Hello guys.
How could i turn off the neighbor discovery for every client on my network? Is that a possible way to do that?
I’ve tried filter rules, blocking port 5678, 4224 and 8291 with no success.
I can of course turn the discovery off in my device, but for example if a client adds another MK in his network, he will be able to see some devices on neighbors and even try to connect with mac-telnet.
Sorry for my bad english, i can try to elaborate more if needed.
Assuming you’re filtering all ingress traffic matching UDP port 5678, neighbor discovery should break. Can you post the configuration you’re using?
You’re talkinmg about clients - so I guess you provide Internet service?
And your client-facing network is basically just a L2 domain and you want to totally block discovery within this domain? So not just making your Tik devices invisible to them but also theirs from one another?
Then it depends on your client-facing switches to block these ports.
-Chris
If you want to check at client side, filtering rules works fine. Use this tool:
MikroTik Neighbor Discovery Protocol Tools
https://github.com/xmegz/MndpTray
I’d suggest creating an empty interface list and specifying it as the discover-interface-list in /ip/neighbor/discovery-settings
That’s easy to do using the command bellow:
/ip neighbor discovery-settings set discover-interface-list="replace with the interface list you want"
I suggest that you limit not only by neighbors but by MAC discovery too, using the command bellow:
/tool mac-server set allowed-interface-list="replace with the interface list you want"
/tool mac-server ping set enabled=no
/tool mac-server mac-winbox set allowed-interface-list="replace with the interface list you want"