RSTP not selecting the right Root Bridge (hAP-lite, ROS 6.48 and ROS 6.46.8)

RouterOS General
1

It seems there is a problem with determining the right Bridge Root in RSTP.
Here is my scenario:

  1. HP v1910-48G - STP enabled. Mode RSTP. Bridge Priority 4096 (0x100 hex in Mikrotik)
  2. hAP-Lite with Switch chip defined VLANs and a Bridge with all ports and WLAN1 adapter. (I also disabled Switch Assisted VLAN - switch-cpu1 - disabled.. same result)
  3. Bridge is in RSTP mode with admin-mac set. Bridge Priority is default 8000 (32768 in decimal .. which use HP)
  4. hAP-Lite is connected via ether1 and should be the root port in CST Bridge

The calculated bridge Root is always hAP-itself..
Which is not correct. Even if it has lower MAC the Bridge priority is higher than HP and thus cannot be root bridge..
I have trieed ROS 6.46.8 and ROS 6.48.
Interesting it works on CRS212 using ROS 6.46.8.

RSTP is also broken on CSS1106 in SwOS 2.12 which I reported in Annoucement thread.

It seems there is somekind of bug or I am missing something.

Here is the config of hAP-Lite if someone wanna give it a go and try.


/interface ethernet
set [ find default-name=ether1 ] name=ether1-uplink
set [ find default-name=ether2 ] name=ether2-Zunanji
set [ find default-name=ether3 ] name=ether3-Zunanji
set [ find default-name=ether4 ] name=ether4-Zunanji
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-g/n channel-width=20/40mhz-Ce \
    disabled=no distance=indoors frequency=auto installation=indoor mode=\
    ap-bridge ssid=Pubs station-roaming=enabled vlan-id=24 vlan-mode=\
    use-tag wireless-protocol=802.11
/interface bridge
add admin-mac=E4:8D:8C:CD:58:26 auto-mac=no comment=defconf name=bridge
/interface vlan
add interface=bridge name=vlan15-Management vlan-id=15
/interface ethernet switch port
set 0 vlan-mode=secure
set 1 default-vlan-id=24 vlan-header=always-strip vlan-mode=secure
set 2 default-vlan-id=24 vlan-header=always-strip vlan-mode=secure
set 3 default-vlan-id=24 vlan-header=always-strip vlan-mode=secure
set 4 vlan-mode=secure
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" mode=\
    dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key=\
    fsdgjffd874 wpa2-pre-shared-key=Strojniki@Pisker2020
/snmp community
add addresses=172.16.15.0/24 name=SCP
/interface bridge port
add bridge=bridge comment=defconf interface=ether2-Zunanji
add bridge=bridge comment=defconf interface=ether3-Zunanji
add bridge=bridge comment=defconf interface=ether4-Zunanji
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge interface=ether1-uplink
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface ethernet switch vlan
add ports=switch1-cpu,ether1-uplink switch=switch1 vlan-id=15
add ports=\
    switch1-cpu,ether1-uplink,ether2-Zunanji,ether3-Zunanji,ether4-Zunanji \
    switch=switch1 vlan-id=24
add ports=switch1-cpu,ether1-uplink switch=switch1 vlan-id=39
add ports=ether1-uplink switch=switch1 vlan-id=21
add ports=ether1-uplink switch=switch1 vlan-id=37
add ports=ether1-uplink switch=switch1 vlan-id=20
/interface list member
add comment=defconf interface=ether1-uplink list=WAN
add interface=vlan15-Management list=LAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=\
    192.168.88.0
/ip dhcp-client
add comment=defconf disabled=no interface=vlan15-Management
/ip dns
set allow-remote-requests=yes
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
    "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN log=yes
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN log=yes
2

I can confirm this bug on a CRS305 /w SwOS 2.12. Actually, STP doesn’t seem to work at all on that Switch/SwOS Version.

The root bridge in my network is a cisco 3750x (ID 16384) but the mikrotik (ID 8000 i.e. 32768) ignores the lower ID and always selects itself as root.
Also I couldn’t even get STP on the CRS to block a port. When creating a Loop over an adjacent (or multiple) switches, it always has to be one of the other switches that has to break the loop. If I intentionally hold the ports on the other switch in forwarding state, the CRS won’t ever switch to blocking and keeps flooding the network.
Uplink ports to other switches are also always wrongly detectet as edge - only ports in down-state are point-to-point, all online ports are always edge.

So it seems SwOS ignores incoming BPDUs and, given none of the other switches selects it as the new root bridge when setting the ID on the CRS lower, SwOS also doesn’t send any BPDUs. I.e. STP is completely non-functional.