I have a bridge, added multiple ethernet ports to it, forced MAC address using admin MAC and only added IP address on the bridge itself. Some devices randomly cannot ping gateway so I captured ARP messages on the bridge. I noticed the routerboard is sending ARP requests from multiple MAC addresses from admin MAC AND ports’ native MAC.
Board: RB3011 UiAS-RM
OS: RouterOS 6.42.1
(You can see multiple ARP requests stating itself to be 192.168.100.1 but they are actually from the same bridge. All devices are trusted so no possibility of ARP attack.)
Maybe you sould try set static admin mac on a bridge in order he will not send request from multiple macs. But better way, i think, is to switch off ports till this crap is over. And think what can do host behind that port.
I have set static admin MAC on the bridge long before this is happening.
Also setting the bridge ARP mode to reply-only has no effect (still duplicated ARP packets). Maybe a switch chip firmware bug?
[del]I’m suspecting the only bonding (LACP, layer 2 hashing) as the source of the problem. Removed the bonding interface and it is working fine for a while.[/del] I thought it was working because my computer caches ARP entry for a reasonable long time. It is still doing bad things.
Did you bridged eth interfaces in bonding interface and bond interface itself? If so, I suppose you shouldn’t do so. There are single eth interfaces and bonding interface must be bridged.
Do you have proxy arp enabled on some of interfaces in users direction? If users connected to your network with IP network without PPP, they must put IP address of gateway, not interface.
Carefully disable arp on users interfaces(I hope you connecting to router not on this interface) and see arp requests ends or not. If yes, manage dhcp arp inspection with arp reply-only property and create dhcp server with “Add arp for leases” option. After it dynamic arp records will appear only after user will get IP from DHCP server.
I have tried set arp mode to disabled or reply-only, it only disables the normal ARP messages sent from bridge MAC, no effect to these bad ARP messages sent from the port MAC.
