Community discussions

 
User avatar
lapsio
Member
Member
Topic Author
Posts: 473
Joined: Wed Feb 24, 2016 5:19 pm

CRS317 - arp doesn't work

Sat Jul 28, 2018 9:06 pm

I have following config on CRS317:

/interface bridge
add admin-mac=CC:2D:E0:58:18:E0 auto-mac=no name=br-hardware protocol-mode=none vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] l2mtu=2028 name=ether1-rescue
set [ find default-name=sfp-sfpplus1 ] l2mtu=9112 mtu=9000
set [ find default-name=sfp-sfpplus2 ] l2mtu=9112 mtu=9000
set [ find default-name=sfp-sfpplus3 ] l2mtu=9112 mtu=9000
set [ find default-name=sfp-sfpplus4 ] l2mtu=9112 mtu=9000
set [ find default-name=sfp-sfpplus5 ] l2mtu=9112 mtu=9000
set [ find default-name=sfp-sfpplus6 ] l2mtu=9112 mtu=9000
set [ find default-name=sfp-sfpplus7 ] l2mtu=9112 mtu=9000
set [ find default-name=sfp-sfpplus8 ] l2mtu=9112 mtu=9000
set [ find default-name=sfp-sfpplus9 ] l2mtu=9112 mtu=9000
set [ find default-name=sfp-sfpplus10 ] l2mtu=9112 mtu=9000
set [ find default-name=sfp-sfpplus11 ] l2mtu=9112 mtu=9000
set [ find default-name=sfp-sfpplus12 ] l2mtu=9112 mtu=9000
set [ find default-name=sfp-sfpplus13 ] l2mtu=9112 mtu=9000
set [ find default-name=sfp-sfpplus14 ] l2mtu=9112 mtu=9000
set [ find default-name=sfp-sfpplus15 ] l2mtu=9112 mtu=9000
set [ find default-name=sfp-sfpplus16 ] l2mtu=9112 mtu=9000
/interface vlan
add interface=br-hardware name=vlan10-ccr vlan-id=1001
/interface list
add exclude=dynamic name=discover
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/interface bridge port
add bridge=br-hardware frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=sfp-sfpplus1 pvid=10
add bridge=br-hardware frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=sfp-sfpplus2 pvid=11
add bridge=br-hardware frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=sfp-sfpplus3 pvid=12
add bridge=br-hardware frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=sfp-sfpplus4 pvid=13
add bridge=br-hardware frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=sfp-sfpplus5 pvid=14
add bridge=br-hardware frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=sfp-sfpplus6 pvid=15
add bridge=br-hardware frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=sfp-sfpplus7 pvid=16
add bridge=br-hardware frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=sfp-sfpplus8 pvid=17
add bridge=br-hardware frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=sfp-sfpplus9 pvid=18
add bridge=br-hardware frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=sfp-sfpplus10 pvid=19
add bridge=br-hardware frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=sfp-sfpplus11 pvid=20
add bridge=br-hardware frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=sfp-sfpplus12 pvid=21
add bridge=br-hardware frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=sfp-sfpplus13 pvid=22
add bridge=br-hardware frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=sfp-sfpplus16 pvid=2
/interface bridge vlan
add bridge=br-hardware tagged=br-hardware,sfp-sfpplus16 vlan-ids=1001
/interface list member
add interface=vlan10-ccr list=discover

When I change intefrace of vlan10-ccr to sfp interface instead of bridge I can ping router. However if vlan interface is attached to bridge, i can only ping router after router pings switch first (so that switch gets router MAC address). Otherwise I'm getting timeouts. ARP ping also doesn't work.
MTCNA, MTCRE, MTCINE
 
idlemind
Forum Guru
Forum Guru
Posts: 1102
Joined: Fri Mar 24, 2017 11:15 pm
Location: USA

Re: CRS317 - arp doesn't work

Mon Jul 30, 2018 8:03 am

I assume the IP address is attached to the VLAN interface? Any ARP related settings? Maybe a full /export hide-sensitive
 
User avatar
lapsio
Member
Member
Topic Author
Posts: 473
Joined: Wed Feb 24, 2016 5:19 pm

Re: CRS317 - arp doesn't work

Mon Jul 30, 2018 11:48 pm

I assume the IP address is attached to the VLAN interface? Any ARP related settings? Maybe a full /export hide-sensitive
I tied to isolate as tiny case as possible. So here I replicated issue with only 2 switches (without CCR involved):

lapsio@linux-gjpj ~> cat SSHFS/Storage/mtk5
# jul/30/2018 22:31:17 by RouterOS 6.42.5
# software id = TUMN-P820
#
# model = CRS317-1G-16S+
# serial number = 846C08BDB941
/interface bridge
add admin-mac=CC:2D:E0:58:18:E0 auto-mac=no name=br-hardware protocol-mode=none vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] l2mtu=2028 name=ether1-rescue
set [ find default-name=sfp-sfpplus1 ] l2mtu=9112 mtu=9000
set [ find default-name=sfp-sfpplus2 ] l2mtu=9112 mtu=9000
set [ find default-name=sfp-sfpplus3 ] l2mtu=9112 mtu=9000
set [ find default-name=sfp-sfpplus4 ] l2mtu=9112 mtu=9000
set [ find default-name=sfp-sfpplus5 ] l2mtu=9112 mtu=9000
set [ find default-name=sfp-sfpplus6 ] l2mtu=9112 mtu=9000
set [ find default-name=sfp-sfpplus7 ] l2mtu=9112 mtu=9000
set [ find default-name=sfp-sfpplus8 ] l2mtu=9112 mtu=9000
set [ find default-name=sfp-sfpplus9 ] l2mtu=9112 mtu=9000
set [ find default-name=sfp-sfpplus10 ] l2mtu=9112 mtu=9000
set [ find default-name=sfp-sfpplus11 ] l2mtu=9112 mtu=9000
set [ find default-name=sfp-sfpplus12 ] l2mtu=9112 mtu=9000
set [ find default-name=sfp-sfpplus13 ] l2mtu=9112 mtu=9000
set [ find default-name=sfp-sfpplus14 ] l2mtu=9112 mtu=9000
set [ find default-name=sfp-sfpplus15 ] l2mtu=9112 mtu=9000
set [ find default-name=sfp-sfpplus16 ] l2mtu=9112 mtu=9000
/interface vlan
add interface=br-hardware name=vlan10-ccr vlan-id=1001
/interface list
add exclude=dynamic name=discover
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/snmp community
set [ find default=yes ] addresses=0.0.0.0/0
/user group
add name=public policy=ssh,read,web,!local,!telnet,!ftp,!reboot,!write,!policy,!test,!winbox,!password,!sniff,!sensitive,!api,!romon,!dude,!tikapp
/interface bridge port
add bridge=br-hardware frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=sfp-sfpplus1 pvid=10
add bridge=br-hardware frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=sfp-sfpplus2 pvid=11
add bridge=br-hardware frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=sfp-sfpplus3 pvid=12
add bridge=br-hardware frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=sfp-sfpplus4 pvid=13
add bridge=br-hardware frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=sfp-sfpplus5 pvid=14
add bridge=br-hardware frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=sfp-sfpplus6 pvid=15
add bridge=br-hardware frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=sfp-sfpplus7 pvid=16
add bridge=br-hardware frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=sfp-sfpplus8 pvid=17
add bridge=br-hardware frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=sfp-sfpplus9 pvid=18
add bridge=br-hardware frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=sfp-sfpplus10 pvid=19
add bridge=br-hardware frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=sfp-sfpplus11 pvid=20
add bridge=br-hardware frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=sfp-sfpplus12 pvid=21
add bridge=br-hardware frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=sfp-sfpplus13 pvid=22
add bridge=br-hardware frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=sfp-sfpplus16 pvid=2
add bridge=br-hardware frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=sfp-sfpplus15 pvid=3
/ip neighbor discovery-settings
set discover-interface-list=discover
/interface bridge vlan
add bridge=br-hardware tagged=br-hardware,sfp-sfpplus16,sfp-sfpplus15 vlan-ids=1001
add bridge=br-hardware tagged=sfp-sfpplus16,sfp-sfpplus15 vlan-ids=1002
/interface list member
add interface=vlan10-ccr list=discover
/ip address
add address=192.168.254.1/30 interface=ether1-rescue network=192.168.254.0
add address=192.168.10.5/24 interface=vlan10-ccr network=192.168.10.0
/ip cloud
set update-time=no
/ip dns
set servers=192.168.10.9
/ip route
add distance=1 gateway=192.168.10.2
/system clock
set time-zone-autodetect=no time-zone-name=Europe/Warsaw
/system identity
set name=CRS317SWAG
/system leds
add interface=vlan10-ccr leds=user-led type=interface-activity
/system ntp client
set enabled=yes primary-ntp=158.75.5.245
/system routerboard settings
set boot-os=router-os silent-boot=no
/user aaa
set default-group=public








# jul/30/2018 22:32:53 by RouterOS 6.42.5
# software id = TY91-A3R5
#
# model = CRS326-24G-2S+
# serial number = 763C08DC0959
/interface bridge
add admin-mac=CC:2D:E0:51:8E:E0 auto-mac=no name=br-hardware protocol-mode=none vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] l2mtu=9112 mtu=9000
set [ find default-name=ether2 ] l2mtu=9112 mtu=9000
set [ find default-name=ether3 ] l2mtu=9112 mtu=9000
set [ find default-name=ether4 ] l2mtu=9112 mtu=9000
set [ find default-name=ether5 ] l2mtu=9112 mtu=9000
set [ find default-name=ether6 ] l2mtu=9112 mtu=9000
set [ find default-name=ether7 ] l2mtu=9112 mtu=9000
set [ find default-name=ether8 ] l2mtu=9112 mtu=9000
set [ find default-name=ether9 ] l2mtu=9112 mtu=9000
set [ find default-name=ether10 ] l2mtu=9112 mtu=9000
set [ find default-name=ether11 ] l2mtu=9112 mtu=9000
set [ find default-name=ether12 ] l2mtu=9112 mtu=9000
set [ find default-name=ether13 ] l2mtu=9112 mtu=9000
set [ find default-name=ether14 ] l2mtu=9112 mtu=9000
set [ find default-name=ether15 ] l2mtu=9112 mtu=9000
set [ find default-name=ether16 ] l2mtu=9112 mtu=9000
set [ find default-name=ether17 ] l2mtu=9112 mtu=9000
set [ find default-name=ether18 ] l2mtu=9112 mtu=9000
set [ find default-name=ether19 ] l2mtu=9112 mtu=9000
set [ find default-name=ether20 ] l2mtu=9112 mtu=9000
set [ find default-name=ether21 ] l2mtu=9112 mtu=9000
set [ find default-name=ether22 ] l2mtu=9112 mtu=9000
set [ find default-name=ether23 ] l2mtu=9112 mtu=9000
set [ find default-name=ether24 ] l2mtu=9112 mtu=9000
set [ find default-name=sfp-sfpplus1 ] l2mtu=9112 mtu=9000
set [ find default-name=sfp-sfpplus2 ] l2mtu=9112 mtu=9000
/interface vlan
add interface=br-hardware name=vlan10-ccr vlan-id=1001
/interface list
add exclude=dynamic name=discover
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/snmp community
set [ find default=yes ] addresses=0.0.0.0/0
/user group
add name=public policy=ssh,read,web,!local,!telnet,!ftp,!reboot,!write,!policy,!test,!winbox,!password,!sniff,!sensitive,!api,!romon,!dude,!tikapp
/interface bridge port
add bridge=br-hardware frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=ether17 pvid=10
add bridge=br-hardware frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=ether18 pvid=11
add bridge=br-hardware frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=ether19 pvid=12
add bridge=br-hardware frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=ether20 pvid=13
add bridge=br-hardware frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=ether21 pvid=14
add bridge=br-hardware frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=ether22 pvid=15
add bridge=br-hardware frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=ether23 pvid=16
add bridge=br-hardware frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=ether24 pvid=17
add bridge=br-hardware frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=ether1 pvid=99
add bridge=br-hardware frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=ether2 pvid=99
add bridge=br-hardware frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=ether3 pvid=99
add bridge=br-hardware frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=ether4 pvid=99
add bridge=br-hardware frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=ether5 pvid=301
add bridge=br-hardware frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=ether6 pvid=302
add bridge=br-hardware frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=ether7 pvid=303
add bridge=br-hardware frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=ether8 pvid=304
add bridge=br-hardware frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=ether9 pvid=401
add bridge=br-hardware frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=ether10 pvid=402
add bridge=br-hardware frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=ether11 pvid=403
add bridge=br-hardware frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=ether12 pvid=404
add bridge=br-hardware frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=ether15 pvid=18
add bridge=br-hardware frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=ether16 pvid=19
add bridge=br-hardware frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=ether13 pvid=3
add bridge=br-hardware frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=sfp-sfpplus2 pvid=2
/ip neighbor discovery-settings
set discover-interface-list=discover
/interface bridge vlan
add bridge=br-hardware tagged=br-hardware,sfp-sfpplus2 vlan-ids=1001
add bridge=br-hardware tagged=ether13 untagged=ether9 vlan-ids=401
add bridge=br-hardware tagged=ether13 untagged=ether10 vlan-ids=402
add bridge=br-hardware tagged=ether13 untagged=ether11 vlan-ids=403
add bridge=br-hardware tagged=ether13 untagged=ether12 vlan-ids=404
add bridge=br-hardware tagged=ether13 untagged=ether5 vlan-ids=301
add bridge=br-hardware tagged=ether13 untagged=ether6 vlan-ids=302
add bridge=br-hardware tagged=ether13 untagged=ether7 vlan-ids=303
add bridge=br-hardware tagged=ether13 untagged=ether8 vlan-ids=304
add bridge=br-hardware untagged=ether1,ether2,ether3,ether4 vlan-ids=99
/interface list member
add interface=vlan10-ccr list=discover
/ip address
add address=192.168.10.6/24 interface=vlan10-ccr network=192.168.10.0
/ip cloud
set update-time=no
/ip dns
set servers=192.168.10.9
/ip firewall filter
add action=passthrough chain=input log=yes log-prefix=OOOOOOOO
add action=passthrough chain=output log=yes log-prefix=OOOOOOOO2
add action=passthrough chain=forward log=yes log-prefix=OOOOOOOO3
/ip route
add distance=1 gateway=192.168.10.2
/system clock
set time-zone-autodetect=no time-zone-name=Europe/Warsaw
/system identity
set name=CRS326SWAG
/system leds
set 0 interface=ether1
add interface=vlan10-ccr leds=user-led type=interface-activity
/system ntp client
set enabled=yes primary-ntp=158.75.5.245
/system routerboard settings
set boot-os=router-os silent-boot=no
/user aaa
set default-group=public


# After ping (with timeouts):

[lapsio@CRS326SWAG] > /ip arp print 
Flags: X - disabled, I - invalid, H - DHCP, D - dynamic, P - published, C - complete 
 #    ADDRESS         MAC-ADDRESS       INTERFACE                                                                                                                                           
 0 D  192.168.10.5                      vlan10-ccr                                                                                                                                          
 1 DC 192.168.10.2    6C:3B:6B:E0:83:C5 vlan10-ccr                                                                                                                                          
 2 DC 192.168.10.1    02:14:9C:E7:AA:93 vlan10-ccr



[lapsio@CRS317SWAG] > /ip arp print 
Flags: X - disabled, I - invalid, H - DHCP, D - dynamic, P - published, C - complete 
 #    ADDRESS         MAC-ADDRESS       INTERFACE                                                                                                                                           
 0 DC 192.168.10.2    6C:3B:6B:E0:83:C5 vlan10-ccr                                                                                                                                          
 1 D  192.168.10.6                      vlan10-ccr

Router is connected on sfp+16 on CRS317 using vlan 1001. Switches are connected to each other using SFP+15 on CRS317 and SFP+2 on CRS326

Switches after reboot (so that ARP tables are cleared) can't ping themselves, nor ping router. They do however receive ARP from incoming packets so if router pings any of them first, they can ping it back later (as receiving ping from router fills their ARP table).

Router is always able to ping both switches (even after reboot with clean ARP table) so it's issue with generating ARP request by switches, not replies. Typically after some time switches do get their MAC addresses due to some propagation (probably some gratious ARP?) but it's quite long delay and I don't think it's really deterministic.
MTCNA, MTCRE, MTCINE
 
idlemind
Forum Guru
Forum Guru
Posts: 1102
Joined: Fri Mar 24, 2017 11:15 pm
Location: USA

Re: CRS317 - arp doesn't work

Tue Jul 31, 2018 7:00 am

/interface bridge
add admin-mac=CC:2D:E0:58:18:E0 auto-mac=no name=br-hardware protocol-mode=none vlan-filtering=yes

...

/interface bridge
add admin-mac=CC:2D:E0:51:8E:E0 auto-mac=no name=br-hardware protocol-mode=none vlan-filtering=yes


Duplicate MAC issues? Try using unique static MAC addresses from the proper range if you wish to do that: viewtopic.php?f=2&t=121263#p596222

Who is online

Users browsing this forum: No registered users and 96 guests