I have a Cloudcore CCR1016-12G connected to an Aruba 8360 switch with a tagged ethernet link. One of the VLANs on the link is 8. This vlan is then bridged to Ether2 (connecting to an unmanaged switch). We also have a VLAN interface for this network on the Cloudcore with an IP address, the intention being that this will present devices on another network via NAT. The following diagram summarises the configuration:
Config:
/interface bridge
add ingress-filtering=no name=Bridge vlan-filtering=yes
/interface vlan
add interface=Bridge name=Bridge-SVI-1 vlan-id=8
add interface=ether1 loop-protect=on name=VLAN9
vlan-id=9
/interface bridge port
add bridge=Bridge interface=ether1
add bridge=Bridge fast-leave=yes interface=ether2 pvid=
8
/interface bridge vlan
add bridge=Bridge tagged=ether1 untagged=ether2
vlan-ids=8
/ip address
add address=192.17.6.52/23 interface=Bridge-SVI-1 network=192.17.6.0
add address=192.23.0.18/30 interface=VLAN9 network=
192.23.0.16
add address=192.17.6.54/23 interface=Bridge-SVI-1 network=192.17.6.0
add address=192.17.6.55/23 interface=Bridge-SVI-1 network=192.17.6.0
add address=192.17.6.56/23 interface=Bridge-SVI-1 network=192.17.6.0
add address=192.17.6.57/23 interface=Bridge-SVI-1 network=192.17.6.0
add address=192.17.6.53/23 interface=Bridge-SVI-1 network=192.17.6.0
I’m eventually wanting the Cloudcore to NAT traffic on another network to the 192.17.6.0/23 VLAN 8 network, but at the moment I can’t even get that far. The Cloudcore will not arp the ‘SVI’ IP address attached to the bridge. I have tried attaching the IP address to the Bridge-SVI-1 vlan interface, the bridge itself and even the Ether2 port but it will not respond to arp requests from either a Windows laptop on a switch attached to the Ether2 interface, or off an access port on vlan 8 on the Aruba switch. If I put a static arp entry in on the laptop I’m testing from communications work fine (the IP responds to ping, the NATs work). At one point through disabling and re-enabling things I got it arping somehow yesterday, but this wouldn’t work for the secondary IP addresses and has stopped again. I’ve tried wiping the Cloudcore, setting the bridge up as a simple bridge with a vlan attached to eth1 and eth2 as members and the IP attached to the bridge etc but nothing seems to work. Also got rid of all the secondary IPs. The bridge is otherwise functioning - layer 2 traffic is flowing back and forth between the Aruba and upstream devices and devices downstream on the Unifi switch attached to Ether2.
Why would this interface not respond to arp requests?
Another observation - pinging out from the device with the correct source address set does not work unless I set the source interface as well as the source IP.
Incidentally if I do a capture on all interfaces the Cloudcore doesn’t show my arp requests at all, although I see them going out from the Aruba switch.
The other thing I note is there seems to be a bug where even with a static arp entry on an endpont device if I turn on a packet sniffer the vlan can’t be pinged. As soon as the packet sniffer is stopped the ping starts working again.
I should add I have tried 7.6, 7.8, 7.9.2 and now 7.10rc4 to no avail.
