IP Addresses and Address Resolution Protocol (ARP)

Document revision 1.4 (29-Dec-2003)
This document applies to the MikroTik RouterOS V2.7

Table of Contents

Summary

The following Manual discusses managing IP addresses and the Address Resolution Protocol (ARP). IP addresses serve as identification when communicating with other network devices using the TCP/IP protocol. In turn, communication between devices in one physical network proceeds with the help of Address Resolution Protocol and ARP addresses.

Specifications

Packages required : None
License required : Any
Home menu level : /ip address, /ip arp
Protocols utilized : IP (RFC791), ARP (RFC826)
Hardware usage: not significant

Related Documents

Software Package Installation and Upgrading

IP Addressing

Submenu level : /ip address

Description

IP addresses serve for a general host identification purposes in IP networks. Tupical (IPv4) address consists of four octets. For correct addressing the router also needs the network mask value, id est which bits of the complete IP address refer to the address of the host, and which - to the address of the network. The network address value is calculated by binary AND operation from network mask and IP address values. It's also possible to specify IP address followed by slash "/" and amount of bits assigned to a network mask.

In most cases, it is enough to specify the address, the netmask, and the interface arguments. The network prefix and the broadcast address are calculated automatically.

It is possible to add multiple IP addresses to an interface or to leave the interface without any addresses assigned to it. Leaving a physical interface without an IP address is a must when the bridging between interfaces is used. In case of bridging, the IP address is assigned to a bridge interface.

MikroTik RouterOS has following types of addresses:

Property Description

address (IP address) - IP address of the host
broadcast (IP address; default: 255.255.255.255) - broadcasting IP address, by default calculated from an IP address and a network mask
comment (text; default: "") - an optional comment for the IP address
disabled (yes | no; default: no) - is the address disabled or not
interface (name) - the name of the interface IP address assigned to
netmask (IP address; default: 0.0.0.0) - specifies the network address part of an IP address
network (IP address; default: 0.0.0.0) - IP address of the network. For the point-to-point links should be the address of the remote end

Example

[admin@MikroTik] ip address> add address=10.10.10.1/24 interface=ether2
[admin@MikroTik] ip address> print
Flags: X - disabled, I - invalid, D - dynamic
  #   ADDRESS            NETWORK         BROADCAST       INTERFACE
  0   2.2.2.1/24         2.2.2.0         2.2.2.255       ether2
  1   10.5.7.244/24      10.5.7.0        10.5.7.255      ether1
  2   10.10.10.1/24      10.10.10.0      10.10.10.255    ether2

[admin@MikroTik] ip address>

Address Resolution Protocol

Submenu level : /ip arp

Description

Address Resolution Protocol is used to map IP addreses to MAC layer addreses. A router has a table of currently used ARP entries. Normally the table is built dynamically, but to increase network security, static entries can be added.

Property Description

address (IP address) - IP address
comment (text; default: "") - an optional comment
disabled (yes | no; default: no) - is the entry disabled or not
interface (name) - the name of the interface
mac-address (MAC address; default: 00:00:00:00:00:00) - MAC address to be mapped to

Notes

Maximal number of ARP entries is 1024.

If arp feature is turned off on interface, i.e., arp=disabled is used, ARP requests from clients are not answered by the router. Therefore, static arp entry should be added to the clients as well. For example, the router's IP and MAC addresses should be added to the Windows workstations using the arp command:

C:\> arp -s 10.5.8.254  00-aa-00-62-c6-09

Example

[admin@MikroTik] ip arp> add address=10.10.10.10 interface=ether2 mac-address=06 \\
\\... :21:00:56:00:12
[admin@MikroTik] ip arp> print
Flags: X - disabled, I - invalid, H - DHCP, D - dynamic
  #   ADDRESS         MAC-ADDRESS       INTERFACE
  0 D 2.2.2.2         00:30:4F:1B:B3:D9 ether2
  1 D 10.5.7.242      00:A0:24:9D:52:A4 ether1
  2   10.10.10.10     06:21:00:56:00:12 ether2
[admin@MikroTik] ip arp>
If static arp entries are used for network security on an interface, you should set arp to 'reply-only' on that interface. Do it under the relevant /interfaces menu:
[admin@MikroTik] ip arp> /interface ethernet set ether2 arp=reply-only
[admin@MikroTik] ip arp> print
Flags: X - disabled, I - invalid, H - DHCP, D - dynamic
  #   ADDRESS         MAC-ADDRESS       INTERFACE
  0 D 10.5.7.242      00:A0:24:9D:52:A4 ether1
  1   10.10.10.10     06:21:00:56:00:12 ether2

[admin@MikroTik] ip arp>

Using the Proxy-ARP Feature

Description

All physical interfaces, like Ethernet, Prism, Aironet (PC), WaveLAN, etc., can be set for using the Address Resolution Protocol or not. By default, the arp feature is enabled. However, it can be changed to proxy-arp. The Proxy-ARP feature means that the router will be listening to arp requests received at the relevant interface and respond to them with it's own MAC address, if the requests matches any other IP address of the router.

Example

For example, you can assign IP addresses to dial-in (ppp, pppoe, pptp) clients from the same address space as used on the connected LAN, of you enable the proxy-arp on the LAN interface. Let us consider the following setup:

The MikroTik router setup is as follows:

[admin@MikroTik] ip arp> /interface ethernet print
Flags: X - disabled, R - running
  #    NAME                 MTU   MAC-ADDRESS       ARP
  0  R eth-LAN              1500  00:50:08:00:00:F5 proxy-arp
[admin@MikroTik] ip arp> /interface print
Flags: X - disabled, D - dynamic, R - running
  #    NAME                 TYPE             MTU
  0    eth-LAN              ether            1500
  1    prism1               prism            1500
  2 D  pppoe-in25           pppoe-in
  3 D  pppoe-in26           pppoe-in
[admin@MikroTik] ip arp> /ip address print
Flags: X - disabled, I - invalid, D - dynamic
  #   ADDRESS            NETWORK         BROADCAST       INTERFACE
  0   10.0.0.217/24      10.0.0.0        10.0.0.255      eth-LAN
  1 D 10.0.0.217/32      10.0.0.230      0.0.0.0         pppoe-in25
  2 D 10.0.0.217/32      10.0.0.231      0.0.0.0         pppoe-in26
[admin@MikroTik] ip arp> /ip route print
Flags: X - disabled, I - invalid, D - dynamic, J - rejected,
C - connect, S - static, R - rip, O - ospf, B - bgp
    #    DST-ADDRESS        G GATEWAY         DISTANCE INTERFACE
    0  S 0.0.0.0/0          r 10.0.0.1        1        eth-LAN
    1 DC 10.0.0.0/24        r 0.0.0.0         0        eth-LAN
    2 DC 10.0.0.230/32      r 0.0.0.0         0        pppoe-in25
    3 DC 10.0.0.231/32      r 0.0.0.0         0        pppoe-in26
[admin@MikroTik] ip arp>

Using Unnumbered Interfaces

Description

The unnumbered interfaces can be used on serial point-to-point links, e.g., MOXA or Cyclades interfaces. A private address should be put on the interface with the network being the same as an address on the router on the other side of the p2p link (there may be no IP on that interface, but there is an ip for that router).

Example

[admin@MikroTik] ip address> add address=10.0.0.214/32 network=192.168.0.1 \
\... interface=pppsync
[admin@MikroTik] ip address> print
Flags: X - disabled, I - invalid, D - dynamic
  #   ADDRESS            NETWORK         BROADCAST       INTERFACE
  0   10.0.0.214/32      192.168.0.1     192.168.0.1     pppsync
[admin@MikroTik] ip address>
[admin@MikroTik] ip address> .. route print detail
Flags: X - disabled, I - invalid, D - dynamic, J - rejected,
C - connect, S - static, R - rip, O - ospf, B - bgp
    0  S dst-address=0.0.0.0/0 preferred-source=0.0.0.0 gateway=192.168.0.1
         gateway-state=reachable distance=1 interface=pppsync

    1 DC dst-address=192.168.0.1/32 preferred-source=10.0.0.214
         gateway=0.0.0.0 gateway-state=reachable distance=0 interface=pppsync

[admin@MikroTik] ip address>
Here, you can see, that a dynamic connected route has been automatically added to the routes list. If you want the default gateway be the other router of the p2p link, just add a static route for it. It is shown as #0 in the example above.

Troubleshooting

Additional Resources

Addressing in Local Area Networks
Copyright 1999-2003, MikroTik