Hello,

Purpose: setup a mikrotik as simple L2-router
following Setup: Internet router => Cisco L3-Switch SG350 => L2 - switches on different HP and synology switches+ Mikrotik hEX s
L3 and all HP/synology are working fine as access switches - only small issue with Mikrotik:

I've done setup on Mikrotik for bridge1 VLAN trunk on port 1 to Cisco L3 with all VLANs tagged, instead of VLAN1 which is routed as native/untagged.
On ports 2,4,5 I've assigned other trunked VLANs as untagged config, which are working fine/as expected - getting IP in correct subnet.
As well have created Port 3 using untagged VLAN1 not getting IP.

Only issue is I'm not able to get VLAN1 iworking - can not get IP of neighboar on L3 as well as on hex s.
Also tried to tag VLAN1 on both sides as well, but this causes entire loose of connection for all VLANs.

I've seen an article describing that on older router OS <6.4 this is known issue, that native VLAN isn't translated correctly by Mikrotik as PVID1 but as PVID0.
Unfortunately my VLAN1 is covering mgmt/access VLAN to all network devices so it wouldn't be easy to change this.

Did someone knows how to allign Cisco/HP-VLAN1 (native VLAN) to a VLAN1 on Mikrotik bridge modul on newer OS-Level >6.4.
Or is it impossible to use a mikrotik hexs as simple L2 access swtich in this case?

There are limitations with some of older switch chips which do not apply to newer ones, and RouterOS 6.4 was released 7 years ago - there have been many changes since then.

Is there any available change-log to review?

As requested here's my simple config:
# jan/02/1970 19:02:42 by RouterOS 6.47
# software id = HEV7-RKLW
#
# model = RB760iGS
# serial number = A815092CA8E7
/interface bridge
add name=bridge1 vlan-filtering=yes
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/interface bridge port
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=ether4 pvid=940
add bridge=bridge1 interface=ether5 pvid=950
add bridge=bridge1 interface=ether2 pvid=910
add bridge=bridge1 interface=ether3
/interface bridge vlan
add bridge=bridge1 tagged=ether1 untagged=ether5 vlan-ids=950
add bridge=bridge1 tagged=ether1 untagged=ether4 vlan-ids=940
add bridge=bridge1 untagged=ether3,ether1 vlan-ids=1
add bridge=bridge1 tagged=ether1 untagged=ether2 vlan-ids=910
/ip address
add address=172.16.176.15/22 interface=bridge1 network=172.16.176.0
/system routerboard settings

ether 2,4,5 in correct VLAN - getting IP from L3,
ether 1,3 not getting IP

Hope that gives idea...

thx

I thought you may be trying to use the switch chip, which isn't straightforward, but a VLAN-aware bridge doesn't use it.
Presumably you can access the switch at its 172.16.176.15 address via your management network, this would show untagged traffic from your Cisco is reaching the Mikrotik successfully.

The default for Mikrotik bridges is RSTP enabled, I know this can have odd effects with Cisco PVST+ which isn't compatible with RSTP but unlikely to be the cause of your problem.

First: Don’t know which miracle happened, didn’t changed config – only had a powercycle-reboot and reconnected trunk physically:
Now this working (didn’t worked before):
1. Ping Mikrotik-IP directly from L3cisco-switch or other switches in VLAN1.
2. Ping Mikrotik-IP directly from ether3 and other devices in VLAN1 now.
3. Ping from Mikrotik ether3 (VLAN1) to other devices in any available VLAN, routed by Cisclo-L3
4. IP assigned by DHCP from L3-Cisco on Mikrotik-ether3 (VLAN1)
Only thing not working
1. Can not ping from any VLAN <>vlan1 connected to cisco.
(This routing is working to all other switches in VLAN1)
so I assume routing is correctly assigned on L3
Therefore I checked on STP:
On Cisco Spanning tree was enabled by default – L3 using STP – with Rapid STP.
Uplink Port to Mikrotik is setup Auto for RSTP-Interface.
Changed both L3-settings to disable didn’t changed any behaviour on Mikrotik uplink.

Did you think that I can not ping Mikrotik IP from VLAN940-routed to VLAN1 by Cisco is RSTP issue? Any suggestion to solve?

Originally I was refering to this article think this is a meanwhile fixed bug as it’s working now or different behaviour on bridge-ship.
[urlhttps://forum.mikrotik.com/viewtopic.php?f=2&t=115115&p=571100&hilit=procurve+vlan][/url] from #11 on
you are right.

As I'm a newby with Mikrotik but already working with many other network vendor devices, I'm wondering how complex simple setups can be done, developing new sw-versions without change-log and marking bugfixes implemented?!I assume that's more a playground for network-architects :-)

Thanks for your reply.

You made my day, tdw.

I was not recognizing that gateway wasn't setup by me - originally I planned to get IP on bridge from DHCP-client on L3 (as reservation). As I had that much issues with VLAN routing I decided to get it fixed on interface for troubleshooting.
But you are right to add gateway as part of routing information is special :-)

No. There is no default route so anything outside 172.16.176.0/22 will not be reachable. On other devices you often get to specify an IP address, subnet mask and gateway, but on a Mikrotik you only specify an IP address and subnet mask on an interface, and separately a default route.
/ip route
add distance=1 gateway=<your gateway address>

thanks for your support, I'll mark this thread as solved now.