Community discussions

MikroTik App
  4. RouterOS
  5. Forwarding Protocols

How to block neighbours Advertisment

Post Reply
 
ekpesinyang
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 73
Joined: Tue Apr 12, 2016 6:21 pm
Location: Uyo
Contact:
Contact ekpesinyang

How to block neighbours Advertisment

Sat Apr 28, 2018 7:34 pm

Pleaase i need assistance. I'm using a bridge interface on my mikrotik mant. I notice that client can see my mac address and ip when they view neighbours. How can I disable that on my bridge interface. I have tried using filters on bridge interface but it still not working. Please help me.
Top
 
msatter
Forum Guru
Forum Guru
Posts: 2942
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: How to block neighbours Advertisment

Sat Apr 28, 2018 8:47 pm

You can't block that. There was a recent discussing about that. There are postings in front and after it:

viewtopic.php?f=21&t=133533&hilit=Neigh ... 00#p656739
Top
 
User avatar
lbachero
newbie
Posts: 38
Joined: Wed Oct 08, 2014 4:39 pm
Location: Dublin
Contact:
Contact lbachero

Re: How to block neighbours Advertisment

Sat Apr 28, 2018 9:24 pm

Do you mean when your client goes in IP > NEIGHBOR and see your MAC and IP?
If that's it, you can disable the discover:
Code: Select all
/ip neighbor discovery set bridge-interface discover=no
Top
 
sri2007
Member Candidate
Member Candidate
Posts: 209
Joined: Wed May 20, 2015 10:14 pm
Location: Lake Grove, NY

Re: How to block neighbours Advertisment

Mon Apr 30, 2018 5:37 pm

Hi:
Do you mean when your client goes in IP > NEIGHBOR and see your MAC and IP?
If that's it, you can disable the discover:
Code: Select all
/ip neighbor discovery set bridge-interface discover=no
that's true, and you can block those packets with a firewall rule too (LLDP works with UDP/5678).
Top
 
hermawanherry
just joined
Posts: 4
Joined: Thu Jan 19, 2017 8:53 am

Re: How to block neighbours Advertisment

Fri May 24, 2019 8:53 pm

Hi:
Do you mean when your client goes in IP > NEIGHBOR and see your MAC and IP?
If that's it, you can disable the discover:
Code: Select all
/ip neighbor discovery set bridge-interface discover=no
that's true, and you can block those packets with a firewall rule too (LLDP works with UDP/5678).
how to block those packet with a firewall rule?
i set this "/ip firewall filter add chain=output action=drop src-port=5678 protocol=udp" but doesn't work ROS 6.44.3
Top
 
User avatar
vecernik87
Forum Veteran
Forum Veteran
Posts: 891
Joined: Fri Nov 10, 2017 8:19 am

Re: How to block neighbours Advertisment

Sat May 25, 2019 1:17 am

You can't do it with ip firewall. It works only with bridge filter. That means you must have the nterface in bridge, even if it is a single port bridge
Top
 
sri2007
Member Candidate
Member Candidate
Posts: 209
Joined: Wed May 20, 2015 10:14 pm
Location: Lake Grove, NY

Re: How to block neighbours Advertisment

Sat May 25, 2019 1:34 am

:shock: yep you're right... seems like that allow rule that I've configured in my firewall is useless :( ; however there's a new way of blocking neighbors directly at the /ip neighbors discovery-interface, using interface-lists, the steps are first add a new list named as you want (deny-mndp, it's my example); then you'll need to add interfaces at that list and finally you can set up a discovery rule by matching that interface list.

The commands will be like:

/interface list add name=deny-mndp
/interface list member add interface=bridge list=deny-mndp
/ip neighbor discovery-settings set discover-interface-list=!deny-mndp
Top
Post Reply

Who is online

Users browsing this forum: No registered users and 6 guests
  4. RouterOS
  5. Forwarding Protocols