Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
A
A
Alden Jacoby2020-02-27 09:50:24
Computer networks
Alden Jacoby, 2020-02-27 09:50:24

Why doesn't Kerio Control see client MACs behind the Mikrotik gateway?

Good afternoon! The question may seem strange and running into RTFM, but I can’t formulate it for a normal search query in google ...

There is Mikrotik Hex S, which is a gateway for local network computers. He is responsible for internal routing between the central building and 8 remote clinics, connected via openVPN and RRAS. Everything works fine, there is no need to prescribe routes anywhere, I do everything exclusively on it.

After Mikrotik, I have Kerio Control, which already manages guest Wi-Fi and distributes the Internet to all clients of the local network of the central building.

On Mikrotik, the only thing that is prescribed for client access to the Internet is IP-Routes 0.0.0.0/0 leading to IP Kerio Control. Neither NAT nor Firewall Rules are used to access the Internet on Mikrotik... Everything that is on the Internet is controlled by Kerio.

But in Kerio Control, when I look at clients in Active Hosts, I observe the IP addresses of machines and all have the only MAC address - this is Mikrotik's MAC.
I am more a practitioner than a theoretician, I feel in my gut that this is how it should be, however, from time to time, some clients skip their "native" MAC, but then return to Mikrotik again. And the inner perfectionist wants to be able to manage and observe clients by MAC too...

Thanks in advance!

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
M
Melkij, 2020-02-27
@melkij

And why should behind the gateway?
MAC is L2. If you route traffic, but do not switch - this is L3, there will be no MAC addresses from different networks here.
If you want to see the MAC - reconfigure everything into one L2 segment. It just doesn't make sense.

Report
N
nApoBo3, 2020-02-27
@nApoBo3

There is only a packet in the networks, on l2 the packet goes from one poppy to another, on l3 from one ip to another. Draw for your case where and how packages are encapsulated in a simplified form and everything will fall into place. Those. there is a computer, it sends a packet to Mikrotik, and write down what will happen to this packet further and what addresses will be where.

Report
3
3a4yI7aTiY, 2020-02-29
@3a4yI7aTiY

You can try to put arp-reply on the microte on the bridge

Similar questions
A
Alexander2015-07-08 14:41:15
Are there analytical modeling systems using voxels? 2Reply
A
Alexander2015-08-20 11:36:28
How to use OS X Accessibility API in Sandbox mode? 3Reply
A
Ashot Aslanyan2016-10-28 10:46:28
How to block all incoming IP addresses except one in Windows Server 2008? 2Reply
V
Vitaly Lobanov2014-10-31 13:52:05
How to set up networking in nested ESXi hosts? 1Reply
B
BonBon Slick2016-10-30 11:56:11
Windows 10 blocks StackOverflow, Laravel.io and a bunch of other sites? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question