I am use mikrotik router v2.9.27 and use winbox to control it .. can I hiding the MAC address to all user in my list to protect him from the network hackers that scanning the network to find all MAC address to person that in my network?
Can you explain it better?
If you hide the MAC address, how the device can comunicate each other?
what you mean’s to hide MAC address from winbox or neighbors viewer ?
maybe you need setting filter in interface bridge…
[admin@mikrotik] interface bridge> filter print
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; block discovery mikrotik
chain=forward in-interface=ether1 mac-protocol=ip dst-port=5678
ip-protocol=udp action=drop
1 ;;; block discovery mikrotik
chain=input in-interface=ether1 mac-protocol=ip dst-port=5678
ip-protocol=udp action=drop
2 ;;; block discovery mikrotik
chain=output mac-protocol=ip dst-port=5678 ip-protocol=udp action=drop
3 ;;; block discovery mikrotik
chain=input in-interface=ether1 mac-protocol=ip dst-port=8291
ip-protocol=tcp action=drop
4 ;;; block winbox mikrotik
chain=forward in-interface=ether1 mac-protocol=ip dst-port=8291
ip-protocol=tcp action=drop
5 ;;; block request DHCP
chain=input mac-protocol=ip dst-port=68 ip-protocol=udp action=drop
6 ;;; block request DHCP
chain=forward mac-protocol=ip dst-port=68 ip-protocol=udp action=drop
7 ;;; block request DHCP
chain=output mac-protocol=ip dst-port=68 ip-protocol=udp action=drop
I think blocking the DHCP isn’t good solution 
Better is to use broute to right MAC address and disable broadcasting CDP on “user interfaces”.
disable neighbor discovery in RouterOS
I tried to disable neighbor discovery in RouterOS but it didn’t work. Doing so winbox doesn’t show the router mac address where i disabled neighbor discovery but continue to show all the other mac address of the other equipements connected to the same network. Let me explain better my case:
I have 30 clients (antennas with RB 411 or RB SXT) connected to a RB433 configured in Ap bridge mode. Every antenna is configured with a bridge with the ethernet port and wlan port and a vlan configured on bridge1. Ip address of every antenna is configured on the vlan. If I connect a computer directly to the PoE of one antenna and click on “…” of winbox i see all the antennas connected to that network. Disabling neighbor discovery on RouterOS of the antenna where I’m connected to it’s not enough because winbox doesn’t show the antenna where I disabled neighbor discovery but continue to show all the other antennas of the network. I need to block the visualization of the other antennas too.
Do you have any suggestion? Thanks.
- please don’t raise very old topics. this discussion was from 2007.
- do you connect with wire or wireless when you see the other devices? procedure will be different
Sorry if I raised a very old topic. I connect with wire to the antenna where i disabled neighbor discovery and than I open winbox.
You connected cable to port 2 or 3 of RB433? Are the ports bridged or switched?
No, I’m connect to one of the client with RB411 or RBSXT not to the RB433. Please have a look to the attached schema. The configuration of all the devices is as mantioned before.
Solved. I’ve only activated the rule chain=forward mac-protocol=ip dst-port=5678
ip-protocol=udp action=drop in the bridge filter.
Nice to hear that you solved it. Yes, as I wanted to say, this situation is normal when all devices are in the same bridge. But you already found the filter solution, great!