How can you view the MAC address table of a HW offloaded bridge? For example on RB760iGS with v7.19.6

RouterOS General
1

Edit: the reason this didn't appear to work was because I had frame-types=admit-only-vlan-tagged on the bridge interface. See this post for details.

This has been discussed in an old thread from 2016, but that's so old that I don't think it applies to v7.

Feature request: ability to view MAC address table (FDB)

There is a newer topic Print mac address table in v7.6 or higher that suggests that using the command

interface ethenet switch host print

will print the L2 MAC address table from the switch chip. However, on RB760iGS running v7.19.6 that command produces a syntax error.

[demo@MikroTik] > system resource/print
                   uptime: 1d17h25m31s        
                  version: 7.19.6 (stable)    
               build-time: 2025-09-12 09:02:42
         factory-software: 6.46.4             
              free-memory: 196.0MiB           
             total-memory: 256.0MiB           
                      cpu: MIPS 1004Kc V2.15  
                cpu-count: 4                  
            cpu-frequency: 880MHz             
                 cpu-load: 6%                 
           free-hdd-space: 5.1MiB             
          total-hdd-space: 16.0MiB            
  write-sect-since-reboot: 410                
         write-sect-total: 20608              
        architecture-name: mmips              
               board-name: hEX S              
                 platform: MikroTik           
[demo@MikroTik] > system routerboard/print
       routerboard: yes         
        board-name: hEX S       
             model: RB760iGS    
     serial-number: ************
     firmware-type: mt7621L     
  factory-firmware: 6.46.4      
  current-firmware: 7.19.6      
  upgrade-firmware: 7.19.6      
[demo@MikroTik] > interface/bridge/host/
add     comment     disable     edit     enable     export     find     print     remove     reset     set     unset   
[demo@MikroTik] > interface/bridge/host/print
Flags: D - DYNAMIC; L - LOCAL
Columns: MAC-ADDRESS, VID, ON-INTERFACE, BRIDGE
#    MAC-ADDRESS        VID  ON-INTERFACE  BRIDGE
0 DL 8A:53:05:D4:02:46       bridge        bridge
1 DL DC:2C:6E:7B:10:F2       bridge        bridge
2 DL DC:2C:6E:7B:10:F2  199  bridge        bridge
3 DL DC:2C:6E:7B:10:F2  200  bridge        bridge
4 DL DC:2C:6E:7B:10:F2  210  bridge        bridge
[demo@MikroTik] > interface/ethernet/switch/host/print             
syntax error (line 1 column 31)
[demo@MikroTik] > interface/ethernet/switch/          
port     port-isolation     rule     edit     export     find     print     reset     reset-counters     set     unset   
[demo@MikroTik] > interface/ethernet/switch/host print
bad command name host (line 1 column 27)
[demo@MikroTik] >

I know the mac address table is available on the MT7621, because I have a Ubiquiti ER-X that is based on the same MT7621 SoC, and on it I can use the command

sudo switch dump

demo@ERX~$ sudo switch dump
hash  port(0:6)   fid   vid  age   mac-address     filter my_mac
03c:   ---- 1---    0   107    0  2af588932da2     -     -
050:   ---- --1-    0   101    0  f09fc2df8991     -     -
0a8:   --1- ----    0   107    0  48d6d595f7e1     -     -
128:   -1-- ----    0   107    0  008cfa23f0ad     -     -
134:   ---- 1---    0   107    0  34d2707bdebe     -     -
1a8:   ---- 1---    0   101    0  fcecdab9b44c     -     -
1ac:   --1- ----    0   101    0  989096e38f8b     -     -
1c0:   1--- ----    0  4088    0  00015c8d8246     -     -
1d0:   --1- ----    0   101    0  b0395697246f     -     -
1dc:   --1- ----    0   101    0  d80d17a21eb4     -     -
388:   ---- --1-    0  4088    0  001b115d7895     -     -
3c8:   ---- 1---    0   107    0  50f5da64bd83     -     -
67c:   --1- ----    0   107    0  f4f5d8bd32da     -     -
6d4:   --1- ----    0   107    0  b47c9c1f33fa     -     -
728:   --1- ----    0   101    0  b8ac6f42f160     -     -
72c:   --1- ----    0   193    0  d021f94818ae     -     -
734:   ---- 1---    0   107    0  7c2ebd4ae1f9     -     -
778:   --1- ----    0   107    0  b0fc0d78d461     -     -
7ac:   --1- ----    0   107    0  dca6320ab539     -     -
7b8:   --1- ----    0   101    0  d021f948168c     -     -
found the last entry 20 (not ready)
demo@ERX~$

/ip arp print does show the ip addresses an MAC (and port - which seems to indicate it is getting this info from the switch's MAC address table). However, it only shows MAC addresses that have been communicated with, and if you use tool ip-scan it will fill the arp table with failed entries that don't expire (until manually removed). It also won't display mac addresses that are not ip related.

The failed entries can be removed with /ip arp remove [ find where !complete ]

Does anyone know how to display the switch ASIC's L2 MAC address table on MikroTik routers with an integrated switch that has HWoffload enabled?

2

One of the commands you already typed above in your post:

/interface bridge host print

does show the list of MAC addresses that the bridge has learned. On the devices that I have with L2 HW active with different switch chips, including one RB750Gr3 that has the same switch chip as your hEX S, the table appears to be complete, with external hosts having the E flag.

1 Like
3

As usual, @CGGXANNX has the correct answer. The bridge fdb shown is inclusive of the fdb learned by the hw switch chip.

However, there are some additional things to be aware of. The implementation status of this is strictly dependent on the specific switch chip in your device. Just that it is available on the switch chip doesn’t mean that it’s supported in software. Additionally, for some switch chips the querying of the fdb is slow and causes disruption of other communication between the cpu and the switch, and for this reason Mikrotik has disabled this for some switch chips. For some, the number of queried (not learned) entries is limited.

Altogether, this feature is mostly only to be used for debugging.

2 Likes
4

Thanks to both @CGGXANNX and @lurker888 for confirming that it will work when HW offloading is active (at least on the RB760iGS and RB750Gr3). I was reasonably sure this used to work, but I had been trying some things out in the lab after this post by @lurker888, one of them being to have the pvid of the bridge use the same vlan as a vlan interface on the bridge (a deliberate "misconfiguration" that will work as long as the bridge interface has frame-types=admit-only-vlan-tagged). But after I finished that experiment and set the bridge pvid back to 1, I didn't set frame-types=admit-all again. So I wasn't seeing traffic from the untagged hosts. After resetting to receive all frame types, I am able to see the other hosts. Thanks!

I was just surprised when I tried viewing the bridge host table and it only had internal addresses listed. (related to my post about determining the port a host is connected through). And just learned another new thing today from @CGGXANNX post in that thread.

5

Did the "solved" plugin get removed? I don't see how to mark this topic as solved. It used to be there, see this post

Edit: The Solved option now appears; it was fixed here.

6

Just a clarification: when admit-only-vlan-tagged is selected, pvid is meaningless and is disregarded entitely. Any arbitrary value may present and is not a misconfiguration in any sense.

7

that's why I put "misconfiguration" in quotes. However, with so many available vlans, I see no reason to ever create a vlan interface using the same vlan id as is used by the pvid. Because if you don't have frame-types=admit-only-vlan-tagged, then it will cause problems.

8

Yep, I understood. Just with all the conflicting information out there I wanted to spell it out for posterity :slight_smile: