IP Addresses and ARP
General Information
Summary
The following Manual discusses IP address management and the Address Resolution Protocol settings. IP addresses serve as identification when communicating with other network devices using the TCP/IP version 4 protocol. In turn, communication between devices in one physical network proceeds with the help of Address Resolution Protocol and ARP addresses.
Specifications
Packages required: systemLicense required: Level1
Submenu level: /ip address, /ip arp
Standards and Technologies: IPv4, ARP
Hardware usage: Not significant
IP Addressing
Submenu level: /ip addressDescription
IP addresses serve for a general host identification purposes in IP networks. Typical (IPv4) address consists of four octets. For proper addressing the router also needs the network mask value, id est which bits of the complete IP address refer to the address of the host, and which - to the address of the network. The network address value is calculated by binary AND operation from network mask and IP address values. It's also possible to specify IP address followed by slash "/" and the amount of bits that form the network address.
In most cases, it is enough to specify the address, the netmask, and the interface arguments. The network prefix and the broadcast address are calculated automatically.
It is possible to add multiple IP addresses to an interface or to leave the interface without any addresses assigned to it. In case of bridging or PPPoE connection, the physical interface may bot have any address assigned, yet be perfectly usable. Putting an IP address to a physical interface included in a bridge would mean actually putting it on the bridge interface itself. You can use /ip address print detail to see to which interface the address belongs to.
MikroTik RouterOS has following types of addresses:
- Static - manually assigned to the interface by a user
- Dynamic - automatically assigned to the interface by DHCP or an estabilished PPP connections
Property Description
actual-interface (read-only: name) - name of the actual interface the logical one is bound to. For example, if the physical interface you assigned the address to, is included in a bridge, the actual interface will show that bridge.address (IP address) - IP address
broadcast (IP address; default: 255.255.255.255) - broadcasting IP address, calculated by default from an IP address and a network mask
disabled (yes | no; default: no) - specifies whether the address is disabled or not
interface (name) - interface name the IP address is assigned to
netmask (IP address; default: 0.0.0.0) - delimits network address part of the IP address from the host part
network (IP address; default: 0.0.0.0) - IP address for the network. For point-to-point links it should be the address of the remote end
Notes
You cannot have two different IP addresses from the same network assigned to the router. Exempli gratia, the combination of IP address 10.0.0.1/24 on the ether1 interface and IP address 10.0.0.132/24 on the ether2interface is invalid (unless both interfaces are bridged together), because both addresses belong to the same network 10.0.0.0/24. Use addresses from different networks on different interfaces.
Example
[admin@MikroTik] ip address> add address=10.10.10.1/24 interface=ether2 [admin@MikroTik] ip address> print Flags: X - disabled, I - invalid, D - dynamic # ADDRESS NETWORK BROADCAST INTERFACE 0 2.2.2.1/24 2.2.2.0 2.2.2.255 ether2 1 10.5.7.244/24 10.5.7.0 10.5.7.255 ether1 2 10.10.10.1/24 10.10.10.0 10.10.10.255 ether2 [admin@MikroTik] ip address>
Address Resolution Protocol
Submenu level: /ip arpDescription
Even though IP packets are addressed using IP addresses, hardware addresses must be used to actually transport data from one host to another. Address Resolution Protocol is used to map OSI level 3 IP addreses to OSI level 2 MAC addreses. Router has a table of currently used ARP entries. Normally the table is built dynamically, but to increase network security, it can be partialy or completely built statically by means of adding static entries.
Property Description
address (IP address) - IP address to be mappedinterface (name) - interface name the IP address is assigned to
mac-address (MAC address; default: 00:00:00:00:00:00) - MAC address to be mapped to
Notes
Maximal number of ARP entries is 8192.
If ARP feature is turned off on the interface, i.e., arp=disabled is used, ARP requests from clients are not answered by the router. Therefore, static arp entry should be added to the clients as well. For example, the router's IP and MAC addresses should be added to the Windows workstations using the arp command:
C:\> arp -s 10.5.8.254 00-aa-00-62-c6-09
If arp property is set to reply-only on the interface, then router only replies to ARP requests. Neighbour MAC addresses will be resolved using /ip arp statically, but there will be no need to add the router's MAC address to other hosts' ARP tables.
Example
[admin@MikroTik] ip arp> add address=10.10.10.10 interface=ether2 mac-address=06 \ \... :21:00:56:00:12 [admin@MikroTik] ip arp> print Flags: X - disabled, I - invalid, H - DHCP, D - dynamic # ADDRESS MAC-ADDRESS INTERFACE 0 D 2.2.2.2 00:30:4F:1B:B3:D9 ether2 1 D 10.5.7.242 00:A0:24:9D:52:A4 ether1 2 10.10.10.10 06:21:00:56:00:12 ether2 [admin@MikroTik] ip arp>
If static arp entries are used for network security on an interface, you should set arp to 'reply-only' on that interface. Do it under the relevant /interface menu:
[admin@MikroTik] ip arp> /interface ethernet set ether2 arp=reply-only [admin@MikroTik] ip arp> print Flags: X - disabled, I - invalid, H - DHCP, D - dynamic # ADDRESS MAC-ADDRESS INTERFACE 0 D 10.5.7.242 00:A0:24:9D:52:A4 ether1 1 10.10.10.10 06:21:00:56:00:12 ether2 [admin@MikroTik] ip arp>
Proxy-ARP feature
Description
A router with properly configured proxy ARP feature acts like a transparent ARP proxy between directly connected networks. Consider the following network diagram:
Suppose the host A needs to communicate to host C. To do this, it needs to know host's C MAC address. As shown on the diagram above, host A has /24 network mask. That makes host A to believe that it is directly connected to the whole 192.168.0.0/24 network. When a computer needs to communicate to another one on a directly connected network, it sends a broadcast ARP request. Therefore host A sends a broadcast ARP request for the host C MAC address.
Broadcast ARP requests are sent to the broadcast MAC address FF:FF:FF:FF:FF:FF. Since the ARP request is a broadcast, it will reach all hosts in the network A, including the router R1, but it will not reach host C, because routers do not forward broadcasts by default. A router with enabled proxy ARP knows that the host C is on another subnet and will reply with its own MAC adress. The router with enabled proxy ARP always answer with its own MAC address if it has a route to the destination.
This behaviour can be usefull, for example, if you want to assign dial-in (ppp, pppoe, pptp) clients IP addresses from the same address space as used on the connected LAN.
Example
Consider the following configuration:
The MikroTik Router setup is as follows:
admin@MikroTik] ip arp> /interface ethernet print Flags: X - disabled, R - running # NAME MTU MAC-ADDRESS ARP 0 R eth-LAN 1500 00:50:08:00:00:F5 proxy-arp [admin@MikroTik] ip arp> /interface print Flags: X - disabled, D - dynamic, R - running # NAME TYPE MTU 0 eth-LAN ether 1500 1 prism1 prism 1500 2 D pppoe-in25 pppoe-in 3 D pppoe-in26 pppoe-in [admin@MikroTik] ip arp> /ip address print Flags: X - disabled, I - invalid, D - dynamic # ADDRESS NETWORK BROADCAST INTERFACE 0 10.0.0.217/24 10.0.0.0 10.0.0.255 eth-LAN 1 D 10.0.0.217/32 10.0.0.230 0.0.0.0 pppoe-in25 2 D 10.0.0.217/32 10.0.0.231 0.0.0.0 pppoe-in26 [admin@MikroTik] ip arp> /ip route print Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit # DST-ADDRESS PREF-SRC G GATEWAY DIS INTE... 0 A S 0.0.0.0/0 r 10.0.0.1 1 eth-LAN 1 ADC 10.0.0.0/24 10.0.0.217 0 eth-LAN 2 ADC 10.0.0.230/32 10.0.0.217 0 pppoe-in25 3 ADC 10.0.0.231/32 10.0.0.217 0 pppoe-in26 [admin@MikroTik] ip arp>
Troubleshooting
Description
- Router shows that the IP address is invalid
Check whether the interface, the address is assigned to, is present, enabled and running.
Document di ambil dari mikrotik.com
No comments:
Post a Comment