Table of Contents |
---|
Summary
Sub-menu: /ip arp
Even though IP packets are addressed using IP addresses, hardware addresses must be used to actually transport data from one host to another. Address Resolution Protocol is used to map OSI level 3 IP addresses to OSI level 2 MAC addresses. A router has a table of currently used ARP entries. Normally the table is built dynamically, but to increase network security, it can be partially or completely built statically by means of adding static entries.
Properties
...
Note |
---|
The default maximum number of ARP entries depends on the installed amount of RAM. It can be adjusted with the command " |
...
If the ARP feature is turned off on the interface, i.e., arp=disabled
is used, ARP requests from clients are not answered by the router. Therefore, a static ARP entry should be added to the clients as well. For example, the router's IP and MAC addresses should be added to the Windows workstations using the arp command:
...
Proxy ARP can be enabled on each interface individually with the command arp=proxy-arp
:
Setup proxy ARP:
Code Block | ||
---|---|---|
| ||
[admin@MikroTik] /interface ethernet> set 1 arp=proxy-arp [admin@MikroTik] /interface ethernet> print Flags: X - disabled, R - running # NAME MTU MAC-ADDRESS ARP 0 R ether1 1500 00:30:4F:0B:7B:C1 enabled 1 R ether2 1500 00:30:4F:06:62:12 proxy-arp |
...
If ARP property is set to reply-only
on the interface, then the router only replies to ARP requests. Neighbour Neighbor MAC addresses will be resolved only using statically configured entries from the "/ip arp
" menu, but there will be no need to add the router's MAC address to other hosts' ARP tables like in case if ARP is disabled.
...
If the ARP property is set to local-proxy-arp
on an interface, then the router performs proxy ARP to/from this interface only. i.e. for traffic that comes in and goes out of the same interface. In a normal LAN, the default behavior is for two network hosts to communicate directly with each other, without involving the router.
With local-proxy-arp
enabled, the router will respond to all client hosts with the router's own interface MAC address instead of the other host's MAC address.
E.g. If Host A (192.168.88.2/24) queries for the MAC address of Host B (192.168.88.3/24), the router would respond with its own MAC address. In other words, if local-proxy-arp
is enabled, the router would assume responsibility for forwarding traffic between Host A 192.168.88.2 and Host B 192.168.88.3. All the ARP cache entries on Hosts A and B will reference the router's MAC address. In this case, the router is performing local-proxy-arp
for the entire subnet 192.168.88.0/24.
An example for RouterOS local-proxy-arp
could be a bridge setup with a DHCP server and isolated bridge ports where hosts from the same subnet can reach each other only at Layer3 through bridge IP.
...
You must change the MAC address (4c5e0c14ef78) and the IP address (0a057a01) to your router's address. The IP address and the MAC address must be from the device that requests an ARP table update. You also need to specify through which interface (ether2) you want to send the Gratuitous ARP request. Make sure that the receiving device supports Gratuitous ARP requests.