From time to time, in a simple network of router-switch-APs with VLANs, I am seeing layer 2 issues on RouterOS 6.47.10. DHCP replies are reaching a bridge, but not being transmitted on the port the DHCP request was received on; the bridge host entry correctly points to that port. VLAN filtering is enabled on the router and switch, but no on the APs since manager forwarding is enabled. I have observed this a few times on two separate networks in the last months. One symptom is persistent "dhcp ... offering lease ... without success" log messages (ie not just 1-2).
When deploying Controlled Access Points with local datapath forwarding with VLAN tagging, do we need to enable bridge VLAN filtering on the AP and add the VLANs to avoid layer 2 issues?
When using manager forwarding, as all traffic is encapsulated, do we agree VLAN filtering on the AP isn't needed?
Also, is it best practise to deploy MSTP in these scenarios or not? I'm using bridge protocol "none" everywhere in these networks.
Finally, anyone else out there with similar observations?
Thanks,
Dan