Community discussions

MikroTik App
Forum Veteran
Forum Veteran
Topic Author
Posts: 971
Joined: Fri May 26, 2006 1:25 am

Default Forward disabled, yet devices can still ping?

Mon May 23, 2016 4:10 am

It was my understand that when you disable (or uncheck in winbox) the Default Forward option, (for a wireless interface), this keeps any devices connected to that wireless interface from communicating DIRECTLY with each other?

However, i have 2 x PCs, and connected them to a MT radio, with Default FW off, yet they can still ping each other.

Do i have this incorrect? or is something not working as it should?

ROS 6.32.3 on a RB 433 Both devices are on the same subnet (192.168.1.X / 24) and both devices are able to access the internet (both with default forward on and with it off, as they should).

/interface wireless
set [ find default-name=wlan1 ] band=5ghz-a/n channel-width=20/40mhz-Ce \
default-forwarding=no disabled=no mode=\
ap-bridge name=wlan2-5Gn radio-name=5g-R52hN-D4CA6D132949 rx-chains=0,1 \
security-profile=mainWPA2only ssid=HouseN-5gN tx-chains=0,1 \
wireless-protocol=802.11 wmm-support=enabled

:beep :beep :beep
just joined
Posts: 10
Joined: Mon Oct 09, 2017 2:30 pm

Re: Default Forward disabled, yet devices can still ping?

Wed Dec 06, 2017 10:04 pm


really no feedback until now?
I have the same 'issue'. If i uncheck Client to Client Forwarding in CAPsMAN Datapath, users on the same AP can still ping each other.
The Default Forward Option isnt available in gui on that specific AP (controlled by CAPsMAN or not) - but the option is still available via cli.
But it has no effect on the client to client communication.
CAPsMAN is installed on an CCR1036 and one of the AP is an RBwAP2nDr2, both runs on 6.40.4.
What am i doing wrong? Do i need an access list on the CAPsMAN config too?

Best regards
User avatar
Member Candidate
Member Candidate
Posts: 194
Joined: Sat Jun 15, 2013 4:25 am
Location: Japan

Re: Default Forward disabled, yet devices can still ping?

Thu Dec 07, 2017 2:44 am

If two or more client PCs access the same AP and Client to Client Forwarding is unchecked, if you believe the description of the wiki, you should not be able to connect between clients.

Did you check with support?

Likewise, as for the Default Forward option, there is a case of "do not matching" in the access list, so it seems that it is necessary to set an access list in order to control this area. ... properties
Routerboard Users Group JP
CCR1009-8G-1S-1S+, RB750Gr3, CRS226-24G-2S+, RB850Gx2, RB960PGS, CRS317-1G-16S+,
RB2011UAS, CRS125-24G-1S, RB962UiGS-5HacT2HnT, CRS212-1G-10S-1S+, RB3011UiAS
just joined
Posts: 10
Joined: Mon Oct 09, 2017 2:30 pm

Re: Default Forward disabled, yet devices can still ping?  [SOLVED]

Thu Dec 07, 2017 12:12 pm

Hi Kometchtech,

thanks for your reply - i maybe found a solution... Layer2 communication was disable correctly, but the icmp found its way over layer3...
I created a rule that drops icmp within that subnet - that solves it quickly.
So everything worked as expected, i just expected another behaviour...


Who is online

Users browsing this forum: mukeshpatra96 and 55 guests