If RSTP is enabled on bridge-local and bridge-internetonly, it seems like I can only have one bridge up with an address at a time, the other stops pinging. If I disable RSTP, it works fine.
Unrelated to RSTP, eui-64 auto assigned from a pool don't seem to work for two interfaces at the same time either. I can assign one from the pool, it works, I can ping. If I assign another, one or both will get marked invalid, and it flip flops every time I do release in ipv6 dhcp-client.
add address=2604:6000:100a:8e::2 interface=bridge-internetonly
add address=2604:6000:100a:8e::1 interface=bridge-local
With RSTP disabled, Ipv6 is fully functioning on both wireless APs. Any idea what's up with these issues? Am I creating a loop somewhere here?
Are there any logs that can be used to troubleshoot mac flapping or stp events?
Eventually I'm intending on firewalling traffic between internetonly and local bridges.
As is, IPv6 internet is working on both the virtual and physical APs, but hoping to turn RSTP back on?
\
apr/19/2015 13:16:42 by RouterOS 6.27
software id = BLXX-VW13
/interface bridge
add admin-mac=4C:5E:0C:7A:98:30 auto-mac=no name=bridge-internetonly protocol-mode=none
add admin-mac=4C:5E:0C:7A:98:41 auto-mac=no mtu=1500 name=bridge-local protocol-mode=none
/interface ethernet
set [ find default-name=ether1 ] name=ether1-gateway
set [ find default-name=ether2 ] name=ether2-master-local
set [ find default-name=ether3 ] master-port=ether2-master-local name=ether3-slave-local
set [ find default-name=ether4 ] master-port=ether2-master-local name=ether4-slave-local
set [ find default-name=ether5 ] master-port=ether2-master-local name=ether5-slave-local
/ip neighbor discovery
set ether1-gateway discover=no
/interface wireless security-profiles
add authentication-types=wpa2-eap eap-methods=eap-tls management-protection=allowed mode=dynamic-keys name=eap-tls supplicant-identity="" tls-certificate=dnet-ca tls-mode=verify-certificate
add authentication-types=wpa2-psk management-protection=allowed mode=dynamic-keys name=dnet wpa2-pre-shared-key=ihaterouters
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-onlyn channel-width=20/40mhz-Ce disabled=no distance=indoors frequency=auto l2mtu=1600 mode=ap-bridge security-profile=eap-tls ssid=dnet-eap
add disabled=no l2mtu=1600 mac-address=4E:5E:0C:7A:98:45 master-interface=wlan1 name=wlan2 security-profile=dnet ssid=dnet
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
add name=internetonly-dhcp ranges=192.168.50.10-192.168.50.254
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=bridge-local name=default
add address-pool=internetonly-dhcp disabled=no interface=bridge-internetonly name=dhcp-internetonly
/interface bridge port
add bridge=bridge-local interface=ether2-master-local
add bridge=bridge-local interface=wlan1
add bridge=bridge-internetonly interface=wlan2
/ip address
add address=192.168.88.1/24 comment="default configuration" interface=bridge-local network=192.168.88.0
add address=192.168.50.1/24 interface=bridge-internetonly network=192.168.50.0
/ip dhcp-client
add comment="default configuration" dhcp-options=hostname,clientid disabled=no interface=ether1-gateway
/ip dhcp-server network
add address=192.168.50.0/24 dns-server=192.168.50.1 gateway=192.168.50.1
add address=192.168.88.0/24 comment="default configuration" dns-server=192.168.88.1 gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes servers=2001:4860:4860::8888
/ip dns static
add address=192.168.88.1 name=router
/ip firewall filter
add chain=input comment="default configuration" protocol=icmp
add chain=input comment="default configuration" connection-state=established
add chain=input comment="default configuration" connection-state=related
add action=drop chain=input comment="default configuration" in-interface=ether1-gateway
add chain=forward comment="default configuration" connection-state=established
add chain=forward comment="default configuration" connection-state=related
add action=drop chain=forward comment="default configuration" connection-state=invalid
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" out-interface=ether1-gateway
/ip ipsec policy
set 0 dst-address=0.0.0.0/0 src-address=0.0.0.0/0
/ip proxy
set cache-path=web-proxy1
/ipv6 address
add address=2604:6000:100a:8e::2 interface=bridge-internetonly
add address=2604:6000:100a:8e::1 interface=bridge-local
/ipv6 dhcp-client
add add-default-route=yes interface=ether1-gateway pool-name=ipv6dhcp prefix-hint=::/64
/ipv6 firewall filter
add chain=forward
add chain=output
add chain=input
add action=reject chain=forward connection-state=new in-interface=ether1-gateway out-interface=bridge-local reject-with=icmp-port-unreachable
add action=reject chain=forward connection-state=new in-interface=ether1-gateway out-interface=bridge-internetonly reject-with=icmp-port-unreachable
add action=reject chain=input in-interface=ether1-gateway reject-with=icmp-port-unreachable
add action=drop chain=forward connection-state=invalid in-interface=ether1-gateway
add action=drop chain=input connection-state=invalid in-interface=ether1-gateway
/system clock
set time-zone-autodetect=no time-zone-name=America/New_York
/system leds
set 5 interface=wlan1
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=ether3-slave-local
add interface=ether4-slave-local
add interface=ether5-slave-local
add interface=wlan1
add interface=bridge-local
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=ether3-slave-local
add interface=ether4-slave-local
add interface=ether5-slave-local
add interface=wlan1
add interface=bridge-local