Community discussions

MikroTik App
 
donatoroman
newbie
Topic Author
Posts: 30
Joined: Tue Dec 07, 2021 9:03 pm

New bridge setup isnt working, I must be missing something very simple

Wed Dec 15, 2021 7:51 pm

Hi all

I'm doing a very basic self contained test here where I have a CRS309 running v7.1 and a single laptop connected to a port. I then created a new VLAN, e.g. 53 using the default bridge as Interface, and then created an SVI equivalent, e.g. 192.168.53.1. I then set the interface the laptop is connected to using the default bridge, even untagged vlan 53 though according to the documentation that is unnecessary if the PVID is already set to that vlan. Either way, my laptop has an IP of 192.168.53.11 so same /24 and all works well. I can ping the laptop from the SVI no problem. I can create a new SVI on another vlan on the same bridge and no issues pinging.

[user@crs309test] /interface/bridge/vlan> /ping 192.168.53.11 src-address=192.168.53.1
SEQ HOST SIZE TTL TIME STATUS
0 192.168.53.11 56 64 665us
1 192.168.53.11 56 64 685us

The problem comes when I make a new bridge, because I want to leave the default bridge as is and make my changes on a new one. I created a new bridge (Custom1), moved the VLAN interface over, the physical interface where the laptop is connected to, as well as where you untag your vlans in. Pings stop working. When I check the arp table, I can clearly see ARP is a problem

[user@crs309test] /ip/arp> print
Flags: D, P - PUBLISHED; C - COMPLETE
Columns: ADDRESS, MAC-ADDRESS, INTERFACE
# ADDRESS MAC-ADDRESS INTERFACE
3 D 192.168.53.11 Custom1

[user@crs309test] /interface/bridge/vlan> /ping 192.168.53.11 src-address=192.168.53.1
SEQ HOST SIZE TTL TIME STATUS
0 192.168.53.11 timeout
1 192.168.53.11 timeout


I switch it all back to default bridge, arp works again and the switch can associate IP with mac, and all is good. Just to reiterate these are just tests from the same switch. Any ideas??
 
tdw
Forum Guru
Forum Guru
Posts: 1843
Joined: Sat May 05, 2018 11:55 am

Re: New bridge setup isnt working, I must be missing something very simple

Wed Dec 15, 2021 8:05 pm

Multiple bridges is generally a bad idea as you will loose the hardware-offloaded wirespeed switching on all but the first bridge, and interfaces may only be assigned to one bridge.

Without seeing the configuration it is impossible to say what you have done wrongly. Some useful information viewtopic.php?f=2&t=173692 and viewtopic.php?t=143620
 
donatoroman
newbie
Topic Author
Posts: 30
Joined: Tue Dec 07, 2021 9:03 pm

Re: New bridge setup isnt working, I must be missing something very simple

Wed Dec 15, 2021 8:21 pm

Here's the config. To clarify, I am using a lacp trunk port to my laptop for testing (Po78), but either way, this works with default bridge but not the Custom1 bridge. Thanks for calling out the hardware offloading though. I didn't realize that's not supported on custom bridges. Only reason I did that is because the documentation to setting up vlans did define a custom bridge, so I assumed it was best practice not to touch the default one...
/interface bridge
add admin-mac=DC:2C:6E:26:43:90 auto-mac=no comment=defconf name=bridge
add admin-mac=DC:2C:6E:26:43:91 auto-mac=no name=Custom1
add name=mgmt
/interface ethernet
set [ find default-name=sfp-sfpplus1 ] name=Eth1
set [ find default-name=sfp-sfpplus2 ] name=Eth2
set [ find default-name=sfp-sfpplus3 ] name=Eth3
set [ find default-name=sfp-sfpplus4 ] name=Eth4
set [ find default-name=sfp-sfpplus5 ] name=Eth5
set [ find default-name=sfp-sfpplus6 ] name=Eth6
set [ find default-name=sfp-sfpplus7 ] name=Eth7
set [ find default-name=sfp-sfpplus8 ] name=Eth8
set [ find default-name=ether1 ] name=mgmt0
/interface vlan
add interface=Custom1 name=HomeWiFi vlan-id=51
add interface=Custom1 name=HomeWired vlan-id=50
add interface=Custom1 name=Storage vlan-id=53
/interface bonding
add mode=802.3ad name=Po78 slaves=Eth7,Eth8 transmit-hash-policy=layer-2-and-3
/interface ethernet switch
set 0 l3-hw-offloading=yes
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/port
set 0 name=serial0
/interface bridge port
add bridge=bridge comment=defconf interface=Eth1
add bridge=bridge comment=defconf interface=Eth2
add bridge=bridge comment=defconf interface=Eth3
add bridge=bridge comment=defconf interface=Eth4
add bridge=bridge comment=defconf interface=Eth5
add bridge=bridge comment=defconf interface=Eth6
add bridge=mgmt interface=mgmt0
add bridge=Custom1 edge=yes ingress-filtering=no interface=Po78 pvid=53
/ip settings
set arp-timeout=4h
/interface bridge vlan
add bridge=bridge untagged=Po78 vlan-ids=53
/ip address
add address=192.168.15.11/24 interface=mgmt network=192.168.15.0
add address=192.168.53.1/24 interface=Storage network=192.168.53.0
add address=192.168.1.160/24 interface=Eth1 network=192.168.1.0
add address=192.168.51.1/24 interface=HomeWiFi network=192.168.51.0
add address=192.168.50.1/24 interface=HomeWired network=192.168.50.0
/ip dns
set servers=192.168.1.1
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set www-ssl certificate=https-cert disabled=no tls-version=only-1.2
/ip ssh
set strong-crypto=yes
/system clock
set time-zone-name=America/New_York
/system identity
set name=crs309test
/system routerboard settings
set boot-os=router-os
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11452
Joined: Thu Mar 03, 2016 10:23 pm

Re: New bridge setup isnt working, I must be missing something very simple  [SOLVED]

Wed Dec 15, 2021 8:59 pm

Two things:
  1. interface Custom1 has to be tagged member of all vlans where you have corresponding sub-interface created under /jnterface vlan
  2. you have to enable vlan-filtering on bridge Custom1, without it bridge won't apply any VLAN settings (e.g. tagging with PVID on ingress)
 
donatoroman
newbie
Topic Author
Posts: 30
Joined: Tue Dec 07, 2021 9:03 pm

Re: New bridge setup isnt working, I must be missing something very simple

Wed Dec 15, 2021 9:19 pm

Two things:
  1. interface Custom1 has to be tagged member of all vlans where you have corresponding sub-interface created under /jnterface vlan
  2. you have to enable vlan-filtering on bridge Custom1, without it bridge won't apply any VLAN settings (e.g. tagging with PVID on ingress)
I actually made a mistake in copying the config I was using. I'm assuming for the first bullet point there its this config here
/interface bridge vlan
add bridge=bridge untagged=Po78 vlan-ids=53
It's actually set to use bridge=Custom1 for the testing. Are you saying that I also have to tag it with interface Custom1 as well? So looks like this
/interface bridge vlan
add bridge=Custom1 tagged=Custom1 untagged=Po78 vlan-ids=53
Regarding point 2, the default bridge also has vlan filtering set to off. Just to confirm that needs to be enabled or it only applies for "new" bridges you create?

Thanks so much for your help again.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11452
Joined: Thu Mar 03, 2016 10:23 pm

Re: New bridge setup isnt working, I must be missing something very simple

Wed Dec 15, 2021 9:27 pm

/interface bridge vlan
add bridge=Custom1 tagged=Custom1 untagged=Po78 vlan-ids=53
Regarding point 2, the default bridge also has vlan filtering set to off. Just to confirm that needs to be enabled or it only applies for "new" bridges you create?
Yes, the config above is how it should be.

All bridges need vlan-filtering=yes for VLAN tagging/untagging to happen on member ports. If vlan-filtering is not enabled, then bridge leaves VLAN tags unchanged ... sometimes things seem to work but that's pure coincidence.
 
donatoroman
newbie
Topic Author
Posts: 30
Joined: Tue Dec 07, 2021 9:03 pm

Re: New bridge setup isnt working, I must be missing something very simple

Wed Dec 15, 2021 10:49 pm

/interface bridge vlan
add bridge=Custom1 tagged=Custom1 untagged=Po78 vlan-ids=53
Regarding point 2, the default bridge also has vlan filtering set to off. Just to confirm that needs to be enabled or it only applies for "new" bridges you create?
Yes, the config above is how it should be.

All bridges need vlan-filtering=yes for VLAN tagging/untagging to happen on member ports. If vlan-filtering is not enabled, then bridge leaves VLAN tags unchanged ... sometimes things seem to work but that's pure coincidence.
Thank you. I'll test this when I'm able to again. Just to confirm as well, the new offload to hardware from cpu in v7 for intervlan traffic only applies for default bridge and not to custom set bridges? If that's true, then there's no reason for me not to leave my setup on the default bridge then.
 
 
donatoroman
newbie
Topic Author
Posts: 30
Joined: Tue Dec 07, 2021 9:03 pm

Re: New bridge setup isnt working, I must be missing something very simple

Thu Dec 16, 2021 12:57 am

Thank you. Also highlights another important thing there I didn't know where you have to disable it when making l2 changes... and then re-enable after. Yikes. I guess that begs the question, what happens then if you've already made changes without disabling it. Can you just simply issue commands to disable then re-enable after? Or you have to undo your config, and start over?
 
donatoroman
newbie
Topic Author
Posts: 30
Joined: Tue Dec 07, 2021 9:03 pm

Re: New bridge setup isnt working, I must be missing something very simple

Thu Dec 16, 2021 1:19 am

/interface bridge vlan
add bridge=Custom1 tagged=Custom1 untagged=Po78 vlan-ids=53
Regarding point 2, the default bridge also has vlan filtering set to off. Just to confirm that needs to be enabled or it only applies for "new" bridges you create?
Yes, the config above is how it should be.

All bridges need vlan-filtering=yes for VLAN tagging/untagging to happen on member ports. If vlan-filtering is not enabled, then bridge leaves VLAN tags unchanged ... sometimes things seem to work but that's pure coincidence.

Ok, I just tested again tagging bridge and if I enable vlan filtering, then pings stop working from local svi on switch to the host. If I disable it, it works.
/interface bridge
add admin-mac=DC:2C:6E:26:43:90 auto-mac=no name=bridge
add name=mgmt
/interface ethernet
set [ find default-name=sfp-sfpplus1 ] name=Eth1
set [ find default-name=sfp-sfpplus2 ] name=Eth2
set [ find default-name=sfp-sfpplus3 ] name=Eth3
set [ find default-name=sfp-sfpplus4 ] name=Eth4
set [ find default-name=sfp-sfpplus5 ] name=Eth5
set [ find default-name=sfp-sfpplus6 ] name=Eth6
set [ find default-name=sfp-sfpplus7 ] name=Eth7
set [ find default-name=sfp-sfpplus8 ] name=Eth8
set [ find default-name=ether1 ] name=mgmt0
/interface vlan
add interface=bridge name=Storage vlan-id=53
/interface bonding
add mode=802.3ad name=Po78 slaves=Eth7,Eth8 transmit-hash-policy=layer-2-and-3
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/port
set 0 name=serial0
/interface bridge port
add bridge=bridge comment=defconf interface=Eth1
add bridge=bridge comment=defconf interface=Eth2
add bridge=bridge comment=defconf interface=Eth3
add bridge=bridge comment=defconf interface=Eth4
add bridge=bridge comment=defconf interface=Eth5
add bridge=bridge comment=defconf interface=Eth6
add bridge=mgmt interface=mgmt0
add bridge=bridge edge=yes ingress-filtering=no interface=Po78 pvid=53
/ip settings
set arp-timeout=4h
/interface bridge vlan
add bridge=bridge tagged=bridge untagged=Po78 vlan-ids=53
/ip address
add address=192.168.15.11/24 interface=mgmt network=192.168.15.0
add address=192.168.53.1/24 interface=Storage network=192.168.53.0
add address=192.168.1.160/24 interface=Eth1 network=192.168.1.0
/ip dns
set servers=192.168.1.1
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set www-ssl certificate=https-cert disabled=no tls-version=only-1.2
/ip ssh
set strong-crypto=yes
/system clock
set time-zone-name=America/New_York
/system identity
set name=crs309test
/system routerboard settings
set boot-os=router-os
EDIT: Nevermind, I tagged that vlan on the client side which was something I was testing with and forgotten about. Removed that and all is well. Thanks so much for the help.

Who is online

Users browsing this forum: No registered users and 13 guests