-05-13 at 18:45 +0200, jdd sur free wrote:
Per Jessen wrote:
jdd - very funny :-) Changing the MAC on a virtual NIC behind a NAT scheme doesn't count ...
nat is only an option, any net config have the same option. and virtual machine is exacltly seen as a normal one on the net
It's only to quote that, alas, mac filter is of little value for security. large wap key should be nice for wireless, but for eth, the man in the middle attack is quite easy
I see so many open nets, that... (I don't speak for you, of course)
jdd
-- Jean-Daniel Dodin Président du CULTe www.culte.org
You could unique vlan each port so intercommunication cannot be done without going through the gateway at which time it can be filtered. You can also use the Bridge MIB (RFC1493)(mib-2.17.4.3.1) to validate what port a MAC is on and then use some programming to monitor if it moves or changes. Most switches support this feature out of the box. There are lots of different MAC filtering techniques that can be used effectively. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Shawn Holland wrote:
You could unique vlan each port so intercommunication cannot be done without going through the gateway at which time it can be filtered.
I know of a very large German datacenter that does just that. /Per Jessen, Zürich -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Tuesday 2008-05-13 at 15:24 +0200, Per Jessen wrote:
How do you go about changing the MAC address Carlos? AFAIK, none of my network cards allow that. I've seen VoIP telephones which allowed MAC-mirroring and such.
I didn't notice you were asking about how to change the MAC. Well, som cards came with a diskete with a configuration program for msdos that allows that change. Also, I have been told that you can change it in windows, going to network card properties somewhere. In linux... there was a mii-tool program that has dissapeared that I think could do it. I think it has been divided in several apps per card make: * /usr/sbin/3c515-diag * /usr/sbin/3c5x9setup * /usr/sbin/alta-diag * /usr/sbin/at1700-diag * /usr/sbin/atlantic * /usr/sbin/atp-diag * /usr/sbin/e21 * /usr/sbin/eepro100-diag * /usr/sbin/eexpress * /usr/sbin/epic-diag * /usr/sbin/ether-wake * /usr/sbin/hp+ * /usr/sbin/hp100vg-diag * /usr/sbin/mii-diag /usr/sbin/myson-diag * /usr/sbin/natsemi-diag * /usr/sbin/ne2k-diag * /usr/sbin/ne2k-pci-diag * /usr/sbin/ns820-diag * /usr/sbin/pci-config * /usr/sbin/pcnet-diag * /usr/sbin/rtl8139-diag * /usr/sbin/starfire-diag * /usr/sbin/tulip-diag * /usr/sbin/via-diag * /usr/sbin/vortex-diag * /usr/sbin/winbond-diag * /usr/sbin/yellowfin-diag Ah, look, "man netdiag": -H 01:23:45:67:89:AB Provide a new station ("Hardware") MAC address for the adapter. There you have! :-) Now, where is "netdiag" binary? :-? Maybe you have to choose the app for your make from the list above. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFIKfh3tTMYHG2NR9URAsi5AJ9Ww0RtlSwgFW2lQSECmgjb+KpMRgCffcOW dBga3WxXUxjlTXN1jfYjp8k= =xujf -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
# ip a show dev eth0 3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:13:8f:72:e3:e6 brd ff:ff:ff:ff:ff:ff inet 10.250.15.1/24 brd 10.250.15.255 scope global eth0 inet 172.16.1.1/24 brd 172.16.1.255 scope global eth0:Routed inet 10.0.0.1/24 brd 10.0.0.255 scope global eth0:nat2 # ifdown eth0 # ifconfig eth0 hw ether DE:FA:CE:DE:FA:CE # ip a show dev eth0 3: eth0: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether de:fa:ce:de:fa:ce brd ff:ff:ff:ff:ff:ff On Tue, 2008-05-13 at 22:22 +0200, Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
The Tuesday 2008-05-13 at 15:24 +0200, Per Jessen wrote:
How do you go about changing the MAC address Carlos? AFAIK, none of my network cards allow that. I've seen VoIP telephones which allowed MAC-mirroring and such.
I didn't notice you were asking about how to change the MAC.
Well, som cards came with a diskete with a configuration program for msdos that allows that change. Also, I have been told that you can change it in windows, going to network card properties somewhere.
In linux... there was a mii-tool program that has dissapeared that I think could do it. I think it has been divided in several apps per card make:
* /usr/sbin/3c515-diag * /usr/sbin/3c5x9setup * /usr/sbin/alta-diag * /usr/sbin/at1700-diag * /usr/sbin/atlantic * /usr/sbin/atp-diag * /usr/sbin/e21 * /usr/sbin/eepro100-diag * /usr/sbin/eexpress * /usr/sbin/epic-diag * /usr/sbin/ether-wake * /usr/sbin/hp+ * /usr/sbin/hp100vg-diag * /usr/sbin/mii-diag /usr/sbin/myson-diag * /usr/sbin/natsemi-diag * /usr/sbin/ne2k-diag * /usr/sbin/ne2k-pci-diag * /usr/sbin/ns820-diag * /usr/sbin/pci-config * /usr/sbin/pcnet-diag * /usr/sbin/rtl8139-diag * /usr/sbin/starfire-diag * /usr/sbin/tulip-diag * /usr/sbin/via-diag * /usr/sbin/vortex-diag * /usr/sbin/winbond-diag * /usr/sbin/yellowfin-diag
Ah, look, "man netdiag":
-H 01:23:45:67:89:AB Provide a new station ("Hardware") MAC address for the adapter.
There you have! :-)
Now, where is "netdiag" binary? :-? Maybe you have to choose the app for your make from the list above.
- -- Cheers, Carlos E. R.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux)
iD8DBQFIKfh3tTMYHG2NR9URAsi5AJ9Ww0RtlSwgFW2lQSECmgjb+KpMRgCffcOW dBga3WxXUxjlTXN1jfYjp8k= =xujf -----END PGP SIGNATURE-----
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Shawn Holland wrote:
# ip a show dev eth0 3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:13:8f:72:e3:e6 brd ff:ff:ff:ff:ff:ff inet 10.250.15.1/24 brd 10.250.15.255 scope global eth0 inet 172.16.1.1/24 brd 172.16.1.255 scope global eth0:Routed inet 10.0.0.1/24 brd 10.0.0.255 scope global eth0:nat2 # ifdown eth0 # ifconfig eth0 hw ether DE:FA:CE:DE:FA:CE # ip a show dev eth0 3: eth0: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether de:fa:ce:de:fa:ce brd ff:ff:ff:ff:ff:ff
Interesting - I didn't think that was possible. Does that actually change what goes on the wire too? I'm curious about your eth0 setup - what is the significance of:
inet 172.16.1.1/24 brd 172.16.1.255 scope global eth0:Routed inet 10.0.0.1/24 brd 10.0.0.255 scope global eth0:nat2
in particular, what does ':Routed' and ':nat2" indicate? /Per Jessen, Zürich -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Wed, 2008-05-14 at 08:33 +0200, Per Jessen wrote:
Shawn Holland wrote:
# ip a show dev eth0 3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:13:8f:72:e3:e6 brd ff:ff:ff:ff:ff:ff inet 10.250.15.1/24 brd 10.250.15.255 scope global eth0 inet 172.16.1.1/24 brd 172.16.1.255 scope global eth0:Routed inet 10.0.0.1/24 brd 10.0.0.255 scope global eth0:nat2 # ifdown eth0 # ifconfig eth0 hw ether DE:FA:CE:DE:FA:CE # ip a show dev eth0 3: eth0: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether de:fa:ce:de:fa:ce brd ff:ff:ff:ff:ff:ff
Interesting - I didn't think that was possible. Does that actually change what goes on the wire too?
From my ubuntu desktop you can see the arp entry update for my 10.3 server:
Before change: $ arp -an ? (192.168.1.103) at 00:02:44:21:35:21 [ether] on eth0 After change $ arp -an ? (192.168.1.103) at DE:FA:CE:DE:FA:CE [ether] on eth0 So yes it does change it and transmits across the wire.
I'm curious about your eth0 setup - what is the significance of:
inet 172.16.1.1/24 brd 172.16.1.255 scope global eth0:Routed inet 10.0.0.1/24 brd 10.0.0.255 scope global eth0:nat2
in particular, what does ':Routed' and ':nat2" indicate?
/Per Jessen, Zürich
That is just the names of the interfaces I setup. It is a (test) dhcp server for multiple scopes. -- Shawn Holland -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Shawn Holland wrote:
I'm curious about your eth0 setup - what is the significance of:
inet 172.16.1.1/24 brd 172.16.1.255 scope global eth0:Routed inet 10.0.0.1/24 brd 10.0.0.255 scope global eth0:nat2
in particular, what does ':Routed' and ':nat2" indicate?
/Per Jessen, Zürich
That is just the names of the interfaces I setup. It is a (test) dhcp server for multiple scopes.
Ah, I see - "eth0:Routed" is the name you see with 'ifconfig' ? I've pretty much stopped using ifconfig, I generally use just 'ip'. /Per Jessen, Zürich -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Wed, 2008-05-14 at 10:29 +0200, Per Jessen wrote:
Shawn Holland wrote:
I'm curious about your eth0 setup - what is the significance of:
inet 172.16.1.1/24 brd 172.16.1.255 scope global eth0:Routed inet 10.0.0.1/24 brd 10.0.0.255 scope global eth0:nat2
in particular, what does ':Routed' and ':nat2" indicate?
/Per Jessen, Zürich
That is just the names of the interfaces I setup. It is a (test) dhcp server for multiple scopes.
Ah, I see - "eth0:Routed" is the name you see with 'ifconfig' ? I've pretty much stopped using ifconfig, I generally use just 'ip'.
/Per Jessen, Zürich
Look at the snip a little closer :) # ip a show dev eth0 3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:13:8f:72:e3:e6 brd ff:ff:ff:ff:ff:ff inet 10.250.15.1/24 brd 10.250.15.255 scope global eth0 inet 172.16.1.1/24 brd 172.16.1.255 scope global eth0:Routed inet 10.0.0.1/24 brd 10.0.0.255 scope global eth0:nat2 # ifdown eth0 # ifconfig eth0 hw ether DE:FA:CE:DE:FA:CE # ip a show dev eth0 3: eth0: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether de:fa:ce:de:fa:ce brd ff:ff:ff:ff:ff:ffeth0 ifconfig was use to just set the MAC. ip was used to display the eth0 information. -- Regards, Shawn Holland -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Shawn Holland wrote:
Look at the snip a little closer :)
# ip a show dev eth0 3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:13:8f:72:e3:e6 brd ff:ff:ff:ff:ff:ff inet 10.250.15.1/24 brd 10.250.15.255 scope global eth0 inet 172.16.1.1/24 brd 172.16.1.255 scope global eth0:Routed inet 10.0.0.1/24 brd 10.0.0.255 scope global eth0:nat2
Hi Shawn, when I add addresses to eth0 using 'ip addr add n.n.n.n/xx dev eth0', I don't get to see them when I display the device with 'ifconfig'. I.e. the eth0 device is displayed with its original address, but not the newly added. If instead I add them with 'ifconfig eth0:nnn ....', ifconfig will display it too. That's why I thought your 'eth0:Routed' were adding using ifconfig - I certainly don't get any subdevice when I add them with 'ip addr add'. /Per Jessen, Zürich -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Wed, 2008-05-14 at 18:36 +0200, Per Jessen wrote:
Shawn Holland wrote:
Look at the snip a little closer :)
# ip a show dev eth0 3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:13:8f:72:e3:e6 brd ff:ff:ff:ff:ff:ff inet 10.250.15.1/24 brd 10.250.15.255 scope global eth0 inet 172.16.1.1/24 brd 172.16.1.255 scope global eth0:Routed inet 10.0.0.1/24 brd 10.0.0.255 scope global eth0:nat2
Hi Shawn,
when I add addresses to eth0 using 'ip addr add n.n.n.n/xx dev eth0', I don't get to see them when I display the device with 'ifconfig'. I.e. the eth0 device is displayed with its original address, but not the newly added.
If instead I add them with 'ifconfig eth0:nnn ....', ifconfig will display it too. That's why I thought your 'eth0:Routed' were adding using ifconfig - I certainly don't get any subdevice when I add them with 'ip addr add'.
/Per Jessen, Zürich
I set the above configuration up via YaST2. Typically I use ip addr add to do quick testing on IP addresses and then delete them. So I've never tried to name the sub-device. I only did it this time because it was an option in YaST2. I rarely use ifconfig. I only used it for that example because that's how I know to do it. I'm sure there are other ways but I figure why change, its easy and does exactly what I want :) -- Regards, Shawn Holland -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Shawn Holland wrote:
I set the above configuration up via YaST2.
Ah, that's got to be the difference then.
Typically I use ip addr add to do quick testing on IP addresses and then delete them. So I've never tried to name the sub-device. I only did it this time because it was an option in YaST2.
That's roughly what I do too, except I just create the /etc/sysconfig/network/ifcfg-NNNNN files manually afterwards. /Per Jessen, Zürich -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Per Jessen wrote:
Shawn Holland wrote:
[snip]
# ifconfig eth0 hw ether DE:FA:CE:DE:FA:CE # ip a show dev eth0 3: eth0: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether de:fa:ce:de:fa:ce brd ff:ff:ff:ff:ff:ff
Interesting - I didn't think that was possible. Does that actually change what goes on the wire too?
Yes, it does - just tested it. Seems to depend on the driver having that ability though. /Per Jessen, Zürich -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Per Jessen wrote:
Shawn Holland wrote:
# ip a show dev eth0 3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:13:8f:72:e3:e6 brd ff:ff:ff:ff:ff:ff inet 10.250.15.1/24 brd 10.250.15.255 scope global eth0 inet 172.16.1.1/24 brd 172.16.1.255 scope global eth0:Routed inet 10.0.0.1/24 brd 10.0.0.255 scope global eth0:nat2 # ifdown eth0 # ifconfig eth0 hw ether DE:FA:CE:DE:FA:CE # ip a show dev eth0 3: eth0: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether de:fa:ce:de:fa:ce brd ff:ff:ff:ff:ff:ff
Interesting - I didn't think that was possible. Does that actually change what goes on the wire too?
I have yet to have an ethernet device which could not have a user-defined MAC address. For one thing, some times a network card dies...and something is tied into the MAC address of the network card in a computer (example, software licensing keys sometimes use part of the MAC address in the key-generation algorithm). So, when replacing the network card... you need to force it to use the old MAC until you can get a new license key generated. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Sam Clemens wrote:
Per Jessen wrote:
Interesting - I didn't think that was possible. Does that actually change what goes on the wire too?
I have yet to have an ethernet device which could not have a user-defined MAC address.
Interesting. I was about to say I've definitely got a few, but then I tried out a 3COM card, an HP (with AMD PCnet32) and a DLink card - worked fine on all of them. /Per Jessen, Zürich -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Wednesday 2008-05-14 at 11:00 +0200, Per Jessen wrote:
Sam Clemens wrote:
Per Jessen wrote:
Interesting - I didn't think that was possible. Does that actually change what goes on the wire too?
I have yet to have an ethernet device which could not have a user-defined MAC address.
Interesting. I was about to say I've definitely got a few, but then I tried out a 3COM card, an HP (with AMD PCnet32) and a DLink card - worked fine on all of them.
Yet it is curious, isn't it? In every course about networks they say that the mac is fixed and not repeatable, that each card has a fixed number, a part which is the manufacturer number and a second part for the serial number. And later we learn that it is just rubbish and you can set up any number you choose. Funny! - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFILA4EtTMYHG2NR9URAkUSAKCUkNT2GR08PMIKrXaNpsvQIS6RWQCeKk3y ioaPgHMCH5t3OPdpSNdzyvA= =+HPY -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Carlos E. R. wrote:
In every course about networks they say that the mac is fixed and not repeatable, that each card has a fixed number, a part which is the manufacturer number and a second part for the serial number.
And later we learn that it is just rubbish and you can set up any number you choose.
only keep in mind that only the given one is unique :-). Sevral identical HW on the same net could do a pretty nice mess :-() jdd -- Jean-Daniel Dodin Président du CULTe www.culte.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Thu, 2008-05-15 at 12:18 +0200, Carlos E. R. wrote:
Yet it is curious, isn't it?
In every course about networks they say that the mac is fixed and not repeatable, that each card has a fixed number, a part which is the manufacturer number and a second part for the serial number.
And later we learn that it is just rubbish and you can set up any number you choose.
Funny!
- -- Cheers, Carlos E. R.
I use to work for a local ISP and we use to provide cheap little Realtek NIC's to the customers on a frequent basis. From time to time we came across NIC's that had the same MAC Address out of the box. So the illusion of no two devices ever having the same MAC Address is, like most things, only valid in a text book. -- Regards, Shawn Holland -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Thu, 15 May 2008 10:39:02 -0300 Shawn Holland <sholland@sandara.ca> wrote:
I use to work for a local ISP and we use to provide cheap little Realtek NIC's to the customers on a frequent basis. From time to time we came across NIC's that had the same MAC Address out of the box. So the illusion of no two devices ever having the same MAC Address is, like most things, only valid in a text book.
This is agreed. The MAC address is "supposed" to be unique, but not only it may be reused by some chip makers, but it also can easily be spoofed by routers, computers, and other devices. -- -- Jerry Feldman <gaf@blu.org> Boston Linux and Unix PGP key id: 537C5846 PGP Key fingerprint: 3D1B 8377 A3C0 A5F2 ECBB CA3B 4607 4319 537C 5846
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Thursday 2008-05-15 at 10:39 -0300, Shawn Holland wrote:
I use to work for a local ISP and we use to provide cheap little Realtek NIC's to the customers on a frequent basis. From time to time we came across NIC's that had the same MAC Address out of the box. So the illusion of no two devices ever having the same MAC Address is, like most things, only valid in a text book.
X'-) Shame on them :-) That reminds me. Not too long ago, some cable ISPs suplied service tied to a computer MAC. If you changed the computer, no service. If you added a router (to add more than a single machine), no service. You had to modify the router mac to trick them. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFILIz8tTMYHG2NR9URAtapAJ4/LIZd9xfHyk05+nUXnT3uMTxF2gCfecBB GYhU52J7d/DKAH/Zk1m8mOg= =pAAb -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
The Thursday 2008-05-15 at 10:39 -0300, Shawn Holland wrote:
I use to work for a local ISP and we use to provide cheap little Realtek NIC's to the customers on a frequent basis. From time to time we came across NIC's that had the same MAC Address out of the box. So the illusion of no two devices ever having the same MAC Address is, like most things, only valid in a text book.
X'-)
Shame on them :-)
That reminds me. Not too long ago, some cable ISPs suplied service tied to a computer MAC. If you changed the computer, no service. If you added a router (to add more than a single machine), no service. You had to modify the router mac to trick them.
Which is one of several reasons why MAC addresses are user-changeable. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
----- Original Message ----- From: "Sam Clemens" <clemens.sam1@gmail.com> To: <opensuse@opensuse.org> Sent: Thursday, May 15, 2008 3:26 PM Subject: Re: [opensuse] How to enforce IP's regardless of the clients setup.
Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
The Thursday 2008-05-15 at 10:39 -0300, Shawn Holland wrote:
I use to work for a local ISP and we use to provide cheap little Realtek NIC's to the customers on a frequent basis. From time to time we came across NIC's that had the same MAC Address out of the box. So the illusion of no two devices ever having the same MAC Address is, like most things, only valid in a text book.
X'-)
Shame on them :-)
That reminds me. Not too long ago, some cable ISPs suplied service tied to a computer MAC. If you changed the computer, no service. If you added a router (to add more than a single machine), no service. You had to modify the router mac to trick them.
Which is one of several reasons why MAC addresses are user-changeable.
The thing to take away from all this is not that MAC is useless. MAC is useful, merely it's not a security device. -- Brian K. White brian@aljex.com http://www.myspace.com/KEYofR +++++[>+++[>+++++>+++++++<<-]<-]>>+.>.+++++.+++++++.-.[>+<---]>++. filePro BBx Linux SCO FreeBSD #callahans Satriani Filk! -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
The Wednesday 2008-05-14 at 11:00 +0200, Per Jessen wrote:
Sam Clemens wrote:
Per Jessen wrote:
Interesting - I didn't think that was possible. Does that actually change what goes on the wire too?
I have yet to have an ethernet device which could not have a user-defined MAC address.
Interesting. I was about to say I've definitely got a few, but then I tried out a 3COM card, an HP (with AMD PCnet32) and a DLink card - worked fine on all of them.
Yet it is curious, isn't it?
In every course about networks they say that the mac is fixed and not repeatable, that each card has a fixed number, a part which is the manufacturer number and a second part for the serial number.
And later we learn that it is just rubbish and you can set up any number you choose.
A lot of people get confused on this and think a MAC address has to be unique world wide. No so. It only has to be unique on the local lan. Once a packet goes through a router, the original MAC is discarded and replaced by the one for the router interface. And of course, some interfaces, such as a PPP link don't even use a MAC address. BTW, some NIC manufactures have duplicated MACs, instead of obtaining a new blo0ck. Also, at one time MACs would be used for routing purposes and thus needed to be changeable. There were some networks, such as Arcnet, where there wasn't a fixed address, but instead 8 switches, to set the NIC address. IIRC, the 48 bit MAC addresses, that we all know and love, came in with ethernet and token ring networks. There is also a difference in the MAC address ranges assigned to those two network types. -- Use OpenOffice.org <http://www.openoffice.org> -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Thu, 2008-05-15 at 10:26 -0400, James Knott wrote:
A lot of people get confused on this and think a MAC address has to be unique world wide. No so. It only has to be unique on the local lan. Once a packet goes through a router, the original MAC is discarded and replaced by the one for the router interface. And of course, some interfaces, such as a PPP link don't even use a MAC address. BTW, some NIC manufactures have duplicated MACs, instead of obtaining a new blo0ck. Also, at one time MACs would be used for routing purposes and thus needed to be changeable. There were some networks, such as Arcnet, where there wasn't a fixed address, but instead 8 switches, to set the NIC address. IIRC, the 48 bit MAC addresses, that we all know and love, came in with ethernet and token ring networks. There is also a difference in the MAC address ranges assigned to those two network types.
That's my MAC Address history lesson for the day :) -- Regards, Shawn Holland -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
James Knott wrote:
In every course about networks they say that the mac is fixed and not repeatable, that each card has a fixed number, a part which is the manufacturer number and a second part for the serial number.
And later we learn that it is just rubbish and you can set up any number you choose.
A lot of people get confused on this and think a MAC address has to be unique world wide. No so. It only has to be unique on the local lan.
The MAC address is meant to be virtually unique worldwide. The three initial bytes are a manufacturer number assigned by the IEEE (see http://standards.ieee.org/regauth/oui/index.shtml), the three last bytes are for the manufacturers use - so really only 16.7mill possibilities per manufacturer. Some manufacturers have multiple IEEE OUIs, obviously allowing more unique ids. Others may reuse the range - if you only ship e.g. 100.000 units per month, you'll be through a range in about 14 years, which is quite probably way longer than the intended/expected lifetime of your hardware anyway. /Per Jessen, Zürich -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Per Jessen wrote:
James Knott wrote:
In every course about networks they say that the mac is fixed and not repeatable, that each card has a fixed number, a part which is the manufacturer number and a second part for the serial number.
And later we learn that it is just rubbish and you can set up any number you choose. A lot of people get confused on this and think a MAC address has to be unique world wide. No so. It only has to be unique on the local lan.
The MAC address is meant to be virtually unique worldwide. The three initial bytes are a manufacturer number assigned by the IEEE (see http://standards.ieee.org/regauth/oui/index.shtml), the three last bytes are for the manufacturers use - so really only 16.7mill possibilities per manufacturer. Some manufacturers have multiple IEEE OUIs, obviously allowing more unique ids. Others may reuse the range - if you only ship e.g. 100.000 units per month, you'll be through a range in about 14 years, which is quite probably way longer than the intended/expected lifetime of your hardware anyway.
I realize they're supposed to be unique, but from a practical perspective, provided they're not duplicated on your local lan, there's no problem. -- Use OpenOffice.org <http://www.openoffice.org> -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Thu, May 15, 2008 at 9:18 AM, James Knott <james.knott@rogers.com> wrote:
Per Jessen wrote:
James Knott wrote:
In every course about networks they say that the mac is fixed and not repeatable, that each card has a fixed number, a part which is the manufacturer number and a second part for the serial number.
And later we learn that it is just rubbish and you can set up any number you choose.
A lot of people get confused on this and think a MAC address has to be unique world wide. No so. It only has to be unique on the local lan.
The MAC address is meant to be virtually unique worldwide. The three initial bytes are a manufacturer number assigned by the IEEE (see http://standards.ieee.org/regauth/oui/index.shtml), the three last bytes are for the manufacturers use - so really only 16.7mill possibilities per manufacturer. Some manufacturers have multiple IEEE OUIs, obviously allowing more unique ids. Others may reuse the range - if you only ship e.g. 100.000 units per month, you'll be through a range in about 14 years, which is quite probably way longer than the intended/expected lifetime of your hardware anyway.
I realize they're supposed to be unique, but from a practical perspective, provided they're not duplicated on your local lan, there's no problem.
Is this still true with IPV6? Somewhere a long time ago I was lead to believe mac addresses became part of your ipv6 address, or did I dream this??/ -- ----------JSA--------- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Thursday 15 May 2008 19:32, John Andersen wrote:
On Thu, May 15, 2008 at 9:18 AM, James Knott <james.knott@rogers.com> wrote:
...
I realize they're supposed to be unique, but from a practical perspective, provided they're not duplicated on your local lan, there's no problem.
Is this still true with IPV6? Somewhere a long time ago I was lead to believe mac addresses became part of your ipv6 address, or did I dream this??/
If that were true in general, one could not decouple an IP (v6) address from a particular host and interface card. That would be a fundamental departure from the kind of flexibility of network configuration, definition and topology and seriously constrain network administration. It would seem to be a gross flaw in the design of an addresssing architecture for such a relationship between logical and physical addresses to be fixed in the IPv6 standard. According to <http://en.wikipedia.org/wiki/IPv6>, there is a common scheme for generating IPv6 addresses based on the MAC address through which a host is addressed, it does not appear to be an inherent or required characteristic of the IPv6 addressing scheme that this be done. There is also RFC 3041 that exists to "reduce the prospect of user identity being permanently tied to an IPv6 address." It "specifies a mechanism by which time-varying random bit strings can be used as interface circuit identifiers, replacing unchanging and traceable MAC addresses."
-- ----------JSA---------
Randall Schulz -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Thu, May 15, 2008 at 7:47 PM, Randall R Schulz <rschulz@sonic.net> wrote:
On Thursday 15 May 2008 19:32, John Andersen wrote:
On Thu, May 15, 2008 at 9:18 AM, James Knott <james.knott@rogers.com> wrote:
...
I realize they're supposed to be unique, but from a practical perspective, provided they're not duplicated on your local lan, there's no problem.
Is this still true with IPV6? Somewhere a long time ago I was lead to believe mac addresses became part of your ipv6 address, or did I dream this??/
According to <http://en.wikipedia.org/wiki/IPv6>, there is a common scheme for generating IPv6 addresses based on the MAC address through which a host is addressed, it does not appear to be an inherent or required characteristic of the IPv6 addressing scheme that this be done.
So it is somewhat true then...? If the common scheme is that mac address figures into the low end of your ipv6 IP, this would be more coupled that the current situation where only the immediate upstream router knows your mac address. If the full IPV6 address becomes visible across the net. It would tie you directly to a specific nic card from afar, where as currently you need local knowledge to obtain a mac address of someone behind a router. Example I found in one of my machines: eth0 Link encap:Ethernet HWaddr 00:0E:A6:3D:24:5A inet addr:206.xxx.xxx.xxx Bcast:206.xxx.xxx.255 Mask:255.255.192.0 inet6 addr: fe80::20e:a6ff:fe3d:245a/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Note that 3d:245a is the last portion (the thought to be unique portion) of the hardware mac 3D:24:5A I'm going to have to go read up on this again, Its been a couple years since I've messed with it. Not that this impinges on changing mac addresses. There was a changemac utility available for many years useful for stepping away from DOS attacks. -- ----------JSA--------- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
John Andersen wrote:
On Thu, May 15, 2008 at 7:47 PM, Randall R Schulz <rschulz@sonic.net> wrote:
On Thursday 15 May 2008 19:32, John Andersen wrote:
On Thu, May 15, 2008 at 9:18 AM, James Knott <james.knott@rogers.com>
wrote:
...
I realize they're supposed to be unique, but from a practical perspective, provided they're not duplicated on your local lan, there's no problem.
Is this still true with IPV6? Somewhere a long time ago I was lead to believe mac addresses became part of your ipv6 address, or did I dream this??/
According to <http://en.wikipedia.org/wiki/IPv6>, there is a common scheme for generating IPv6 addresses based on the MAC address through which a host is addressed, it does not appear to be an inherent or required characteristic of the IPv6 addressing scheme that this be done.
So it is somewhat true then...?
If the common scheme is that mac address figures into the low end of your ipv6 IP, this would be more coupled that the current situation where only the immediate upstream router knows your mac address.
If the full IPV6 address becomes visible across the net. It would tie you directly to a specific nic card from afar, where as currently you need local knowledge to obtain a mac address of someone behind a router.
Example I found in one of my machines:
eth0 Link encap:Ethernet HWaddr 00:0E:A6:3D:24:5A inet addr:206.xxx.xxx.xxx Bcast:206.xxx.xxx.255 Mask:255.255.192.0 inet6 addr: fe80::20e:a6ff:fe3d:245a/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Note that 3d:245a is the last portion (the thought to be unique portion) of the hardware mac 3D:24:5A
I'm going to have to go read up on this again, Its been a couple years since I've messed with it.
Not that this impinges on changing mac addresses. There was a changemac utility available for many years useful for stepping away from DOS attacks.
It would tie to a specific NIC, unless the MAC has been changed. However, who else would be in a position to know what computer that MAC pertains to. How does this compare with using a static or long term DHCP IP address directly on the internet? Either way, you have an address that can be traced back to some user. -- Use OpenOffice.org <http://www.openoffice.org> -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
John Andersen wrote:
On Thu, May 15, 2008 at 9:18 AM, James Knott <james.knott@rogers.com> wrote:
Per Jessen wrote:
James Knott wrote:
In every course about networks they say that the mac is fixed and not repeatable, that each card has a fixed number, a part which is the manufacturer number and a second part for the serial number.
And later we learn that it is just rubbish and you can set up any number you choose.
A lot of people get confused on this and think a MAC address has to be unique world wide. No so. It only has to be unique on the local lan.
The MAC address is meant to be virtually unique worldwide. The three initial bytes are a manufacturer number assigned by the IEEE (see http://standards.ieee.org/regauth/oui/index.shtml), the three last bytes are for the manufacturers use - so really only 16.7mill possibilities per manufacturer. Some manufacturers have multiple IEEE OUIs, obviously allowing more unique ids. Others may reuse the range - if you only ship e.g. 100.000 units per month, you'll be through a range in about 14 years, which is quite probably way longer than the intended/expected lifetime of your hardware anyway.
I realize they're supposed to be unique, but from a practical perspective, provided they're not duplicated on your local lan, there's no problem.
Is this still true with IPV6? Somewhere a long time ago I was lead to believe mac addresses became part of your ipv6 address, or did I dream this??/
It is true, but again not an issue. If you're on a different network, the rest of your address will be different. IPv6 also supports a local address used in a manner similar to RFC1918 addresses, but again they're local and not an issue if someone else uses them on another network. A MAC address is only 48 bits of the 128 bit IPv6 address. -- Use OpenOffice.org <http://www.openoffice.org> -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Thursday 2008-05-15 at 10:26 -0400, James Knott wrote:
Carlos E. R. wrote:
Yet it is curious, isn't it?
In every course about networks they say that the mac is fixed and not repeatable, that each card has a fixed number, a part which is the manufacturer number and a second part for the serial number.
And later we learn that it is just rubbish and you can set up any number you choose.
A lot of people get confused on this and think a MAC address has to be unique world wide. No so. It only has to be unique on the local lan. Once a packet goes through a router, the original MAC is discarded and replaced by the one for the router interface.
That's on tcp/ip networks. The cards were originally designed to be used without those "new" gadgets such as routers and on other types of networks. I mean, it is true we do not need the MAC to be universally unique, but they were designed thus. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFILIPwtTMYHG2NR9URAjdlAJ4tZ7hwoNBdiYDnHCYDRs6eaDrPSQCeK7DG NkL+0l69qJhdjBCrANGij68= =gR9W -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Thu, 2008-05-15 at 10:26 -0400, James Knott wrote:
A lot of people get confused on this and think a MAC address has to be unique world wide. No so. It only has to be unique on the local lan. Once a packet goes through a router, the original MAC is discarded and replaced by the one for the router interface. And of course, some interfaces, such as a PPP link don't even use a MAC address. BTW, some NIC manufactures have duplicated MACs, instead of obtaining a new blo0ck. Also, at one time MACs would be used for routing purposes and thus needed to be changeable. There were some networks, such as Arcnet, where there wasn't a fixed address, but instead 8 switches, to set the NIC address. IIRC, the 48 bit MAC addresses, that we all know and love, came in with ethernet and token ring networks. There is also a difference in the MAC address ranges assigned to those two network types.
Setting the mac-address has been possible for a long time on SUN-hardware. The MOBO-has an id-rom and the mac address is the combination of the SUN-pre-amble (00:08:20) followed by the bytes from the id-rom. So if your mobo had to be replaced, you had to move your id-rom also, and you still had the same mac-address. Ofcourse, you could do all kind of spoofing tricks as well with it.. hw -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
The Wednesday 2008-05-14 at 11:00 +0200, Per Jessen wrote:
Sam Clemens wrote:
Per Jessen wrote:
Interesting - I didn't think that was possible. Does that actually change what goes on the wire too?
I have yet to have an ethernet device which could not have a user-defined MAC address.
Interesting. I was about to say I've definitely got a few, but then I tried out a 3COM card, an HP (with AMD PCnet32) and a DLink card - worked fine on all of them.
Yet it is curious, isn't it?
In every course about networks they say that the mac is fixed and not repeatable, that each card has a fixed number, a part which is the manufacturer number and a second part for the serial number.
Well, the factory-installed MAC is non-volatile, and is formatted as described. But most modern NICS have a shadow-buffer for setting a replacement MAC.
And later we learn that it is just rubbish and you can set up any number you choose.
Funny!
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Carlos E. R. wrote:
- If the PC has the proper MAC, the dhcp gives the correct IP. - If the user sets another MAC, the switch denies entry.
in wireless (and it's enough some part of the net is wireless) you can do: listen the net. every wireless device *have* to announce it's mac. The other also, to have a dhcp answering... wait for this station to stop (evening or week end) connect wireless with *this* mac... you are in of course this don't take account of passwd. wep passwd can be (automatically) found by minutes. wap as said to be secure... jdd -- Jean-Daniel Dodin Président du CULTe www.culte.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Yes you can switch your MAC and IP and gain access the same as what that MAC and IP were using before. But I can't think of any outside solutions (non-local to the computer changing the MAC / IP) that could enforce restrictions. Basically your the same device as what was just using those MAC / IP. On topic again. I have successfully created a set of iptables rules that enforce IP's to MAC's. (only to the pool level) And I already have a mechanism that automates the process to my requirements. If anyone is interested: in /etc/sysconfig/scripts/SuSEfirewall2-custom inside fw_custom_before_masq() #To allow specific access to a mac and ensure it is on a specific network (stop static ip) iptables -A INPUT -j ACCEPT -s 10.10.10.0/24 -m mac --mac-source 00:17:42:8E:F4:32 #To allow unregistered range to talk to all services on the server iptables -A INPUT -j ACCEPT -s 10.0.0.0/24 -d 172.16.1.1/32 iptables -A INPUT -j ACCEPT -s 10.0.0.0/24 -d 10.10.10.1/32 #To deny unregistered range to talk to any registered ranges iptables -A INPUT -j DROP -s 10.0.0.0/24 -d 172.16.1.0/24 iptables -A INPUT -j DROP -s 10.0.0.0/24 -d 10.10.10.0/24 #To deny registered traffic by default (stop static ip) iptables -A INPUT -j DROP -s 10.10.10.0/24 iptables -A INPUT -j DROP -s 172.16.1.0/24 I have (just for testing purposes) the 172.16.1.0/24 range as a routed pool and the other 2 as a natted pool. The 10.0.0.0/24 range is an unregistered client range that is only masq'd for communication on DHCP, DNS, and port 80. I then force redirect on port 80 to port 3128 and using squid/squidGuard force through the local webserver in which they will be required to register. Then the registration process updates and moves them to a registered pool. Its all tested out by hand and works exactly how I need it. -- Regards, Shawn Holland On Tue, 2008-05-13 at 16:36 +0200, jdd sur free wrote:
Carlos E. R. wrote:
- If the PC has the proper MAC, the dhcp gives the correct IP. - If the user sets another MAC, the switch denies entry.
in wireless (and it's enough some part of the net is wireless) you can do:
listen the net. every wireless device *have* to announce it's mac. The other also, to have a dhcp answering...
wait for this station to stop (evening or week end)
connect wireless with *this* mac... you are in
of course this don't take account of passwd. wep passwd can be (automatically) found by minutes. wap as said to be secure...
jdd
-- Jean-Daniel Dodin Président du CULTe www.culte.org
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Tuesday 2008-05-13 at 14:06 +0200, jdd sur free wrote:
I think there are switches with some intelligence: if the MAC changes on one of the ports, it is blocked. Something of the sort, I don't have the details.
nearly any wireless router do so (or can do)
I forgot. I was thinking of wired switches. If you change the computer from a port to another, it is blocked. If a known MAC appears on the wrong port, it is blocked. If a new MAC appears it is blocked. Things like that. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFIKY8ctTMYHG2NR9URArmsAJ9A131TW3Zqo66NJw+Kz7o989rLEQCffqIN DhNcX3tU5eIUi0VI9BUWMMo= =xdu6 -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
James Knott wrote:
Shawn Holland wrote:
I don't need to go around asking for MAC Addresses. I just need to enforce existing ones so that any unknown will not have access through the server until they are registered. The registration process and the obtaining of MAC addresses is of no concern here. Just the enforcement.
I seem to recall reading a while ago, about a method where any computer that wasn't registered with the dhcp server was blocked.
You could always do a check of the dhcp leases file, and then generate iptables input to only allow those machines access to your gateway. /Per Jessen, Zürich -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Mon, May 12, 2008 at 2:29 PM, Sam Clemens <clemens.sam1@gmail.com> wrote:
I wasn't talking about CPU resources, I was talking about HIM... having to go around from machine to machine to collect MAC addresses...and then type them in.
Sam, the dhcp server collects them for you. Hook up new machine. After it boots it will have an entry in your dhcp leases file complete with mac address, and machine name. Edit dhcp config file and Copy copy paste paste, Done. Tell user to re-boot and they have your newly assigned static IP reserved for them at the dhcp server. This stuff is so simple even $50 wireless routers have this capability built in. -- ----------JSA--------- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Even simpler, have the default scope force a very short lease time. So after dhcpd.conf is updated within seconds they will have their new lease. No contact or input required by the end user. Then a little programming to create a mechanism that can automate the process so no input required by myself. So like I said obtaining the MAC and registering is arbitrary and of no concern to my question. -- Thanks, Shawn On Mon, 2008-05-12 at 14:48 -0700, John Andersen wrote:
On Mon, May 12, 2008 at 2:29 PM, Sam Clemens <clemens.sam1@gmail.com> wrote:
I wasn't talking about CPU resources, I was talking about HIM... having to go around from machine to machine to collect MAC addresses...and then type them in.
Sam, the dhcp server collects them for you.
Hook up new machine. After it boots it will have an entry in your dhcp leases file complete with mac address, and machine name.
Edit dhcp config file and Copy copy paste paste, Done.
Tell user to re-boot and they have your newly assigned static IP reserved for them at the dhcp server.
This stuff is so simple even $50 wireless routers have this capability built in.
-- ----------JSA---------
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
John Andersen wrote:
On Mon, May 12, 2008 at 2:29 PM, Sam Clemens <clemens.sam1@gmail.com> wrote:
I wasn't talking about CPU resources, I was talking about HIM... having to go around from machine to machine to collect MAC addresses...and then type them in.
Sam, the dhcp server collects them for you.
Hook up new machine. After it boots it will have an entry in your dhcp leases file complete with mac address, and machine name.
Edit dhcp config file and Copy copy paste paste, Done.
Tell user to re-boot and they have your newly assigned static IP reserved for them at the dhcp server.
This stuff is so simple even $50 wireless routers have this capability built in.
Interesting. I didn't realize this was done automatically. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Mon, 12 May 2008 14:48:12 -0700 "John Andersen" <jsamyth@gmail.com> wrote:
On Mon, May 12, 2008 at 2:29 PM, Sam Clemens <clemens.sam1@gmail.com> wrote:
I wasn't talking about CPU resources, I was talking about HIM... having to go around from machine to machine to collect MAC addresses...and then type them in.
Sam, the dhcp server collects them for you.
Hook up new machine. After it boots it will have an entry in your dhcp leases file to complete with mac address, and machine name.
Edit dhcp config file and Copy copy paste paste, Done.
Tell user to re-boot and they have your newly assigned static IP reserved for them at the dhcp server.
Well, windoze users can reboot, linux users merely need a quick "rcnetwork restart" and they're good to go. Joe -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Mon, 2008-05-12 at 15:28 -0700, joe@tmsusa.com wrote:
On Mon, 12 May 2008 14:48:12 -0700 "John Andersen" <jsamyth@gmail.com> wrote:
On Mon, May 12, 2008 at 2:29 PM, Sam Clemens <clemens.sam1@gmail.com> wrote:
I wasn't talking about CPU resources, I was talking about HIM... having to go around from machine to machine to collect MAC addresses...and then type them in.
Sam, the dhcp server collects them for you.
Hook up new machine. After it boots it will have an entry in your dhcp leases file to complete with mac address, and machine name.
Edit dhcp config file and Copy copy paste paste, Done.
Tell user to re-boot and they have your newly assigned static IP reserved for them at the dhcp server.
Well, windoze users can reboot, linux users merely need a quick "rcnetwork restart" and they're good to go.
Joe
ipconfig /renew || right click & repair -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Sam Clemens wrote:
I wasn't talking about CPU resources, I was talking about HIM... having to go around from machine to machine to collect MAC addresses...and then type them in.
It's not that difficult. Once a computer has a dhcp address, that mac info can be found in the dhcp server. In fact, on our dhcp server at work, I can select a mac address from the list on the dhcp server and then assign it a permanent IP, without leaving my desk. -- Use OpenOffice.org <http://www.openoffice.org> -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (14)
-
Brian K. White -
Carlos E. R. -
Hans Witvliet -
James Knott -
jdd sur free -
Jerry Feldman -
joe@tmsusa.com -
John Andersen -
Koenraad Lelong -
Patrick Shanahan -
Per Jessen -
Randall R Schulz -
Sam Clemens -
Shawn Holland