Dear all , i love mikrotik technology and i wish that i could use it for a big project that is starting.
i need a router that is able to receive a ping on the wan interface , look the source address and setup its ip with the other free of the subnet.
all the access are /30 and /31 subnets
i wonder if it is possible to do that with a script.
i know at least 2 vendors that implement this function but i don’t know Mikrotik.
This command will add all received ping src addresses to address list called “PING”
/ip firewall filter add chain=input action=add-src-to-address-list address-list=PING protocol=icmp
Scheduler will start the script at startup
/system scheduler add start-time=startup on-event={“Your script with while loop (some conditions)”; } name=“TEST”
Add disable command at the end of script, so when IP will be blaced, script will disable scheduler :
if (some conditions…) do={ /system scheduler disable [find name=TEST] }
it doesn’t work , the list remains empty.
if i set the ip address manually on the wan interface then the list will compile
it is more complicated , i have to watch into the arp request read the destination address and set it on the wan interface.
i found that packet sniffer can be useful but no idea how to script and manage data
Put a bogus IP on the ether1 interface like 169.254.0.1/16.
Then set the interface to arp=proxy-arp and route dst=0.0.0.0/0 type=blackhole distance=254
This would solve your problem without needing a sniffer.
Make your detection script remove these work-around items, and you’re set.
WARNING: This box would kill any network its ether1 is attached to, so be careful.
I’m assuming this is customer-site equipment… why not just use PPPoE to auto-assign IP addresses? (you wouldn’t need a /30 either)
If this is network infrastructure - it seems risky to have plug-and-play stuff on your ptp links…
this is the current provider network structure for “mpls VPN service” they don’t use PPPOE , we need a easy provisioning system.
once the router has been connected, from management site you can ping the wan connection and then connect to the router to complete the config and clear this feature.
i will try your solution Tomorrow.
thanks a lot for your help
No prob!
If this works, make sure the install techs know not to plug the WAN port into the customer’s (or new site’s) LAN, because it will reply to ARPs for anything - meaning that it will arp-poison an existing LAN.
i’m testing your config , but i miss something.
once i made the config i have to use firewall rules to catch the address???
i’m new to mikrotik scripting can you give me some more detail?
thanks in advance
I’ve gone looking for these other devices that use this method to configure themselves - so far, I’ve only found Epson printers…
You’ve given yourself quite a challenging script project to begin learning with… I’m not really a script guy so I can’t really help with the script’s logic of determining the “other IP” of a subnet, especially when the netmask is unknown. (saying that it’s /30 or /31 is pretty much “unknown.”)
If it’s gets 10.0.0.2 , for instance , then the "other IP is 10.0.0.1 if the netmask is /30, but it’s 10.0.0.3 if the netmask is /31
There’s no netmask information in the ping packet.
I’m betting these other vendors’ “ping me to set my IP” function is for LAN devices and assumes a /24 netmask most likely… Even the Epson instructions had to walk you through adding a static ARP entry in the computer that will do the ping… (which is what my proxy-arp suggestion eliminates the need for)
Why not just train the installer to go add the IP address to the WAN interface, or if you’re sending a router to a customer, why not pre-configure it?
i think i had not given all the information to you.
imagine this
[ ISP PE ] ------------Metro ethernet---------------[CPE]
ISP uses most of the time /30 PTP or /31
what we have to is that.
from the PE we will ping the other side of the PTP
so imagine that on the ISP edge we have 85.125.123.1/30
we send our ping to 85.125.123.2
my problem is reading the arp request and setup on the ethernet wan of the CPE 85.125.123.2
i know that is very difficult but if Tik router can do that we will use them for a big project.
other vendors do that on any type of interface ATM - ethernet - serial
Who are these “other vendors?”
I’ve never even heard of such a feature before - not being snotty here, just wondering if this is something the big boys do or something done by things you’d find on places like Alibaba.
HUAWEI and Tiesse here in italy do that. we use them every day.
feature name is
FAST PROVISIONING
http://support.huawei.com/enterprise/docinforeader.action?contentId=DOC1000061820&partNo=100102