Community discussions

 
easyspot
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 56
Joined: Thu Jun 07, 2012 7:09 pm

Bridge Leakage in 6.42.x and above.

Fri Dec 07, 2018 11:53 am

deleted. useless to report here. better mail directly to mt team.
Last edited by easyspot on Wed Dec 12, 2018 6:03 am, edited 2 times in total.
 
sebastia
Long time Member
Long time Member
Posts: 684
Joined: Tue Oct 12, 2010 3:23 am

Re: Bridge Leakage in 6.42.x and above.

Fri Dec 07, 2018 12:14 pm

Could it be because of Romon? Is it enabled on your router?
https://wiki.mikrotik.com/wiki/Manual:RoMON
 
anav
Forum Guru
Forum Guru
Posts: 1140
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: Bridge Leakage in 6.42.x and above.

Fri Dec 07, 2018 1:33 pm

I dont see the point of putting your WAN connection on a bridge??
 
easyspot
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 56
Joined: Thu Jun 07, 2012 7:09 pm

Re: Bridge Leakage in 6.42.x and above.

Sat Dec 08, 2018 1:59 am

deleted
Last edited by easyspot on Wed Dec 12, 2018 6:02 am, edited 1 time in total.
 
easyspot
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 56
Joined: Thu Jun 07, 2012 7:09 pm

Re: Bridge Leakage in 6.42.x and above.

Sat Dec 08, 2018 2:00 am

I dont see the point of putting your WAN connection on a bridge??
I always do that so I can change WAN ether port easily.
 
User avatar
Jotne
Forum Veteran
Forum Veteran
Posts: 707
Joined: Sat Dec 24, 2016 11:17 am

Re: Bridge Leakage in 6.42.x and above.

Sat Dec 08, 2018 10:06 am

You do not need an own wan bridge. Only if you have multiple outside interface, so you could change config to:
remove this: interface bridge add name=bridge-wan
remove this: interface bridge port add bridge=bridge-wan interface=ether1
change to: ip dhcp-client add disabled=no interface=ether1
change to: ip firewall nat add act=masq chain=srcnat out-interface=ether1
.
Use Splunk to monitor your MikroTik Router

MikroTik->Splunk
 
User avatar
vecernik87
Member
Member
Posts: 352
Joined: Fri Nov 10, 2017 8:19 am

Re: Bridge Leakage in 6.42.x and above.

Sat Dec 08, 2018 3:03 pm

Actually, I do the wan-bridge as well sometime. It is much easier to maintain when you somehow need to use different physical port AND you can do L2 filtering, which is impossible with
/ip firewall
 
easyspot
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 56
Joined: Thu Jun 07, 2012 7:09 pm

Re: Bridge Leakage in 6.42.x and above.

Sun Dec 09, 2018 3:19 am

deleted
Last edited by easyspot on Wed Dec 12, 2018 6:02 am, edited 1 time in total.
 
easyspot
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 56
Joined: Thu Jun 07, 2012 7:09 pm

Re: Bridge Leakage in 6.42.x and above.

Sun Dec 09, 2018 3:22 am

deleted
Last edited by easyspot on Wed Dec 12, 2018 6:02 am, edited 1 time in total.
 
easyspot
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 56
Joined: Thu Jun 07, 2012 7:09 pm

Re: Bridge Leakage in 6.42.x and above.

Sun Dec 09, 2018 3:26 am

deleted
Last edited by easyspot on Wed Dec 12, 2018 6:01 am, edited 1 time in total.
 
easyspot
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 56
Joined: Thu Jun 07, 2012 7:09 pm

Re: Bridge Leakage in 6.42.x and above.

Sun Dec 09, 2018 3:41 am

deleted
Last edited by easyspot on Wed Dec 12, 2018 6:01 am, edited 2 times in total.
 
User avatar
Jotne
Forum Veteran
Forum Veteran
Posts: 707
Joined: Sat Dec 24, 2016 11:17 am

Re: Bridge Leakage in 6.42.x and above.

Sun Dec 09, 2018 10:39 am

Default configuration of RouerOS puts interface inn to Interface List (WAN / LAN etc).
You can then referee to WAN not to the interface itself.
/interface list
add comment=defconf name=WAN
/interface list member
add comment=defconf interface=ether1 list=WAN
.
Use Splunk to monitor your MikroTik Router

MikroTik->Splunk
 
User avatar
vecernik87
Member
Member
Posts: 352
Joined: Fri Nov 10, 2017 8:19 am

Re: Bridge Leakage in 6.42.x and above.

Sun Dec 09, 2018 11:14 am

@Jotne: I agree there are more ways to do it and each has some advantages and disadvantages. For now, lets focus on the presented issue that MNDP/CDP/LLDP is somehow passing through NAT. (which shouldn't happen under any circumstances - all these protocols work with L2 broadcasting so they should never be forwarded with L3 or even pass through NAT)

@easyspot: Personally I haven't notice such behavior on any of my devices but I am not trying to say that the issue does not exist. You described it pretty clearly, including serious consequences (packet storms).
I'll be happy to try it on same model to see if I can reproduce it in controlled environment. I guess we will need some packet captures, complete config exports (or suppouts), network maps etc... so we can prove it to Mikrotik staff. If it proves true, it would be pretty huge... Hopefully it is just some misunderstanding. (Is it possible that your pc is for example connected with wifi at the same time as cable, while wifi is on bridge-wan? Is it possible that you skipped some other relevant parts of your config?)

Who is online

Users browsing this forum: tricksol and 85 guests