What I observe is that traffic coming from the access port gets switched to the trunked port, but has 2 802.1Q headers. The outer one has ID=0, the inner one has the expected VLAN tag. I observed this with packet capture on the device at the other end of the trunked port, and verified the traffic is going in untagged on the access port with pcap there. I have the configuration shown below, then run "/interface bridge set bridge vlan-filtering=yes", observe the /interface bridge vlan table (looks as expected) but nothing works because of the VLAN ID=0 double tagging.
Code: Select all
# BRIDGE VLAN-IDS CURRENT-TAGGED CURRENT-UNTAGGED
0 bridge1 10 bridge1 sfp-sfpplus4
sfp-sfpplus1
1 D bridge1 1 bridge1
sfp-sfpplus1
I considered just using SwOS since my use case is so simple. I have to admit I was a bit discouraged by
Code: Select all
*) CRS305: fixed traffic forwarding between SFP+ ports;
Code: Select all
/interface bridge
add admin-mac=08:55:31:D3:64:CE auto-mac=no name=bridge1
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcpPoolMGMT ranges=192.168.99.2-192.168.99.254
/ip dhcp-server
add address-pool=dhcpPoolMGMT disabled=no interface=ether1 name=dhcpMGMT
/user group
set full policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,dude,tikapp
/interface bridge port
add bridge=bridge1 interface=sfp-sfpplus1
add bridge=bridge1 interface=sfp-sfpplus4 pvid=10
/ip neighbor discovery-settings
set discover-interface-list=none
/interface bridge vlan
add bridge=bridge1 tagged=bridge1,sfp-sfpplus1 untagged=sfp-sfpplus4 vlan-ids=10
/ip address
add address=192.168.99.1/24 interface=ether1 network=192.168.99.0
/ip cloud
set update-time=no
/ip dhcp-client
add disabled=no interface=bridge1
/ip dhcp-server network
add address=192.168.99.0/24 dns-none=yes
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set api disabled=yes
set winbox disabled=yes
set api-ssl disabled=yes
/ip ssh
set strong-crypto=yes
/system clock
set time-zone-name=America/New_York
/system routerboard settings
set boot-os=router-os
/tool bandwidth-server
set enabled=no
/tool mac-server
set allowed-interface-list=none
/tool mac-server mac-winbox
set allowed-interface-list=none
/tool mac-server ping
set enabled=no