Community discussions

MikroTik App
 
pe1chl
Forum Guru
Forum Guru
Topic Author
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Bridge hosts table when 2 interfaces with same MAC

Wed Apr 07, 2021 12:24 am

To overcome a limitation in another product, I have added 2 VLANs defined on the same interface to the same bridge:
/interface bridge add name=bridge1 protocol-mode=none
/interface vlan add interface=ether5 name=ether5.vlan62 vlan-id=62
/interface vlan add interface=ether5 name=ether5.vlan66 vlan-id=66
/interface bridge port add bridge=bridge1 interface=ether5.vlan62
/interface bridge port add bridge=bridge1 interface=ether5.vlan66
Ether5 is connected to a switch.

This configuration works OK. However, when I look in /interface bridge host print all hosts are printed as being on interface ether5.vlan62 also those that in fact are on ether5.vlan66. But the traffic flows OK to all hosts (on both VLANs and also between them).

Is this just a bug in the printing of the host table (maybe it uses the MAC address of the interface to find the corresponding interface name, and of course the MAC of ether5.vlan62 and ether5.vlan66 is the same!), or is there something more complicated and could I expect this configuration to fail some time, maybe after a reboot?
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: Bridge hosts table when 2 interfaces with same MAC

Wed Apr 07, 2021 7:59 am

I don't think anything is wrong with your setup, I guess it's a bug in printing host table. Bridge is supposed to do independent VLAN learning. Plus it's customary for VLAN interfaces to use physical interface's MAC address (at least linux does it) so from router's point of view your two gadgets might be single device with two VLANs enabled. Important thing is that your switch does its magic properly (i.e. IVL as it should).
 
pe1chl
Forum Guru
Forum Guru
Topic Author
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: Bridge hosts table when 2 interfaces with same MAC

Wed Apr 07, 2021 10:51 am

To be clear, this bridge is doing nothing with VLANs. A VLAN-aware bridge would not be able to do this config.
What I have is two VLAN sub-interfaces that are member of the bridge. So the bridge sees the untagged traffic only.
It appears to work OK for now, only the host table view is incorrect. But as you say, it may well be a bug in the printing code only as it appears to direct the traffic to the correct VLAN for each host on the network (most of them are on VLAN 62, a couple on VLAN 66 now).
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: Bridge hosts table when 2 interfaces with same MAC

Wed Apr 07, 2021 4:18 pm

Hmmm ... only now I see the weirdness of your setup. I still think it's bug in code which prints out the ARP table, possibly it expects that one MAC address is only available through one of bridge ports (and in your case, bridge ports are vlan interfaces on top of ether5) which would be usual case.

I'm not so sure that bridge with vlan-filtering couldn't do it ... did you try it (and fail)? I still think that in this particular case bridge would think that both devices are actually single vlan-aware device. What might puzzle bridge (or not) would be scenario, where both devices would be tagged (with different VIDs), but connecting to different physical interfaces (e.g. via two managed switches, one connected to each RB's port). In that case bridge would actually see same MAC address (in different VLANs though) on different bridge ports.
 
pe1chl
Forum Guru
Forum Guru
Topic Author
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: Bridge hosts table when 2 interfaces with same MAC

Wed Apr 07, 2021 4:47 pm

What is special in this setup is that there are two VLANs (with different tag) that together form 1 subnet. I.e. they are bridged together.
The router has its IP address, filter rules, etc. all on the bridge and externally there are these two VLANs.

The reason is that I want to extend the wireless network, which now has a couple of different SSIDs with WPA2-PSK each attached to a VLAN, with an extra SSID that has WPA2-EAP and that has dynamically assigned VLAN depending on the user/pass or certificate presented to the AP.
So I want certain users of SSID A to be put in VLAN 62 (existing situation), SSID B users are on VLAN 63, etc. Now I want users of the new EAP SSID C that use certain usernames to be on that same network, others on the second network, etc.
However, unfortunately the APs of the competitor do not allow to have the same VLAN ID both as a static VLAN for fixed VLAN mapping and as a dynamic VLAN for dynamic VLAN users. Dynamically assigned VLANs must be different from any statically assigned (fixed to SSID) VLANs...
Stupid limitation, they are promising to remove that, but they are promising that for 3 years already and until now it has only happened in beta firmware that I do not want to run. So the situation is not too different from what we know from MikroTik :-)

So, this "clever" workaround. Until now, the bridge was already present but it had only the ether5.vlan62 as external port, it was set to "fast forward", and no learning.
I have removed the fast forward, enabled auto learning, and added the extra VLAN and it appears to work OK, but as described the host table is printed incorrectly.
The ARP table is OK because it has the bridge interface as interface in the table.

(based on earlier experience I now configure CCR routers always like this: one bridge per "application" (like WAN1, WAN2, LAN, GUEST1, GUEST2) and then put it in fast forward mode and one external port. it causes little overhead, and it has several advantages: you can easily move some application to another port, when replacing the router with another type with different port layout it is easy to adapt the confguration (e.g. old vs new model CCR1009), and it also allows bridge filtering which I use to do some ARP filtering)

Who is online

Users browsing this forum: Bing [Bot] and 81 guests