I have a Router setup with RouterOS 6.38. It has a LAN Bridge that all the LAN ports are a part of, and a WAN interface. NAT, DHCP server on LAN - pretty basic setup.
Enabling Traffic Flow, I can see that both in IPFIX mode, and Netflow v9 mode, the exported data has a destinationMacAddress and a postSourceMacAddress field, but the MAC addresses in these fields are of the Mikrotik’s incoming interface, and the Mikrotik’s outgoing interface.
Is there any way to see the MAC address of the actual client device in these exports? Like the MAC address of the laptop on the LAN.
Maybe if I update RouterOS? Or switch to using Master/Slave instead of a bridge?
RouterOS 6.43.7 made changes to Netflow, which now shows the Source MAC of the devices on the LAN.
There’s no destination MAC for returning traffic, but you have the LAN IP of the LAN device, so it should be easy enough to create an in-memory map of LANIP<–>MAC on the Netflow collector.
The workaround you advise, while possible, is far from ideal. Did you ever open a ticket with Mikrotik on this? I did and it would be helpful if others would too. This is a bug and it would be most helpful to get it fixed. Please consider removing [solved] from your post as this is a bug that most definitely is not solved.