Hello guys,

I started to investigate one specific issue. Topology as depicted The following is the configuration of the: UPLINK MIKROTIK (2011UiAS-2HnD)
/interface bridge
add admin-mac=4C:5E:0C:43:DE:F6 arp=proxy-arp auto-mac=no mtu=1500 name=bridge-local vlan-filtering=yes

/interface vlan
add interface=sfp1-gateway name=vlan1 vlan-id=1
add interface=sfp1-gateway name=vlan357 vlan-id=357

/ip pool
add name=dhcp ranges=192.168.168.50-192.168.168.240
/ip dhcp-server
add address-pool=dhcp authoritative=after-2sec-delay disabled=no interface=vlan1 name=dhcp1
/interface bridge port
add bridge=bridge-local hw=no interface=ether2
add bridge=bridge-local hw=no interface=ether3
add bridge=bridge-local hw=no interface=ether4
add bridge=bridge-local hw=no interface=ether5
add bridge=bridge-local hw=no interface=ether6
add bridge=bridge-local interface=wlan1
add bridge=bridge-local hw=no interface=sfp1-gateway
add bridge=bridge-local interface=ether7
add bridge=bridge-local interface=ether8
add bridge=bridge-local interface=ether9 pvid=357
add bridge=bridge-local interface=ether10
/interface bridge vlan
add bridge=bridge-local tagged=sfp1-gateway vlan-ids=1
add bridge=bridge-local tagged=sfp1-gateway vlan-ids=357

Next, I have this config for the (962UiGS-5HacT2HnT)

/interface bridge
add fast-forward=no name=bridge1 vlan-filtering=yes
/interface vlan
add interface=sfp1 name=vlan1 vlan-id=1
add interface=sfp1 name=vlan357 vlan-id=357
/interface bridge port
add bridge=bridge1 interface=wlan1
add bridge=bridge1 interface=wlan2
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4 pvid=357
add bridge=bridge1 interface=ether5
add bridge=bridge1 interface=sfp1
/interface bridge vlan
add bridge=bridge1 tagged=sfp1 untagged=ether1,ether2,ether3,ether5 vlan-ids=1
add bridge=bridge1 tagged=sfp1 untagged=ether4 vlan-ids=357

When I tested this configuration in my lab everything works well. When I run two DHCP servers on the uplink mikrotik I'm able to get network parameters from two different DHCP servers (server1 vlan1 and server2 vlan357 = just in LAB for testing purposes)

Then I sent the (962UiGS-5HacT2HnT) MK to production and I noticed weird behaviour of the network. I cannot obtain DHCP parameters from DHCP server. Neither from ACCES 1 or ACCESS 357 ports. With the help of packet sniffer I'm able to see DISCOVER mesages from the clients and these messeges get to the DHCP server. DHCP server then send OFFER down to the trunk port and I can see the messeges through packet sniffer on the bottom mikrotik. But when I run wireshark on client machines there is no offer.

The topology looks simple but I have already tried everything and still can't get this topology to work correctly.

Any ideas? Thanks for any help.

You can't put VLANs on slave interfaces. Put them on the bridge.

You should avoid using VLAN 1. It will go untagged if you do all correct.

2011 962

Hi Jotne,
Good changes, vlan1 is not needed to specificy because its the default anyway and I think of it as just normal LAN traffic, which is passed through as the OP desires with really no special setup for it.

Edit, no I think you are on the right track........
/interface bridge vlan
add bridge=bridge-local tagged=bridge-local,sfp1-gateway, untagged=eth9 vlan-ids=357

In addition we do not know what the OP specifically wants coming in eth9 But I would be tempted to assume he wants everything from that port tagged to become vlan357 packets and thus would use ingress-filtering.

The bridge port rules change
(from) add bridge=bridge-local interface=ether9 pvid=357
(to) add bridge=bridge-local interface=ether9 pvid=357 ingress-filtering=yes

As for the secondary device (962)
I make the same recommendations.........
add bridge=bridge1 interface=ether4 pvid=357 ingress-filtering=yes
and
/interface bridge vlan
add bridge=bridge1 tagged=bridge1,sfp1, untagged=eth4 vlan-ids=357