I am running the x86 version 2.9.24. The setup I am trying to do is to put a MikroTik in bridge mode inline between my cable modem and my core switch. I would like this to be accomplished with no ip address assignements on the bridge and only a private IP on a third NIC for management.
I have the cable modem plugged into ehter 2 and ether3 plugs into my core switch. In the core switch I have my LAN router (Cisco 4000), a Cisco ATA, a VoIP server and a mail server all with public IPs.
When I bring everything online I can only ever get three devices to work through the bridge. If I power everything down or clear the arp and bring things on one at a time there is no telling which 1 of the four device will not be able to get out to the internet but 1 will definately not be able to get out for sure. It almost appears to be a limitation of devices behind the bridge directly but that doesn’t seem right to me. Keep in mind when I have the modem plugged directly into the core switch they all work fine and I have not even started with firewall rules on the MikroTik yet either.
Any suggestions as to what I can be doing wrong or what I can check?
Thanks
Curt
Cable modems do some weird mac address learning, and they also limit the number of CPE devices they will allow … check with your provider to make sure they allow the number of devices you have. Basically it boils down to how many MAC addresses will the cable modem keep before it disallows new ones.
Sam
As I mentioned this works fine without the MikroTik bridge in place. All 4 MACs get out. I did make sure of that (was the first thing I thought of as well)
Thanks though.
Curt
Maybe they have you set to 4 CPE devices only instead of 5 ? Also, cable modems remember MAC->IP pairs for much longer than standard devices … so after changing out the MAC address that is being used you have to turn off and on the cable modem to reset it - typically wait 20-30 seconds with it unplugged so the upstream head unit also flushes its cache.
Sam
I left it down for 15 minutes before powering up one by one. I am on the phone with support now and they are saying they will only allow the number of devices though that have static IPs because I only have 4 static IPs and the bridge has no IP it only allows the first four with the associated MACs. It doesn’t make sense to me. The only way they say this will work is if I buy another static IP which will actually allow 5 devices through, but becase the subnet I am on is full, I will need to change blocks and that is just a PITA at this time.
Thanks for the help
Curt
Any reason you want to bridge instead of route/nat? To the cable company it will look like 1 MAC that way.
You could also say that you have a switch that has a MAC on it but its not used and see if they will bump you to 5 CPEs without charging : )
Sam
I want to bridge because I am doing extensive VoIP here and a. Don’t want to NAT the server b. don’t want to double NAT my company phones cuz that will break them for sure. I did try to convince them to give me another without an IP but to no avail. I think I will try to call back tomorrow and bitch a little more because the customer is always right 