Page 1 of 1

ARP Table

Posted: Thu Aug 01, 2024 7:16 pm
by David1212
Hello everyone,
I would like getting help with an issue in my microtik device.
I created rules between two computers connected to my device in order to block every communication between them. As I wish there is no communication between the two computers (check ping between them). When I run an arp -a command (after I try to communicate between the two computers) one of the computers actually sees the MAC address of the other computer.
Does anyone know what do I need to perform in my microtik device in order to block the registration in the arp table?

Re: ARP Table

Posted: Wed Sep 18, 2024 9:34 pm
by SQ9MDD
Blocking communication between two devices at the ARP level can be tricky because ARP is a fundamental network protocol used to map IP addresses to MAC addresses. Even if you block communication between devices (e.g., ping, traffic), ARP requests may still occur, and devices may cache the MAC addresses of each other.

Re: ARP Table

Posted: Wed Sep 18, 2024 11:36 pm
by patrikg
If you add a static arp entry from mac address to some bogus ip like localhost address 127.0.0.1, they could not connect to each other.

But if the device is like IPhone it's more tricky because of the change of it's mac address all the time.

Re: ARP Table

Posted: Thu Sep 19, 2024 1:19 am
by harrykale
Hi :)
Solution to Block ARP Registration on MikroTik

1. **Create Firewall Rules**:
- Go to **IP** > **Firewall**.
- Add rules to **drop** traffic:
- **Chain**: `forward`
- **Src. Address**: [IP of Computer 1]
- **Dst. Address**: [IP of Computer 2]
- Repeat for the reverse.

2. **ARP Settings**:
- Go to **IP** > **ARP**.
- Set ARP entries for both computers to **Reject**.

3. **Bridge Filters (if using a bridge)**:
- Go to **Bridge** > **Bridge Filters**.
- Add a filter to **drop** traffic on the relevant bridge interface.

### Test
Run `arp -a` on both computers to ensure they no longer see each other’s MAC addresses.

This should effectively block their communication at both IP and ARP levels. Let me know if you need further help!

Re: ARP Table

Posted: Thu Sep 19, 2024 4:04 am
by Buckeye
Does anyone know what do I need to perform in my microtik device in order to block the registration in the arp table?
This is a good example of the XY problem

What is ARP and why do we need it? Address Resolution Protocol (ARP)

Re: ARP Table

Posted: Wed Nov 13, 2024 11:59 pm
by voljka
Hello everyone,
I would like getting help with an issue in my microtik device.
I created rules between two computers connected to my device in order to block every communication between them. As I wish there is no communication between the two computers (check ping between them). When I run an arp -a command (after I try to communicate between the two computers) one of the computers actually sees the MAC address of the other computer.
Does anyone know what do I need to perform in my microtik device in order to block the registration in the arp table?
Put each PC in different VLAN. VLAN prevents any L2 conversation between them. Any data exchange may be possible only via L3 - Routing.
I assume, what original config was : two ethernet ports in one bridge?

Re: ARP Table

Posted: Thu Nov 14, 2024 12:15 pm
by oreggin
Bridge horizon might be a solution, although unfortunately it disables HW offload.

https://help.mikrotik.com/docs/spaces/R ... +Switching