Hi guys!
Can anyone “to drop some light” on such a question like: what for is ARP-published feature? And why the MAC-address field becomes readonly when I choose it?
For the MAC address, you edit by the command line, I don’t know why it’s not accessible by Winbox, but as far as I know it’s never really been available.
ARP stands for address resolution protocol, it is used as part of IPv4 to tie MAC addresses to IP Addresses so that devices can communicate over layer2. The options available for ARP in a MikroTik are, and what they do is:
Disabled:do not reply to ARP requests on this interface
Enabled:reply to ARP requests normally on this interface
Proxy-arp:reply to all ARP requests on this interface as if you owned every IP address
Reply-only:only reply to ARP requests from MAC addresses that are in your ARP table on this interface
1 Like
I don’t quite understand. What do you mean saying “it’s never really been available”? And what benefits gives me “published” option when I’m editing MAC address from command line? I think this option is supposed to do something else…
Proxy-Arp.
Lots of info on the web.
I would recommend reading some text on internet what ARP is for, and about “proxy arp”.
When you don’t have detailed knowledge about ARP and a specific use case, you normally do not need to
configure anything in the ARP screen.
The question is not about the “arp” setting of interfaces. It’s about the “published” setting in “/ip arp” items, introduces somewhat silently in recent RouterOS versions, and which isn’t yet documented in the manual.
arpPublished.png
I wonder the same thing. There’s nothing on manual.
That’s exactly what I’ve meant!
ARP “pub” or published ARP = static ARP entry (proxy-arp).
So if I’m reading that correctly…
If on that item’s interface, the “arp” setting is “proxy-arp”, then “published=no” would mean the router won’t act as proxy-arp for that item, and “published=yes” would mean it will act as proxy-arp for it?
(And otherwise, this setting is ignored)
You’ll never see a dynamic ARP entry with pub flag set AFAIK, if there’s one It means you added a static entry for proxy-arp.
This can be useful in some situations like ppp tunnels (ages has passed since there’s no need for it) or for WOL to work for example.
The pub flag is to set static proxy-ARP entries. This gives you more granularity (no need to set proxy-arp on the interface itself for all the MACs to be proxy-arp’ed)
Almost two years passed, still no info in the manual.
MT guys, please make some official statement 
Just had to plug in a statement here;
In any local network where the networked devices are in the same IP subnet. You don’t really talk IP address to IP address, you actually talk MAC to MAC address - thus one of the reasons I really like Winbox.
There are a lot of basic network principles that are not in the manual.
You should know what “arp publish” is, and if not you should google for it…
It is a bit like proxy arp, but in this case it is a static ARP entry. So you make a static ARP
entry and when others query it, your router will answer with the info from the ARP entry. Hence “publish”.
I just have to make another plug here …
Know what happens when you have two different network cards with the same MAC address (aka same ARP) where both network cards are in the same subnet ?
I learned this one the hard way - a manufacturer of network cards sent me to cards with the same MAC.
Well that depends a bit on what the systems are exactly. When they are only hosts (not routers) and they use static addresses (no DHCP)
it can sort of work OK. Of course the CPU load will be higher as both systems receive the traffic for both of them, then discard it because
the destination IP is not their IP. (normally the ethernet hardware filters traffic based on MAC address but this obviously is the same)
However, when the systems are routers, use DHCP, or otherwise have more functionality it can be a big problem.
Some MikroTik users know about this because they restored backups from another router (e.g. as a starting point for configuration).
This will also copy the MAC address → funny problems.
If this is the real case, than this could go to the Wiki.
Very well explained.
Documentation from MikroTik would be appreciated, perhaps this is a bug?
We have a 10.1.1.0/28 subnet, where the router has 10.1.1.1, some hosts have 10.1.1.3 and 10.1.1.4. We route 10.1.1.2 to the nearest caching dns server, outside of this vlan.
Everything outside of the 10.1.1.0/29 subnet can communicate with either the hosts in the subnet or 10.1.1.2. Everything in the subnet, apart from the router, are unable to reach 10.1.1.2 as they don’t receive an arp query response.
Adding an additional IP to the router would result in it not forwarding traffic via the 10.1.1.2 host route. Packets with a destination IP present in that router are processed locally so traffic isn’t forwarded.
Enabling the local-proxy arp feature on the router’s interface for this subnet works perfectly, except that the router responds to any and all ARP queues, albeit within 10.1.1.0/29.
I would like to disable local-proxy arp and specifically only have the router respond to arp queries for it’s own IP and the 10.1.1.2 IP.
The following unfortunately does not work:
/ip arp add interface=hosting address=10.1.1.2 published=yes
If:
- 10.1.1.0/28 is on interface “hosting”
- this router has more specific route to 10.1.1.2
then it should work.
That is how it’s configured and it is working, but it requires the ‘hosting’ interface to be configured with ‘arp=local-proxy-arp’.
I would like to selectively proxy-arp, exclusively for 10.1.1.2. The IP ARP publish feature should do this, in that it should responds to ARP queries but doesn’t place this IP in the local address table (as would happen when adding a secondary IP), which would result in the router then routing according to the more specific route.
What people in this discussion are hoping for, is clarification from MikroTik on the ‘/ip arp add … published=yes’ feature. It currently doesn’t work, as we’ve assumed, but no one is sure if this is due to it being buggy.