Hello, As I am tidying up my network by segregating it into secure, general inet access and guest networks.
I would like to keep tabs on the MAC/IP addresses in my secure net. I do know how to do this, but keeping track of ethernet MAC addresses seems quite cumbersome in OpenBSD, not that it is more convenient in any other general purpose operating system but many interfaces for ex. routers make it easy to manage, especially MAC filtering. At the moment we have: /etc/ethers file #not the same as arp -s and arp -f !! arp -a output arp -s and arp -f input # not the same as /etc/ethers!! So what have I tried: ifconfig em0 -arp #in order to prevent discovery of unauthorized hosts arp -ad echo <MAC> <hostname> > /etc/ethers ping <hostname> - ping: sendmsg: Host is down arp -s <hostname> <MAC> ping <hostname> - response PS: after running ifconfig em0 -arp my Allied Telesis AT-GS950-16 managed switch took the link down and refuses to bring it back up on the same port without a reset. Other ports work fine. What can I do: Probably find some bloated program that introduces way more risc than the gain by keeping tabs on MAC addresses. Make a simple script that creates a hosts/unbound file and a file suitable for arp -f from a single master file containing MAC, IPv4 and hostname and then loads them. As I have already mentioned I can manage by myself, but it seems to me that this is something that a lot of people would want. Would it make sense to have arp read /etc/ethers? Is there another way than ifconfig em0 -arp to prevent auto-learning mac addresses from the ethernet network and have the mac addresses added as "static"? Awaiting imput if I am missing something, if there already is an elegant solution to my problem or if it is something that more people would like to have a solution for. Thanks, Dimitrios
