Hello, I’m using Mikrotik switches and routers for several months and i love flexibility of them. But sometimes i encounter weird issues and cannot resolve by googling or researching it on my own. My question is how can Winbox access router with just MAC address, without need of IP address. We know that ARP request needs src and dst MAC & IP address to find other devices on network, but for experiment i’ve set my PC and Router at different IP and Subnet, result is same Winbox can discover routeboard on neighbors tab. Can anyone explain this?
Someone here has a nice quote or Mark Twain in their automatic signature: “It ain’t what you don’t know that gets you into trouble. It’s what you know for sure that just ain’t so. “
The answer is quite simple, if you send a frame with some MAC address as a destination one over an L2-transparent network, a device with that MAC address will accept it no matter what ethertype and higher protocol layers that frame contains, and no matter what IP address the receiving device has. So to communicate, it is enough for two devices on an L2 segment to know each other’s MAC addresses, and support the same protocol for which MAC addresses are sufficient.
The other issue is how to discover the MAC address of the other device if you cannot read it on the label on the device; the tool here are various neighbor discovery protocols (the standard LLDP and the proprietary ones like C(isco)DP and M(ikrotik)NDP), which use multicast or even broadcast MAC addresses to get accepted by any device on the L2-transparent network. This is the same method which ARP uses - ARP sends the actual request to a broadcast MAC address too. The discovery protocols just carry another type of information than ARP: whereas ARP is used to translate a known IP address to a corresponding MAC address, the name “discovery” is slightly misleading, as the devices actually use these protocols to advertise various bits of information about themselves to all adjacent devices that support that particular discovery protocol, like their MAC address, vendor name, software version, IP address used for management, supported networking features etc. And the discovery protocols do not care much about the IP settings of the interface they run at (as they don’t need any IP address for their own operation). Every Mikrotik device sends MNDP frames from all interfaces where this functionality is permitted, regardless their IP configuration. See https://wiki.mikrotik.com/wiki/Manual:IP/Neighbor_discovery for details. Winbox listens to MNDP and builds the neighbor list based on MNDP packets received - if you disable neighbor discovery on the Mikrotik interface to which your PC is connected, Winbox will stop listing that device among neighbors, but it will still be able to connect if you enter the device’s MAC address manually.
In addition to the explanation already offered by sindy, I would like to add:
The MAC-level access in RouterOS DOES NOT USE IP.
So that is why the IP address does not matter. It is not the IP protocol that is being used. It is just raw ethernet frames that are used, the layer below IP and ARP.
RouterOS includes a proprietary protocol to communicate between the router and the PC. It uses only the source and destination MAC address, and it has a different
protocol type than IP so it is not mixed with it. There even is a way of routing this protocol, it is called RoMON.
It all is quite similar to how Novell NetWARE operated in the days before it used IP as intermediate layer.
Well… strictly speaking, the Winbox packets do have ethertype=0x800 and contain an IP and even a UDP header, but these headers are used in a specific way.
Novell Netware used IPX protocol which works at the network layer, i.e. Layer 3
The more correct way of describing is, the same as “Microsoft workgroup” networking used to work, i.e. Netbeui protocol
What I meant to say is that it is its own independent protocol not IP. I thought it used a separate ethertype and a RIP-like routing protocol similar to what was used in the NetWARE network.
However according to sindy that is not really true. I never researched it to the bottom layer, only noticed its operation (unaffected by any IP config, firewall, etc) and the fact that it does not transparently pass over some links.