On a AP with Bridge port entries for Ether + Wlan , what is the most suitable bridge mode ( NONE : STP : RSTP : MSTP)
For a RB960 which has 4 bridges
( bridge1 ports =ether1 + Ether2 )
( Bridge2 ports=ether1 + Ether3 )
( Bridge3 ports=ether1 + Ether4 )
( Bridge4 ports=ether1 + Ether5 )
Once again what is the most suitable bridge mode ( NONE : STP : RSTP : MSTP) on each bridge?
Re: Bridge protocol
Hey. Without any isolation you should use RSTP. But better option is layer 2 isolation on router or on a switch between these ethernet interfaces without any of STP.
https://wiki.mikrotik.com/wiki/Manual:S ... _isolation
https://wiki.mikrotik.com/wiki/Manual:S ... _isolation
-
-
Gombeen666
Member Candidate
- Posts: 224
- Joined:
Re: Bridge protocol
Thanks for the reply!
Just reading
https://wiki.mikrotik.com/wiki/Manual:S ... _isolation
I am unclear as I am also using VLAN's if I should use both
(1) /interface ethernet port switch port-isolation (forwarding-override)
(2) /interface ethernet switch vlan
Just reading
https://wiki.mikrotik.com/wiki/Manual:S ... _isolation
I am unclear as I am also using VLAN's if I should use both
(1) /interface ethernet port switch port-isolation (forwarding-override)
(2) /interface ethernet switch vlan
Re: Bridge protocol
This isolation works with ports, without any vlans.Thanks for the reply!
Just reading
https://wiki.mikrotik.com/wiki/Manual:S ... _isolation
I am unclear as I am also using VLAN's if I should use both
(1) /interface ethernet port switch port-isolation (forwarding-override)
(2) /interface ethernet switch vlan
-
-
Gombeen666
Member Candidate
- Posts: 224
- Joined:
Re: Bridge protocol
How do I setup layer 2 isolation on a AP or PTP ?
-
-
Gombeen666
Member Candidate
- Posts: 224
- Joined:
Re: Bridge protocol
Last night I switched a number of AP+PtP to RSTP on their bridges and this morning i find in the core router (CCR1009) interface, warning logs with several entries "VlanXXXX bridge port received packet with own address as slave address ( XX.XX.XX.XX.XX.XX ), probably loop" I switched back to bridge mode=none and will check if log warning stop.
Re: Bridge protocol
If you see this message, don't turn off stp. Did you manage port-isolation force forwarding?Last night I switched a number of AP+PtP to RSTP on their bridges and this morning i find in the core router (CCR1009) interface, warning logs with several entries "VlanXXXX bridge port received packet with own address as slave address ( XX.XX.XX.XX.XX.XX ), probably loop" I switched back to bridge mode=none and will check if log warning stop.
-
-
Gombeen666
Member Candidate
- Posts: 224
- Joined:
Re: Bridge protocol
As I am dealing with Live production devices, I am trying not to cause service outages !
I picked a section of the network that is giving very issues and applied to the AP's bridge RSTP and on the RB960 added Port-Isolation + switch rules
/interface ethernet switch port-isolation
set ether3 forwarding-override=ether2
set ether4 forwarding-override=ether2
set ether5 forwarding-override=ether2
Note - PTP into RB960 is ether 2
/interface ethernet switch rule
add dst-address=192.168.10.120/30 new-dst-ports="" ports=ether3 switch=switch1
add dst-address=192.168.10.124/30 new-dst-ports="" ports=ether4 switch=switch1
add dst-address=192.168.10.128/30 new-dst-ports="" ports=ether5 switch=switch1
As the CPE's are in station-bridge mode I am unsure how to configure to AP's with port-isolation and switch rules!
I picked a section of the network that is giving very issues and applied to the AP's bridge RSTP and on the RB960 added Port-Isolation + switch rules
/interface ethernet switch port-isolation
set ether3 forwarding-override=ether2
set ether4 forwarding-override=ether2
set ether5 forwarding-override=ether2
Note - PTP into RB960 is ether 2
/interface ethernet switch rule
add dst-address=192.168.10.120/30 new-dst-ports="" ports=ether3 switch=switch1
add dst-address=192.168.10.124/30 new-dst-ports="" ports=ether4 switch=switch1
add dst-address=192.168.10.128/30 new-dst-ports="" ports=ether5 switch=switch1
As the CPE's are in station-bridge mode I am unsure how to configure to AP's with port-isolation and switch rules!
Re: Bridge protocol
Same as on a router: forward ports you wanna be isolated via uplink.As I am dealing with Live production devices, I am trying not to cause service outages !
I picked a section of the network that is giving very issues and applied to the AP's bridge RSTP and on the RB960 added Port-Isolation + switch rules
/interface ethernet switch port-isolation
set ether3 forwarding-override=ether2
set ether4 forwarding-override=ether2
set ether5 forwarding-override=ether2
Note - PTP into RB960 is ether 2
/interface ethernet switch rule
add dst-address=192.168.10.120/30 new-dst-ports="" ports=ether3 switch=switch1
add dst-address=192.168.10.124/30 new-dst-ports="" ports=ether4 switch=switch1
add dst-address=192.168.10.128/30 new-dst-ports="" ports=ether5 switch=switch1
As the CPE's are in station-bridge mode I am unsure how to configure to AP's with port-isolation and switch rules!
-
-
Gombeen666
Member Candidate
- Posts: 224
- Joined:
Re: Bridge protocol
AP Version 6.45.7 on Netbox + RB912UAG + RB911G ... I am unable to add port isolation ! How do I
-
-
Gombeen666
Member Candidate
- Posts: 224
- Joined:
Re: Bridge protocol
Why on a CCR1009-8G-1S-1S+ only 4 ports are on a switch, I would have thought that a CCR would have all ports on switches ?
You do not have the required permissions to view the files attached to this post.
Re: Bridge protocol
If you look at block diagram available here, you'll see that only ports 1-4 are connected to switch chip, the rest are connected directly to CPU. And this unit is more or less exception, most CCRs don't have switch chips at all.
-
-
Gombeen666
Member Candidate
- Posts: 224
- Joined:
Re: Bridge protocol
So most CCR's don't have a switch chip?
how is port isolation achieved!
how is port isolation achieved!
Re: Bridge protocol
Only with vlan isolation i believe:So most CCR's don't have a switch chip?
how is port isolation achieved!
https://wiki.mikrotik.com/wiki/Manual:Bridge_VLAN_Table
But it better be a good switch chip. Try to figure out how to use these switch ports to make an organized isolated network.
-
-
Gombeen666
Member Candidate
- Posts: 224
- Joined:
Re: Bridge protocol
I was reading that article and the chances of being locked out when applying vlan filter is high, i liked the idea from watching one of the MUM video's of first setting scheduler to disable the vlan filter at least then if locked out just wait for scheduler to run?Only with vlan isolation i believe:So most CCR's don't have a switch chip?
how is port isolation achieved!
https://wiki.mikrotik.com/wiki/Manual:Bridge_VLAN_Table
But it better be a good switch chip. Try to figure out how to use these switch ports to make an organized isolated network.
Re: Bridge protocol
No. Winbox has a nice feature named Safe ModeI was reading that article and the chances of being locked out when applying vlan filter is high, i liked the idea from watching one of the MUM video's of first setting scheduler to disable the vlan filter at least then if locked out just wait for scheduler to run?Only with vlan isolation i believe:So most CCR's don't have a switch chip?
how is port isolation achieved!
https://wiki.mikrotik.com/wiki/Manual:Bridge_VLAN_Table
But it better be a good switch chip. Try to figure out how to use these switch ports to make an organized isolated network.
https://wiki.mikrotik.com/wiki/Manual%3 ... #Safe_Mode
-
-
Gombeen666
Member Candidate
- Posts: 224
- Joined:
Re: Bridge protocol
https://www.youtube.com/watch?v=ZMMpza-O7_w
No. Winbox has a nice feature named Safe Mode
https://wiki.mikrotik.com/wiki/Manual%3 ... #Safe_Mode
Time:34:00 approx - no mention of safe mode but listed was scheduler or RoMON for recovery?
Re: Bridge protocol
It's better safe mode. Scheduler will apply changes without rollback.