x
My guess: if you add switch1-cpu interface to vlan members (in /interface ethernet switch vlan), then you should also set it as tagged (/interface ethernet switch egress-vlan-tag … who knows what is default, probably untagged …
Trying to understand a little more i took a look again at the wiki…
https://wiki.mikrotik.com/wiki/Manual:CRS1xx/2xx_series_switches_examples
So, it says that when we give access to the CPU e.g from eth2 for management purposes or whatever other reason we would do it like:
/interface ethernet switch vlan
add ports=ether2,switch1-cpu vlan-id=99
So far so good…
But then it says that the packets that will be send back FROM the CPU will not get tagged unless we add as tagged member the switch to the eggess:
/interface ethernet switch egress-vlan-tag
add tagged-ports=ether2,switch1-cpu vlan-id=99
So to my understanding, the ingress traffic from the dev PC was getting tagged as soon as it entered the Access Port eth2, everything good so far…
Then the traffic because the switch1-cpu was added as member to /interface ethernet switch vlan was forced( ? ) to go through the CPU and since it was not tagged in the eggress /interface ethernet switch egress-vlan-tag that traffic was finally leaving the switch untagged thus making it unable to communicate with the next switch ?
If that’s the reason why would the traffic go through the CPU at the first place ?Acess to CPU is needed for L3 services…
As the OP said, removing the switch1-cpu from the /interface ethernet switch vlan solved the problem…
If my thinking above is wrong, what did the switch1-cpu port caused and the VLAN switching did not work?