Community discussions

MikroTik App
 
sh4444dow
just joined
Topic Author
Posts: 9
Joined: Mon Dec 20, 2021 12:48 pm

Bridge filter rules do not work on RouterOS 7.x (7.0betaX, 7.1betaX, 7.1rcX) with CCR2004-1G-12S+2XS

Mon Dec 20, 2021 4:35 pm

Bridge filter rules on VLAN seems to be ignored with all version of RouterOS 7.x on CCR2004-1G-12S+2XS.

This is particularly annoying because to my knowledge, it seems to be the only method to making DHCP requests working for Orange french ISP provider (set priority of 6 on UDP port 67 for VLAN 832). Bridge filters on same configuration works very well on RouterOS 6.48.x and 6.49.x.

Packets and Bytes remain to 0 (screenshot was made with 6.49.2 for illustration purpose, but the problem of 0 counters are for RouterOS >= 7.x).
Image
NB : I even tried more generalistic rules without any criteria except
chain=output
and the result is the same : Packets and Bytes remains to 0.

Configuration
# dec/20/2021 13:44:34 by RouterOS 6.49.2
# software id = 5K07-UJLN
#
# model = CCR2004-1G-12S+2XS
# serial number = F0710E38E4F4
/interface ethernet
set [ find default-name=sfp-sfpplus1 ] l2mtu=1584
/interface vlan
add interface=sfp-sfpplus1 name=orange-vlan-832 vlan-id=832
/ip dhcp-client option
add code=120 name=SIP value={***HIDDEN***}
add code=77 name=userclass value={***HIDDEN***}
add code=90 name=authsend value={***HIDDEN***}
add code=60 name=vendor-class value={***HIDDEN***}
/interface bridge filter
add action=set-priority chain=output dst-port=67 ip-protocol=udp log=yes \
    log-prefix=COS mac-protocol=ip new-priority=6 out-interface=\
    orange-vlan-832 passthrough=yes
add action=set-priority chain=output dst-port=547 ip-protocol=udp \
    mac-protocol=ipv6 new-priority=6 out-interface=orange-vlan-832 \
    passthrough=yes
/ip dhcp-client
add add-default-route=no disabled=no interface=sfp-sfpplus1

Related topics
You do not have the required permissions to view the files attached to this post.
Last edited by sh4444dow on Fri Dec 31, 2021 8:05 pm, edited 1 time in total.
 
Zacharias
Forum Guru
Forum Guru
Posts: 3459
Joined: Tue Dec 12, 2017 12:58 am
Location: Greece

Re: Bridge filter rules do not work on RouterOS 7.x (7.0betax, 7.1betax, 7.1rcx) with CCR2004-1G-12S+2XS

Mon Dec 20, 2021 8:58 pm

Well, indeed, i tested simple filter rules on stable 7.1 and they do not work when VLANs are used...
 
sh4444dow
just joined
Topic Author
Posts: 9
Joined: Mon Dec 20, 2021 12:48 pm

Re: Bridge filter rules do not work on RouterOS 7.x (7.0betax, 7.1betax, 7.1rcx) with CCR2004-1G-12S+2XS

Fri Dec 31, 2021 8:04 pm

@support, do you have any workaround / roadmap to fix this ?
 
Zacharias
Forum Guru
Forum Guru
Posts: 3459
Joined: Tue Dec 12, 2017 12:58 am
Location: Greece

Re: Bridge filter rules do not work on RouterOS 7.x (7.0betaX, 7.1betaX, 7.1rcX) with CCR2004-1G-12S+2XS

Sun Jan 02, 2022 2:19 pm

You can contact support here https://mikrotik.com/support
 
emunt6
Frequent Visitor
Frequent Visitor
Posts: 90
Joined: Fri Feb 02, 2018 7:00 pm

Re: Bridge filter rules do not work on RouterOS 7.x (7.0betaX, 7.1betaX, 7.1rcX) with CCR2004-1G-12S+2XS

Mon Jan 03, 2022 4:28 pm

HI!

As a workaround, you can try the "router-way" configuration ( you are using the "switch-way" configuration ).
As I understand your WAN-link (sfp1) consists of:
-internet ( untagged )
-SIP-TRUNK ( tagged vlan: 832 )

Router-way configuration is creating separate bridges for each VLAN-Interfaces:
sfp1 - WAN ( internet+SIP )
sfp2 - LAN ( ?? )

brwan
member: sfp1

brlan
member: sfp2

brsip
member: sfp1.832, sfp2.832

The "/ip dhcp-client" interface will be the "brsip".
 
sh4444dow
just joined
Topic Author
Posts: 9
Joined: Mon Dec 20, 2021 12:48 pm

Re: Bridge filter rules do not work on RouterOS 7.x (7.0betaX, 7.1betaX, 7.1rcX) with CCR2004-1G-12S+2XS  [SOLVED]

Mon Feb 28, 2022 4:49 pm

Fixed in 7.1.3 / 7.2rc4 !
*) bridge - fixed bridge filter and NAT rules on ARM64 and TILE devices;
👏

Who is online

Users browsing this forum: No registered users and 17 guests