Title: Bridge VLAN Filtering fails after reboot on x86 with Intel I210, but works after toggling vlan-filtering off/on
Hi,
I am seeing a strange Bridge VLAN Filtering issue on RouterOS x86.
Hardware:
-
RouterOS x86
-
Intel I210 NIC
-
Main router, PPPoE WAN
-
LAN bridge with VLAN Filtering
-
Tested on RouterOS 7.21.4 long-term
-
Also tested upgrade to 7.23.1 stable, same behavior
Network design:
-
bridge-lanwithvlan-filtering=yes -
Main LAN:
192.168.20.1/24 -
IoT VLAN:
vlan30-iot, VLAN ID 30,192.168.30.1/24 -
LAN ports are untagged for main LAN
-
AP trunk port carries main LAN untagged and VLAN30 tagged
-
Firewall/NAT/PCC are configured, but the issue also appears before normal routing works
Bridge/VLAN idea:
/interface bridge
add name=bridge-lan vlan-filtering=yes
/interface vlan
add interface=bridge-lan name=vlan30-iot vlan-id=30
/interface bridge vlan
add bridge=bridge-lan vlan-ids=1 untagged=bridge-lan,ether2-LAN,ether3-LAN,ether4-LAN
add bridge=bridge-lan vlan-ids=30 tagged=bridge-lan,ether4-LAN
/ip address
add address=192.168.20.1/24 interface=bridge-lan
add address=192.168.30.1/24 interface=vlan30-iot
Problem:
After reboot, clients on the main LAN can get DHCP normally, but they cannot ping or access the gateway 192.168.20.1, and cannot access the Internet.
The strange part is that the configuration looks correct after reboot:
-
Ethernet link is up
-
Bridge port is active
-
Bridge VLAN table looks correct
-
DHCP can work
-
But ARP / gateway access / normal traffic does not work
If I manually toggle Bridge VLAN Filtering after boot, the network immediately recovers:
/interface bridge set bridge-lan vlan-filtering=no
:delay 2s
/interface bridge set bridge-lan vlan-filtering=yes
After this, everything works normally until the next reboot.
I also noticed that unplugging/replugging the LAN/AP port can sometimes recover the network, which looks similar to forcing the bridge port / VLAN state to be reinitialized.
What I have tested:
-
Normal bridge without
vlan-filteringworks fine after reboot. -
Bridge VLAN Filtering enabled causes the issue after reboot.
-
Main LAN directly on
bridge-lanreproduces the issue. -
Main LAN on an explicit
vlan1-maininterface also reproduced the issue. -
Directly connected client also reproduced it, so it is not only an AP/Wi-Fi issue.
-
Upgrading from 7.21.4 long-term to 7.23.1 stable did not fix it.
-
Toggling
vlan-filteringoff/on after boot always restores connectivity.
Current workaround:
I added a startup script to reinitialize Bridge VLAN Filtering after boot:
/system script
add name=fix-vlan-filtering-startup policy=read,write,test source={
:delay 45s
:log warning "Startup fix: restarting bridge vlan-filtering"
/interface bridge set bridge-lan vlan-filtering=no
:delay 2s
/interface bridge set bridge-lan vlan-filtering=yes
:log warning "Startup fix: bridge vlan-filtering restarted"
}
/system scheduler
add name=fix-vlan-filtering-startup start-time=startup \
on-event="/system script run fix-vlan-filtering-startup" \
policy=read,write,test
This workaround works, but it looks like the Bridge VLAN Filtering runtime state is not initialized correctly during boot.
Question:
Has anyone seen a similar issue on RouterOS x86 with Intel I210 NICs and Bridge VLAN Filtering?
Could this be related to bridge VLAN Filtering initialization, FDB/CPU port VLAN state, bridge fast-forward, or NIC driver/offload behavior?
I can provide supout.rif generated while the device is in the failed state before toggling vlan-filtering.