What is discover mactel mac-winbox line, in interface list member

ashpri · October 20, 2018, 6:07am

What is the significance of the following lines. It was there by default from ROS configured as dual-band home AP.

/interface list member
add interface="wlan1 - 2.4g" list=discover
add interface="wlan2 - 5g" list=discover
add interface=ether2 list=discover
add interface=ether3 list=discover
add interface=ether4 list=discover
add interface=ether5 list=discover
add interface=bridge1 list=discover
add interface=bridge1 list=mactel
add interface=bridge1 list=mac-winbox

I started a new config from zero, I did not put those lines in and so far everything seems to work. What are they for?

xvo · October 20, 2018, 8:53am

“discover” list is by default used to specify interfaces on which neighbour discovery works.
“mactel” list of interfaces from which mac-telnet server is availible.
“mac-winbox” the same for accessing the router by mac address in winbox.

If I remember correctly, on blank config all of this is allowed on all static interfaces, which is not very good for security.
This behaviour can be changed in /ip neighbor discovery-settings and /tool mac-server
But I strongly advise to have neighbour discovery and mac-winbox configured at least for one of the LAN ports - to have an emergency access to the router on L2 in case you somehow lock yourself up on L3.

ashpri · October 20, 2018, 9:01am

Yes I have none of those and I can access via winbox.
Good tip thanks