Hello guys, I need for a scenario here, that two vlan on the same interface, have different MAC’s.
To solve I created a bridge, generated a MAC, put this physical interface on the bridge.
In the vlan, I left a vlan on the bridge and another vlan I left it on the physical port, straight.
It worked, each VLAN was left with its MAC, but the messages from
" bridge port received packet with own address as source address (08:55:31:ff:4c:d5), probably loop"

My doubt is, is it right the way I did it, because it’s working, but these messages come.

MT doesn’t support different MAC addresses for different VLANs on same interface. What you found is an ugly workaround. A bit less ugly work-around would be using two bridges, one for each VLAN. There would be two vlan interfaces anchored to the physical interface, each bridge having one of vlan interfaces as member port.

I didn’t quite understand what you meant.
I need the vlan to be on top of the interface.
So if I create two bridge, and put the vlan inside the bridge, I need to put the physical port on the vlan, so dae doesn’t change the MAC.
Could you explain me better? Or send a script for me to understand

Try communicating also by
a. providing a network diagram.
b. users requirements.
c. and explain why the usual bridge and vlan filtering methods will not work???
Mac addresses dont change on the MT as far as I know??

Let’s go:
This demand is required here to close a peer with CND.
We have 2 ASN.
They don’t support the same MAC for two different ASNs.
Their link arrives on only one interface, there are two VLANs, one for each ASN. So if I create the two VLANs on the interface, one they accept the other not.
With the method I did mentioned above it “worked”, as described.

Excellent way over my head but those here with expertise will know exactly what you are talking about and will be able to assist…

Like this:

/interface bridge
add name=bridge100 admin-mac=AA:BB:CC:DD:EE:FF auto-mac=no
add name=bridge200 admin-mac=DD:EE:FF:AA:BB:CC auto-mac=no
/interface vlan
add name=e1v100 interface=ether1 vlan=100
add name=e1v200 interface=ether1 vlan=200
/interface bridge port
add bridge=bridge100 interface=e1v100
add bridge=bridge200 interface=e1v200

Then use interfaces bridge100 and bridge200 for whatever high-level setup you need (IP address, OSPF interface, whatever).

I just tested it on an RB750GR3
Unsuccessfully took the ether MAC

Using what firmware?

The reason I ask is because v7.2 (compared to any v6 version) has many changes to bridging on the MediaTek MT7621A based RB750Gr3 and RB760iGS routers.

Mind sharing an export of the RB750Gr3 config, and output of
system/routerboard/print
/interface/ethernet/print detail
/interface/vlan/print detail
/interface/bridge/print detail

You can redact the MAC addresses like the following: DC:2C:6E:xx:xx:F2 and remove SN if you don’t want to share these. It is easy to do with notepad or leafpad.

Below is export from RouterBoard, it is completely redefined, just these settings.
Her version 6.48.6
Follow the MAC print in the vlan
https://imgur.com/0GXC0zJ

\

jan/02/1970 00:00:56 by RouterOS 6.48.6

model = RB750Gr3

/interface bridge
add admin-mac=1A:0B:13:xx:xx:99 auto-mac=no name=bridge100
add admin-mac=1A:0B:13:xx:xx:98 auto-mac=no name=bridge200
/interface vlan
add interface=ether1 name=e1v100 vlan-id=100
add interface=ether1 name=e1v200 vlan-id=200
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/interface bridge port
add bridge=bridge100 interface=e1v100
add bridge=bridge200 interface=e1v200

The VLAN interface MAC address doesn’t matter as long as packets are generated by L3 using bridge interface.

Similarly: if you create a bridge and add multiple ether ports to it, then assign IP address to bridge interface. All packets, passed down from router’s IP stack (e.g. packets being routed between another interface and bridge) will have bridge’s MAC address set as src-mac-address even though all ether interfaces have their own MAC addresses

The case is, at the other end for the CND, it cannot arrive with the same MAC, and so I interconnected two Mikrotik here, and the two VLANs in neighbors, appear the same MAC, and for them it cannot, each VLAN has to have your MAC for your AS.
They control it by MAC, so if they see two MAC with two different AS, they block.

add name=bridge200 admin-mac=DD:EE:FF:AA:BB:CC auto-mac=no

I realize this is an example, but if someone tries to paste the address in, won’t it cause a problem due to it being an ethernet multicast mac (low bit of highest octet is 1)

I just tried in on my RB760iGS, and it looks like RouterOS is smart enough to not allow it, it generated a different mac address CE:90:C4:2E:25:DD

But more to this thread’s point, this extra bridge “solution” doesn’t seem to work. As soon as you add the ether1 to the vlan, the mac address seems to be inherited from ether1. And WinBox won’t let you override the mac address on the vlan interface. So it seems that either I am not understanding, or this won’t work on either v6.48.6 (see the screen shot in @antiqued4 post #10) or v7.2 (see below).

What I think would work, is a second router for the second ASN, I am not running BGP on my hEX S, and I don’t even know if MikroTik supports multiple ASN’s on the same router or not. If so, one possible “fix” would be to use a switch toward the the ISP (CND?) and use the switch to untag the vlans, and then patch them into two ethernet ports, one for each ASN. The point is, the bridge/switch itself won’t change the mac addresses passing through.

Or continue to use the workaround you found, although I don’t know if you may run into weird problems that would be out of “support”.

Following is log on RB760iGS running v7.2

[demo@MikroTik] > /interface bridge
[demo@MikroTik] /interface/bridge> add name=bridge100 admin-mac=AA:BB:CC:DD:EE:FF auto-mac=no
[demo@MikroTik] /interface/bridge> add name=bridge200 admin-mac=DD:EE:FF:AA:BB:CC auto-mac=no
[demo@MikroTik] /interface/bridge> /
[demo@MikroTik] > /interface/bridge/print
Flags: X - disabled, R - running 
 0 R ;;; defconf
     name="BR-SW" mtu=auto actual-mtu=1500 l2mtu=1596 arp=enabled arp-timeout=auto mac-address=DC:2C:6E:xx:xx:F2 protocol-mode=rstp fast-forward=yes igmp-snooping=no auto-mac=no admin-mac=DC:2C:6E:xx:xx:F2 
     ageing-time=5m priority=0x8000 max-message-age=20s forward-delay=15s transmit-hold-count=6 vlan-filtering=yes ether-type=0x8100 pvid=1 frame-types=admit-all ingress-filtering=yes dhcp-snooping=no 

 1 R name="bridge100" mtu=auto actual-mtu=1500 l2mtu=65535 arp=enabled arp-timeout=auto mac-address=AA:BB:CC:DD:EE:FF protocol-mode=rstp fast-forward=yes igmp-snooping=no auto-mac=no admin-mac=AA:BB:CC:DD:EE:FF 
     ageing-time=5m priority=0x8000 max-message-age=20s forward-delay=15s transmit-hold-count=6 vlan-filtering=no dhcp-snooping=no 

 2 R name="bridge200" mtu=auto actual-mtu=1500 l2mtu=65535 arp=enabled arp-timeout=auto mac-address=CE:90:C4:2E:25:DD protocol-mode=rstp fast-forward=yes igmp-snooping=no auto-mac=no admin-mac=DD:EE:FF:AA:BB:CC 
     ageing-time=5m priority=0x8000 max-message-age=20s forward-delay=15s transmit-hold-count=6 vlan-filtering=no dhcp-snooping=no 

 3 R name="loopback" mtu=auto actual-mtu=1500 l2mtu=65535 arp=enabled arp-timeout=auto mac-address=0E:66:73:AA:10:86 protocol-mode=rstp fast-forward=yes igmp-snooping=no auto-mac=yes ageing-time=5m priority=0x8000 
     max-message-age=20s forward-delay=15s transmit-hold-count=6 vlan-filtering=no dhcp-snooping=no 
[demo@MikroTik] > /interface vlan
[demo@MikroTik] /interface/vlan> add name=e1v100 interface=ether1 vlan=100
[demo@MikroTik] /interface/vlan> add name=e1v200 interface=ether1 vlan=200
[demo@MikroTik] /interface/vlan> /interface bridge port
[demo@MikroTik] /interface/bridge/port> add bridge=bridge100 interface=e1v100
[demo@MikroTik] /interface/bridge/port> add bridge=bridge200 interface=e1v200
[demo@MikroTik] > /interface/print
Flags: R - RUNNING; S - SLAVE
Columns: NAME, TYPE, ACTUAL-MTU, L2MTU, MAX-L2MTU, MAC-ADDRESS
 #    NAME                   TYPE    ACTUAL-MTU  L2MTU  MAX-L2MTU  MAC-ADDRESS      
 0  S eth4-BR-SW_U10_T241    ether         1500   1596       2026  DC:2C:6E:xx:xx:F4
 1 R  ether1-WAN             ether         1500   1596       2026  DC:2C:6E:xx:xx:F1
 2 RS ether2-BR-SW-Base-U1   ether         1500   1596       2026  DC:2C:6E:xx:xx:F2
 3 RS ether3-BR-SW-U241      ether         1500   1596       2026  DC:2C:6E:xx:xx:F3
 4    ether5-off_bridge_wrk  ether         1500   1596       2026  DC:2C:6E:xx:xx:F5
 5  S sfp1                   ether         1500   1596       2026  DC:2C:6E:xx:xx:F6
;;; defconf
 6 R  BR-SW                  bridge        1500   1596             DC:2C:6E:xx:xx:F2
 7 R  bridge100              bridge        1500   1592             AA:BB:CC:DD:EE:FF
 8 R  bridge200              bridge        1500   1592             CE:90:C4:2E:25:DD
 9 RS e1v100                 vlan          1500   1592             DC:2C:6E:xx:xx:F1
10 RS e1v200                 vlan          1500   1592             DC:2C:6E:xx:xx:F1
11 R  loopback               bridge        1500  65535             0E:66:73:AA:10:86
12 R  vlan10                 vlan          1500   1592             DC:2C:6E:xx:xx:F2
13 R  vlan241                vlan          1500   1592             DC:2C:6E:xx:xx:F2
[demo@MikroTik] >
[demo@MikroTik] > /interface/print detail 
Flags: D - dynamic; X - disabled, R - running; S - slave 
 0   S name="eth4-BR-SW_U10_T241" default-name="ether4" type="ether" mtu=1500 actual-mtu=1500 l2mtu=1596 max-l2mtu=2026 mac-address=DC:2C:6E:xx:xx:F4 ifname="eth3" ifindex=10 id=4 link-downs=0 

 1  R  name="ether1-WAN" default-name="ether1" type="ether" mtu=1500 actual-mtu=1500 l2mtu=1596 max-l2mtu=2026 mac-address=DC:2C:6E:xx:xx:F1 ifname="eth0" ifindex=7 id=1 last-link-down-time=apr/06/2022 21:49:27 
       last-link-up-time=apr/06/2022 21:49:29 link-downs=3 

 2  RS name="ether2-BR-SW-Base-U1" default-name="ether2" type="ether" mtu=1500 actual-mtu=1500 l2mtu=1596 max-l2mtu=2026 mac-address=DC:2C:6E:xx:xx:F2 ifname="eth1" ifindex=8 id=2 
       last-link-down-time=apr/11/2022 22:23:30 last-link-up-time=apr/11/2022 22:23:32 link-downs=8 

 3  RS name="ether3-BR-SW-U241" default-name="ether3" type="ether" mtu=1500 actual-mtu=1500 l2mtu=1596 max-l2mtu=2026 mac-address=DC:2C:6E:xx:xx:F3 ifname="eth2" ifindex=9 id=3 
       last-link-down-time=apr/11/2022 22:23:16 last-link-up-time=apr/11/2022 22:23:33 link-downs=3 

 4     name="ether5-off_bridge_wrk" default-name="ether5" type="ether" mtu=1500 actual-mtu=1500 l2mtu=1596 max-l2mtu=2026 mac-address=DC:2C:6E:xx:xx:F5 ifname="eth4" ifindex=11 id=5 link-downs=0 

 5   S name="sfp1" default-name="sfp1" type="ether" mtu=1500 actual-mtu=1500 l2mtu=1596 max-l2mtu=2026 mac-address=DC:2C:6E:xx:xx:F6 ifname="eth5" ifindex=12 id=6 link-downs=0 

 6  R  ;;; defconf
       name="BR-SW" type="bridge" mtu=auto actual-mtu=1500 l2mtu=1596 mac-address=DC:2C:6E:xx:xx:F2 ifname="br0" ifindex=13 id=7 last-link-up-time=apr/05/2022 14:56:55 link-downs=0 

 7  R  name="bridge100" type="bridge" mtu=auto actual-mtu=1500 l2mtu=1592 mac-address=AA:BB:CC:DD:EE:FF ifname="br2" ifindex=17 id=11 last-link-up-time=apr/13/2022 18:17:56 link-downs=0 

 8  R  name="bridge200" type="bridge" mtu=auto actual-mtu=1500 l2mtu=1592 mac-address=CE:90:C4:2E:25:DD ifname="br3" ifindex=18 id=12 last-link-up-time=apr/13/2022 18:20:05 link-downs=0 

 9  RS name="e1v100" type="vlan" mtu=1500 actual-mtu=1500 l2mtu=1592 mac-address=DC:2C:6E:xx:xx:F1 ifname="vlan13" ifindex=19 id=13 last-link-up-time=apr/13/2022 18:32:03 link-downs=0 

10  RS name="e1v200" type="vlan" mtu=1500 actual-mtu=1500 l2mtu=1592 mac-address=DC:2C:6E:xx:xx:F1 ifname="vlan14" ifindex=20 id=14 last-link-up-time=apr/13/2022 18:32:03 link-downs=0 

11  R  name="loopback" type="bridge" mtu=auto actual-mtu=1500 l2mtu=65535 mac-address=0E:66:73:AA:10:86 ifname="br1" ifindex=16 id=10 last-link-up-time=apr/11/2022 03:19:29 link-downs=0 

12  R  name="vlan10" type="vlan" mtu=1500 actual-mtu=1500 l2mtu=1592 mac-address=DC:2C:6E:xx:xx:F2 ifname="vlan9" ifindex=15 id=9 last-link-up-time=apr/05/2022 14:56:55 link-downs=0 

13  R  name="vlan241" type="vlan" mtu=1500 actual-mtu=1500 l2mtu=1592 mac-address=DC:2C:6E:xx:xx:F2 ifname="vlan8" ifindex=14 id=8 last-link-up-time=apr/05/2022 14:56:55 link-downs=0 

[demo@MikroTik] > /system/routerboard/print
       routerboard: yes
        board-name: hEX S
             model: RB760iGS
     serial-number: xxxxxxxxxxxx
     firmware-type: mt7621L
  factory-firmware: 6.46.4
  current-firmware: 6.47.10
  upgrade-firmware: 7.2
[demo@MikroTik] >

As I mentioned at the beginning, I managed to make it work, each VLAN had a different MAC, I just wanted to see if there was another solution.

I realize that you got it to work. I was responding to the @mkx post #7 which seemed to make perfect sense, but when I actually tried it, it didn’t work.

I have been the source of incorrect information that seems to make sense to me at the time that I gave it, but turned out to be wrong. But that incorrect information then gets requoted, and becomes part of the “accepted” lore, so when I see something that I can’t reproduce, I say something. I don’t think @mkx was trying to lead anyone down the wrong path, but I don’t think it was tested. Or perhaps the behavior has changed, or works differently on another model. I am just reporting what I saw on my hEX S running v7.2.