Address Lists for Tower Equipment


#1

Is there a way to generate an address list for ip’s assigned to the tower equipment.
The way we are blocking right now is that if the customer is not active, and doesn’t have an assigned speed they are blocked. but I don’t want to manually add the 400 ip’s for equipment, it would be great if I could create an address list based on tower assigned equpment ip’s. I’m sure theres a way I’m not seeing.

Thanks in advance,


#2

I think you check the IPs you want to block in the Inline devices?
https://company.sonar.software/network/provisioning/inline_devices


#3

Maybe someone else knows another way but I think I can make a custom report for you that would show all the Tower Equipment IPs and then we could probably create a script from this report to add those IPs to the address lists.
If no body else knows another way, I’ll have the report in your instance by the end of tomorrow.


#4

Assuming your infrastructure subnets are separate from customers, it would be best to just add allow rules into your MikroTik prior to any other rules that match on infrastructure subnets.

If you’re mixing customer IPs and infrastructure into the same subnets, this won’t work though.


#5

Yeah, we have a mixed ip infrastructure. i just didn’t want to manually add ip’s was hoping for a dynamic solution. Address Lists just needs a checkbox for ‘Infrastructure IP’s’ or ‘equipment assigned to site’ with a checkbox for each site. :thinking:


#6

Sonar wouldn’t send an IP in a network site to be blocked, only account. :man_shrugging:


#7

I think you are misinterpreting the problem, we block ALL unknown addresses at our edge from accessing the internet. Customers gain access if they have an associated package and are ‘Active’. the problem is that we are testing cloud services like UNMS (yes I know we can run it locally and we do, this is just a cloud services example) and our tower equipment (ip/hardware) associated to a towersite does not meet that criteria and is therefore blocked. If I could create an address list of associated tower equipment, I could then create rules to allowed this specific list of ip’s to access specific external address’.

I guess using my own logic, i could whitelist the destination of the cloudservice instead and not need to create an address list at all. :thinking:


#8

The correct solution to this is to separate your management network from your access network.


#9

If you know the IP address and MAC address you want to assign it to, you can use the importer to do your IP assignments to equipment.