Community discussions

MikroTik App
 
sathackr
just joined
Topic Author
Posts: 22
Joined: Thu Dec 25, 2014 5:13 am

CRS-3xx Learn Limit/Lock on first

Thu Feb 20, 2020 7:23 pm

Hi,

We need to restrict learned mac addresses per port on CRS326 using RouterOS. This was a feature in CRS1xx/2xx, and apparently is a feature in CRS326 using SwOS (Port Lock->Lock on first>. However, SwOS is too limited in other areas for us, so we use RouterOS on these devices.

Is there no way to do this using RouterOS on these devices?

Thank you
 
mbovenka
Member
Member
Posts: 338
Joined: Mon Oct 14, 2019 10:14 am

Re: CRS-3xx Learn Limit/Lock on first

Thu Feb 20, 2020 8:58 pm

It's called 'port security' in RouterOS: https://wiki.mikrotik.com/wiki/Manual:C ... t_Security
 
sathackr
just joined
Topic Author
Posts: 22
Joined: Thu Dec 25, 2014 5:13 am

Re: CRS-3xx Learn Limit/Lock on first

Thu Feb 20, 2020 10:07 pm

Thank you for the reply -- but that's not quite what I'm looking for.

Lock on first (https://wiki.mikrotik.com/wiki/SwOS/CRS317#Forwarding) does not require knowledge beforehand of the mac address. The port security feature for RouterOS requires static port-to-mac mapping, which requires knowledge of the expected mac address on the port.

The specific scenario I'm trying to guard against is a customer connecting multiple devices via a switch(or backwards router) and being able to exhaust a DHCP pool. I can limit dhcp assigned per mac, but can't limit mac per port. And I won't always know the customer devices mac address.
 
mbovenka
Member
Member
Posts: 338
Joined: Mon Oct 14, 2019 10:14 am

Re: CRS-3xx Learn Limit/Lock on first

Thu Feb 20, 2020 10:24 pm

I was afraid you would say that :) You're right, it's not entirely the same, but it's as close as it gets in RouterOS, it seems.

But perhaps someone else has an idea.
 
Irco
just joined
Posts: 4
Joined: Wed Feb 26, 2020 11:52 pm

Re: CRS-3xx Learn Limit/Lock on first

Wed Mar 31, 2021 12:33 pm

I need the same. It´s possible to have this feature ( Lock on first) in CRS 326 with routerOs?
 
User avatar
gmsmstr
Trainer
Trainer
Posts: 982
Joined: Fri Jun 04, 2004 2:22 am
Location: St. Louis, MO
Contact:

Re: CRS-3xx Learn Limit/Lock on first

Tue Jul 20, 2021 8:34 am

bumping this. Need this feature :) learn in bridge port general tab should have auto/no/yes/1-4000,i.e. i cna tell it to learn 1 that's it.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: CRS-3xx Learn Limit/Lock on first

Tue Jul 20, 2021 1:02 pm

...I'm trying to guard against is a customer connecting multiple devices via a switch and being able to exhaust a DHCP pool...
DHCP Server with only one address on pool???

(or backwards router)
If use a Router with internal NAT you can not distinguish the devices with IP or with MAC, is everytime the same WAN MAC/IP and lock for single MAC or IP do not change nothing.
You can detect decreased TTL on packets from Router because the PC is not directly attached to the cable.
 
RcRaCk2k
Member Candidate
Member Candidate
Posts: 115
Joined: Mon May 07, 2012 10:40 pm

Re: CRS-3xx Learn Limit/Lock on first

Thu Jul 06, 2023 11:22 pm

+1 on that.

Max Mac-Addresses per Interface.

Such a simple feature. CISCO also supports that, but i dont want to buy a cisco switch for that type of feature.
 
User avatar
chechito
Forum Guru
Forum Guru
Posts: 2990
Joined: Sun Aug 24, 2014 3:14 am
Location: Bogota Colombia
Contact:

Re: CRS-3xx Learn Limit/Lock on first

Fri Jul 07, 2023 12:23 am

+1

Standard Feature in the industry, a must have on Switch using RouterOS
 
CTSsean
Frequent Visitor
Frequent Visitor
Posts: 61
Joined: Fri Sep 15, 2017 12:56 pm

Re: CRS-3xx Learn Limit/Lock on first

Thu Jul 20, 2023 7:08 pm

+1 on this... I'm not sure why this was available on CRS2x, but not CRS3x.

Who is online

Users browsing this forum: Amazon [Bot], Google [Bot], Majestic-12 [Bot], raphaps and 86 guests