Hi,
I have a mikrotik with a WAN ethernet link, a LAN ethernet link and a WiFi interface. The LAN/Wifi are bridged and IKEv2 clients come in via the WAN interface.
I have set up traffic flow to be sent to a collector:
/ip traffic-flow> print
enabled: yes
interfaces: all
cache-entries: 256k
active-flow-timeout: 1m
inactive-flow-timeout: 15s
This works, but traffic flowing between the bridge interfaces (e.g. WiFI ↔ LAN) is not captured. E.g my query of recorded data from WiFi client shows 0 bytes in lines it should not:
[b]Port Service Uploaded Downloaded Total[/b]
0 Unknown 45.41 KiB 45.41 KiB 90.82 KiB
53 dns 24.66 KiB 39.34 KiB 64.00 KiB
80 http 354.99 KiB 0.00 Bytes 0.00 Bytes
123 ntp 684.00 Bytes 0.00 Bytes 0.00 Bytes
443 https 640.25 KiB 0.00 Bytes 0.00 Bytes
4500 ipsec-nat-t 32.74 KiB 0.00 Bytes 0.00 Bytes
5223 hpvirtgrp 8.02 KiB 0.00 Bytes 0.00 Bytes
5228 hpvroom 3.51 KiB 0.00 Bytes 0.00 Bytes
The same query when used on a VPN client works fine. E.g:
Port Service Uploaded Downloaded Total
53 dns 19.49 KiB 39.11 KiB 58.60 KiB
80 http 3.04 KiB 0.00 Bytes 0.00 Bytes
123 ntp 2.08 KiB 0.00 Bytes 0.00 Bytes
443 https 240.22 KiB 180.77 KiB 420.99 KiB
4808 squid 677.77 KiB 1.87 MiB 2.53 MiB
32400 plex 21.25 KiB 63.25 KiB 84.51 KiB
52412 Unknown 0.00 Bytes 9.52 KiB 0.00 Bytes
Is there some limitation that prevents complete capture of netflow traffic flowing between bridged interfaces?
Regards,
Achelon