Maybe this is a dumb question but I have to ask it.
ARP Timeout in IP Settings seem to be ignored. Right now it is at the default factory value (30sec). The reason I ask this is because I have the following situation:
- CCR1016-12G
- RouterOS 6.39 (stable)
- WAN on eth1, LAN on eth2 (srcnat, no firewall rules added yet)
- DHCS Server on eth2 192.168.0.x/24 (IP Pool limits it to 192.168.0.10-192.168.0.240 though) with some static leases defined
- eth2 interface is in ARP "enabled" mode, same is eth1
- DHCP has "Add ARP For Leases" enabled (not that it makes any difference in this case - I think)
Problem is that I had one DHCP client with static lease not getting an external connection (WAN1 so no Internet). After a little investigation, I found out that his static IP assigned with DCHP static lease was .154 but ARP table entry for that IP was with NULL MAC address (00:00:00...). Clearing the entry in in the ARP fixed it. But I went further and found the other threads about this issue (or feature -> *) arp - show incomplete ARP entries;" in v6.33.5 ROS).
Pinging an non-existing IP from LAN ads an ARP entry in the ARP table with 00:00:00:00:00:00 MAC Address which is ok since it's Mikrotick's way of saying there is no such thing as that IP on your LAN (as opposed to CISCO for example). But my problem is, how can I make an ARP entry expire (get cleared) much faster than it is now? Because right now it seems it takes minutes and not seconds to expire (as defined in IP-> Settings-> ARP Timeout). Right now anything from a net sniffer/scanner to a simple host ping can "take over" that IP messing with the DHCP static leases (DCHP clients receive leases that have 00:00:00:... in the ARP table of the router -> trouble).
The only thing that I can think of for such behavior can be the case where someone on the network is arp querying for that specific IP but what? Testing with any unalocated IP and the results are the same and I'm pretty sure there's no internal LAN scan/sniff taking place.
The static ARP entries + ARP mode reply-only is not a solution for me. I want to allow static DCHP leases+dynamic ones + static IP on LAN clients.
Can anybody point me in the right direction? What am I missing here? Why does RouterOS takes so long to clear an non-existing ARP IP-MAC entry and not 30secs as specified in settings?