For completeness, I have attached my bridge configuration below.
The point is that I do have a VLAN 400 across an EOIP connection to another installation.
To and from the remote installation, the router sends/receives MikroTik Neighbor Discovery protocol (MNDP).
The aim is to block that procotol with a bridge filter rule in order to not expose information about the local installation to remote.
Now the problem is that the bridge filter can either block a VLAN complete or MNDP on L2 without VLAN.
I have not found a way to setup a rule to filter MNDP within a VLAN tagged connection.
Any idea how to block MNDP within a VLAN tagged connection?
Thanks an best regards
dksoft
The point is that I do have a VLAN 400 across an EOIP connection to another installation.
To and from the remote installation, the router sends/receives MikroTik Neighbor Discovery protocol (MNDP).
The aim is to block that procotol with a bridge filter rule in order to not expose information about the local installation to remote.
Now the problem is that the bridge filter can either block a VLAN complete or MNDP on L2 without VLAN.
I have not found a way to setup a rule to filter MNDP within a VLAN tagged connection.
Any idea how to block MNDP within a VLAN tagged connection?
Thanks an best regards
dksoft
Code:
/interface bridgeadd name=LAN vlan-filtering=yes/interface bridge portadd bridge=LAN interface=sfp-sfpplus1 add bridge=LAN edge=yes frame-types=admit-only-vlan-tagged interface=EOIP-WG-CORE /interface bridge vlanadd bridge=LAN tagged="LAN,sfp-sfpplus1,EOIP-WG-CORE" vlan-ids=400/ip neighbor discovery-settingsset discover-interface-list=!dynamic lldp-med-net-policy-vlan=1/interface vlanadd name=CORE vlan-id=400Statistics: Posted by dksoft — Fri Jan 12, 2024 12:51 pm