ISP delivers a /29 over SFP.
I'm trying to share this SFP on L2 via a Bridge with two other devices, which I'll configure with static IPs from that /29.
I want MTIK to use this bridge and assign 2 IPs on it. so I can then use other ports (and VLANs on them) to do FW NAT.
So far simple stuff.
Here is how I'd usually do it:
Code: Select all
/interface bridge
add admin-mac=AA:AA:AA:A2:C2:1C auto-mac=no name=EXT-Net \
port-cost-mode=short protocol-mode=rstp
/interface bridge port
add bridge=EXT-Net comment=defconf ingress-filtering=no interface=ether2 \
internal-path-cost=10 path-cost=10
add bridge=EXT-Net comment=defconf ingress-filtering=no interface=ether3 \
internal-path-cost=10 path-cost=10
add bridge=EXT-Net comment=defconf ingress-filtering=no interface=sfp1 \
internal-path-cost=10 path-cost=10
/interface bridge settings
set use-ip-firewall=yes
add address=1.1.1.2/29 interface=EXT-Net network=1.1.1.0
add address=1.1.1.3/29 disabled=yes interface=EXT-Net network=\
1.1.1.0This exact config will NOT work as soon as I enable the first IP address on the bridge. I'd loose all L2 on the ports 2 and 3 (they can't even see the ARP of the Gateway on SFP port, but they will see the ARP of the static IP I've just enabled.
I've tried this on an hEx S and on an L009UiGS. The "fix" was to put the SFP in an 260GS to do the switch part, and leave the L3 for the hEx S in my case.
And the exact same config imported on a crs125-24g-1s-rm works just fine, as I'd expect it to, there I've got the issues of the old CPU which can't NAT a gigabit uplink, so ... yeah.
Any ideas ?