Community discussions

MikroTik App
 
rgroothuis
Member Candidate
Member Candidate
Topic Author
Posts: 126
Joined: Tue Sep 06, 2016 12:11 am

VLANs - bridge port received packet with own address - probably loop

Mon Nov 08, 2021 9:37 am

I've configured 3 VLAN's (5, 101 and 103) on the ether1 on a wAP device. The bridge has VLAN 101 and 103 with filtering enabled. When connecting a 2nd wAP AP to the network and I'm configuring the same VLAN config on the ether1 and bridge, the network becomes unstable (cannot access the internet) and I get the following error message:

vlan103: bridge port received packet with own address as source address (e4:8d:8c:72:d5:2e), probably loop

The VLANs, ether1 and bridge on the 1st AP all have the same MAC address. The VLAN's, ether1 and bridge on the 2nd AP also have the same MAC address but different compared to the 1st AP. Is this the correct config? Or should all VLAN's etc have their own MAC address?

Any suggestions?

I've been reading on STP, RSTP and MSTP but I'm not sure if I need to go into this direction to solve this problem. Looks like these protocols are being used for much more complex networks with dual connections, fallback and switchovers. Any suggestion would be appreciated. Thanks.
 
erlinden
Forum Guru
Forum Guru
Posts: 1900
Joined: Wed Jun 12, 2013 1:59 pm
Location: Netherlands

Re: VLANs - bridge port received packet with own address - probably loop

Mon Nov 08, 2021 10:05 am

Can you please share the config on both devices (and post them in between code tags):
/export hide-sensitive file=anynameyoulike
 
rgroothuis
Member Candidate
Member Candidate
Topic Author
Posts: 126
Joined: Tue Sep 06, 2016 12:11 am

Re: VLANs - bridge port received packet with own address - probably loop

Mon Nov 08, 2021 10:08 am

At the moment I only have the 1st AP device config at hand. This evening I can share the config from the 2nd AP.
# nov/08/2021 07:30:15 by RouterOS 6.48.1
# software id = TMGN-VZVM
#
# model = RouterBOARD wAP G-5HacT2HnD
# serial number = 69A50578307F
/interface bridge
add ingress-filtering=yes name=bridge1 protocol-mode=mstp region-name=Test \
    vlan-filtering=yes
/interface wireless
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=\
    20/40/80mhz-XXXX distance=indoors frequency=auto installation=outdoor \
    mode=ap-bridge ssid=MikroTik wireless-protocol=802.11
/interface vlan
add interface=ether1 name=vlan5 vlan-id=5
add interface=ether1 name=vlan101 vlan-id=101
add interface=ether1 name=vlan103 vlan-id=103
/interface list
add name=WAN
add name=VLAN
add name=BASE
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa2-psk eap-methods="" mode=dynamic-keys name=\
    profile1 supplicant-identity="" wpa2-pre-shared-key=geenwachtwoord
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \
    disabled=no distance=indoors frequency=auto installation=outdoor mode=\
    ap-bridge security-profile=profile1 ssid=vlan101 wireless-protocol=802.11
add disabled=no keepalive-frames=disabled mac-address=E6:8D:8C:72:D5:30 \
    master-interface=wlan1 multicast-buffering=disabled name=wlan3 \
    security-profile=profile1 ssid=vlan103 vlan-id=101 wds-cost-range=0 \
    wds-default-cost=0 wps-mode=disabled
/interface bridge port
add bridge=bridge1 frame-types=admit-only-vlan-tagged ingress-filtering=yes \
    interface=ether1
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged \
    ingress-filtering=yes interface=wlan1 pvid=101
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged \
    ingress-filtering=yes interface=wlan3 pvid=103
add bridge=bridge1 interface=vlan101 pvid=101
add bridge=bridge1 interface=vlan103 pvid=103
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface bridge vlan
add bridge=bridge1 tagged=ether1,bridge1 untagged=wlan1 vlan-ids=101
add bridge=bridge1 tagged=ether1,bridge1 untagged=wlan3 vlan-ids=103
add bridge=bridge1 tagged=bridge1,ether1 vlan-ids=5
/interface list member
add interface=ether1 list=WAN
add interface=vlan101 list=VLAN
add interface=vlan103 list=VLAN
add interface=vlan5 list=WAN
add interface=vlan5 list=VLAN
add interface=bridge1 list=LAN
/ip address
add address=192.168.201.1/24 disabled=yes interface=vlan101 network=\
    192.168.201.0
/ip dhcp-client
add disabled=no interface=vlan5
/ip route
add distance=1 dst-address=192.168.101.0/24 gateway=vlan101
add distance=1 dst-address=192.168.103.0/24 gateway=vlan103
/system clock
set time-zone-name=Europe/Amsterdam
/system identity
set name=WIFI01-Test
/system logging
add topics=dhcp
add topics=firewall
/tool mac-server
set allowed-interface-list=WAN
/tool mac-server mac-winbox
set allowed-interface-list=WAN
/tool sniffer
set file-name=capture filter-interface=all memory-limit=1000KiB
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: VLANs - bridge port received packet with own address - probably loop

Mon Nov 08, 2021 11:46 pm

First thing I would do is update firmware to latest long term version.
An access point setup is very simple and sparse!!


(1) Is it required to set protocol mode to mstp? Leave at default setting is usually the best start.
REMOVE any changes from default that you have made that means also including the ingress filtering.........
/interface bridge
add ingress-filtering=yes name=bridge1 protocol-mode=mstp region-name=Test \
vlan-filtering=yes

(2) Assign vlans to the bridge not ether1 (I see there is only one ethernet port but lets go with standard so keep it at bridge.
/interface vlan
add interface=ether1 name=vlan5 vlan-id=5
add interface=ether1 name=vlan101 vlan-id=101
add interface=ether1 name=vlan103 vlan-id=103

(3) To many interface lists, you only need one. BASE.
/interface list
add name=WAN
add name=VLAN
add name=BASE
add name=LAN


(4) Dont confuse vlans and wifi get rid of any vlan settings in wireless settings.............. (would you mix brandy with whipping creme, hmm on second thought bad analogy)
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \
disabled=no distance=indoors frequency=auto installation=outdoor mode=\
ap-bridge security-profile=profile1 ssid=vlan101 wireless-protocol=802.11
add disabled=no keepalive-frames=disabled mac-address=E6:8D:8C:72:D5:30 \
master-interface=wlan1 multicast-buffering=disabled name=wlan3 \
security-profile=profile1 ssid=vlan103 vlan-id=101 wds-cost-range=0 \
wds-default-cost=0 wps-mode=disabled

NOTE: Correction to the above due to your confusing names for SSID names. The first red entry is actually not an error, but suggest changing SSID name of vlan101 to something else.
The second wlan (virtual) should not have vlanID reference, and you already associate to the primary wlan by master interface!! Suggest use SSIDs like homewifi, or guestwifi etc..

(5) Vlans are not bridge ports REMOVE.......
/interface bridge port
add bridge=bridge1 frame-types=admit-only-vlan-tagged ingress-filtering=yes \
interface=ether1
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged \
ingress-filtering=yes interface=wlan1 pvid=101
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged \
ingress-filtering=yes interface=wlan3 pvid=103
add bridge=bridge1 interface=vlan101 pvid=101
add bridge=bridge1 interface=vlan103 pvid=103

/ip neighbor discovery-settings
set discover-interface-list=LAN

/interface bridge vlan
add bridge=bridge1 tagged=ether1,bridge1 untagged=wlan1 vlan-ids=101
add bridge=bridge1 tagged=ether1,bridge1 untagged=wlan3 vlan-ids=103
add bridge=bridge1 tagged=bridge1,ether1 vlan-ids=5

(6) only need one member.........
/interface list member
add interface=vlan5 list=BASE

Assuming vlan5 is the management vlan here

(7) /ip address WRONG. the WAP IP address should be from the management vlan 5 and should be unique to the WAP like 192.168.X.25
add address=192.168.X.????/24 interface=vlan101 network=\
192.168.X.0

(8) /ip route only need route to management vlan gateway IP,
add distance=1 dst-address=0.0.0.0/0 gateway=vlan5gatewayIP


(9) to match up with interface...........
/tool mac-server
set allowed-interface-list=NONE
/tool mac-server mac-winbox
set allowed-interface-list=BASE
set file-name=capture filter-interface=all memory-limit=1000KiB
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: VLANs - bridge port received packet with own address - probably loop

Tue Nov 09, 2021 8:42 am

First thing I would do is update firmware to latest long term version.

Be careful: latest long-term (6.48.5) is reported to have problem with reboots. You might want to stick to 6.48.4 for now (if you don't feel adventurous).
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: VLANs - bridge port received packet with own address - probably loop

Tue Nov 09, 2021 2:47 pm

Hi Mkx can you point me to that information. I use long term on my devices and not seeing it??

At OP
MSTP may be a reasonable setting to use if have different vendor switches in the mix (connected to each other and the router)
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: VLANs - bridge port received packet with own address - probably loop

Tue Nov 09, 2021 10:16 pm

Hi Mkx can you point me to that information. I use long term on my devices and not seeing it??

Many users complained in announcements, thread about 6.48.5, that this version bricked their devices. Many did not have such problem, but there isn't a clear failure pattern so one should be prepared for the worst with this ROS version ... kind of Russian roulette.
 
rgroothuis
Member Candidate
Member Candidate
Topic Author
Posts: 126
Joined: Tue Sep 06, 2016 12:11 am

Re: VLANs - bridge port received packet with own address - probably loop

Wed Nov 10, 2021 9:45 am

Found the reason why I had this loop problem. Two VLAN's were terminated, at both sides, in a bridge. So the message sent on one vlan were returned through the bridge over the other vlan back into the senders vlan. This was not a good configuration. Redesigned the solution and now I've a working setup :-)
 
jatoledano
just joined
Posts: 4
Joined: Thu Nov 24, 2011 1:22 pm

Re: VLANs - bridge port received packet with own address - probably loop

Sun Nov 20, 2022 1:15 pm

It would be interesting if you can post the Whole configuration with the problem. I have a similar situation, that I solved it but I coudn't figure out what was the real problem. I think that similar situations are related to what have described, packets that go from one Vlan and return in another vlan.

Who is online

Users browsing this forum: holvoetn and 84 guests