Sekitar pukul 20:42 hari Jumat 12 Januari 2018, dapat broadcast bahwa router BGP OpenIXP di Gedung Cyber (Cisco 7609) terjadi pemutusan jaringan dikarenakan adanya penambahan konfigurasi filtering untuk port 5678 yang merupakan port untuk Mikrotik Network Discovery Protocol (MNDP), mungkin saking banyaknya user yang pakai perangkat mikorik untuk terhubung ke Router NiCE ini dan lupa ataupun sengaja mengaktifkan fitur ip neighbors (MNDP) ini sehingga menyebabkan kenaikan load cpu yang cukup significant.
MNDP ini memungkinkan untuk mencari perangkat lawan yang sama-sama support MNDP atau CDP (Cisco Discovery Protocol) ataupun LLDP di L2 broadcast domain.
Broadcast info tersebut diakhiri dengan pesan berikut :
Mohon untuk disampaikan ke rekan-rekan yang menggunakan mikrotik untuk men disable Network Discovey Protocol dan menonaktifkan aplikasi “The DUDE” pada jaringannya masing-masing
MikroTik Neighbour Discovery Protocol Setup
Submenu level : /ip neighbor discovery
Property Description
name (read-only: name)- interface name for reference
discover (yes | no; default: yes) – defines if discover is enabled or disabled
Example
To disable MNDP protocol on Public interface:
[admin@MikroTik] ip neighbor discovery> set Public discover=no [admin@MikroTik] ip neighbor discovery> print # NAME DISCOVER 0 Public no 1 Local yes
Listing the Discovered Neighbours
Submenu level : /ip neighbor
Property Description
interface (read-only: name) – local interface the neighbor is connected to
address (read-only: address) – IP address of the neighbor router
mac-address (read-only: mac-address) – MAC-address of the neighbor router
identity (read-only: string) – identity of the neighbour router
version (read-only: string) – router version of the neighbour router
unpack (read-only: none | simple | compress-headers | compress-all) – identifies if the interface of the neighbour router is unpacking ‘Packed Packets’
Example
To view the table of discovered neighbours:
[admin@MikroTik] ip neighbor> print # INTERFACE ADDRESS MAC-ADDRESS IDENTITY VERSION 0 eth100... 10.5.2.100 00:04:EA:C6:0E:6F HP_10.5... Revisio... 1 jevg_v... 10.5.1.1 00:40:96:58:20:14 0040965... Cisco 3... 2 local_... 10.5.5.50 00:40:63:C1:23:C4 10.5.7.1 2.7rc4 3 local_... 10.5.5.51 00:E0:C5:6E:23:25 GW_10.5... 2.7rc4 [admin@MikroTik] ip neighbor> print detail 0 interface=eth100-temp address=10.5.2.100 mac-address=00:04:EA:C6:0E:6F identity="HP_10.5.2.100 Basement(0004ea-c60e40)" platform="HP 2524" version="Revision F.02.11 /sw/code/build/info(f00)" unpack=none age=12s 1 interface=jevg_vlan2 address=10.5.1.1 mac-address=00:40:96:58:20:14 identity="004096582014platform="AIR-BR350" version="Cisco 350 Series Bridge 11.21" unpack=none age=34s 2 interface=local_vlan5 address=10.5.5.50 mac-address=00:40:63:C1:23:C4 identity="10.5.7.1" platform="MikroTik" version="2.7rc4" unpack=none age=48s 3 interface=local_vlan5 address=10.5.5.51 mac-address=00:E0:C5:6E:23:25 identity="GW_10.5.51.1" platform="MikroTik" version="2.7rc4" unpack=none age=45s [admin@MikroTik] ip neighbor>
As you can see, not only MikroTik RouterOS routers were discovered, but HP Procurve 2524 switch and Cisco 350 Series Wireless Bridge