CRS3X LoopProtect Ideas for Responding

RouterOS General
1

So while testing here at an event where we provide wifi, I was tasked with handing out some internet on Untagged Access Ports, now what scares me at events like this sometimes.. is people like to bring their own stuff and when you leave they grab the cable you gave them and add a switch of some sort, while I am not good at ACLs or bridge filters at the moments what I would of liked to at least do is have some sort of Loop Protection or storm control to protect the network in the event of someone looping something off of a dumb switch. Now I was testing in office and this just not working on an interface that is grouped into the bridge. I do see that the lop does print out that it believe that is has the detected the loop. on the interface facing towards the issue.. At the moment Im running PRTG but will probably move to Zabbix mainly because of the cost. I was looking for a way to maybe send an SNMP alert to myself whenever the log found new loops (SINCE THE PORT WONT SHUT DOWN ITSELF!) I was not able to find a way to do this just tinkering around in ROS. So I decided to maybe find a script the would send an email or alert so that maybe if the network does get hit with something I have some glimmer of hope of being able to find it based on this email/or/alert.

I come here to you all, look for maybe ideas or just insight on what I might be able to do, I also did think of asking ChatGPT because I hate to say it, it has created solutions for me when I was not able to get any anywhere else, Ill post what I got from the Convo with GPT.

:local logMessage "bridge port received packet with own address as source address"
:local logEntry [:find [/log print as-value where message~"$logMessage"] 0]

# Check if the log entry exists
:if ($logEntry != "") do={
    :local messageText [/log get $logEntry message]
    :local time [/log get $logEntry time]
    /tool e-mail send to="your-email@example.com" subject="MikroTik Alert: Duplicate Address Detected" body=("Alert triggered at: " . $time . "\nMessage: " . $messageText)
}

Thank you!!

2

Ok this seems to be working for now.. lol.. I tried putting this on the Core switch and then testing on one of the switches out in the event.. the scheduler has it running every 30 seconds.. but I did get an email before anything went haywire.. but I did see on the CRS318 were I create the loop, rapidly spiking to 100% CPU..

this does also mean after the alert I have to clear the logs so I just dont get endless emails but at an event like these its just mayhem and not a typical troubleshooting environment.. at least an email I can maybe rush to check something.. its a grasp I know but its what I have at the moment..
The script doesn’t actually tell me where it’s coming from but I started struggling to get GPT to get that part right, so I took what I could get it, Event is tomorrow. but looking to have a better approach to this in the future.

Thank you everyone !!

:local logMessage "bridge port received packet with own address as source address";
:local foundLogs [/log find message~"$logMessage"];

:if ([:len $foundLogs] > 0) do={
    :log info "Match found, attempting to send email.";
    /tool e-mail send to="My@Email.com" subject="MikroTik Alert: Duplicate Address Detected" body="A bridge port has received a packet with its own address as the source. Please check the device for potential issues."
} else {
    :log info "No matching log entries found.";
}