• July 17, 2019, 03:15:58 AM
Welcome, Guest. Please login or register. Registration is free.
Did you miss your activation email?

Author Topic: How to block Mikrotik neighbour packet-port 5678 UDP to 5678 ip 255.255.255.255?  (Read 2158 times)

0 Members and 1 Guest are viewing this topic.

Offline szympek1234

  • Rookie
  • **
  • Posts: 4
Hi,

Does anyone have any solution to blocking traffic generated by mikrotik neighbour.
wiki.mikrotik.com/wiki/Manual:IP/Neighbor_discovery
Packet is:  UDP src. address X.X.X.X src port. 5678 => dst. address 255.255.255.255 dst port. port 5678

I wrote the following ACL but it does not work. What am I doing wrong?

Tested on ERS 5530-24TFD FW:6.0.0.21  SW:v6.3.6.017 and ERS 5520 with same FW and SW.

qos traffic-profile classifier name mtik ethertype 0x806 eval-order 1 drop-out-action disable
qos traffic-profile classifier name mtik addr-type ipv4 protocol 17 dst-port-min 5678 dst-port-max 5678 drop-action enable eval-order 2 drop-out-action enable
qos traffic-profile classifier name mtik addr-type ipv4 protocol 17 src-port-min 5678 src-port-max 5678 drop-action enable eval-order 3 drop-out-action enable
qos traffic-profile classifier name mtik eval-order 4 drop-out-action disable
qos traffic-profile set port 1 name mtik

« Last Edit: May 09, 2019, 10:29:03 AM by szympek1234 »