Hello,
Is it possible to limit the number of learned MAC addresses per interface like with Cisco's switchport port-security maximum or mac-address-table limit commands?
OK, but I need allow 1 non-specific MAC on interface (to prevent users connect switch and expand lan) since port came up. Setting specific MAC in host table is not solution for me.This is possible on switch chips that are capable of ACL rules, you can find examples using CRS3xx and non-CRS1xx/CRS2xx devices here:
https://wiki.mikrotik.com/wiki/Manual:C ... t_Security
:local if "ether1"
if ([:len [/interface bridge host find where on-interface=$if]] > 30) do={
/interface ethernet set $if arp=disabled
} else={
/interface ethernet set $if arp=enabled
}
I think, this is not solution, because disabling arp on interface in bridge does not have any effect. But I haven't test it.Since many routers do not use switch chip, but bridges instead, this solution my work:
PS not tested.Code: Select all:local if "ether1" if ([:len [/interface bridge host find where on-interface=$if]] > 30) do={ /interface ethernet set $if arp=disabled } else={ /interface ethernet set $if arp=enabled }
Thanks, this is what I need. Unfortunately, this option is only for CRS1xx/2xx series switches, newer series (CRS3xx) hasn't it. And it is not included generally in bridge options usable for all RB.CRS125 has that option "learn-limit" https://wiki.mikrotik.com/wiki/Manual:C ... t_Settings
many of us will miss the CRS 1xx/2xx switches, a lot more versatile and powerful than CRS3xx.Thanks, this is what I need. Unfortunately, this option is only for CRS1xx/2xx series switches, newer series (CRS3xx) hasn't it. And it is not included generally in bridge options usable for all RB.CRS125 has that option "learn-limit" https://wiki.mikrotik.com/wiki/Manual:C ... t_Settings