Skip to content
MikroTik RouterOS Docs

MACVLAN

MACVLAN

Section titled “MACVLAN”

Summary

Section titled “Summary”

MACVLAN provides a means to create multiple virtual network interfaces, each with its own unique Media Access Control (MAC) address, attached to a physical network interface. This technology addresses specific network requirements such as obtaining multiple IP addresses or establishing distinct PPPoE client connections from a single physical Ethernet interface while using different MAC addresses.

Unlike traditional VLAN interfaces, which rely on Ethernet frames tagged with VLAN identifiers, MACVLAN operates at the MAC address level. This makes it a versatile and efficient solution for specific networking scenarios where multiple MAC addresses are required on a single physical interface.

A MACVLAN interface can only receive broadcast packets, packets addressed to its own MAC address, and a limited number of multicast addresses. If the physical interface has a VLAN configured, the MACVLAN interface cannot receive packets from that VLAN.

Use Cases

Section titled “Use Cases”

Multiple Public IP Addresses

Section titled “Multiple Public IP Addresses”

A common scenario involves obtaining multiple IP addresses from an ISP where each IP requires a unique MAC address. Traditionally, this would require multiple physical Ethernet interfaces and an additional switch. MACVLAN provides a more efficient solution by creating virtual interfaces on a single physical port.

Multiple PPPoE Connections

Section titled “Multiple PPPoE Connections”

Service providers often require each PPPoE connection to originate from a unique MAC address. MACVLAN enables multiple PPPoE clients to run simultaneously on a single physical interface, each with its own MAC address.

Network Virtualization

Section titled “Network Virtualization”

MACVLAN facilitates network virtualization by allowing separation of traffic at the MAC level, which can be useful in containerized or virtualized environments where isolated network namespaces require dedicated network interfaces.

Basic Configuration

Section titled “Basic Configuration”

Creating a MACVLAN Interface

Section titled “Creating a MACVLAN Interface”

To create a MACVLAN interface, select the physical interface on which the virtual interface will operate. A MAC address is automatically assigned if not manually specified:

/interface macvlan
add interface=ether1 name=macvlan1


/interface macvlan print
Flags: R - RUNNING
Columns: NAME, MTU, INTERFACE, MAC-ADDRESS, MODE
#   NAME       MTU  INTERFACE  MAC-ADDRESS        MODE
0 R macvlan1  1500  ether1     76:81:BF:68:69:83  bridge

Multiple DHCP Clients

Section titled “Multiple DHCP Clients”

After creating the MACVLAN interfaces, DHCP clients can be configured on each virtual interface to obtain IP addresses:

/ip dhcp-client
add interface=ether1
add interface=macvlan1

Static IP Configuration

Section titled “Static IP Configuration”

Alternatively, assign static IP addresses to MACVLAN interfaces:

/ip address
add address=203.0.113.1/24 interface=ether1
add address=203.0.113.2/24 interface=macvlan1

Mode Configuration

Section titled “Mode Configuration”

Bridge Mode

Section titled “Bridge Mode”

In bridge mode, MACVLAN instances on the same parent interface can communicate with each other:

/interface macvlan
add interface=ether1 name=macvlan1 mode=bridge
add interface=ether1 name=macvlan2 mode=bridge

Private Mode

Section titled “Private Mode”

In private mode, MACVLAN instances on the same parent interface cannot communicate with each other:

/interface macvlan
add interface=ether1 name=macvlan1 mode=private
add interface=ether1 name=macvlan2 mode=private

PPPoE Client Configuration

Section titled “PPPoE Client Configuration”

Single PPPoE Client

Section titled “Single PPPoE Client”

Create a PPPoE client on a MACVLAN interface for internet access:

/interface pppoe-client
add interface=macvlan1 name=pppoe-out1 user=isp_user password=isp_password

Multiple PPPoE Clients

Section titled “Multiple PPPoE Clients”

For multiple PPPoE connections, create separate MACVLAN interfaces:

/interface macvlan
add interface=ether1 name=macvlan1
add interface=ether1 name=macvlan2


/interface pppoe-client
add interface=macvlan1 name=pppoe-out1 user=user1 password=pass1
add interface=macvlan2 name=pppoe-out2 user=user2 password=pass2

Properties

Section titled “Properties”

Sub-menu: /interface/macvlan

Interface Settings

Section titled “Interface Settings”
PropertyTypeDescriptionDefault
arpdisabled | enabled | local-proxy-arp | proxy-arp | reply-onlyAddress Resolution Protocol settingenabled
arp-timeoutauto | integerARP record timeout. Value auto equals /ip/settings arp-timeoutauto
commentstringShort description of the interface
disabledyes | noChanges whether the interface is disabledno
interfacenameThe underlying interface for MACVLAN operation
loop-protecton | off | defaultEnables or disables loop protectdefault
loop-protect-disable-timetime interval | 0How long interface is disabled when loop detected5m
loop-protect-send-intervaltime intervalHow often loop protect packets are sent5s
mac-addressMACStatic MAC address. Random if not specified
modeprivate | bridgeMACVLAN interface modebridge
mtuintegerLayer 3 MTU. Cannot exceed parent interface1500
namestringInterface name

Mode Descriptions

Section titled “Mode Descriptions”

bridge mode allows communication between MACVLAN instances on the same parent interface. This is useful when virtual interfaces need to communicate with each other.

private mode prevents communication between MACVLAN instances on the same parent interface. Each MACVLAN operates as if it is on a separate physical interface.

Examples

Section titled “Examples”

Multiple Public IPs from ISP

Section titled “Multiple Public IPs from ISP”

Obtain multiple public IP addresses from an ISP that requires unique MAC addresses:

# Create MACVLAN interfaces on the WAN port
/interface macvlan add interface=ether1 name=macvlan1
/interface macvlan add interface=ether1 name=macvlan2
/interface macvlan add interface=ether1 name=macvlan3


# Assign IP addresses to each virtual interface
/ip address add address=203.0.113.10/30 interface=ether1
/ip address add address=203.0.113.14/30 interface=macvlan1
/ip address add address=203.0.113.18/30 interface=macvlan2
/ip address add address=203.0.113.22/30 interface=macvlan3

Multiple PPPoE Connections

Section titled “Multiple PPPoE Connections”

Create multiple PPPoE client connections from a single physical interface:

# Create MACVLAN interfaces
/interface macvlan add interface=ether1 name=macvlan1
/interface macvlan add interface=ether1 name=macvlan2


# Configure PPPoE clients on each MACVLAN
/interface pppoe-client add interface=macvlan1 name=pppoe-out1 user=user1 password=pass1
/interface pppoe-client add interface=macvlan2 name=pppoe-out2 user=user2 password=pass2


# Verify connections
/interface pppoe-client print

Isolated MACVLAN Network

Section titled “Isolated MACVLAN Network”

Create isolated MACVLAN interfaces for security separation:

# Create MACVLAN in private mode (no inter-communication)
/interface macvlan add interface=ether1 name=macvlan-guest mode=private
/interface macvlan add interface=ether1 name=macvlan-iot mode=private


# Assign addresses
/ip address add address=192.168.100.1/24 interface=macvlan-guest
/ip address add address=192.168.200.1/24 interface=macvlan-iot


# Configure DHCP servers for each network
/ip dhcp-server network add address=192.168.100.0/24 gateway=192.168.100.1
/ip dhcp-server network add address=192.168.200.0/24 gateway=192.168.200.1

Limitations and Restrictions

Section titled “Limitations and Restrictions”

Unsupported Configurations

Section titled “Unsupported Configurations”

VLAN Interaction

Section titled “VLAN Interaction”

If the parent physical interface has a VLAN configured, the MACVLAN interface cannot receive packets from that VLAN. This limitation must be considered when designing network topologies that combine VLANs and MACVLANs.

MTU Considerations

Section titled “MTU Considerations”

The MTU of a MACVLAN interface cannot exceed the MTU of its parent interface. When configuring jumbo frames, ensure the parent interface supports the desired frame size.

Multicast Handling

Section titled “Multicast Handling”

MACVLAN interfaces have limited multicast support. They receive multicast packets addressed to their own MAC address but may not receive all multicast traffic depending on the underlying hardware and driver support.

Troubleshooting

Section titled “Troubleshooting”

Interface Not Receiving Traffic

Section titled “Interface Not Receiving Traffic”

If a MACVLAN interface is not receiving expected traffic:

  1. Verify the interface is running with /interface macvlan print
  2. Check that the parent interface is operational
  3. Confirm no VLAN configuration on the parent interface conflicts with MACVLAN
  4. Verify MAC address settings if manually configured

Communication Issues Between MACVLANs

Section titled “Communication Issues Between MACVLANs”

For communication issues between MACVLAN instances:

  1. Confirm both interfaces use the same mode (bridge mode required for inter-MACVLAN communication)
  2. Check firewall rules that might block traffic
  3. Verify routing configuration if communication crosses subnets

IP Address Assignment Failures

Section titled “IP Address Assignment Failures”

If DHCP or IP address assignment fails:

  1. Verify link status on the parent interface
  2. Check for MAC address conflicts
  3. Confirm DHCP server accepts requests from the MACVLAN MAC address
  4. Review logs for specific error messages

See Also

Section titled “See Also”