vlan issue RouterOS 6.41

yannick · Fri Dec 29, 2017 4:19 am

Hi,
My cisco switch is connected to eth1 configured as a trunk port, my laptop is connected to eth2 as an access port.
Here is my setup :

/interface bridge
add fast-forward=no name=bridge-tr
add fast-forward=no name=bridge692
/interface wireless
set [ find default-name=wlan1 ] ssid=MikroTik
set [ find default-name=wlan2 ] ssid=MikroTik
/interface vlan
add interface=bridge-tr loop-protect-disable-time=0s \
loop-protect-send-interval=0s name=vlan692 vlan-id=6
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/interface bridge port
add bridge=bridge692 hw=no interface=ether2
add bridge=bridge692 hw=no interface=vlan692
add bridge=bridge-tr hw=no interface=ether1
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/ip address
add address=192.168.12.189/25 interface=bridge692 network=192.168.12.128

I cannot ping vlan 692 (192.168.12.253/25) interface on the cisco switch and I get these errors from log :

06:51:51 interface,warning ether1: bridge port received packet with own address as
source address (e4:8d:8c:68:14:61), probably loop
06:51:58 interface,warning ether1: bridge port received packet with own address as
source address (e4:8d:8c:68:14:61), probably loop
06:52:04 interface,warning ether1: bridge port received packet with own address as
source address (e4:8d:8c:68:14:61), probably loop
06:52:11 interface,warning ether1: bridge port received packet with own address as
source address (e4:8d:8c:68:14:61), probably loop

What is wrong ?

yannick · Fri Dec 29, 2017 4:26 am

it is a loop free topology

skuykend · Fri Dec 29, 2017 4:54 am

What hardware are you running on? I don't see any bridge/vlan or switch/vlan settings.

yannick · Fri Dec 29, 2017 8:57 pm

It is a hAP ac lite
RB952Ui-5ac2nD

thanks

skuykend · Fri Dec 29, 2017 11:52 pm

I'm thinking there's still an issue with STP/RSTP compatibility with different switch chips and/or vendors. If you turn it off on both bridges do the messages go away?

sindy · Sat Dec 30, 2017 9:29 pm

I would check the Cisco's syslog. The way you've configured Mikrotik seems correct to me (the "traditional" way with no VLAN-filtering):

interface:         vlan692
          tagged side   untagged side
                /           \
bridge:    bridgeTr       bridge692
             /                 \
port:     ether1             ether2

So unless the loop closes via your notebook's second Ethernet port connected to the Cisco, I would search for a loop inside the Cisco network. If this is the case, Cisco's syslog should report something like

Dec 30 09:16:33 c-2960-1 : %SW_MATM-4-MACFLAP_NOTIF: Host 64d1.5400.001b in vlan 3 is flapping between port Fa0/16 and port Fa0/20

at the same time when Mikrotik's log reports the loop.

While I don't share @skuykend's assumption that STP/RSTP incompatibility between vendors is the cause of your issue, the incompatibility as such does exist and the only STP flavor compatible between vendors is the IEEE MSTP. But if you want to deploy it, which 6.41 permits, it requires also change of settings at Cisco side. So unless you need to use redundant links between Mikrotik and Cisco and if you are reasonably sure that someone won't insert a cable to a wrong hole in future, it is better to disable STP at Mikrotik side completely in this scenario. If you have a reason, you must configure Mikrotik's bridge to vlan isolation mode and configure MSTP both at Mikrotik and at Cisco. But be aware that using different STP flavors at different Cisco switch ports is a challenge of its own.

vlan issue RouterOS 6.41

vlan issue RouterOS 6.41

Re: vlan issue RouterOS 6.41

Re: vlan issue RouterOS 6.41

Re: vlan issue RouterOS 6.41

Re: vlan issue RouterOS 6.41

Re: vlan issue RouterOS 6.41

Who is online