Hello,
I need to disable MAC scanning from Winbox & neighbors on my client’s routers. We cannot disable the neighbor interfaces because the clients have complete access and could re-enable them.
Here’s my configuration.
On the clientside, a Mikrotik router performs a PPPoE call. This router is bridged to a radio device which, in turn, is bridged to an access point whose ethernet interface is connected to a bridge interface of an RB3011. In the RB3011, I have all of the sector’s access points and an EoIP tunnel to transfer the PPPoE call to the PPPoE server.
I have entered these bridge filters in the RB3011:
0 chain=forward action=drop mac-protocol=ip dst-port=5678 ip-protocol=udp log=no log-prefix=""
1 chain=input action=drop mac-protocol=ip dst-port=5678 ip-protocol=udp log=no log-prefix=""
2 chain=output action=drop mac-protocol=ip dst-port=5678 ip-protocol=udp log=no log-prefix=""
3 chain=input action=drop mac-protocol=ip dst-port=8291 ip-protocol=tcp log=no log-prefix=""
4 chain=forward action=drop mac-protocol=ip dst-port=8291 ip-protocol=tcp log=no log-prefix=""
I expected them to block MAC address scans but I still see the devices on the clientside.
What am I doing wrong?
Best,
Alessandro