i have a problem with a SXT LTE Kit regarding LTE-Passthrough and concurrent management of the device. The SXT LTE Kit is directly attached with one 100m cable to an OPNSense (FreeBSD-based) firewall server, and provides via multi-wan a fallback connection in case of a failed DSL connection. I don’t want bad things like double-NAT, so the external LTE ip should be assigned to the OPNSense. Usually, that would be no problem with LTE-Passthrough and VLAN trunking, but there is a big problem within FreeBSD: The MAC-addresses of the physical interface and the subsequent vlan interfaces are the same and can’t be changed particularly. This circumstance makes the SXT LTE Kit misrouting all VLAN packages to the LTE module instead of the vlan bridge. As far i understand, this behavior can’t be changed on the device itself, so my question is: is there any possibility to add another mikrotik (or other vendor) device between opnsense and LTE Kit, which splits the packages to two different network ports on the OPNSense ?
AFAIK it’s normal that different VLANs on same physical ethernet device share same MAC address. After all, first action of a switch is to check destination MAC address and later (by switches aware of) VLAN tags. From dummy switch perspective it doesn’t matter which MAC address is used as long as some device accepts it (and uses it so that switch can start to switch instead of broadcasting packets). Some switches (including Routerboards) have special configuration option to enable VLAN-independant MAC learning but things work fine without enabling it.
So the problem you’re seeing is likely not caused by use of same MAC address. More likely something is missing in the VLAN setup.
thanks for your reply. somewhere on the forum i read that the interface which is used for passthrough on the mikrotik device claims all packets from the mac address which is used for passthrough. Unfortunately i can’t find this post again. That’s why i tried to assign a different mac address to the vlan interface on the opnsense, which isn’t supported by FreeBSD.
That’s the current config of the MT device:
# oct/17/2018 23:25:23 by RouterOS 6.42.7
# software id = YYYYYYYYYY
#
# model = RouterBOARD wAP R-2nD
# serial number = ZZZZZZZZZZZZ
/interface lte
set [ find ] mac-address=AC:FF:FF:00:00:00 name=lte1
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce country=germany disabled=no frequency=2447 ssid=UZDUZDZDU wireless-protocol=802.11
/interface vlan
add interface=ether1 name=vlan100 vlan-id=100
/interface list
add name=WAN
add name=LAN
/interface lte apn
set [ find default=yes ] apn=internet.t-d1.de authentication=pap default-route-distance=1 passthrough-interface=ether1 passthrough-mac=0C:C4:7A:79:6C:09 password=tm user=tm
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk eap-methods="" mode=dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key=XXXXXXXXXXXXXXXXX wpa2-pre-shared-key=\
XXXXXXXXXXXXXXXXXXXXX
/interface list member
add interface=lte1 list=WAN
add list=LAN
/ip address
add address=192.168.6.9/24 interface=wlan1 network=192.168.6.0
add address=192.168.101.254/24 interface=vlan100 network=192.168.101.0
/ip dns
set servers=8.8.8.8
/ip dns static
add address=192.168.101.10 name=router.lan
/ip firewall nat
add action=masquerade chain=srcnat out-interface=lte1
/system clock
set time-zone-name=Europe/Berlin
/system identity
set name=lte-uplink
/system ntp client
set enabled=yes primary-ntp=192.168.6.1
Personally I never liked mixing tagged and untagged packets on same wire. While I never configured pass-through I’d try to set-up another VLAN and use that one for pass-through instead of raw ethernet interface.