Community discussions

 
ashpri
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 99
Joined: Sun Oct 14, 2018 3:11 am

What is discover mactel mac-winbox line, in interface list member

Sat Oct 20, 2018 9:07 am

What is the significance of the following lines. It was there by default from ROS configured as dual-band home AP.

/interface list member
add interface="wlan1 - 2.4g" list=discover
add interface="wlan2 - 5g" list=discover
add interface=ether2 list=discover
add interface=ether3 list=discover
add interface=ether4 list=discover
add interface=ether5 list=discover
add interface=bridge1 list=discover
add interface=bridge1 list=mactel
add interface=bridge1 list=mac-winbox

I started a new config from zero, I did not put those lines in and so far everything seems to work. What are they for?
 
User avatar
xvo
Long time Member
Long time Member
Posts: 603
Joined: Sat Mar 03, 2018 1:12 am
Location: Moscow, Russia

Re: What is discover mactel mac-winbox line, in interface list member  [SOLVED]

Sat Oct 20, 2018 11:53 am

"discover" list is by default used to specify interfaces on which neighbour discovery works.
"mactel" list of interfaces from which mac-telnet server is availible.
"mac-winbox" the same for accessing the router by mac address in winbox.

If I remember correctly, on blank config all of this is allowed on all static interfaces, which is not very good for security.
This behaviour can be changed in /ip neighbor discovery-settings and /tool mac-server
But I strongly advise to have neighbour discovery and mac-winbox configured at least for one of the LAN ports - to have an emergency access to the router on L2 in case you somehow lock yourself up on L3.
 
ashpri
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 99
Joined: Sun Oct 14, 2018 3:11 am

Re: What is discover mactel mac-winbox line, in interface list member

Sat Oct 20, 2018 12:01 pm

1. If I remember correctly, on blank config all of this is allowed on all static interfaces, which is not very good for security.

2. But I strongly advise to have neighbour discovery and mac-winbox configured at least for one of the LAN ports - to have an emergency access to the router on L2 in case you somehow lock yourself up on L3.

1. Yes I have none of those and I can access via winbox.

2. Good tip thanks

Who is online

Users browsing this forum: No registered users and 29 guests