Hi all, long time lurker, first time poster.

I have vlan filtering setup and a dhcp server running on a bridge, a trunk from a service provider with S-TAG outer and C-TAG inner ids for the end user routers. I need to allocate IP addresses down the link to each router on the other end of the cvlans.

I setup vlan filtering on a bridge, added the vlan that's mapped to the S-TAG and adding vlans on the bridge I can see the end user routers C-TAG id and mac addresses in the hosts on the bridge.

The DHCP server attached to the bridge sees the DHCP discovery from the end user devices and offers an address, but it's not getting back down the cvlans to the end user routers.

Here's my current config;
Now .. if I set the PVID on the bridge to 2, the router on cvlan 2 gets an IP allocated. If I set it to 8, the router on cvlan 8 gets an ip.

It seems there's no tagging on the way back down the cvlans, I'm sure I'm missing something simple.

Bump

Anyone have any clues for me please?

I've got this configuration setup on an old CCR1016, could that be causing problems? It's running the latest stable firmware v6.49.13

Talking to myself here a little, and hoping bumping this up the list will catch the attention of someone who can help me.

I've ordered a new CCR2116 and will cut the link across to that on the weekend, I'm hoping my Bridge/VLAN Filtering configuration will just work on this new router. We'll see.

Ok, so the new router, running 7.13.15 does the same thing, so seemingly not related to the old hardware.

If anyone has any clues on where I should look it would be greatly appreciated. Cheers.

Well, I've abandoned the idea and gone with /32 static routes and set proxy-arp on each vlan instead.

why is that

Why is what?

I'd have approached this a different way albeit likely it won't meet your intentions. Rather than pop VLAN 161 off before it gets to the bridge, I'd have added "SL LACP" into the bridge.

Then add a vlan interface that decapsulates VLAN 161:
/interface vlan add interface=bridge1 name=vlan-161 vlan-id=161

And on top of the vlan-161 interface, add another pair of vlan interface for VLANs 2 & 8:
/interface vlan add interface=vlan-161 name=vlan-2 vlan-id=2
/interface vlan add interface=vlan-161 name=vlan-8 vlan-id=8

Then you configure DHCP onto the interfaces vlan-2 and vlan-8. What it wouldn't do however is to make both of those a single bridge domain which is what you seem to be aiming for.

I'll give it a try, I need to allocate public addresses to the end user routers down the vlans, even segmenting to /30 is 4 addresses per user which is too wasteful.

You could put vlan-2 and vlan-8 into another bridge and run DHCP server on that second bridge. As only a single bridge can be hardware accelerated that might be an issue on some hardware. The CCR1036 won't be impacted as it doesn't have a switch chip. The CCR2116 does have a switch chip so performance may be impacted.

I can't just drop the vlans into a bridge, it causes duplicate mac address errors on the carrier side. I need vlan filtering on the bridge to work.