I have been seeing some of my Mikrotik AP broadcasting packets with ethernet protocol 9abe to ff:ff:ff:ff:ff:ff. I have searched and cannot find what this protocol is supposed to be, I assume it is a Mikrotik specific ethertype, as I have only seen it come from Routerboards running ROS. At first I thought it might be neighbor discovery, but I am not seeing these packets from all of the Mikrotik that have neighbor discovery enabled.
Does anyone know what ethertype 9abe is?
We are also just now seeing the same ethertype packets flooding about 0.4% of our network and they are also only coming from MikroTik access points (Metal 2SHPn).
I am also just as stumped on what they are - they are exactly 32 bytes in size and data is the same for every broadcast from the same device.
Qiet72
Here is a temporary fix/workaround until the source problem is fixed:
/interface bridge filter
add action=drop chain=input mac-protocol=0x9ABE
add action=drop chain=forward mac-protocol=0x9ABE
Regards,
Qiet72