Neighbor Discovery in RouterOS
Neighbor Discovery in RouterOS
Section titled “Neighbor Discovery in RouterOS”Summary
Section titled “Summary”Neighbor Discovery protocols enable MikroTik routers to discover compatible devices within the same Layer 2 broadcast domain. RouterOS supports three discovery protocols: MNDP (MikroTik Neighbor Discovery Protocol), CDP (Cisco Discovery Protocol), and LLDP (Link Layer Discovery Protocol). These protocols exchange device information including identity, platform, IP addresses, and capabilities, enabling network administrators to map out their network topology automatically.
The neighbor discovery mechanism operates at Layer 2, broadcasting discovery packets to identify nearby devices running compatible protocols. This functionality proves invaluable for network documentation, troubleshooting, and management tasks where knowing what devices exist on each network segment is essential. Unlike traditional network scanning methods that actively probe IP addresses, neighbor discovery works passively by listening for broadcasted announcements from other devices.
MNDP is MikroTik’s proprietary protocol designed specifically for RouterOS devices, providing the most detailed information including RouterOS version, board model, and uptime. CDP and LLDP offer interoperability with non-MikroTik equipment, making them suitable for heterogeneous network environments. RouterOS can simultaneously run all three protocols, discovering devices regardless of their manufacturer or discovery protocol preference.
Neighbor List
Section titled “Neighbor List”The neighbor list displays all discovered devices within the Layer 2 broadcast domains that the router can reach. Each entry shows the interface through which the neighbor was discovered, its IP and MAC addresses, identity, version, and platform information. The list updates automatically as discovery packets are received and ages out as devices become unreachable.
Sub-menu: /ip/neighbor
Viewing the Neighbor List
Section titled “Viewing the Neighbor List”Display all discovered neighbors:
/ip/neighbor/printExample output showing various device types:
Columns: INTERFACE, ADDRESS, MAC-ADDRESS, IDENTITY, VERSION, BOARD# INTERFACE ADDRESS MAC-ADDRESS IDENTITY VERSION BOARD0 ether13 192.168.33.2 00:0C:42:00:38:9F MikroTik 6.49 RB1100AHx21 ether11 1.1.1.4 00:0C:42:40:94:25 test-host 6.48 RB10002 Local 10.0.11.203 00:02:B9:3E:AD:E0 c2611-r1 Cisco IOS3 Local 10.0.11.47 00:0C:42:84:25:BA 11.47-750 6.47 RB7504 Local 10.0.11.254 00:0C:42:70:04:83 tsys-sw1 6.48 RB750G5 Local 10.0.11.202 00:17:5A:90:66:08 c7200 Cisco IOSThe neighbor list includes MikroTik devices running RouterOS, Cisco equipment using CDP, and any LLDP-capable devices from various manufacturers. The “Local” interface designation indicates that the device discovered itself, typically when connected through a bridge or bonding interface.
Neighbor Entry Properties
Section titled “Neighbor Entry Properties”| Property | Type | Description |
|---|---|---|
| address | IP | The highest IP address configured on the discovered device |
| address6 | IPv6 | IPv6 address configured on the discovered device |
| age | time | Time elapsed since the last discovery packet was received |
| board | string | RouterBOARD model name (RouterOS devices only) |
| discovered-by | cdp | lldp | mndp | Protocol(s) that discovered this neighbor (RouterOS 7.7+) |
| identity | string | System identity configured on the neighbor device |
| interface | string | Local interface through which the neighbor was discovered |
| interface-name | string | Interface name on the neighbor device (CDP-specific) |
| ipv6 | yes | no | Whether the device has IPv6 enabled |
| mac-address | MAC | MAC address of the remote device; enables MAC-telnet access |
| platform | string | Device platform name (MikroTik, Cisco, etc.) |
| software-id | string | RouterOS software ID (RouterOS devices only) |
| system-caps | string | LLDP system capabilities |
| system-caps-enabled | string | LLDP enabled capabilities |
| unpack | none | simple | uncompressed-headers | uncompressed-all | Discovery packet compression type |
| uptime | time | Uptime of the remote device (RouterOS devices only) |
| version | string | Software version running on the remote device |
| running | string array | Features running on the neighbor (e.g., CAPsMAN) |
Memory Management
Section titled “Memory Management”Starting from RouterOS v6.45, the number of neighbor entries per interface is limited to (total RAM in megabytes) × 16 to prevent memory exhaustion. This limit applies individually to each interface, meaning a router with 128MB of RAM can store up to 2048 neighbor entries per interface. When the limit is reached, older entries are removed to make space for new discoveries.
Connecting via MAC-Address
Section titled “Connecting via MAC-Address”The neighbor list provides MAC addresses that enable direct connections using MAC-telnet:
/tool mac-telnet 00:0C:42:00:38:9F interface=ether13This capability proves especially useful when IP connectivity is unavailable but Layer 2 reachability exists.
Discovery Configuration
Section titled “Discovery Configuration”Neighbor discovery behavior is controlled through the discovery settings sub-menu. These settings determine which interfaces participate in discovery, which protocols are used, and how frequently discovery packets are transmitted.
Sub-menu: /ip/neighbor/discovery-settings
Discovery Settings Properties
Section titled “Discovery Settings Properties”| Property | Type | Description | Default |
|---|---|---|---|
| discover-interface-list | string | Interface list containing interfaces that participate in discovery | static |
| discover-interval | time: 5s..9h6m8s | Frequency of discovery packet transmission; affects TTL for CDP/LLDP (RouterOS 7.16+) | 30s |
| lldp-dcbx | yes | no | Send DCBX TLVs for QoS coordination (CRS3xx, CRS5xx, CCR2116, CCR2216) | no |
| lldp-mac-phy-config | yes | no | Send MAC/PHY Configuration/Status TLV in LLDP | no |
| lldp-max-frame-size | yes | no | Send Maximum Frame Size TLV in LLDP | no |
| lldp-poe-power | yes | no | Send Power Via MDI TLV for PoE management (RouterOS 7.15+) | yes |
| lldp-med-net-policy-vlan | integer: 0..4094 | VLAN ID for LLDP-MED Network Policy TLV | disabled |
| lldp-vlan-info | yes | no | Send IEEE 802.1 VLAN TLVs in LLDP (RouterOS 7.16+) | no |
| mode | rx-only | tx-only | tx-and-rx | Discovery packet sending and receiving mode (RouterOS 7.7+) | tx-and-rx |
| protocol | cdp | lldp | mndp | List of discovery protocols to use | cdp,lldp,mndp |
Basic Discovery Configuration
Section titled “Basic Discovery Configuration”Set the interface list for neighbor discovery:
/ip/neighbor/discovery-settings/set discover-interface-list=LANConfigure which protocols to use:
/ip/neighbor/discovery-settings/set protocol=mndp,lldpDisable CDP to avoid conflicts with LLDP-MED:
/ip/neighbor/discovery-settings/set protocol=mndp,lldpDiscovery Mode Selection
Section titled “Discovery Mode Selection”The mode property controls how the router participates in discovery:
- tx-and-rx: Sends discovery announcements and listens for neighbors (default)
- rx-only: Only listens for neighbors without sending announcements
- tx-only: Only announces itself without listening for others
Use rx-only mode when you want to discover other devices without revealing your own presence:
/ip/neighbor/discovery-settings/set mode=rx-onlyInterface List Management
Section titled “Interface List Management”Discovery operates on interfaces included in the specified interface list. Interfaces not in the list do not participate in discovery and cannot discover or be discovered.
Create and configure an interface list for discovery:
/interface/list/add name=discovery-list/interface/list/member/add interface=ether1 list=discovery-list/interface/list/member/add interface=ether2 list=discovery-list/ip/neighbor/discovery-settings/set discover-interface-list=discovery-listLimiting Discovery to Specific Slave Interfaces
Section titled “Limiting Discovery to Specific Slave Interfaces”Since RouterOS v6.44, neighbor discovery works on individual slave interfaces of bridges and bonds. Include the specific slave interface in the discovery list while excluding the master interface:
/interface/bonding/add name=bond1 slaves=ether5,ether6/interface/list/add name=only-ether5/interface/list/member/add interface=ether5 list=only-ether5/ip/neighbor/discovery-settings/set discover-interface-list=only-ether5The neighbor list will show the master interface name along with the specific slave interface where the discovery was received:
# INTERFACE ADDRESS MAC-ADDRESS IDENTITY VERSION BOARD0 ether5 192.168.88.1 CC:2D:E0:11:22:33 R1 6.45.4 CCR1036-8G-2S+ bond1LLDP Configuration
Section titled “LLDP Configuration”Link Layer Discovery Protocol (LLDP) is a vendor-neutral protocol for advertising capabilities and devices to neighboring equipment. RouterOS sends various Type-Length-Value (TLV) elements in LLDP messages, providing detailed information about the device and its interfaces.
LLDP TLV Elements
Section titled “LLDP TLV Elements”RouterOS advertises the following TLVs in LLDP messages:
- Chassis ID: MAC address of the device
- Port ID: Interface name or combined name (e.g., “bridge/ether1”)
- Time To Live: Validity period for the LLDP information
- System Name: Router identity from
/system/identity - System Description: Platform, RouterOS version, and RouterBOARD name
- Management Address: All IP addresses configured on the port
- System Capabilities: Enabled capabilities (bridge, router, etc.)
- Port Description: Interface description including bridge/bond membership
- Port VLAN ID: IEEE 802.1 PVID from bridge port settings
- Port And Protocol VLAN ID: Protocol VLAN status
- VLAN Name: Up to 10 active VLANs from bridge VLAN table
- MAC/PHY Configuration/Status: Duplex, bit rate, auto-negotiation
- Power Via MDI: PoE capabilities and status
- Maximum Frame Size: L2MTU + 18 bytes
- LLDP-MED Media Capabilities: MED endpoint classification
- LLDP-MED Network Policy: VLAN ID for voice traffic
- LLDP-MED Extended Power via MDI: PoE power details
- Port Extender: Port Extender and Controller Bridge advertisement
Configuring LLDP VLAN Information
Section titled “Configuring LLDP VLAN Information”Enable IEEE 802.1 VLAN TLVs for interfaces using bridge VLAN filtering:
/ip/neighbor/discovery-settings/set lldp-vlan-info=yesThis advertises the Port VLAN ID, active VLAN names from /interface/bridge/vlan, and protocol VLAN status to neighboring LLDP-capable devices.
Configuring LLDP-MED Network Policy
Section titled “Configuring LLDP-MED Network Policy”Assign a VLAN for LLDP-MED capable devices such as VoIP phones:
/ip/neighbor/discovery-settings/set lldp-med-net-policy-vlan=100The TLV includes predefined values that cannot be modified:
- Application Type: Voice
- VLAN Type: Tagged
- L2 Priority: 0
- DSCP Priority: 0
When used with a bridge interface, enable R/MSTP with protocol-mode setting and exclude other discovery protocols to avoid misconfiguration.
LLDP PoE Power TLV
Section titled “LLDP PoE Power TLV”RouterOS 7.15+ includes LLDP PoE power TLVs for PoE-out port management:
/ip/neighbor/discovery-settings/set lldp-poe-power=yesThis sends two TLVs:
- IEEE 802.3 Organizationally Specific Power Via MDI TLV
- TIA-1057 (LLDP-MED) Extended Power via MDI TLV (auto-included when remote device supports MED power)
These TLVs apply only to Ethernet interfaces with PoE-Out capability.
DCBX Configuration
Section titled “DCBX Configuration”Data Center Bridging Capabilities Exchange Protocol (DCBX) enables QoS coordination with neighboring devices. Available on CRS3xx, CRS5xx, CCR2116, and CCR2216 devices:
/ip/neighbor/discovery-settings/set lldp-dcbx=yesWhen enabled, DCBX advertises:
- ETS Configuration TLV: Willingness bit, priority assignment, bandwidth allocation, TSA
- ETS Recommendation TLV: Recommended ETS configuration from neighboring devices
- Priority-based Flow Control Configuration TLV: PFC settings and willingness
- Application Priority TLV: Application prioritization
- Application Priority TLV: VLAN configurations for applications
The willingness bit is always disabled, meaning the device does not accept remote QoS configurations.
Protocol Comparison
Section titled “Protocol Comparison”Understanding the differences between MNDP, CDP, and LLDP helps in selecting the appropriate protocols for your network environment.
MNDP (MikroTik Neighbor Discovery Protocol)
Section titled “MNDP (MikroTik Neighbor Discovery Protocol)”MNDP provides the richest information for RouterOS-to-RouterOS communication. It reveals detailed hardware and software information including RouterBOARD model, RouterOS version, uptime, and installed features like CAPsMAN. MNDP packets are compact and optimized for MikroTik equipment. Use MNDP when your network consists primarily of RouterOS devices and you need maximum visibility into device details.
CDP (Cisco Discovery Protocol)
Section titled “CDP (Cisco Discovery Protocol)”CDP offers compatibility with Cisco equipment and some third-party devices. It provides basic device information including hostname, platform, and interface details. CDP proves useful in mixed-vendor environments where Cisco equipment must be discovered. RouterOS CDP implementation supports receiving and sending CDP announcements, making it suitable for Cisco-centric networks with MikroTik equipment.
LLDP (Link Layer Discovery Protocol)
Section titled “LLDP (Link Layer Discovery Protocol)”LLDP is the IEEE standard (802.1AB) protocol, providing vendor-neutral device discovery. It offers extensive customization through TLV selection and integrates with LLDP-MED for IP telephony and network policy advertisement. LLDP is ideal for multi-vendor environments requiring standardized network mapping and supports advanced features like VLAN assignment for VoIP devices.
Common Configuration Scenarios
Section titled “Common Configuration Scenarios”Scenario 1: Router-Only Network
Section titled “Scenario 1: Router-Only Network”For networks containing only MikroTik routers, use MNDP exclusively for optimal information:
/ip/neighbor/discovery-settings/set protocol=mndpThis minimizes broadcast traffic while providing complete device visibility.
Scenario 2: Mixed Vendor Environment
Section titled “Scenario 2: Mixed Vendor Environment”In networks with multiple vendors, enable all protocols:
/ip/neighbor/discovery-settings/set protocol=cdp,lldp,mndpThis ensures discovery of all equipment regardless of the protocol they use.
Scenario 3: VoIP Deployment with LLDP-MED
Section titled “Scenario 3: VoIP Deployment with LLDP-MED”Deploy LLDP-MED for automatic VLAN assignment to IP phones:
/ip/neighbor/discovery-settings/set protocol=lldp lldp-med-net-policy-vlan=100Configure the bridge to accept the LLDP-assigned VLAN:
/interface/bridge/vlan/add bridge=bridge1 tagged=bridge1 vlan-ids=100Scenario 4: Secure Discovery Mode
Section titled “Scenario 4: Secure Discovery Mode”Prevent your router from being discovered while still discovering others:
/ip/neighbor/discovery-settings set mode=rx-onlyThis is useful in security-sensitive environments where you want to inventory devices without revealing your presence.
Monitoring and Management
Section titled “Monitoring and Management”Scheduled Neighbor Checks
Section titled “Scheduled Neighbor Checks”Create a scheduler to log neighbor changes periodically:
/system/scheduler/add name=log-neighbors interval=1m on-event=":log info \"Neighbors: \$[/ip/neighbor/print count-only]\""Exporting Neighbor Information
Section titled “Exporting Neighbor Information”Save neighbor list to a file for documentation:
/ip/neighbor/print file=neighbors-backupResetting Discovery Cache
Section titled “Resetting Discovery Cache”Clear all discovered neighbors:
/ip/neighbor/remove [find]Troubleshooting
Section titled “Troubleshooting”Neighbors Not Appearing
Section titled “Neighbors Not Appearing”- Verify the interface is in the discovery interface list:
/interface/list/member/print where list=discovery-list - Check that the neighbor device supports at least one enabled protocol
- Confirm Layer 2 connectivity between devices (same VLAN, no blocking)
- Verify the interface is not disabled:
/interface/print - Test with a known working MikroTik device to rule out remote device issues
LLDP TLVs Not Received
Section titled “LLDP TLVs Not Received”- Confirm both ends support LLDP and have it enabled
- Verify the specific TLV is enabled in discovery settings
- Check for LLDP-MED compatibility issues with non-LLDP-MED devices
- Ensure VLANs are properly configured if using LLDP-MED VLAN policy
CDP Incompatibility
Section titled “CDP Incompatibility”- CDP is not supported on all RouterOS platforms; verify compatibility
- Some Cisco devices require specific CDP timers; adjust
discover-interval - Check that CDP is not blocked by firewall rules on the remote device
Discovery Intervals Too Long
Section titled “Discovery Intervals Too Long”Reduce the discovery interval for faster convergence:
/ip/neighbor/discovery-settings/set discover-interval=5sLower intervals increase network traffic but provide faster neighbor detection.
Memory Usage Concerns
Section titled “Memory Usage Concerns”Monitor neighbor entry counts per interface:
:foreach i in=[/interface/find] do={ :local n [/interface/get $i name]; :put ($n . ": " . [/ip/neighbor/print count-only where interface=$n]) }If limits are approached, consider increasing RAM or reducing discovery scope to specific interfaces.
See Also
Section titled “See Also”- System Identity — configure router identity for neighbor announcements
- Interface Lists — manage interface lists for discovery scope
- MAC-Telnet — connect to neighbors using discovered MAC addresses
- Bridge VLAN Filtering — configure VLANs for LLDP VLAN TLVs
- PoE-Out — manage PoE settings with LLDP PoE TLVs