In my config (ROS 6.35.4 on an RB850Gx2) I have the following, which worked fine since setting it up yesterday (it downloaded 45GB overnight) until I moved the router to my rack from my test area and plugged it back in:
- PPPoE dialer through Eth1, which gets the IP address x.y.z.17 assigned by ISP. I have a subnet x.y.z.16/29.
- I set this same .17 address on a bridge interface which has port Eth2 and VLAN-FRED (that is also on Eth5 for a trunk, in case I need it). This is to bridge the public subnet onto my public-facing servers. FRED=Firewalled RED, by the way.
- Either VLAN-FRED or the bridge was set to proxy-arp. I forget which one I put it on (the VLAN I think) because I have changed it so much while troubleshooting. Remember though, everything worked before moving the box.
- On Port Eth2 is my ESXi server, with a Windows 2008 guest with IP address x.y.z.19. It spent the night connected to the internet (through the .17 default route) with no trouble.
- If I change the VLAN-FRED arp setting to disabled on one of the mentioned interfaces, I immediately get response from the ping, for exactly 24 seconds every time. During that time the arp entry for .17 exists on the server. Then the pings fail and the arp entry is no longer there.
- If I then set the interface back to proxy-arp, the above repeats, for 24 seconds.
I'm completely puzzled as to why everything worked perfectly until I moved the router into the loft (Well of course, it's hard to get to now... so it's bound to fail).
I'll put the relevant parts of my config below. If someone could shed any light on this, I would be grateful.
Edit to add:
Code: Select all
/interface bridge add name=Bridge-VLAN-Cisco add arp=proxy-arp name=Bridge-VLAN-FRED add name=Bridge-VLAN-LAN /interface ethernet set [ find default-name=ether1 ] mtu=1492 name=Eth1-WAN set [ find default-name=ether2 ] name=Eth2-FRED set [ find default-name=ether3 ] name=Eth3-LAN set [ find default-name=ether4 ] name=Eth4-Cisco set [ find default-name=ether5 ] name=Eth5-Trunk /interface pppoe-client add add-default-route=yes disabled=no interface=Eth1-WAN keepalive-timeout=disabled \ name=PPPoE password=xxx use-peer-dns=yes user=xxx /interface vlan add interface=Eth5-Trunk name=VLAN-Cisco vlan-id=999 add arp=proxy-arp interface=Eth5-Trunk name=VLAN-FRED vlan-id=990 add interface=Eth5-Trunk name=VLAN-LAN vlan-id=1 /interface bridge port add bridge=Bridge-VLAN-Cisco interface=VLAN-Cisco add bridge=Bridge-VLAN-Cisco interface=Eth4-Cisco add bridge=Bridge-VLAN-FRED interface=Eth2-FRED add bridge=Bridge-VLAN-FRED interface=VLAN-FRED add bridge=Bridge-VLAN-LAN interface=VLAN-LAN add bridge=Bridge-VLAN-LAN interface=Eth3-LAN /interface bridge settings set use-ip-firewall=yes /ip address add address=192.168.1.254/24 interface=Bridge-VLAN-LAN network=192.168.1.0 add address=x.y.z.17/29 interface=Bridge-VLAN-FRED network=x.y.z.16 add address=192.168.0.254/24 interface=Bridge-VLAN-Cisco network=192.168.0.0
I've just realised that I can't get a remote desktop to the server either. It's as if it isn't there. That is odd as that goes over the 192.168.1.0 network, and that was working yesterday too. However, I can ping it from my local PC and even file sharing (both ways) works. In fact, I'm connected now on vSphere and that is over 192.168 as well. But not RDP... hmmm...