Still have RSTP problems with Mikrotik

49er · March 22, 2018, 9:46am

Hi,

What is wrong in my configs?
I use VLAN’s and bridges.
All my devices have tons of log warnings about LOOPs.

See the picture

pe1chl · March 22, 2018, 9:53am

You don’t show your configs so how can we know what is wrong with them?

49er · March 22, 2018, 9:54am

Installation SW04 (RBSXTG-5HPacD)

AP BRIDGE

Set the identity

/system identity set name="SW04 - Ring 393"

Create a bridge

/interface bridge add name=BR_BRIDGE-1

Create the needed VLANs

/interface vlan add name=VLAN_LAN_MGMT vlan-id=9 interface=BR_BRIDGE-1

Add an IP address for management

/ip address add address=172.16.5/25 network=172.16.0.0 interface=VLAN_LAN_MGMT

Add a Security Profile

/interface wireless security-profile add name=BRIDGE-1 authentication-type=wpa2-psk mode=dynamic-keys wpa2-pre-shared-key="!@49er4All#$"

Access List vullen voor de Bridge

/interface wireless access-list add mac-address=D4:CA:6D:06:3C:BD interface=wlan1 comment="SW05 Ring 225"

Poorten toevoegen aan bridge

/interface bridge port add interface=ether1 bridge=BR_BRIDGE-1
/interface bridge port add interface=wlan1 bridge=BR_BRIDGE-1

Set Wlan mode

/interface wireless set wlan1 ssid=Bridge1 frequency=auto mode=bridge band=5ghz-onlyac default-authentication=no disabled=no
/interface wireless set wlan1 security-profile=BRIDGE-1 wmm-support=enabled

NV2 Werkt NIET met CAPsMAN

#/interface wireless set wlan1 wireless-protocol=nv2
/interface wireless set wlan1 channel-width=20/40/80mhz-eeeC
/interface wireless set wlan1 default-authentication=no

Create WDS-Interface and add the interface to the bridge

/interface wireless set wlan1 wds-mode=dynamic wds-default-bridge=BR_BRIDGE-1

Globele instellingen

SNTP Client configureren

/system ntp client set primary-ntp=172.16.0.130 secondary-ntp=172.16.0.131 enabled=yes

DNS Instellen

/ip dns set server=172.16.0.130,172.16.0.131

Default route toevoegen

/ip route add dst-address=0.0.0.0/0 gateway=172.16.0.1

SNMP Server configureren

/snmp community
set [ find default=yes ] addresses=172.16.0.60/32
add addresses=172.16.0.60/32 authentication-password=O7ac6eV0TnpLJ155 authentication-protocol=SHA1
encryption-password=hHWhgw91Hed6s4S5 encryption-protocol=AES name=SNMPuser1 security=private
/snmp
set contact=ronald.verheij@skiffkick.nl.nl enabled=yes engine-id=SNMPuser1 location="Ring 393, Pernis, Zolder"
trap-generators=interfaces trap-interfaces=all trap-target=172.16.0.60 trap-version=3 trap-community=SNMPuser1
/snmp community set [find name=public] read-access=no

SYSLOG Server configureren

/system logging action
set 3 remote=172.16.0.20

/system logging
add action=remote topics=warning
add action=remote topics=info
add action=remote topics=critical
add action=remote topics=error
add action=remote topics=wireless

IP SERVICES configureren

/ip service set api disabled=yes
/ip service set telnet disabled=yes
/ip service set ftp disabled=yes
/ip service set api-ssl disabled=yes
/ip service set www address=172.16.0.0/21 disabled=yes
/ip service set www-ssl certificate=WEB_CONF port=4443 disabled=no

Zet de tijdzone goed

/system clock set time-zone-name=Europe/Amsterdam

Route instellen voor locale netwerk

/ip route add dst-address=172.16.0.0/21 gateway=172.16.0.1

Steveocee · March 22, 2018, 10:28am

What version RouterOS? This was really prevalent a few versions ago but seems to be fixed in newer releases. Try upgrading to latest bugfix.

49er · March 22, 2018, 10:48am

It is running 6.41
That is not so old I think.

49er · March 22, 2018, 10:52am

That is not the solution.
Still have these messages.

artz · March 22, 2018, 11:02am

Note that in most cases the device that has detected loops is not causing the loop.
What this error means is that a packet, that was sent out by the device, is received back after it was forwarded into your network.
You should check devices that are connected to ether1.

We have noticed quite a few configurations that are known to cause issues, make sure sure you are not using this (or one of described) configuration:
https://wiki.mikrotik.com/wiki/Manual:Layer2_misconfiguration#VLAN_in_bridge_with_a_physical_interface

Also note that RSTP is not a VLAN aware protocol, it cannot always detect actual loops properly in topology where VLANs are used. You might need to implement MSTP in your network:
https://wiki.mikrotik.com/wiki/Manual:Spanning_Tree_Protocol#Multiple_Spanning_Tree_Protocol

49er · March 22, 2018, 12:12pm

We have noticed quite a few configurations that are known to cause issues, make sure sure you are not using this (or one of described) configuration:
https://wiki.mikrotik.com/wiki/Manual:L … _interface

Think this make sense.
I think I have here a misconfiguration.

49er · March 22, 2018, 12:25pm

On the main router I have this:

Bridge toevogen

/interface bridge
add name=BR_LAN_MGMT priority=10
add name=BR_LAN_DATA priority=10
add name=BR_WLAN_DATA priority=10
add name=BR_WLAN_GUEST priority=10
add name=BR_LAN_MFP priority=10
add name=BR_LAN_GAME priority=10
add name=BR_LAN_CAMERA priority=10
add name=BR_LAN_TVMM priority=10
add name=BR_WLAN_SP priority=10

Maak VLANs

/interface vlan
add name=VLAN_LAN_MGMT interface=ether5 vlan-id=9
add name=VLAN_LAN_DATA interface=BR_LAN_MGMT vlan-id=10
add name=VLAN_WLAN_DATA interface=BR_LAN_MGMT vlan-id=12
add name=VLAN_WLAN_GUEST interface=BR_LAN_MGMT vlan-id=14
add name=VLAN_LAN_MFP interface=BR_LAN_MGMT vlan-id=15
add name=VLAN_LAN_GAME interface=BR_LAN_MGMT vlan-id=16
add name=VLAN_LAN_CAMERA interface=BR_LAN_MGMT vlan-id=17
add name=VLAN_LAN_TVMM interface=BR_LAN_MGMT vlan-id=18
add name=VLAN_WLAN_SP interface=BR_LAN_MGMT vlan-id=19
add name=VLAN_LAN_SERVER interface=BR_LAN_MGMT vlan-id=900

Poorten toevoegen aan een bridge

/interface bridge port
add bridge=BR_LAN_MGMT interface=ether1
add bridge=BR_LAN_MGMT interface=ether5
add bridge=BR_LAN_MGMT interface=VLAN_LAN_MGMT
add bridge=BR_LAN_DATA interface=VLAN_LAN_DATA
add bridge=BR_WLAN_DATA interface=VLAN_WLAN_DATA
add bridge=BR_WLAN_GUEST interface=VLAN_WLAN_GUEST
add bridge=BR_LAN_MFP interface=VLAN_LAN_MFP
add bridge=BR_LAN_GAME interface=VLAN_LAN_GAME
add bridge=BR_LAN_CAMERA interface=VLAN_LAN_CAMERA
add bridge=BR_LAN_TVMM interface=VLAN_LAN_TVMM
add bridge=BR_WLAN_SP interface=VLAN_WLAN_SP

IP adressen toewijzen

nescafe2002 · March 23, 2018, 5:16pm

Try to set administrative mac address on each bridge (just copy actual mac address). Next time, don’t post your setup script (with wpa2-pre-shared-key=“!@49er4All#$”..) but the rather actual running config:

[admin@MikroTik] > /export hide-sensitive 
# mar/23/2018 18:15:21 by RouterOS 6.42rc49
#
/interface bridge
add admin-mac=6C:3B:6B:xx:xx:xx auto-mac=no name=bridge1