Community discussions

MikroTik App
 
David1212
just joined
Topic Author
Posts: 1
Joined: Thu Aug 01, 2024 7:08 pm

ARP Table

Thu Aug 01, 2024 7:16 pm

Hello everyone,
I would like getting help with an issue in my microtik device.
I created rules between two computers connected to my device in order to block every communication between them. As I wish there is no communication between the two computers (check ping between them). When I run an arp -a command (after I try to communicate between the two computers) one of the computers actually sees the MAC address of the other computer.
Does anyone know what do I need to perform in my microtik device in order to block the registration in the arp table?
 
User avatar
SQ9MDD
just joined
Posts: 1
Joined: Sun Sep 01, 2024 10:47 am
Location: Poland
Contact:

Re: ARP Table

Wed Sep 18, 2024 9:34 pm

Blocking communication between two devices at the ARP level can be tricky because ARP is a fundamental network protocol used to map IP addresses to MAC addresses. Even if you block communication between devices (e.g., ping, traffic), ARP requests may still occur, and devices may cache the MAC addresses of each other.
 
User avatar
patrikg
Member
Member
Posts: 362
Joined: Thu Feb 07, 2013 6:38 pm
Location: Stockholm, Sweden

Re: ARP Table

Wed Sep 18, 2024 11:36 pm

If you add a static arp entry from mac address to some bogus ip like localhost address 127.0.0.1, they could not connect to each other.

But if the device is like IPhone it's more tricky because of the change of it's mac address all the time.
 
harrykale
just joined
Posts: 2
Joined: Thu Sep 19, 2024 1:06 am

Re: ARP Table

Thu Sep 19, 2024 1:19 am

Hi :)
Solution to Block ARP Registration on MikroTik

1. **Create Firewall Rules**:
- Go to **IP** > **Firewall**.
- Add rules to **drop** traffic:
- **Chain**: `forward`
- **Src. Address**: [IP of Computer 1]
- **Dst. Address**: [IP of Computer 2]
- Repeat for the reverse.

2. **ARP Settings**:
- Go to **IP** > **ARP**.
- Set ARP entries for both computers to **Reject**.

3. **Bridge Filters (if using a bridge)**:
- Go to **Bridge** > **Bridge Filters**.
- Add a filter to **drop** traffic on the relevant bridge interface.

### Test
Run `arp -a` on both computers to ensure they no longer see each other’s MAC addresses.

This should effectively block their communication at both IP and ARP levels. Let me know if you need further help!
 
User avatar
Buckeye
Forum Veteran
Forum Veteran
Posts: 906
Joined: Tue Sep 11, 2018 2:03 am
Location: Ohio, USA

Re: ARP Table

Thu Sep 19, 2024 4:04 am

Does anyone know what do I need to perform in my microtik device in order to block the registration in the arp table?
This is a good example of the XY problem

What is ARP and why do we need it? Address Resolution Protocol (ARP)
 
User avatar
voljka
newbie
Posts: 44
Joined: Tue Oct 27, 2009 4:34 pm

Re: ARP Table

Wed Nov 13, 2024 11:59 pm

Hello everyone,
I would like getting help with an issue in my microtik device.
I created rules between two computers connected to my device in order to block every communication between them. As I wish there is no communication between the two computers (check ping between them). When I run an arp -a command (after I try to communicate between the two computers) one of the computers actually sees the MAC address of the other computer.
Does anyone know what do I need to perform in my microtik device in order to block the registration in the arp table?
Put each PC in different VLAN. VLAN prevents any L2 conversation between them. Any data exchange may be possible only via L3 - Routing.
I assume, what original config was : two ethernet ports in one bridge?
 
oreggin
Member Candidate
Member Candidate
Posts: 201
Joined: Fri Oct 16, 2009 9:21 pm

Re: ARP Table

Thu Nov 14, 2024 12:15 pm

Bridge horizon might be a solution, although unfortunately it disables HW offload.

https://help.mikrotik.com/docs/spaces/R ... +Switching

Who is online

Users browsing this forum: jw1 and 4 guests