I’m currently evaluating a virtualized x86 routeros and trying to set up a connection to my ISP, which requires a pppoe connection over a VLAN.
So, starting with the simplest configuration (ether1 is a real Intel I210 NIC connected via PCI-passthrough):
# jan/01/2022 19:56:49 by RouterOS 7.2rc1
#
/interface vlan
add interface=ether1 name=vlan1 vlan-id=40
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/port
set 0 name=serial0
/ip cloud
set update-time=no
After that I’m doing
/interface/pppoe-client/scan vlan1
and sniffing ether1 locally, as well as monitoring a mirrored port on the switch. In the local capture I see PADI requests sent over the VLAN, but no response. In the capture from the switch there’s absolutely nothing.
OK, instead of a simple VLAN let’s try a bridge VLAN filtering config:
/interface bridge
add name=bridge1 pvid=40 vlan-filtering=yes
/interface bridge port
add bridge=bridge1 interface=ether1
/interface bridge vlan
add bridge=bridge1 tagged=ether1 vlan-ids=40
/interface/pppoe-client/scan bridge1
works perfectly and shows responses, which are visible in the both captures as well.
Let’s try a configuration with a tagged vlan on the bridge interface:
/interface bridge
add name=bridge1 vlan-filtering=yes
/interface vlan
add interface=bridge1 name=vlan2 vlan-id=40
/interface bridge port
add bridge=bridge1 interface=ether1
/interface bridge vlan
add bridge=bridge1 tagged=ether1,bridge1 vlan-ids=40
Trying
/interface/pppoe-client/scan vlan2
, doesn’t work, same as the first config: requests are visible in the local capture, but not visible on the switch.
So, why untagged bridge VLAN filtering works, but nothing else does? I need to set up multiple VLANs, so the working config with the untagged bridge is not an option.