IP and MAC locking

Started by shaheen

IP and MAC locking   18 November 2009, 13:18

hi,

First of all your software rocks...

i use bwm on dedicated Pc running windows 2003 server r1.
i have 4 lan cards,my configuration is as follows:

(i have attached the image)
i have a static ip network with modem doing the NAT
The rule is applied on the interface facing toward the modem..
and the rules are Based on IP..
I have Short flood penalty enabled(800 in each) and my queue is 300
I have made a common rule to Block p2p on both interfaces

1)The Ip + Mac locking feature in version v2.9.16 is not working...
it worked for the first time for around 10 minutes or something and stopped. The users were able to use their internet even when their MAC address did not match the entered MAC...

2)the mac lookup feature doesn't work on the interface when the network consists of two different IP sets..

3)The live bandwidth preview function also doesn't show some clients graph although if they r using the internet..

And..
it would be really nice if it was possible to add more than one MAC address in the (require mac address match ) column because there are clients in my network who have more than one device on which they require internet on and it would really much easier to do this than giving a separate ip (since they pay for one IP)

smile
Attachments:
open | download – untitled.PNG (40.4 KB)

Ip + mac lock not working   20 November 2009, 21:48

You can create MAC groups with several MAC´s. In your ruleset you specify the group, not one individual MAC address. It works fine, try it.
You have both adsl modems bridged to the same LAN card? I don´t think the drawing is correct. LAN card no. 4 is not bridged?

The .101 range is a subnet of .100. If you want to have a completely different IP range, use 10.x.x.x or 172.x.x.x range.
Two different IP ranges on the same switch should be possible (switching is done based on hardware address, not IP), however some people prefer rather not to do it that way.

You should apply the rule on the LAN interface, not on the network card facing the modem.

Cheers,
Arthur.

Ip + mac lock not working   21 November 2009, 10:31

hi,
Thanks for the reply..

My mistake with the diagram...laugh
the bridging is as follows..
NIC 1<----> NIC 3
NIC 2<----> NIC 4


I had tried applying the rule on the network interface, But the bandwidth management doesn't seem to work properly (even the live bandwidth graph was'nt working). So since then i had started applying the rule on the network card facing the modem and it works as it should work normally..

well i was talking about the mac address match in ADVANCED -----> ADDITIONAL -----> require mac address Match..
In creating mac groups, i believe if the clients change their IP's,their internet should work even if their own IP's are blocked..
I really dont want clients interchanging their IP's, Because its really a pain in the neck getting IP conflicts all over the network beacuse of some smart guys trying to get higher speeds which has been allocated to other IP's

would using Ip's on the same subnet be a problem?
smile

Ip + mac lock not working   21 November 2009, 13:41

I don't know if the IP + MAC feature in BWM is working properly. I've tested this when was implemented, and is working with some trouble...

In my case, I do a Batch file linking every IP to especified MAC in my LAN (static mapping)

Example:

Make a Batch file like IPMAC.BAT and put in your Windows Startup

NOTEPAD IPMAC.BAT

----------------------------------------------- IPMAC.BAT----------------------------------------------- (not put this in the file)
:: JOHN
arp -s 192.168.0.2 00-0E-54-32-85-D0

:: PAUL
arp -s 192.168.0.6 00-0e-43-54-67-aa

:: RINGO and GEORGE (BEHIND AN ACCESS POINT IN CLIENT MODE) (if you not use, please disconsider)
arp -s 192.168.0.10 00-0e-43-54-78-e2 (mac of the access point)
arp -s 192.168.0.11 00-0e-43-54-78-e2 (mac of the access point)
----------------------------------------------- IPMAC.BAT----------------------------------------------- (not put this in the file)

NOTE: RINGO and GEORGE are using an access point to access your LAN, look, they share the same MAC, many access points not do a full transparent bridge, so, you can't see the MAC of the interfaces of the computers ot Ringo and George. You see only Access Point MAC.

In BWM, control your customers by IP. (this is very important)

I am waiting Andrew to do some modifications in IP+MAC in BWM. (see Sugestions for BWM 3.0)

Sorry my english, I am from brazil.

Cheers,

Lucas Alexandre

Ip + mac lock not working   23 November 2009, 11:34

That´s a good tip from Lucas. I think this will work for you.
In fact, what Lucas is doing with this batch file is modifying the ARP table on startup. He adds static entries with the option -s.
ARP is responsible for the IP-to-Physical address translation.

I have to confess that I never used double bridging in BWM. Perhaps Andrew can tell us if the software is capable to do that. That could be the reason the bandwidth graph is not working, as it normally monitors only one bridge, not two simultaneously.
In your case, instead of using two network cards I would rather use a router with dual WAN ports and load-balancing. Use only one bridge, because in the end both network cards connect to the same switch (3+4) as seen in your drawing.
And most important, make sure you have the windows firewalls turned off.

Cheers,
Arthur.

Sometimes you can get the answer faster if you try the forum search and/or have a look at the software user manual to see if your question has already been answered.

Our forum rules are simple:

  • Be polite.
  • Do not spam.
  • If possible, check your spelling and grammar.

Author:

Email:

Subject

A brief and informative title for your message, approximately 4–8 words:

     

Spam prevention: please enter the following code in the input field below.

 **    **  **      **  ********  **     **  ******** 
 ***   **  **  **  **  **    **  ***   ***  **       
 ****  **  **  **  **      **    **** ****  **       
 ** ** **  **  **  **     **     ** *** **  ******   
 **  ****  **  **  **    **      **     **  **       
 **   ***  **  **  **    **      **     **  **       
 **    **   ***  ***     **      **     **  ******** 

Message: