Let me start this off by saying I am well versed in a number of products, but mikrotik gives me fits every now and again. Device type is CCR1009
Scenario
New Internet Connection /30 coming from the carrier on Ether1 I can ping the internet fine, manage device, etc. Let's call it 100.100.100.0/30 My device is .1, peer is .2
I have a /27 the carrier routes to me for my new firewalls and other public IPs. 200.200.200.0/27 being that range.
If I set the ip address up on the ETH2, as 200.200.200.1 I can plug in a laptop and I can test the connectivity out to the internet just fine. However, being the glutton for punishment I am, I want to be able to hook multiple devices up to this mikrotik without having to put a switch behind any one single interface
I was thinking creating a bridge would work between ETHER2-6, and put the ip interface on the vlan. Unfortunately, it doesn't work and I no longer access the internet from hosts on 200.200.200.0/27
Any help would be most appreciated.
------------------- Detailed config Dump -------------------------------
[admin@INET-RTR1] /system> /ip route print detail
Flags: D - dynamic; X - disabled, I - inactive, A - active;
c - connect, s - static, r - rip, b - bgp, o - ospf, d - dhcp, v - vpn, m - modem, y - copy;
H - hw-offloaded; + - ecmp
0 As dst-address=0.0.0.0/0 routing-table=main pref-src=""
gateway=100.100.100.2 immediate-gw=100.100.100.1%ether1 distance=1
scope=30 target-scope=10 suppress-hw-offload=no
DAc dst-address=100.100.100.0/30 routing-table=main gateway=ether1
immediate-gw=ether1 distance=0 scope=10 suppress-hw-offload=no
local-address=100.100.100.1%ether1
DAc dst-address=200.200.200.0/27 routing-table=main gateway=vlan1
immediate-gw=vlan1 distance=0 scope=10 suppress-hw-offload=no
local-address=200.200.200.1%vlan1
[admin@INET-RTR1] /system> /interface bridge print
Flags: X - disabled, R - running
0 R name="bridge1" mtu=auto actual-mtu=1500 l2mtu=1580 arp=enabled
arp-timeout=auto mac-address=64:D1:54:E5:55:32 protocol-mode=rstp
fast-forward=yes igmp-snooping=no auto-mac=yes ageing-time=5m
priority=0x8000 max-message-age=20s forward-delay=15s
transmit-hold-count=6 vlan-filtering=no dhcp-snooping=no
[admin@INET-RTR1] /system> /interface bridge print detail
Flags: X - disabled, R - running
0 R name="bridge1" mtu=auto actual-mtu=1500 l2mtu=1580 arp=enabled
arp-timeout=auto mac-address=64:D1:54:E5:55:32 protocol-mode=rstp
fast-forward=yes igmp-snooping=no auto-mac=yes ageing-time=5m
priority=0x8000 max-message-age=20s forward-delay=15s
transmit-hold-count=6 vlan-filtering=no dhcp-snooping=no
[admin@INET-RTR1] /system> /interface vlan print det
Flags: X - disabled, R - running
0 R name="vlan1" mtu=1500 l2mtu=1576 mac-address=64:D1:54:E5:55:32 arp=enabled
arp-timeout=auto loop-protect=default loop-protect-status=off
loop-protect-send-interval=5s loop-protect-disable-time=5m vlan-id=1
interface=bridge1 use-service-tag=no
[admin@INET-RTR1] /system> /ip address print det
Flags: X - disabled, I - invalid, D - dynamic
0 address=100.100.100.1/30 network=100.100.100.0 interface=ether1
actual-interface=ether1
1 address=200.200.200.1/27 network=200.200.200.0 interface=vlan1
actual-interface=vlan1
[admin@INET-RTR1] /system> /interface ethernet print det
Flags: X - disabled, R - running; S - slave
0 name="combo1" default-name="combo1" mtu=1500 l2mtu=1580
mac-address=64:D1:54:E5:55:30 orig-mac-address=64:D1:54:E5:55:30
arp=enabled arp-timeout=auto loop-protect=default
loop-protect-status=off loop-protect-send-interval=5s
loop-protect-disable-time=5m auto-negotiation=yes
advertise=10M-full,100M-full,1000M-full full-duplex=yes
tx-flow-control=off rx-flow-control=off speed=1Gbps
bandwidth=unlimited/unlimited sfp-rate-select=high combo-mode=auto
sfp-shutdown-temperature=95C
1 R name="ether1" default-name="ether1" mtu=1500 l2mtu=1580
mac-address=64:D1:54:E5:55:31 orig-mac-address=64:D1:54:E5:55:31
arp=enabled arp-timeout=auto loop-protect=default
loop-protect-status=off loop-protect-send-interval=5s
loop-protect-disable-time=5m auto-negotiation=yes advertise=1000M-full
full-duplex=yes tx-flow-control=off rx-flow-control=off speed=100Mbps
bandwidth=unlimited/unlimited
2 RS name="ether2" default-name="ether2" mtu=1500 l2mtu=1580
mac-address=64:D1:54:E5:55:32 orig-mac-address=64:D1:54:E5:55:32
arp=enabled arp-timeout=auto loop-protect=default
loop-protect-status=off loop-protect-send-interval=5s
loop-protect-disable-time=5m auto-negotiation=yes
advertise=10M-full,100M-full,1000M-full full-duplex=yes
tx-flow-control=off rx-flow-control=off speed=100Mbps
bandwidth=unlimited/unlimited
3 RS name="ether3" default-name="ether3" mtu=1500 l2mtu=1580
mac-address=64:D1:54:E5:55:33 orig-mac-address=64:D1:54:E5:55:33
arp=enabled arp-timeout=auto loop-protect=default
loop-protect-status=off loop-protect-send-interval=5s
loop-protect-disable-time=5m auto-negotiation=yes
advertise=10M-full,100M-full,1000M-full full-duplex=yes
tx-flow-control=off rx-flow-control=off speed=100Mbps
bandwidth=unlimited/unlimited
4 RS name="ether4" default-name="ether4" mtu=1500 l2mtu=1580
mac-address=64:D1:54:E5:55:34 orig-mac-address=64:D1:54:E5:55:34
arp=enabled arp-timeout=auto loop-protect=default
loop-protect-status=off loop-protect-send-interval=5s
loop-protect-disable-time=5m auto-negotiation=yes
advertise=10M-full,100M-full,1000M-full full-duplex=yes
tx-flow-control=off rx-flow-control=off speed=100Mbps
bandwidth=unlimited/unlimited
5 RS name="ether5" default-name="ether5" mtu=1500 l2mtu=1580
mac-address=64:D1:54:E5:55:35 orig-mac-address=64:D1:54:E5:55:35
arp=enabled arp-timeout=auto loop-protect=default
loop-protect-status=off loop-protect-send-interval=5s
loop-protect-disable-time=5m auto-negotiation=yes
advertise=10M-full,100M-full,1000M-full full-duplex=yes
tx-flow-control=off rx-flow-control=off speed=100Mbps
bandwidth=unlimited/unlimited
6 S name="ether6" default-name="ether6" mtu=1500 l2mtu=1580
mac-address=64:D1:54:E5:55:36 orig-mac-address=64:D1:54:E5:55:36
arp=enabled arp-timeout=auto loop-protect=default
loop-protect-status=off loop-protect-send-interval=5s
loop-protect-disable-time=5m auto-negotiation=yes
advertise=10M-full,100M-full,1000M-full full-duplex=yes
tx-flow-control=off rx-flow-control=off speed=100Mbps
bandwidth=unlimited/unlimited
7 name="ether7" default-name="ether7" mtu=1500 l2mtu=1580
mac-address=64:D1:54:E5:55:37 orig-mac-address=64:D1:54:E5:55:37
arp=enabled arp-timeout=auto loop-protect=default
loop-protect-status=off loop-protect-send-interval=5s
loop-protect-disable-time=5m auto-negotiation=yes
advertise=10M-full,100M-full,1000M-full full-duplex=yes
tx-flow-control=off rx-flow-control=off speed=100Mbps
bandwidth=unlimited/unlimited
[admin@INET-RTR1] /system> /interface bridge print det
Flags: X - disabled, R - running
0 R name="bridge1" mtu=auto actual-mtu=1500 l2mtu=1580 arp=enabled
arp-timeout=auto mac-address=64:D1:54:E5:55:32 protocol-mode=rstp
fast-forward=yes igmp-snooping=no auto-mac=yes ageing-time=5m
priority=0x8000 max-message-age=20s forward-delay=15s
transmit-hold-count=6 vlan-filtering=no dhcp-snooping=no
[admin@INET-RTR1] /system> /interface vlan print det
Flags: X - disabled, R - running
0 R name="vlan1" mtu=1500 l2mtu=1576 mac-address=64:D1:54:E5:55:32 arp=enabled
arp-timeout=auto loop-protect=default loop-protect-status=off
loop-protect-send-interval=5s loop-protect-disable-time=5m vlan-id=1
interface=bridge1 use-service-tag=no