Community discussions

MikroTik App
 
GroundbreakingItem0
just joined
Topic Author
Posts: 2
Joined: Sat Jan 19, 2019 12:51 pm

Mikrotik CRS326 6.43.8 not forwarding some L2 traffic ?

Sat Jan 19, 2019 1:21 pm

Hi,

I recently bought a CRS326-24G-2s+ (Running 6.43.8) and noticed a strange behavior on it.
Got 2PC, 1 Wired (PC1), 1 over Wifi (PC2) - (Through a Ubiquiti AP)

Both PC get an IP from Mirkotik over DHCP and can access internet through the default GW .254 (SP router)
However, neither of the PC can ping eachother.

Sniffer trace reveals that the PC are sending ARPs request properly, but they seemed to be dropped by the CRS, as the ARP request from PC1 to PC2 is not seen on the port of PC2 and vice versa.
(Devices are MAC and Linux based, and tried with several devices, the behaviour is the same).

Strangely enough, depending on what interface the PCs are plugged, it SOMETIMES works. (If I plug more devices, some devices have no problem accessing each other, some others can access some devices, but not all).

All ports are in the default bridge1 bridge and there is no special configuration on those ports.

I can ping all devices without issues from the router CLI directly and the ARP table on the CRS is correct too.

Topology:

Code: Select all

..................+--------+
..................|CRS326..|
..................|........|.............173..+------+
+--------+........|........+------)))...(((---+PC2...|
|........|.254....|........|..................|WiFi..|
|INTERNET+--------+........|..................+------+
|........|........|........|
+--------+........|........|
..................|........|..............192.+------+
..................|........+------------------+PC1...|
..................|........|..................|Wired.|
..................+--------+..................+------+
Config:

admin@MikroTik] > /export

/interface bridge
add admin-mac=xxxx auto-mac=no comment="created from master port" ether-type=0x88a8 name=bridge1 vlan-filtering=\
yes
/interface ethernet
set [ find default-name=ether6 ] comment=PC1
set [ find default-name=ether23 ] comment=PC2
set [ find default-name=ether24 ] comment=Router

/interface vlan
add interface=bridge1 name=vlan17-mgmt vlan-id=17
/interface ethernet switch port
set 0 limit-broadcasts=no
set 16 limit-broadcasts=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/interface bridge port
add bridge=bridge1 interface=ether6
add bridge=bridge1 interface=ether23
add bridge=bridge1 interface=ether24
/ip settings
set accept-redirects=yes
/interface bridge vlan
add bridge=bridge1 tagged=ether13,ether14,ether15,ether10 vlan-ids=17
/ip address
add address=192.168.88.1/24 interface=bridge1 network=192.168.88.0
/ip dhcp-server network
add address=192.168.88.0/24 dns-server=8.8.8.8 gateway=192.168.88.1 netmask=24
/ip dns
set servers=8.8.8.8
/ip firewall nat
add action=masquerade chain=srcnat out-interface=bridge1 src-address=192.168.88.2-192.168.88.253
/ip route
add distance=1 gateway=192.168.88.254
/system logging
set 0 action=echo
set 1 action=echo
set 2 action=echo
/system routerboard settings
set boot-os=router-os
/tool sniffer
set memory-scroll=no


--> You'll see some references to VLAN17, but it's not in use right now, as I am still struggling to make things work in VLAN1.
Could you please give me a hand in understanding what I am missing here?
Thanks
Last edited by GroundbreakingItem0 on Sat Jan 19, 2019 4:29 pm, edited 1 time in total.
 
User avatar
CZFan
Forum Guru
Forum Guru
Posts: 2098
Joined: Sun Oct 09, 2016 8:25 pm
Location: South Africa, Krugersdorp (Home town of Brad Binder)
Contact:

Re: Mikrotik CRS326 6.43.8 not forwarding some L2 traffic ?

Sat Jan 19, 2019 2:16 pm

What is the purpose of below in your config?
/ip firewall nat
add action=masquerade chain=srcnat out-interface=bridge1 src-address=192.168.88.2-192.168.88.253
 
tdw
Forum Guru
Forum Guru
Posts: 1844
Joined: Sat May 05, 2018 11:55 am

Re: Mikrotik CRS326 6.43.8 not forwarding some L2 traffic ?

Sat Jan 19, 2019 2:35 pm

All ports are in the default bridge1 bridge and there is no special configuration on those ports.
That is incorrect, as you have:
/interface bridge port
add bridge=bridge1 interface=ether6 
add bridge=bridge1 interface=ether23
add bridge=bridge1 interface=ether24

/interface bridge vlan
add bridge=bridge1 tagged=ether13,ether14,ether15,ether10 vlan-ids=17
so only interfaces ether6, 23 & 24 are connected together, traffic will pass as you have not disabled invalid VLANs.

See https://wiki.mikrotik.com/wiki/Manual:I ... _Filtering on how to set up the bridge with VLAN support
 
GroundbreakingItem0
just joined
Topic Author
Posts: 2
Joined: Sat Jan 19, 2019 12:51 pm

Re: Mikrotik CRS326 6.43.8 not forwarding some L2 traffic ?

Sat Jan 19, 2019 4:43 pm

All ports are in the default bridge1 bridge and there is no special configuration on those ports.
That is incorrect, as you have:
/interface bridge port
add bridge=bridge1 interface=ether6 
add bridge=bridge1 interface=ether23
add bridge=bridge1 interface=ether24

/interface bridge vlan
add bridge=bridge1 tagged=ether13,ether14,ether15,ether10 vlan-ids=17
so only interfaces ether6, 23 & 24 are connected together, traffic will pass as you have not disabled invalid VLANs.

See https://wiki.mikrotik.com/wiki/Manual:I ... _Filtering on how to set up the bridge with VLAN support
I did remove some config lines for brevity, but basically all interfaces are added under bridge1.

And the purpose of the NAT is to NAT everything that would go towards the default GW (right now, it's not in operation) - That's going to be required later when I'll have the full config that I wqant to use with VLAN, various subnets etc.

The same issue is present if NAT entries are removed as well btw.
Thanks.
 
User avatar
CZFan
Forum Guru
Forum Guru
Posts: 2098
Joined: Sun Oct 09, 2016 8:25 pm
Location: South Africa, Krugersdorp (Home town of Brad Binder)
Contact:

Re: Mikrotik CRS326 6.43.8 not forwarding some L2 traffic ?

Sat Jan 19, 2019 6:18 pm

I think you should reset device to default, test again...

Who is online

Users browsing this forum: Ahrefs [Bot], chatravin, dervomsee, kenoginez, Seekport [Bot], Shambler, sinisa and 68 guests