Page tree

Summary

Neighbor Discovery protocols allow us to find devices compatible with MNDP (MikroTik Neighbor Discovery Protocol), CDP (Cisco Discovery Protocol), or LLDP (Link Layer Discovery Protocol) in the Layer2 broadcast domain. It can be used to map out your network.

Neighbor list

The neighbor list shows all discovered neighbors in the Layer2 broadcast domain. It shows to which interface neighbor is connected, its IP/MAC addresses, and other related parameters. The list is read-only, an example of a neighbor list is provided below:

[admin@MikroTik] /ip neighbor print 
 # INTERFACE ADDRESS         MAC-ADDRESS       IDENTITY   VERSION    BOARD      
 0 ether13   192.168.33.2    00:0C:42:00:38:9F MikroTik   5.99       RB1100AHx2
 1 ether11   1.1.1.4         00:0C:42:40:94:25 test-host  5.8        RB1000   
 2 Local     10.0.11.203     00:02:B9:3E:AD:E0 c2611-r1   Cisco I...                    
 3 Local     10.0.11.47      00:0C:42:84:25:BA 11.47-750  5.7        RB750  
 4 Local     10.0.11.254     00:0C:42:70:04:83 tsys-sw1   5.8        RB750G    
 5 Local     10.0.11.202     00:17:5A:90:66:08 c7200      Cisco I...

Sub-menu: /ip neighbor

PropertyDescription
address (IP)The highest IP address configured on a discovered device
address6 (IPv6)IPv6 address configured on a discovered device
age (time)Time interval since last discovery packet
board (string)RouterBoard model. Displayed only to devices with installed RouterOS
identity (string)Configured system identity
interface (string)Interface name to which discovered device is connected
interface-name (string)Interface name on the neighbor device connected to the L2 broadcast domain. Applies to CDP.
ipv6 (yes | no)Shows whether the device has IPv6 enabled.
mac-address (MAC)Mac address of the remote device. Can be used to connect with mac-telnet.
platform (string)Name of the platform. For example "MikroTik", "cisco", etc.
software-id (string)RouterOS software ID on a remote device. Applies only to devices installed with RouterOS.
system-caps (string)System capabilities reported by the Link-Layer Discovery Protocol (LLDP).
system-caps-enabled (string)Enabled system capabilities reported by the Link-Layer Discovery Protocol (LLDP).
unpack (none|simple|uncompressed-headers|uncompressed-all)Shows the discovery packet compression type.
uptime (time)Uptime of remote device. Shown only to devices installed with RouterOS.
version (string)Version number of installed software on a remote device

Starting from RouterOS v6.45, the number of neighbor entries are limited to (total RAM in megabytes)*16 per interface to avoid memory exhaustion.

Discovery configuration

It is possible to change whether an interface participates in neighbor discovery or not using an Interface list. If the interface is included in the discovery interface list, it will send out basic information about the system and process received discovery packets broadcasted in the Layer2 network. Removing an interface from the interface list will disable both the discovery of neighbors on this interface and also the possibility of discovering this device itself on that interface.

/ip neighbor discovery-settings


PropertyDescription
discover-interface-list (string; Default: static)Interface list on which members the discovery protocol will run on
lldp-med-net-policy-vlan (integer 0..4094; Default: disabled)

Advertised VLAN ID for LLDP-MED Network Policy TLV. This allows assigning a VLAN ID for LLDP-MED capable devices, such as VoIP phones. The TLV will only be added to interfaces where LLDP-MED capable devices are discovered. Other TLV values are predefined and cannot be changed:

  • Application Type - Voice
  • VLAN Type - Tagged
  • L2 Priority - 0
  • DSCP Priority - 0
protocol (cdp | lldp | mndp; Default: cdp,lldp,mndp)List of used discovery protocols

Since RouterOS v6.44, neighbor discovery is working on individual slave interfaces. Whenever a master interface (e.g. bonding or bridge) is included in the discovery interface list, all its slave interfaces will automatically participate in neighbor discovery. It is possible to allow neighbor discovery only to some slave interfaces. To do that, include the particular slave interface in the list and make sure that the master interface is not included.

/interface bonding
add name=bond1 slaves=ether5,ether6
/interface list
add name=only-ether5
/interface list member
add interface=ether5 list=only-ether5
/ip neighbor discovery-settings
set discover-interface-list=only-ether5

Now the neighbor list shows a master interface and actual slave interface on which a discovery message was received.

[admin@R2] > ip neighbor print
 # INTERFACE ADDRESS                                           MAC-ADDRESS       IDENTITY   VERSION    BOARD         
 0 ether5    192.168.88.1                                      CC:2D:E0:11:22:33 R1         6.45.4 ... CCR1036-8G-2S+
   bond1    

LLDP

Depending on RouterOS configuration, different type-length-value (TLV) can be sent in the LLDP message, this includes:

  • Chassis subtype (MAC address)
  • Port subtype (interface name)
  • Time To Live
  • System name (system identity)
  • System description (platform - MikroTik, software version - RouterOS version,  hardware name - RouterBoard name)
  • Management address (all IP addresses configured on the port)
  • System capabilities (enabled system capabilities, e.g. bridge or router)
  • LLDP-MED Media Capabilities (list of MED capabilities)
  • LLDP-MED Network Policy (assigned VLAN ID for voice traffic)
  • Port Extension (Port Extender and Controller Bridge advertisement)
  • End of LLDPDU



  • No labels