I have a powerbox with 3 ubiquiti radios connected to ports 2 , 4 , and 5. All traffic received from ports 4 and 5 are routed to port 2 , all ports are masqueraded and the radios connected to ports 4 and 5 are bridge mode. IP’s are assigned to bridged radios. I’m confused as to why I can arp ping these radios but cannot ip ping them , nor connect to then via ssh , telnet or by any means. Traceroutes stop at the powerbox and masqueraded radios do not seem present , however ip neighbor status shows them present. Any insight?
If you use last stable RouterOS try to disable Allow Fast Path in bridge settings (not fast forward, you have to look for a button “Settings” in bridge list menu)
quick “insight” - firewall. Neighbor discovery is not affected by firewall, because it is not considered as IP (L3) communication. ARP is the same thing.
I can imagine that your neighbor discovery and ARP pings passes through because it is not stopped by your firewall, while your pings don’t pass because those are IP communication and some firewall rule stops them.
I am not really sure how to interpret your description with all ports being masqueraded but two being in the bridge at the same time. I believe it would be better to post your whole config export with “hide-sensitive=yes”. Feel free to replace any personal details with some meaningful substitution.
My idea may be wrong but with config, anyone can quickly understand what you really have in there and what could be the issue.
Ether5 is allocated ip address of 192.168.25.1 , the ubiquiti radio attached to this interface is a rocketM2 in bridge mode as access point with ip 192.168.25.2. I can connect to all clients gui on this subnet but not the ap directly connected to ether5… I get no response from it but no problem with any clients connected to it…
Are you sure that Rocket’s management port is bridge and not eth1?