The use of mac addresses?

Bridges clone a mac address of a underlying interface.
vlan interface get mac address similar to the real interface.
virtual AP’s get mac address similar to the real AP interface and sometimes last digit one higher.

What is actually the best practise?

I set often an admin mac in the bridge that is similar to the radio. This way I can easy mac-telnet from neighbour radio to the radio-mac.
But I have now also in my CCR router real ethernet interface belonging to a bridge (that gets same mac) and in the bridge I put several vlans (and they all get the same mac as the ehternet interface, thus as the bridge). So basically I create situations that one mac is now on many interfaces?

Most of these vlan interface I have arp to set ‘proxy-only’ or they don’t pass traffic. But both the bridge and the real interface do have to have ‘arp-enabled’ set.

When setting a 1st virtual AP on a physical AP the virtual AP get same mac. But when I than set a 2nd virtual AP on the 1st it gets a one digit higher mac?


I don’t seem to find a simple understandable explanation on what is good practise and what is done why, where and when.

Who is willing to share with me the holy grail of mac! (In plain ‘dummy english’ please… )

not 100% related to the original question:

i wouldn’t recommend to bridge together interfaces, and then apply VLANs on the bridge interface, as you can’t really control what goes where.

in a switch you can filter which VLANs are associated with which ports, which ones are forwarded.

all the router vendors prefer to create .1q subinterfaces on the router interfaces, and then bridge the ones together you wan’t to be in the same VLAN. this way you have full control. this also implies per “VLAN” STP.
but you can have different forwarding path for each VLAN.
and you can even have “local VLAN significance” on each interface, based on your configuration.

this approach is similar to cisco’s ethernet service instances.

“Vlan” interfaces in routeros are more like routed sub interfaces in cisco.
the bridge interface is the SVI in cisco’s terminology.

regarding your original question:
it’s not an issue to have the same mac addresses in different VLANs. as long as they not connected in L2, there shouldn’t be any problem. routers can handle different arp entries pointing to the same mac as long as they are matched to different interfaces. and even on the same interface when using “secondary addresses”.
my point is - sorry for the big writeup - the router will know where to look for the mac as arp entries are L3 interface specific.

spanning tree however tends to use mac addresses (the lowest one) when selecting the root bridge, so you may wan’t to individually assign mac addresses to each bridge.

Well, you “wouldn’t recommend to bridge together interfaces, and than apply VLANs on the bridge interface”. Now I’m a bit confused.

I have a router (rb1100AH but same happens somewhere else in a CCR) where several backhaul links are connected to an ethernet interface of this 1100AH.

Previous my whole network was fully routed, thus many routing tables everywhere with /24, /25, /26, /27 etc up to /30 networks everywhere to serve the several AP-client networks. Each AP had its own dhcp-server to assign IP’s to clients.

I want to works towards a network where all IP’s are going to be assigned by one central dhcp-server, later to be replaced by a PPoE server.
Since in the end all PPoE IP’s will be assigned from only one or two /24 networks I have the need to make ‘pipes’ from each AP towards the central where later the PPoE-server will be located.
So I needed all AP’s client networks basically bridged towards that central location (that is sometimes up to 10 nodes away)!
So I started to make bridges wherever possible and usable.
But I kept each AP network apart as possible for now otherwise the bigger network would collapse under its broadcast network (mainly wireless!).

So I made VLAN’s that started in this rb1100AH and via transparently bridge network nodes (as far as achievable) that ended in the AP router where they are bridge with the wlan interface. IP requesting CPE will now have direct network connection towards dhcp-server in central.

VLAN interface of that AP network has the gateway IP for that network and the dhcp-server on that same interface.

Since some of the VLANs share some stretch of the path through several nodes (and backhauls) I put these VLAN start interfaces in another VLAN-trunk interface. This way I don’t have to make bridges for each VLAN passing a router in the path towards clients but just one for the trunk.

Apart from that I have many AP’s that also have hotspot 2,4Ghz antenna. I want to make one hotspot server in same rb1100 or CCR that serves all hotspot clients by this hotspot system. I made a VLAN infrastructure from hotspot router over several different backhauls to the many AP’s. Since some of the AP’s are routerboards (like rb433AH) that serve both 5Ghz fixed client network (with its VLAN) as a remote one antenna building with more client (so VLAN has to pass to this antenna first) AND the 2,4Ghz hotspot antenna, it is sometimes a mixture or partly routed, partly bridged physical and VLAN bridges.

Basically it all runs fine (I have some 20 VLANs now) but at times I have issues that some VLAN networks are having disconnection problems.
Usually the underlying route or bridged network towards an AP works fine, but clients of an AP see regular traffic drops. The physical connections stay in place, the halts are so short that a winbox session over the VLAN towards client just stays alive and doesn’t show any drop on ethernet or wlan interface, but the ping towards the clients show a drop. And for all clients on that AP at the same time! (And only gaming or voip clients notice the drop)

My experience is now that it is usually somewhere a bridge or VLAN interface that is not completely properly configured that is giving the problem.
Normally spoken there are no loops in my network, but due the fact that in some places different VLAN’s can pass in same bridge or running towards same physical interface I have the feeling that because in some instances mac addresses are shared, this creates unwanted loops (or traffic is ‘leaked’ over the bridge into other VLAN?). But I can’t always put my finger on the real issue and create a workaround to solve the issue.

Hence I was thinking that giving each interface, VLAN, Bridge or real, should have its own mac? But what mac to give it? Can I just increase last digit (while checking that new mac does not already exists in router)?

At the same time I am not always sure what arp mode to use in which instances. Usually I try something and if it works I leave it. But its not really based upon thorough knowledge!