I recently updated to version 7.17 from 7.16.2 and encountered a major issue with bridges. Their MAC addresses keep changing continuously.
I’ve stripped down the configuration as much as possible, and the problem persists even with just the following minimal setup (tested on CCR, HEX, HAP, etc.):
# 1970-01-02 00:46:38 by RouterOS 7.17
# software id = XXXX-XXXX
#
# model = RB750Gr3
# serial number = XXXXXXXXXXXX
/interface bridge add name=VLAN10
/interface bridge add name=VLAN20
/interface bridge add name=bridge1
/interface vlan add interface=bridge1 name=vlan10 vlan-id=10
/interface bridge port add bridge=VLAN10 interface=vlan10
/system note set show-at-login=no
/system routerboard settings set auto-upgrade=yes
After rolling back to version 7.16.2, the problem disappears entirely.
After discussing with someone on the forum, it seems we’re not supposed to create multiple bridges. I don’t understand—why allow the possibility to do so then?
Indeed, I’ve seen that VLANs can be used directly within a single bridge. However, the issue is that some features only apply to bridges and not to VLANs, such as IGMP Snooping.
I’d like to remind you that before version 7.17, there was no such issue.
I am asking as the usual recommendation is to have manually set admin-mac=xx:xx:xx:xx:xx:xx and auto-mac=no even in v6.x though maybe it is unrelated, that was because MAC could change on reboots or when adding/removing/disabling/enabling interfaces.
It is possible and legitimate to create multiple bridges … it’s just that since ROS version 6.42 or there abouts (which added vlan-filtering capability to bridges) there’s rarely a case where one absolutely needs more than one bridge.
But to your problem: bridge (since ages ago) assumed MAC address of first member port as its own MAC address. Which means that it can change with reboot (if ROS initializes bridge ports in different sequence) or if “MAC donor” port is removed/disabled from bridge.
But when bridge ports are VLAN interfaces, which by themselves don’t have MAC address but inherit it from underlying interface, then weird things can happen. Even if inheritsnce of MAC address works flawlessly, it can happen that multiple bridges end up with same MAC address. Which is probably fine in most cases, but …
It seems tgat with 7.17 there were some changes which broke inheritance.
But in any case, the right thing is to set bridge MAC address manually. As @pe1chl mentioned in the other thread, default bridge has it set … but manually created bridges don’t (since creator has to set MAC to some valid value).
Out of curiosity: can you identify those MAC addresses? Could they belong to actual devices, talking to bridge? You obscured obe octet too many (3 most significant octets identify MAC address block owner) for us to check.
Thank you for your detailed explanation, especially the part about MAC inheritance and how this behavior might have changed in version 7.17—it aligns with what I’ve been observing.
To confirm, you’re suggesting that the proper solution would be to manually set a MAC address in the admin-mac field for each bridge via Winbox, correct?
Here’s a screenshot of my current configuration to help clarify:
sure sounds like a bug, would take a supout of your router and report the issue to mikrotik ( go to support and register for an account and submit bug report)
@xaviernuma
From what you report - it seems like the RouterOS is “inventing” random MACs (as opposed to randomly “inheriting” those of connected devices).
It is a different kind of random.
But - as mkx noticed - they could be locally generated from “base” real MACs.
I asked about VLAN10/vlan10 because - coming from a DOS/windows background I have been bitten so many times on Linux/unix CaSe SeNsItIvEnEsS …
