Page 1 of 1

Bridge Port Horizon not configured, yet ports are isolated

Posted: Thu Jan 14, 2021 3:19 pm
by Hammy
/interface bridge
add fast-forward=no name=Bridge-VPLS-vlan300
/interface bridge port
add bridge=Bridge-VPLS-vlan300 interface=VPLS-vlan300-DNALAB
add bridge=Bridge-VPLS-vlan300 interface=ether9-vlan300
For "Bridge-VPLS-vlan300", devices on both "ether9-vlan300" and "VPLS-vlan300-DNALAB" can ping an IP address assigned to the bridge but are unable to cross the bridge.

I'm not sure why this would be. Horizons aren't configured. "Use IP Firewall" isn't configured. It's a CHR, so there is no switch port isolation involved.


I was at 6.42.x, but I just upgraded to 6.46.8 to the same effect.

Re: Bridge Port Horizon not configured, yet ports are isolated

Posted: Thu Jan 14, 2021 3:41 pm
by sindy
My bet is that this is due to the settings of the virtualization platform. By default, most of them drop packets sent by a VM interface if they have any other source MAC address than the one assigned to the interface. I.e. the ports are not actually isolated in the CHR, but frames forwarded by the CHR are dropped at its egress.

The way to change this behaviour is individual per virtualization platform.

Re: Bridge Port Horizon not configured, yet ports are isolated

Posted: Thu Jan 14, 2021 4:42 pm
by Hammy
Promiscuous mode indeed!!!!

So, um...

looking through all of the other portgroups...

I've apparently encountered this before as multiple other production portgroups\VLANs have promiscuous mode turned on.

Son of a...