ARP table: add dyn rec with same IP-MAC but another Intf.?

civilman · June 9, 2010, 8:30am

Dear community!

I have a mikrotik 4.10 installed and work fine. Need some help:

i collect ARP entry's and convert them from Dynamic - Static.
i have 2 interfaice name Wi-Fi (10.1.2.x) and Lan-eth-clients (172.16.220.x)
and a problem that in the ARP table i have for example static record IP=10.1.2.29, MAC=00:01:02:03:04:05, Interfaice=WiFi
and mikrotik add dynamic record with the same IP and MAC BUT wrong interfaice Lan-eth-clients.

Pls help! I don't understand why, try to search many forums, wiki, docs..... My braid... ahh!

Mikrotik config:
Flags: X - disabled, I - invalid, D - dynamic

ADDRESS NETWORK BROADCAST INTERFACE

0 10.10.100.200/24 10.10.100.0 10.10.100.255 netMGMT
1 10.1.2.254/24 10.1.2.0 10.1.2.255 Wi-Fi
2 192.168.3.10/24 192.168.3.0 192.168.3.255 server-DMZ
3 172.16.220.2/24 172.16.220.0 172.16.220.255 LAN-eth-clients
4 217.150.58.129/30 217.150.58.128 217.150.58.131 TTK-internet
5 62.33.222.3/24 62.33.222.0 62.33.222.255 servers-WIP
6 10.10.20.200/24 10.10.20.0 10.10.20.255 Wi-Fi
7 10.10.20.253/24 10.10.20.0 10.10.20.255 Wi-Fi
8 62.33.222.1/24 62.33.222.0 62.33.222.255 servers-WIP
9 62.33.222.254/30 62.33.222.252 62.33.222.255 TTK-internet

Flags: D - dynamic, X - disabled, R - running, S - slave

NAME TYPE MTU L2MTU

0 R ether1 ether 1500
1 R ether2 ether 1500
2 R netMGMT vlan 1500
3 R LAN-eth-clients vlan 1500
4 R server-DMZ vlan 1500
5 R TTK-internet vlan 1500
6 R servers-WIP vlan 1500
7 DR pppoe-in 1452
8 DR pppoe-in 1480
9 R Wi-Fi vlan 1500

good ARP:
226 10.1.2.29 00:19:CB:D3:DB:C8 Wi-Fi
wrong ARP: !!!!!!!!!!!!!
231 D 10.1.2.29 00:19:CB:D3:DB:C8 LAN-eth-clients

HELP!

sergejs · June 9, 2010, 9:15am

RouterOS adds ARP entry, because it sees such device on different network. I would recommend to check your local network configuration and make sure nothing is messed up (that allows clients to be present on another network).

civilman · June 9, 2010, 12:07pm

Thx for your answer.

I check up vlan configs but still don’t understand what wrong, cuz all vlan are separated…

I have another idea - all my interfaices run as “arp=enable” (i plan to switch to arp=reply-only to be more secure) can it affect wrong ARP entry?

And another one idea - here is my nat config:
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat action=src-nat to-addresses=62.33.222.3 src-address=172.16.220.0/24 out-interface=TTK-internet
1 chain=srcnat action=src-nat to-addresses=62.33.222.3 src-address=10.1.2.0/24 out-interface=TTK-internet
2 X chain=srcnat action=masquerade src-address=62.33.222.0/24 out-interface=TTK-internet
3 chain=srcnat action=masquerade src-address=10.1.2.0/24 out-interface=netMGMT
4 chain=srcnat action=masquerade src-address=172.16.220.0/24 out-interface=netMGMT
5 chain=srcnat action=masquerade src-address=10.1.2.0/24 out-interface=servers-WIP
6 chain=srcnat action=masquerade src-address=172.16.220.0/24 out-interface=servers-WIP
7 chain=srcnat action=masquerade src-address=10.10.20.0/24 out-interface=Wi-Fi
8 chain=srcnat action=masquerade src-address=172.16.220.0/24 out-interface=Wi-Fi
can it affect? or i miss understand something about arp & nat… i doubt about #8 record…

waiting for reply…

sergejs · June 9, 2010, 12:20pm

No, ARP=reply-only does not make any wrong entries.
Run sniffer on the router, and you will see that packets are coming from LAN interface.

civilman · June 9, 2010, 12:49pm

i run torch on both WiFi interf. and Lan-eth-clients interf. and i see some packets coming from VLAN interfaice WiFi from another subnet… 172.16.220.xxx BUT i don’t understand WHY they coming… i check almost all switches across network and did not see and miss-config…

Is there is any chance that mikrotik forward table do this? Or as i understad ARP is closer to L2 - so it is not..

Don’t know what to check for?!

sergejs · June 9, 2010, 1:35pm

ARP table just contains information about the ARP entries on the router.
It means there was particular requests on the specific network, run sniffer on the router and check the packets in/out on the interface, where you client IP should not appear.

changeip · June 9, 2010, 3:29pm

I spent weeks trying to convince a friend of this same problem. I told him YOU HAVE A MISCONFIGURATION. He kept telling me his vlans were setup properly. In the end they were not. Check your cabling and your vlan configuration, it’s leaking packets.

civilman · June 9, 2010, 6:24pm

I double check my configs…

So i have 1 main “server-room” sw (dlink) with some tagged & untagged vlan ports.
Also i have many other switches with typically 25-26 ports @ all vlans and other ports untagged.

So is there is any chance that IP Firewall forward table translate some packets to other vlan’s?
Or nat table with masqarade rule?!
Both no…

dunno what to check more ;(

Chupaka · June 9, 2010, 10:12pm

RouterOS cannot translate your packets from one interface to another, or something… are your switches managed? check their FDBs, look where you have that MAC address - so you will find where the misconfiguration is

civilman · June 10, 2010, 6:44am

Thx to all! With your’s help i solve the problem… Miss-config on main sw = wrong vlans!!!