Several RB3011 ports are collected in local-bridge
For this, local-bridge is Fast Forward enabled, ARP is enabled.
We hang on local-bridge 192.168.54.1/24
Now DHCP, a couple of dozen clients, masquerading - everything is as usual.
Now, we hang on local-bridge 192.168.66.1/24
and connect a video recorder to our local network with a manually set address 192.168.66.101
There seem to be no problems, all pings between subnets are without delays, connections between subnets are not NATed, routes are in place (and what routes are there - just Mikrotik says that both are reachable via local-bridge and distance = 0)
But here’s the bad luck - the initial opening of the DVR interface takes 30 seconds. And not everything works. It opens from the browser, but not from special software, for example.
Ok, we transfer any computer on our network to the 192.168.66.0/24 segment - and everything will return to normal at once. Or - on the contrary - we transfer the recorder to the 192.168.54.0/24 segment - and everything is fine too.
It seems logical that the problems are created by the DVR itself?
But no, if you connect to our RB3011 from some remote network, the recorder works adequately when placed in any segment.
well, clearly the issue occurs when the traffic needs to pass through router. I don’t think there is anything you could stuff up with the config - you described it very clearly (which makes me think that you know what you are doing).
Two things to check:
do you have firewall rules allowing traffic in both directions? I know it should be handled by “allow established/related” but lets give it try with allowing both directions manually.
what is your MTU size? (windows command: ping [dvr-ip] -l 1500 -f ) try gradually lower size until it starts responding… It may need a mangle rule with action change-mss if connections are TCP based. (alternatively change MTU on DVR if connections are using UDP)
The bridge brings all interfaces in the same L2 broadcast domain. On what port a device is connected does not matter. It is all one logical interface.
Then comes the routing: two subnets on one (logical) interface. How do they communicate between subnets? They communicate over the router (router on a stick).
unicast between 192.168.54.1/24 and 192.168.54.1/24 : direct communication
unicast between 192.168.54.1/24 and 192.168.66.1/24: over router
unicast between 192.168.66.1/24 and 192.168.66.1/24 : direct communication
broadcast : everyone receives an overall broadcast (255.255.255.255)
A router (without multicastcast helper or ip-helper) does not forward/transform multicasts or broadcasts between subnets. So broadcast to 192.168.54.255 will not reach 192.168.66.255. If the DVR is using broadcast it will not communicate with devices in the other subnet, even if they are connected to the same logical or even physical interface.
“It opens from the browser, but not from special software, for example.”. What is that special software? Is it DLNA, with SSDP discovery? There are known limitations (just one example: https://yabb.jriver.com/interact/index.php?topic=108638.0) . The name of that special software, and also a sniffer file of the failing connection would be very helpful.