MAC server section allows you to configure MAC Telnet Server, MAC WinBox Server and MAC Ping Server on RouterOS device.

MAC Telnet is used to provide access to a router that has no IP address set. It works just like IP telnet. MAC telnet is possible between two MikroTik RouterOS routers only.

MAC WinBox is used to provide Winbox access to the router via MAC address.

MAC Ping is used to allow MAC pings to the router's MAC address.

MAC-server settings are included in the "system" package.

MAC Telnet Server

It is possible to set MAC Telnet access to specific interfaces that are a part of the interface list:

[admin@device] /tool mac-server set allowed-interface-list=listBridge
[admin@device] /tool mac-server print
  allowed-interface-list: listBridge

In the example above, MAC Telnet is configured for the interface list "listBridge" and, as a result, MAC Telnet will only work via the interfaces that are members of the list (you can add multiple interfaces to the list).

To disable MAC Telnet access, issue the command (set "allowed-interface-list" to "none"):

[admin@device] /tool mac-server set allowed-interface-list=none
[admin@device] /tool mac-server print
  allowed-interface-list: none

You can check active MAC Telnet sessions (that the device accepted) with the command:

[admin@device] > tool mac-server sessions print
Columns: INTERFACE, SRC-ADDRESS, UPTIME
#  INTERFACE  SRC-ADDRESS        UPTIME
0  ether5     64:D1:54:FB:E3:E6  17s

MAC Telnet Client

When MAC Telnet Server is enabled, you can use another RouterOS device to connect to the server using the mac-telnet client:

[admin@device2] > tool mac-telnet B8:69:F4:7F:F2:E7    
Login: admin
Password: 
Trying B8:69:F4:7F:F2:E7...
Connected to B8:69:F4:7F:F2:E7




  MMM      MMM       KKK                          TTTTTTTTTTT      KKK
  MMMM    MMMM       KKK                          TTTTTTTTTTT      KKK
  MMM MMMM MMM  III  KKK  KKK  RRRRRR     OOOOOO      TTT     III  KKK  KKK
  MMM  MM  MMM  III  KKKKK     RRR  RRR  OOO  OOO     TTT     III  KKKKK
  MMM      MMM  III  KKK KKK   RRRRRR    OOO  OOO     TTT     III  KKK KKK
  MMM      MMM  III  KKK  KKK  RRR  RRR   OOOOOO      TTT     III  KKK  KKK

  MikroTik RouterOS 7.1rc3 (c) 1999-2021       https://www.mikrotik.com/

Press F1 for help
  
[admin@device] >

Change the MAC address accordingly (to your setup) and you should get into the server's CLI (as shown in the example above).

MAC Scan

Mac scan feature discovers all devices, which support MAC telnet protocol on the given network. The command requires you to select an interface that should be scanned:

[admin@Sw_Denissm] > tool mac-scan interface=all           
MAC-ADDRESS       ADDRESS                AGE
B8:69:F4:7F:F2:E7 192.168.69.1            26
2C:C8:1B:FD:F2:C3 192.168.69.3            56

In the example, above, all interfaces are chosen, and the scan will run infinitely unless stopped (by pressing "q").

You can also add a "duration" parameter that will dictate for how long the scan should go on:

[admin@Sw_Denissm] > tool mac-scan interface=all duration=1
MAC-ADDRESS       ADDRESS                AGE
B8:69:F4:7F:F2:E7 192.168.69.1            48
2C:C8:1B:FD:F2:C3 192.168.69.3            17

In the example above, we set the "duration" parameter to 1 second.

MAC WinBox Server

Same as with MAC Telnet, it is possible to set MAC WinBox access to specific interfaces that are a part of the interface list:

[admin@device] > tool mac-server mac-winbox set allowed-interface-list=listBridge 
[admin@device] > tool mac-server mac-winbox print                   
  allowed-interface-list: listBridge

In the example above, MAC WinBox access is configured for the interface list "listBridge" and, as a result, MAC WinBox will only work via the interfaces that are members of the list.

To disable MAC WinBox access, issue the command (set "allowed-interface-list" to "none"):

[admin@device] > tool mac-server mac-winbox set allowed-interface-list=none
[admin@device] > tool mac-server mac-winbox print                   
  allowed-interface-list: none

MAC Ping Server

MAC Ping Server can be either set to be "disabled" or "enabled":

[admin@device] > tool mac-server ping print
  enabled: yes

You can enable or disable MAC ping with the help of the commands (enable=yes → to enable the feature; enable=no → to disable the feature):

[admin@device] > tool mac-server ping set enabled=yes
[admin@device] > tool mac-server ping set enabled=no

When MAC Ping is enabled, other hosts on the same broadcast domain can use ping tool to ping the mac address. For example, you can issue the following command to check MAC ping results:

[admin@device] > /ping 00:0C:42:72:A1:B0
HOST                                    SIZE  TTL TIME  STATUS                                         
00:0C:42:72:A1:B0                       56        0ms  
00:0C:42:72:A1:B0                       56        0ms  
    sent=2 received=2 packet-loss=0% min-rtt=0ms avg-rtt=0ms max-rtt=0ms
  • No labels