Community discussions

 
alger
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 74
Joined: Tue Dec 19, 2006 12:35 pm
Location: Russia
Contact:

How to secure port on the switch?

Fri Nov 16, 2018 9:29 am

Hello

A simple network where RB2011 is used as a switch. How to make on ether1 it was possible to connect other switch only with the MAC address 11:11:11:11:11:11 on the port, without filtering the MAC addresses of the devices connected to switch1?
switch2011.jpg
You do not have the required permissions to view the files attached to this post.
Alexander
 
User avatar
sebastia
Forum Guru
Forum Guru
Posts: 1783
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: How to secure port on the switch?

Sat Nov 17, 2018 12:29 am

don't understand your question. Note that switches don't have macs only network devices.
 
User avatar
k6ccc
Member
Member
Posts: 479
Joined: Fri May 13, 2016 12:01 am
Location: Glendora, CA, USA (near Los Angeles)

Re: How to secure port on the switch?

Sat Nov 17, 2018 12:54 am

don't understand your question. Note that switches don't have macs only network devices.
Wow! I'm going to have to tell all my switches that they don't really have a MAC. That will be a shock to them. How do you suppose layer two works without a MAC?
RB750Gr3, RB750r2, CRS326-24G-2S (in SwitchOS), CSS326-24G-2S, CSS106-5G-1S, RB260GS
Not sure if I beat them in submission, or they beat me into submission


Jim
 
anav
Forum Guru
Forum Guru
Posts: 2969
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: How to secure port on the switch?

Sat Nov 17, 2018 1:14 am

Only MacDonalds switches have Mac's, their managed switches have Big Macs.
{Edit - my apologies for the non-North American audience members that did not relate to the McDonalds humour, or should I say my bad attempt at humour! :-) }
Last edited by anav on Sat Nov 17, 2018 5:01 pm, edited 1 time in total.
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
 
User avatar
sebastia
Forum Guru
Forum Guru
Posts: 1783
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: How to secure port on the switch?

Sat Nov 17, 2018 1:52 am

don't understand your question. Note that switches don't have macs only network devices.
Wow! I'm going to have to tell all my switches that they don't really have a MAC. That will be a shock to them. How do you suppose layer two works without a MAC?
I would suggest to go back to network school... And don't try to insult others, if you don't know any better either...
A switch in its pure form (as in unmanaged switch) doesn't have mac on it's ports. Only devices which actually participate in communication such as nics do.

This lesson was free of charge.
 
User avatar
vecernik87
Long time Member
Long time Member
Posts: 644
Joined: Fri Nov 10, 2017 8:19 am

Re: How to secure port on the switch?

Sat Nov 17, 2018 2:39 am

It does not really matter if switch has or does not have MAC. All it matters is, that switch does not modify packet - it just forward it to correct port.
So unless OP is talking about blocking communication of switch itself (that seems rather unusual, more likely he wants to block communication of devices which are behind that switch), then there is no way to find out from packet, whether it went through switch with mac 11:11:11:11:11:11 or 22:22:22:22:22:22.
 
anav
Forum Guru
Forum Guru
Posts: 2969
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: How to secure port on the switch?

Sat Nov 17, 2018 5:06 pm

I believe the question from the first response (sebastia) is the proper one. Understanding of the question is the key.

If the OP can explain what he/she is attempting to provide (without resorting to design or solution), or in other jargon, describe the use case, then we can start to apply networking acumen and mikrotik programming to see if there is a design/solution that fits. (by the way, the networking acumen and mikrotik programming is for others not me....... i just am interested in properly understanding the requirements first and foremost). I could care less about switch mac, switch cheese, or switchest witch in the east, until I understand the naked issues.
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
 
mkx
Forum Guru
Forum Guru
Posts: 2954
Joined: Thu Mar 03, 2016 10:23 pm

Re: How to secure port on the switch?

Sat Nov 17, 2018 5:44 pm

Until OP provides authentic explanation of his intentions ... I'll dare to speculate: he wants to make sure that physical device which connects directly to port ether1 of RB is indeed switch with it's management interface's MAC being 11:11:11:11:11:11 ...
I guess there's no fool proof way of doing it. As @sebastia already explained switches don't change packets on transit. If RB receives a packet with src MAC address of that switch it doesn't mean that there's no switching equipment in between (I'm pretty sure that a linux box with two NICs could be made to act as transparent bridge/switch that sniffs all traffic ... but one couldn't easily detect its presence).
BR,
Metod
 
anav
Forum Guru
Forum Guru
Posts: 2969
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: How to secure port on the switch?

Sat Nov 17, 2018 7:37 pm

Until OP provides authentic explanation of his intentions ... I'll dare to speculate:
So brave! ;-)
(a budding fiction novelist in the making too)
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)

Who is online

Users browsing this forum: No registered users and 75 guests