Community discussions

MikroTik App
 
digitec
just joined
Topic Author
Posts: 18
Joined: Wed Jan 31, 2018 3:13 pm

MikroTik RB951Ui-2nD Mac Server visible always

Sat May 05, 2018 1:03 pm

I have a problem to disable visibility of Mac Server. I have restricted firewall and disabled PING on Mac Server also tried disable Mac Server and let it open fo IP address only but I can not rid of visibility of internal Mac Server doing above things - I have this issues with the cheaper devices only. Is there any way to disable visibility or availability of Mac Server over my internal networks??? I’m on VLANs and each VLAN can see Mac Server. If restricted you can not connect but still visible - why the firewall which deny inputs does not work ? I’m begging so I probably do some stupid mistake - please help.

Roman
 
User avatar
MangleRule
Frequent Visitor
Frequent Visitor
Posts: 60
Joined: Mon May 07, 2018 1:05 am

Re: MikroTik RB951Ui-2nD Mac Server visible always

Mon May 07, 2018 1:31 am

MAC addresses are layer 2 so your firewall will not help you there. If you want to hide visibility, you can use the following commands:

/tool mac-server set [find] disabled=yes
/tool mac-server mac-winbox set [find] disabled=yes
/tool mac-server ping set enabled=no

You can also go into IP > Neighbors and remove all interfaces under discovery to prevent the router from participating in any of the discovery protocols.
MTCNAMTCREMTCINE | MTCTCE | MTCUME | UBWA
 
User avatar
MangleRule
Frequent Visitor
Frequent Visitor
Posts: 60
Joined: Mon May 07, 2018 1:05 am

Re: MikroTik RB951Ui-2nD Mac Server visible always

Tue May 08, 2018 8:52 pm

All MAC layer processes are Layer 2 so your firewall is not going to help you with anything. If you want to "secure" the router you can use the following:

# Disable MAC Telnet server on all interfaces
/tool mac-server set allowed-interface-list=none

# Disable MAC Winbox on all interfaces
/tool mac-server mac-winbox set allowed-interface-list=none

# Disable MAC ping
/tool mac-server ping set enabled=no

# Disable discovery protocols on all ports
/ip neighbor discovery-settings set discover-interface-list=none

After the above configuration, the MikroTik will not participate in neighbor discovery or show up under any of the mac-server tools. It would be advised depending on severity to have a management vlan where these services are turned on just in case you lose access to the router and you can't get console access.
MTCNAMTCREMTCINE | MTCTCE | MTCUME | UBWA

Who is online

Users browsing this forum: MSN [Bot], SandroVendramin and 91 guests