For "Bridge-VPLS-vlan300", devices on both "ether9-vlan300" and "VPLS-vlan300-DNALAB" can ping an IP address assigned to the bridge but are unable to cross the bridge.

I'm not sure why this would be. Horizons aren't configured. "Use IP Firewall" isn't configured. It's a CHR, so there is no switch port isolation involved.


I was at 6.42.x, but I just upgraded to 6.46.8 to the same effect.

My bet is that this is due to the settings of the virtualization platform. By default, most of them drop packets sent by a VM interface if they have any other source MAC address than the one assigned to the interface. I.e. the ports are not actually isolated in the CHR, but frames forwarded by the CHR are dropped at its egress.

The way to change this behaviour is individual per virtualization platform.

Promiscuous mode indeed!!!!

So, um...

looking through all of the other portgroups...

I've apparently encountered this before as multiple other production portgroups\VLANs have promiscuous mode turned on.

Son of a...