I'm quite puzzled by what is happening with the bridge configuration on my devices and would appreciate some help to understand what I'm doing wrong. To begin with, here is a diagram that shows how my network is currently configured:
As can be seen from the diagram, I have two switches connected independently to two separate routers with separate internet connections.
My limited understanding of bridges in ROS 6 is that all devices that are connected to a router must be in a bridge in order for traffic to be able to route across them. However, the situation I'm seeing right now is that if I add the CRS-308 on "eth4" to the bridge on the RB750Gr3, I'm not able to ping the RB750 from the CRS-308. If I remove the port, ping works fine! I'm guessing it is somehow routing through the CCR-1009 & Unifi US-24, but I'm unable to understand what should be the correct setup. Any help is most welcome!
Here is the config from the RB750Gr3:
Code: Select all
# sep/23/2022 17:00:11 by RouterOS 6.49
# model = RB750Gr3
/interface bridge
add admin-mac=74:4D:28:68:4A:1A auto-mac=no name="All Ports Bridge" \
protocol-mode=mstp vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] name=\
ether1-gateway speed=100Mbps
set [ find default-name=ether2 ] comment="WAN Interface" name=\
ether2-gateway speed=100Mbps
set [ find default-name=ether3 ] comment="Unifi US-24 Trunk" speed=100Mbps
set [ find default-name=ether4 ] comment="Mikrotik CRS309 Trunk" speed=\
100Mbps
set [ find default-name=ether5 ] speed=100Mbps
/interface vrrp
add authentication=ah comment="VLAN 1 Network" disabled=yes interface=\
"All Ports Bridge" name=mgmt-net-vrrp priority=200 version=2 vrid=48
/interface vlan
add comment="Cluster comms network" interface="All Ports Bridge" name=\
cluster-net vlan-id=67
add comment="DMZ network" interface="All Ports Bridge" name=dmz-net vlan-id=\
122
add comment="Guest network" interface="All Ports Bridge" name=guest-net \
vlan-id=90
add comment="IOT Devices network" interface="All Ports Bridge" name=iot-net \
vlan-id=50
add comment="Lab Network" interface="All Ports Bridge" name=lab-vlan vlan-id=\
54
add comment="Untrusted Client(s) network" interface="All Ports Bridge" name=\
others-net vlan-id=75
add comment="Storage network" interface="All Ports Bridge" name=san-net \
vlan-id=83
add comment="Server network" interface="All Ports Bridge" name=server-net \
vlan-id=20
add comment="\"Trusted\" Clients network" interface="All Ports Bridge" name=\
trusted-clients-net vlan-id=104
/interface vrrp
add authentication=ah interface=cluster-net name=cluster-net-vrrp priority=\
200 version=2 vrid=67
add authentication=ah interface=dmz-net name=dmz-net-vrrp preemption-mode=no \
priority=200 version=2 vrid=122
add authentication=ah interface=iot-net name=iot-net-vrrp preemption-mode=no \
priority=200 version=2 vrid=50
add authentication=ah interface=lab-vlan name=lab-vlan-vrrp preemption-mode=\
no priority=200 version=2 vrid=54
add authentication=ah interface=others-net name=others-net-vrrp \
preemption-mode=no priority=200 version=2 vrid=75
add authentication=ah interface=san-net name=san-net-vrrp priority=200 \
version=2 vrid=83
add authentication=ah interface=server-net name=server-net-vrrp priority=200 version=2 vrid=20
add authentication=ah interface=trusted-clients-net name=trusted-clients-vrrp \
priority=200 version=2 vrid=104
/interface bridge port
add bridge="All Ports Bridge" comment="Unifi US-24 Trunk" interface=ether3
/interface bridge vlan
add bridge="All Ports Bridge" comment="Server network" tagged=\
"All Ports Bridge,ether3,ether4,ether5" vlan-ids=20
add bridge="All Ports Bridge" comment="IOT Devices network" tagged=\
"All Ports Bridge,ether3,ether4,ether5" vlan-ids=50
add bridge="All Ports Bridge" comment="Lab network" tagged=\
"All Ports Bridge,ether3,ether4,ether5" vlan-ids=54
add bridge="All Ports Bridge" comment="Untrusted Client(s) network" tagged=\
"All Ports Bridge,ether3,ether4,ether5" vlan-ids=75
add bridge="All Ports Bridge" comment="Cluster comms network" tagged=\
"All Ports Bridge,ether3,ether4,ether5" vlan-ids=67
add bridge="All Ports Bridge" comment="Storage network" tagged=\
"All Ports Bridge,ether3,ether4,ether5" vlan-ids=83
add bridge="All Ports Bridge" comment="\"Trusted\" clients network" tagged=\
"All Ports Bridge,ether3,ether4,ether5" vlan-ids=104
add bridge="All Ports Bridge" comment="DMZ network" tagged=\
"All Ports Bridge,ether3,ether4,ether5" vlan-ids=122
add bridge="All Ports Bridge" tagged="All Ports Bridge,ether3,ether4,ether5" \
vlan-ids=90
add bridge="All Ports Bridge" tagged="All Ports Bridge,ether3,ether4,ether5" \
vlan-ids=126
add bridge="All Ports Bridge" tagged="All Ports Bridge,ether3,ether4,ether5" \
vlan-ids=166
add bridge="All Ports Bridge" vlan-ids=1
/ip address
add address=192.168.48.2/24 comment="Management network" interface=\
"All Ports Bridge" network=192.168.48.0
add address=192.168.54.2/24 comment="Lab network" interface=lab-vlan network=\
192.168.54.0
add address=192.168.20.2/24 comment="Server network" interface=server-net \
network=192.168.20.0
add address=192.168.50.2/24 comment="IOT network" interface=iot-net network=\
192.168.50.0
add address=192.168.75.2/24 comment="Untrusted Clients network" interface=\
others-net network=192.168.75.0
add address=192.168.90.2/24 comment="Guest network" interface=guest-net \
network=192.168.90.0
add address=192.168.104.2/24 comment="Trusted Clients network" interface=\
trusted-clients-net network=192.168.104.0
add address=192.168.122.2/24 comment="DMZ network" interface=dmz-net network=\
192.168.122.0
add address=192.168.54.254 interface=lab-vlan-vrrp network=192.168.54.254
add address=192.168.20.254 interface=server-net-vrrp network=192.168.20.254
add address=192.168.48.254 interface=mgmt-net-vrrp network=192.168.48.254
add address=192.168.75.254 interface=others-net-vrrp network=192.168.75.254
add address=192.168.104.254 interface=trusted-clients-vrrp network=\
192.168.104.254
add address=192.168.122.254 interface=dmz-net-vrrp network=192.168.122.254
add address=192.168.50.254 interface=iot-net-vrrp network=192.168.50.254
add address=192.168.67.2/24 comment="Cluster comms network" interface=\
cluster-net network=192.168.67.0
add address=192.168.67.254 interface=cluster-net-vrrp network=192.168.67.254
add address=192.168.83.2/24 comment="Storage network" interface=san-net \
network=192.168.83.0
add address=192.168.83.254 interface=san-net-vrrp network=192.168.83.254
add address=192.168.50.19/24 disabled=yes interface=iot-net-vrrp network=\
192.168.50.0
Code: Select all
# sep/23/2022 16:59:30 by RouterOS 6.49.2
# model = CRS309-1G-8S+
/interface ethernet
set [ find default-name=ether1 ] comment="Management Port" l2mtu=1592
set [ find default-name=sfp-sfpplus1 ] comment=BIG-RIG l2mtu=1592
set [ find default-name=sfp-sfpplus2 ] comment="LEGION - Port 1" l2mtu=1592
set [ find default-name=sfp-sfpplus3 ] comment="LEGION - Port 2" l2mtu=1592
set [ find default-name=sfp-sfpplus4 ] comment="Homelab Core-01" l2mtu=1592
set [ find default-name=sfp-sfpplus5 ] comment="Homelab Core-02" l2mtu=1592
set [ find default-name=sfp-sfpplus6 ] comment="Homelab Core-03" l2mtu=1592
set [ find default-name=sfp-sfpplus7 ] comment="Mikrotik RB750Gr3 Uplink" \
l2mtu=1592
set [ find default-name=sfp-sfpplus8 ] comment="MikroTik CCR1009 Uplink" \
l2mtu=1592
/interface bridge
add admin-mac=2C:C8:1B:20:06:C8 auto-mac=no comment="Clients Bridge" name=\
bridge1 protocol-mode=mstp vlan-filtering=yes
/interface bonding
add comment=LEGION mode=802.3ad name=bond-sfpp2_sfpp3 slaves=\
sfp-sfpplus2,sfp-sfpplus3
/interface bridge port
add bridge=bridge1 interface=sfp-sfpplus1 pvid=83
add bridge=bridge1 comment="MikroTik CCR1009 Uplink" interface=sfp-sfpplus8
add bridge=bridge1 interface=bond-sfpp2_sfpp3 pvid=83
add bridge=bridge1 interface=sfp-sfpplus4 pvid=83
add bridge=bridge1 interface=sfp-sfpplus5 pvid=83
add bridge=bridge1 interface=sfp-sfpplus6 pvid=83
add bridge=bridge1 comment="Mikrotik RB750Gr3 Uplink" interface=sfp-sfpplus7 \
priority=0x90 pvid=83
/interface bridge vlan
add bridge=bridge1 comment="\"Trusted\" Clients network" tagged=\
sfp-sfpplus8,sfp-sfpplus7,sfp-sfpplus4,sfp-sfpplus5,sfp-sfpplus6 \
vlan-ids=104
add bridge=bridge1 comment="IOT Devices network" tagged=\
sfp-sfpplus8,sfp-sfpplus7,sfp-sfpplus4,sfp-sfpplus5,sfp-sfpplus6 \
vlan-ids=50
add bridge=bridge1 comment="Server network" tagged=\
sfp-sfpplus8,sfp-sfpplus7,sfp-sfpplus4,sfp-sfpplus5,sfp-sfpplus6 \
vlan-ids=20
add bridge=bridge1 comment="Storage network" tagged=sfp-sfpplus8,sfp-sfpplus7 \
vlan-ids=83
add bridge=bridge1 comment="Cluster comms network" tagged=\
sfp-sfpplus8,sfp-sfpplus7 vlan-ids=67
add bridge=bridge1 comment="Lab network" tagged=\
sfp-sfpplus8,sfp-sfpplus7,sfp-sfpplus4,sfp-sfpplus5,sfp-sfpplus6 \
vlan-ids=54
add bridge=bridge1 comment="Untrusted Client(s) network" tagged=\
sfp-sfpplus8,sfp-sfpplus7,sfp-sfpplus4,sfp-sfpplus5,sfp-sfpplus6 \
vlan-ids=75
add bridge=bridge1 comment="\"Guest\" network" tagged=\
sfp-sfpplus8,sfp-sfpplus7 vlan-ids=90
add bridge=bridge1 comment="DMZ network" tagged=sfp-sfpplus8,sfp-sfpplus7 \
vlan-ids=122
add bridge=bridge1 comment="OpenVPN (UDP) network" tagged=\
sfp-sfpplus8,sfp-sfpplus7 vlan-ids=166
add bridge=bridge1 untagged=sfp-sfpplus7 vlan-ids=1
/ip address
add address=192.168.48.10/24 interface=bridge1 network=192.168.48.0
/ip dns
set servers=192.168.48.254
/ip route
add distance=1 gateway=192.168.48.254
/system clock
set time-zone-autodetect=no time-zone-name=Asia/Singapore
/system clock manual
set time-zone=+08:00
/system identity
set name="MikroTik CRS309-1G-8S+"
/system ntp client
set enabled=yes server-dns-names=0.sg.pool.ntp.org,1.sg.pool.ntp.org
/system package update
set channel=upgrade
/system routerboard settings
set boot-os=router-os
/tool sniffer
set filter-interface=bridge1 streaming-enabled=yes streaming-server=\
192.168.104.117