ISP router MAC address check

RouterOS Scripting
1

Hi,

I'm kinda new to MikroTik and I'm also not a scripting champion so please be patient :wink:

We have following scenario implemented at one of our regional offices:
MikroTik router connected to ISP switch via private IP and to ISP router via public IP (both over one link connected to switch).
There is also S2S IPsec VPN Tunnel from MikroTik router to the headquarters - another private IP connection and BGP running througt this tunnel.

network diagram:

MikroTik-regional-office.png
MikroTik-regional-office.png1066×582 37.7 KB

To get this setup working on MikroTik, we had to configure static ARP at MikroTik router for the public IP of ISP router:

/ip arp
add address=1.1.1.1 interface=ether1-gateway mac-address=00:AA:BB:CC:DD:EE

This is actually the MAC address of ISP switch interface (10.225.6.13/30).

Now the thing is that we want to be sure that our regional office stays connected even if ISP change its setup,
precisly - if the MAC address of their device gets changed (in case that they connect us to some other switch interface or diferrent switch).

That's why we have to implement a script, that will check the MAC address and if changed, it would also create a new static ARP entry for the public IP of ISP router that is a default gateway for the whole regional office LAN.

So far I was not successful :frowning:

Here's a scenario that I'm thinking of (but I can change it, of course):

  1. ping 10.225.6.13 every 5 minutes to have actual dynamic ARP entry (because it disapears after few minutes if not pinged)
  2. ip arp print + find 10.225.6.13 MAC address

3 D 10.225.6.13 00:AA:BB:CC:DD:EE ether1-gateway

3.A if MAC address did not changed do nothing
3.B if changed add new MAC to static arp:

add address=1.1.1.1 interface=ether1-gateway mac-address=

Here's what I've got so far:

/system script
add name=mac-checker-ping policy=ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api source="ping count=3 10.225.6.13"
add name=mac-checker policy=ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api source= {

:global currentMAC [/ip arp print terse where address=1.1.1.1 [find mac-address=$currentMAC]];
:global resolvedMAC [/ip arp print terse where address=10.225.6.13 [find mac-address=]];

:if ($resolvedMAC =$currentMAC) do=/log info "MAC-not-changed";

else do={
/ip arp add address=1.1.1.1 interface=ether1-gateway mac-address=$resolvedMAC;
/log info "Switch MAC updated";
}

}

/system scheduler
add interval=1m name=mac-checker-ping on-event=mac-checker-ping policy=ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api start-date=nov/28/2014 start-time=12:00:00
add interval=5m name=mac-checker on-event=mac-checker policy=ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api start-date=nov/28/2014 start-time=12:00:00

The main problem is that I don't know how exactly the "find" command is used here as it does not work the way I thought.

I would appreciate any help from MikroTik community.

Thanks a lot!

Vlastek

2

Hello,

I’m also starting to learn how to script, so I’m not an expert, but try this one, might work:

:local currentMAC [/ip arp get [/ip arp find address=1.1.1.1] mac-address]; 
:local resolvedMAC [/ip arp get [/ip arp find address=10.225.6.13] mac-address]; 

:if ($resolvedMAC != $currentMAC) do={
	/ip arp remove [/ip arp find address=1.1.1.1]; #I think it is necessary first to delete it and then add it
	/ip arp add address=1.1.1.1 interface=ether1-gateway mac-address=$resolvedMAC;
	:log info "Switch MAC updated";
}
else={
	:log info "MAC-not-changed";
}

please tell me if it works or not, or how you fixed it, so I can learn also :slight_smile:

3

Hi. Thanks a lot! Unfortunately I didn’t have time to test/implement it this week. Hopefully the next one. I’ll let you know!

4

I just implemented the script - it worked fine. Thanks a lot!