Hello mates,
I’m trying to create a bridge vlan failover solution.
currently i have 2 mpls lines that are routed through 2 sophos to LAN.
mpls1→sophos1 and mspl2→sophos2. both sophos is configured to give same lan ip /24. when mpls1 goes down i swap the lan cable of sophos1 with sophos2 manually.
I was creating a auto failover solution for this on a old mikrotik rb3011 using bridge vlan tagging and netwatch scripting which will ping the mpls gateways and if it goes down then it will change the vlan of lan network with mpls2 vlan.
but after lot of changes my mpls never shows up in netwatch. could you guys please take a look at my config and suggest me the changes.
# 2025-12-10 13:04:33 by RouterOS 7.19.3
# software id = R6ND-1EES
#
# model = RB3011UiAS
/interface bridge
add name=br1 vlan-filtering=yes
/interface vlan
add interface=br1 name=vlan10 vlan-id=10
add interface=br1 name=vlan20 vlan-id=20
/interface wireless security-profiles
set \[ find default=yes \] supplicant-identity=MikroTik
/port
set 0 name=serial0
/interface bridge port
add bridge=br1 interface=ether1
add bridge=br1 interface=ether2
add bridge=br1 interface=ether3
add bridge=br1 interface=ether4
/interface bridge vlan
add bridge=br1 tagged=br1 untagged=ether2 vlan-ids=20
/ip address
add address=192.168.100.2/24 comment="Management IP" interface=br1 network=
192.168.100.0
/ip firewall filter
add action=accept chain=input connection-state=established,related disabled=
yes
add action=accept chain=input disabled=yes dst-port=8291 in-interface=br1
protocol=tcp
add action=accept chain=input disabled=yes in-interface=br1 protocol=icmp
add action=accept chain=input disabled=yes dst-port=23 protocol=tcp
add action=drop chain=input comment=catch-all disabled=yes
/system clock
set time-zone-autodetect=no time-zone-name=Asia/Kolkata
/system logging
add topics=info
add topics=warning
/tool netwatch
add disabled=no down-script=":log warning "MPLS1_PE DOWN - switching to MPLS2
";
\\n/system scheduler remove \[find name="ReturnToPrimary"\];
\\n/interface bridge vlan remove \[find vlan-ids=10 && untagged\~"ether3"\];
\\n/interface bridge vlan add bridge=br1 vlan-ids=20 untagged=ether3 commen
t="Backup VLAN20 -> LAN";
\\n" host=10.110.93.58 http-codes="" interval=1s test-script="" timeout=
20ms type=simple up-script=":log info "MPLS1_PE UP - scheduling return in
\_1h";
\\n/system scheduler remove \[find name="ReturnToPrimary"\];
\\n/system scheduler add name="ReturnToPrimary" interval=1h start-time=st
artup on-event="
\\n:if ( \[/ping 10.110.93.58 count=5\] > 0 ) do={
\\n /interface bridge vlan remove \[find vlan-ids=20 && untagged\~\\"ethe
r3\\"\];
\\n /interface bridge vlan add bridge=br1 vlan-ids=10 untagged=ether3 co
mment=\\"Primary VLAN10 -> LAN\\";
\\n :log info \\"Return-to-primary executed: MPLS1 active\\";
\\n} else={
\\n :log warning \\"MPLS1 still unstable after 1 hour \\E2\\80\\94 resched
uling\\";
\\n /system scheduler add name=\\"ReturnToPrimary\\" interval=1h start
-time=startup on-event=\[/system scheduler get ReturnToPrimary on-event\];
\\n}
\\n";
\\n"
add disabled=no down-script=":log warning "MPLS2_PE DOWN -> checking MPLS1";
\\n:if ( \[/ping 10.110.93.58 count=3\] > 0 ) do={
\\n :log warning "MPLS1 is UP & MPLS2 is DOWN -> switching back to MPLS1
";
\\n /system scheduler remove \[find name="ReturnToPrimary"\];
\\n /interface bridge vlan remove \[find vlan-ids=20 && untagged\~"ether3"
\];
\\n /interface bridge vlan add bridge=br1 vlan-ids=10 untagged=ether3 comm
ent="Primary VLAN10 -> LAN";
\\n} else={
\\n :log warning "MPLS2 down & MPLS1 not reachable -> keeping current sta
te";
\\n}" host=10.110.93.60 http-codes="" interval=2s test-script="" timeout=
20ms type=simple up-script=":log info "MPLS_PE UP";"
It would be a great help!!
