MikroTik

Community discussions
https://forum.mikrotik.com/

How to block neighbours Advertisment

https://forum.mikrotik.com/viewtopic.php?t=133798

Page 1 of 1

How to block neighbours Advertisment

Posted: Sat Apr 28, 2018 7:34 pm
by ekpesinyang
Pleaase i need assistance. I'm using a bridge interface on my mikrotik mant. I notice that client can see my mac address and ip when they view neighbours. How can I disable that on my bridge interface. I have tried using filters on bridge interface but it still not working. Please help me.

Re: How to block neighbours Advertisment

Posted: Sat Apr 28, 2018 8:47 pm
by msatter
You can't block that. There was a recent discussing about that. There are postings in front and after it:

viewtopic.php?f=21&t=133533&hilit=Neigh ... 00#p656739

Re: How to block neighbours Advertisment

Posted: Sat Apr 28, 2018 9:24 pm
by lbachero
Do you mean when your client goes in IP > NEIGHBOR and see your MAC and IP?
If that's it, you can disable the discover:
Code: Select all
/ip neighbor discovery set bridge-interface discover=no

Re: How to block neighbours Advertisment

Posted: Mon Apr 30, 2018 5:37 pm
by sri2007
Hi:
Do you mean when your client goes in IP > NEIGHBOR and see your MAC and IP?
If that's it, you can disable the discover:
Code: Select all
/ip neighbor discovery set bridge-interface discover=no
that's true, and you can block those packets with a firewall rule too (LLDP works with UDP/5678).

Re: How to block neighbours Advertisment

Posted: Fri May 24, 2019 8:53 pm
by hermawanherry
Hi:
Do you mean when your client goes in IP > NEIGHBOR and see your MAC and IP?
If that's it, you can disable the discover:
Code: Select all
/ip neighbor discovery set bridge-interface discover=no
that's true, and you can block those packets with a firewall rule too (LLDP works with UDP/5678).
how to block those packet with a firewall rule?
i set this "/ip firewall filter add chain=output action=drop src-port=5678 protocol=udp" but doesn't work ROS 6.44.3

Re: How to block neighbours Advertisment

Posted: Sat May 25, 2019 1:17 am
by vecernik87
You can't do it with ip firewall. It works only with bridge filter. That means you must have the nterface in bridge, even if it is a single port bridge

Re: How to block neighbours Advertisment

Posted: Sat May 25, 2019 1:34 am
by sri2007
:shock: yep you're right... seems like that allow rule that I've configured in my firewall is useless :( ; however there's a new way of blocking neighbors directly at the /ip neighbors discovery-interface, using interface-lists, the steps are first add a new list named as you want (deny-mndp, it's my example); then you'll need to add interfaces at that list and finally you can set up a discovery rule by matching that interface list.

The commands will be like:

/interface list add name=deny-mndp
/interface list member add interface=bridge list=deny-mndp
/ip neighbor discovery-settings set discover-interface-list=!deny-mndp
All times are UTC+02:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/