If one has as one of the very first switch ACL rules a "redirect-to-cpu all traffic" then the bridge stops functioning.

Let's say bridge has own IP and has the members ether1, ether2, ether3, ether4.
Then the following ACL rule will make the bridge inoperational so that attached PCs cannot ping each other anymore.
Disabling that rule makes the bridge operational again --> ie. BUG.

Code: Select all

:global myPorts "ether1,ether2,ether3,ether4"

/interface ethernet switch rule
add comment="redirect_all_traffic_to_cpu" ports=$myPorts redirect-to-cpu=yes switch=switch1 disabled=no

This has furthergoing implications: it means CPU cannot handle all traffic types. But since it's not documented, nobody knows and everybody can only scratch his/her head and wonder why it doesn't function...

Error persist even when explicitly specifying "new-dst-ports=switch1-cpu", ie.:

add comment="redirect_all_traffic_to_cpu" ports=$myPorts redirect-to-cpu=yes switch=switch1 new-dst-ports=switch1-cpu disabled=no