Goal. On PC behind Router1, access via winbox, R2.
Example:
R1: ether1 192.168.99.1/24 / R2: ether22 192.168.99.2/24
PC, manual IPV4 192.168.99.5
both associated interfaces are part of interface list entered for neighbours discovery and mac winbox server.
++++++++++++++++++++++++++++
Both routers are setup as routers and are connected via ether1, and ether22 respectively.
Both are run via a single bridge and vlan bridge filtering
Each has an off bridge port.
Absolutely nothing I have tried has resulted in me being able to see the R2 in IP neighbours discovery of R1, or see R2 via winbox from the PC. The same goes for in reverse, unable to see R1 in neighours discovery of R2. The only think I managed to do is ping R1 from R2 (via R2 tools). Otherwise zippo. Yes tried different ports and cables.
Starting to think that L2 connectivity is impossible in terms of neighbour discovery and mac winbox server.
(IP address and winbox port a no go as well in winbox)>
Am I barking up an impossible tree or is there some fancy solution?
Yes, I tried the vlan filtering bridge approach on both routers. The PC is removed via two switches, so the vlan for 99, is tagged from R1, to a patch panel switch in turn tagged to hex switch which is then untagged on ether5 to the PC pvid 99. Neither case did ip neighours show the other device of visibile on winbox.
I did try the .99 addresses on winbox with IP and winbox port to no avail.
If you have a single broadcast domain that the PC, and the interfaces (vlan?) on the two routers, then you should be able to see both routers from that PC with winbox and should be able to connect with either ip or mac address.
Have you used something like arp-scan (linux) or Doug Johnson's IPEnum to verify that you really have L2 access from the PC? Or even angry ip scanner (although it won't see things that are blocking icmp ping requests; both arp-scan and IPEnum see anything that responds to ARP, and most things do)
For IPEnum see this youtube video (this is not the IPEnum you will find with google; this one is part of DJUtils). Doug requests that the direct link and authentication to download isn't shared, just the link to the video where he covers how to use the utilities and it does provide the link and password.
If you want a more powerful tool, that will also run on windows, you can download nmap and it can do arp-scans as well. But you will need to install npcap as well. https://nmap.org/download.html#windows
What's the simplest reproducer given two routers?
What you have described in words isn't complete.
Are you above your own posting rules? I see no configs or diagram
Not even a mention of what routers are involved (is the hex being used just as a switch, or is it one of the routers?)
@anav do you have wireshark loaded on the PC in question?
If so you can capture traffic (if you want you can put in a capture filter to limit what is captured, specifying the mac address of the router you can't see).
Also, switches can "eat" some ethernet frames, specifically rstp related and CDP or LLDP discovery frames. However, dumb switches usually are transparent to those, and will pass them through. And MNDP should make it though switches.
You guys crack me up LOL. Buckeye that is a gem how did you do that………. ( going to frame that in gold )
I solved my issue by simply making a VLAN on the ccr2004, to act as a WAN interface for the 1009. So VLAN on ccr2204 bridge, untagged out etherX to cc1009. On the CCR1009 ( ip dhcp client on the etherX from the ccr2004). While connected from my PC to the ccr1009, I can see the 2004 on ip neighbours, and I can connect from my pc to the 2004 using IPaddress:winbox port. More importantly I can connect to the XGS-pon inserted into the sfp-sfpplus1 port on the 2004 at address 192.168.11.1. ( added a route to the ccr1009 ).
Although I can see the CCR1009 in ip neighbours, and I can ping it from the 2004 tools, I am unable to connect to the 1009 from my laptop sitting behind the 2004 using IP address:port in winbox ??? That is the part that is currently confusing me. ??
