Community discussions

MikroTik App
 
dmfr
newbie
Topic Author
Posts: 44
Joined: Thu Oct 15, 2020 11:14 am

(feature request ?) ARP mode : local-proxy-arp + reply-only

Sun Oct 03, 2021 4:58 pm

Hello,
When configuring ARP mode on any interface (ethernet / vlan / bridge), it would be nice to select both modes :
  • local-proxy-arp
  • reply-only
Some kind of :
/interface/bridge
set [find where name="bridge"] arp=local-proxy-arp,reply-only
This behaviour would effectively implement router-side a complete IP guard protection, given that every down switch has port protection on all ports except upstream, while still allowing two clients of same network to communicate through the router.

There are some topics discussing that feature :
viewtopic.php?t=147816
viewtopic.php?t=21150
but somehow it doesn't work 100%, some ARP requests from unknown clients still populate RouterOS ARP table.

Or am I missing something ?
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: (feature request ?) ARP mode : local-proxy-arp + reply-only

Mon Oct 04, 2021 11:17 pm

+1, I would like to see this as well.

I've found the MAC address based filtering doesn't always work properly in the bridge filter. Trying to do a bridge filter to match just BPDU packets ends up matching packets that have completely different MAC addresses that should not be matched by the bridge filter rule. It seems to be a bug. I haven't tested in v7, it might behave differently with a newer ebtables version.

The easiest way for them to do this would probably be to make yet another setting that has them combined, something like local-proxy-arp-and-reply-only.
Last edited by mducharme on Wed Oct 06, 2021 5:03 am, edited 1 time in total.
 
User avatar
nz_monkey
Forum Guru
Forum Guru
Posts: 2095
Joined: Mon Jan 14, 2008 1:53 pm
Location: Over the Rainbow
Contact:

Re: (feature request ?) ARP mode : local-proxy-arp + reply-only

Tue Oct 05, 2021 5:43 am

+1

I worked with Mikrotik support to get local-proxy-arp added and then tried to get the combo, but never got anywhere with that request.
 
dmfr
newbie
Topic Author
Posts: 44
Joined: Thu Oct 15, 2020 11:14 am

Re: (feature request ?) ARP mode : local-proxy-arp + reply-only

Wed Oct 06, 2021 2:24 am

Opened SUP-62240 to highlight this request.
From an outside point of view, things are always easier... but I trust it would not be big work to implement as the two functions are already operational (for more than a decade).
 
TiboGLN
just joined
Posts: 1
Joined: Thu Oct 20, 2022 5:49 am

Re: (feature request ?) ARP mode : local-proxy-arp + reply-only

Thu Oct 20, 2022 5:53 am

+1

A moment later but would be very appreciated. I wondered if it could work using a bridge, setting the arp setting of the bridge to "reply only" and the interfaces of the bridge on "local-proxy-arp".

Any one tried ?

Who is online

Users browsing this forum: galp and 18 guests