IP Addresses and ARP

1. IP Addressing
Submenu level: /ip address

Description

IP addresses serve for a general host identification purposes in IP networks. Typical (IPv4) address consists of four octets. For proper addressing the router also needs the network mask value, id est which bits of the complete IP address refer to the address of the host, and which - to the address of the network. The network address value is calculated by binary AND operation from network mask and IP address values. It's also possible to specify IP address followed by slash "/" and the amount of bits that form the network address.

In most cases, it is enough to specify the address, the netmask, and the interface arguments. The network prefix and the broadcast address are calculated automatically.

It is possible to add multiple IP addresses to an interface or to leave the interface without any addresses assigned to it. In case of bridging or PPPoE connection, the physical interface may bot have any address assigned, yet be perfectly usable. Putting an IP address to a physical interface included in a bridge would mean actually putting it on the bridge interface itself. You can use /ip address print detail to see to which interface the address belongs to.

MikroTik RouterOS has following types of addresses:

* Static - manually assigned to the interface by a user
* Dynamic - automatically assigned to the interface by DHCP or an estabilished PPP connections

Property Description
actual-interface (read-only: name) - name of the actual interface the logical one is bound to. For example, if the physical interface you assigned the address to, is included in a bridge, the actual interface will show that bridge.

address (IP address) - IP address

broadcast (IP address; default: 255.255.255.255) - broadcasting IP address, calculated by default from an IP address and a network mask

disabled (yes | no; default: no) - specifies whether the address is disabled or not

interface (name) - interface name the IP address is assigned to

netmask (IP address; default: 0.0.0.0) - delimits network address part of the IP address from the host part

network (IP address; default: 0.0.0.0) - IP address for the network. For point-to-point links it should be the address of the remote end

Notes

You cannot have two different IP addresses from the same network assigned to the router. Exempli gratia, the combination of IP address 10.0.0.1/24 on the ether1 interface and IP address 10.0.0.132/24 on the ether2 interface is invalid (unless both interfaces are bridged together), because both addresses belong to the same network 10.0.0.0/24. Use addresses from different networks on different interfaces.

Example
[admin@MikroTik] ip address> add address=10.10.10.1/24 interface=ether2
[admin@MikroTik] ip address> print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK BROADCAST INTERFACE
0 2.2.2.1/24 2.2.2.0 2.2.2.255 ether2
1 10.5.7.244/24 10.5.7.0 10.5.7.255 ether1
2 10.10.10.1/24 10.10.10.0 10.10.10.255 ether2
[admin@MikroTik] ip address>

2. Address Resolution Protocol
Submenu level: /ip arp

Description

Even though IP packets are addressed using IP addresses, hardware addresses must be used to actually transport data from one host to another. Address Resolution Protocol is used to map OSI level 3 IP addreses to OSI level 2 MAC addreses. Router has a table of currently used ARP entries. Normally the table is built dynamically, but to increase network security, it can be partialy or completely built statically by means of adding static entries.

Property Description
address (IP address) - IP address to be mapped

interface (name) - interface name the IP address is assigned to

mac-address (MAC address; default: 00:00:00:00:00:00) - MAC address to be mapped to

Notes

Maximal number of ARP entries is 8192.

If ARP feature is turned off on the interface, i.e., arp=disabled is used, ARP requests from clients are not answered by the router. Therefore, static arp entry should be added to the clients as well. For example, the router's IP and MAC addresses should be added to the Windows workstations using the arp command:

C:\> arp -s 10.5.8.254 00-aa-00-62-c6-09

If arp property is set to reply-only on the interface, then router only replies to ARP requests. Neighbour MAC addresses will be resolved using /ip arp statically, but there will be no need to add the router's MAC address to other hosts' ARP tables.

Example
[admin@MikroTik] ip arp> add address=10.10.10.10 interface=ether2 mac-address=06 \
\... :21:00:56:00:12
[admin@MikroTik] ip arp> print
Flags: X - disabled, I - invalid, H - DHCP, D - dynamic
# ADDRESS MAC-ADDRESS INTERFACE
0 D 2.2.2.2 00:30:4F:1B:B3:D9 ether2
1 D 10.5.7.242 00:A0:24:9D:52:A4 ether1
2 10.10.10.10 06:21:00:56:00:12 ether2
[admin@MikroTik] ip arp>

If static arp entries are used for network security on an interface, you should set arp to 'reply-only' on that interface. Do it under the relevant /interface menu:

[admin@MikroTik] ip arp> /interface ethernet set ether2 arp=reply-only
[admin@MikroTik] ip arp> print
Flags: X - disabled, I - invalid, H - DHCP, D - dynamic
# ADDRESS MAC-ADDRESS INTERFACE
0 D 10.5.7.242 00:A0:24:9D:52:A4 ether1
1 10.10.10.10 06:21:00:56:00:12 ether2

[admin@MikroTik] ip arp>