NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
LAN Set up, reserve two ips for same max address R7000P
I am setting up a couple apps, servers, etc, on my local network. For connectivity and additional security, and organization, I decided to reserve individual ips for each device that should connect...
Newtech888 wrote:
Thanks, I will reconsider, but my router has two ip addresses for the same mac address in the list of connected devices.Have you checked that?
Newtech888 wrote:
For connectivity and additional security, and organization, I decided to reserve individual ips for each device that should connect to my internal network using the MAC address. Also have control panel to block new connections automatically.
Reserved on the router or fixed on the devices?
I am unable to reserve a second ip without overriding the first ip for the mac. I don’t see any other option. I have experience in the field, but I am starting to get out of my zone of expertise.
You want to use the same IP address for different devices? Or some devices to use two IP addresses?
When doing this sort of thing, I leave Mac addresses to the router and rely on the IP addresses to manage connections.
If anybody has any additional tips on improving security I would also appreciate it. Thanks.
Do you have any reason to suspect that you have security holes that need blocking? It is very easy to get paranoid about security and to do things that actually break a network.
- Hi, thanks for answering,
Split up my response for each clarifying question.
1) I used the router as a dhcp server to assign IPs automatically. But I noticed that some devices had switched ips. Eg, device 1 had …1, device 2 had …2. On restart they switched. I have not setup a fixed static ip on the devices themselves yet. Wanted to get the router first. The devices, are set to get an auto ip from the router, so it looked like a good start. Some have fixed static, but mostly on vms.
2) yes I have some devices that can connect with Ethernet and a WiFi at the same time. The router provides the ip address for each connection. But it does not allow me to reserve two IPs for one MAC address. Intel Killer Ethernet, is the service that supports this.
3) yes and no. Like I mentioned I have experience, but mostly as dev with basic to intermediate network knowledge. I’ve been monitoring my network and researching to get a better understanding. There are two areas of concern.
A) I’ve found unrecognized MAC address connected to my network. All I have is control panel telling me that they are blocked. But I’m not sure how they were able to connect to my network. I’ve updated the password on multiple occasions. The modem, router, and WiFi. I’ve also seen several attempts to access my network from other mac addresses but were blocked, from my logs.
B) I’ve found multiple dos attacks on my logs. The ack, I’m pretty sure I know what they’re for a service that I am testing and they look fine. But I’m also getting fin. Which I’m read are real attacks, but old practices/methods.- Not supported, at least not on consumer NG routers. Can't have the same IP pointing to 2 different MACs
- It’s the opposite, I need two IPs for one MAC address.
Deal with the problem. Not someone's idea of how to fix it.
Newtech888 wrote:
B) I’ve found multiple dos attacks on my logs. The ack, I’m pretty sure I know what they’re for a service that I am testing and they look fine. But I’m also getting fin. Which I’m read are real attacks, but old practices/methods.If that's the problem, you may want to step back and think about the best way to tackle it.
Netgear's firmware is great at creating false reports of DoS attacks. Many of them are no such thing.
Search - NETGEAR Communities – DoS attacks
Use Whois.net to see who is behind some of them and you may find that they are from places like Facebook, Google, even your ISP.
Here is a useful tool for that task:
IPNetInfo: Retrieve IP Address Information from WHOIS servers
- Yes I’ve done this. That’s how I know that the ack types are fine. They’re coming from the right sources. It’s the fin scans. I’ve looked up the IPs and they’re coming from places like digital ocean or incapsula. I know what both of these are. I just don’t know why they would be accessing my network like that. Unless it’s a bad agent.
Not sure why you mean by
Deal with the problem. Not someone's idea of how to fix it.
But that’s what I’m trying to do.
Newtech888 wrote:
Hi, thanks for answering,
Split up my response for each clarifying question.
1) I used the router as a dhcp server to assign IPs automatically. But I noticed that some devices had switched ips. Eg, device 1 had …1, device 2 had …2. On restart they switched. I have not setup a fixed static ip on the devices themselves yet. Wanted to get the router first. The devices, are set to get an auto ip from the router, so it looked like a good start. Some have fixed static, but mostly on vms.
2) yes I have some devices that can connect with Ethernet and a WiFi at the same time. The router provides the ip address for each connection. But it does not allow me to reserve two IPs for one MAC address. Intel Killer Ethernet, is the service that supports this.
3) yes and no. Like I mentioned I have experience, but mostly as dev with basic to intermediate network knowledge. I’ve been monitoring my network and researching to get a better understanding. There are two areas of concern.
A) I’ve found unrecognized MAC address connected to my network. All I have is control panel telling me that they are blocked. But I’m not sure how they were able to connect to my network. I’ve updated the password on multiple occasions. The modem, router, and WiFi. I’ve also seen several attempts to access my network from other mac addresses but were blocked, from my logs.
B) I’ve found multiple dos attacks on my logs. The ack, I’m pretty sure I know what they’re for a service that I am testing and they look fine. But I’m also getting fin. Which I’m read are real attacks, but old practices/methods.You may want to re-visit your conclusion that your connecting device has only one MAC address. Most modems and most computers have multiple unique MAC addresses. Usually one for an Ethernet connection and one each for the 2.4 GHz and 5 GHz Wi-Fi radios.
- Thanks, I will reconsider, but my router has two ip addresses for the same mac address in the list of connected devices. It clearly shows me which one is Ethernet and which one is WiFi. Do you know why the router is doing that in this case?
