Route between LAN segments v7.1.5

yossarian69 · Thu Apr 14, 2022 7:24 pm

Help I can't figure this simple routing problem out:

# apr/14/2022 17:55:32 by RouterOS 7.1.5
# software id = GFYW-4X1S
#
# model = RBcAPGi-5acD2nD
# serial number = B8C00A3F6636

/interface bridge
add fast-forward=no name=br-22
add fast-forward=no name=br-33
/interface bridge settings
set allow-fast-path=no

/ip address
add address=192.168.22.1/24 interface=br-22 network=192.168.22.0
add address=192.168.33.1/24 interface=br-33 network=192.168.33.0
 /ip route print
Flags: D - DYNAMIC; A - ACTIVE; c, d, y - COPY
Columns: DST-ADDRESS, GATEWAY, DISTANCE
    DST-ADDRESS      GATEWAY       DISTANCE
DAd 0.0.0.0/0        192.168.88.8         1
DAc 192.168.22.0/24  br-22                0
DAc 192.168.33.0/24  br-33                0

ping address=192.168.22.1
  SEQ HOST                                     SIZE TTL TIME       STATUS        
    0 192.168.22.1                               56  64 245us     
    1 192.168.22.1                               56  64 356us     
    2 192.168.22.1                               56  64 351us     
    3 192.168.22.1                               56  64 458us     
    sent=4 received=4 packet-loss=0% min-rtt=245us avg-rtt=352us max-rtt=458us 

 ping address=192.168.22.1 interface=br-33
  SEQ HOST                                     SIZE TTL TIME       STATUS        
    0 192.168.22.1                                                 timeout       
    1 192.168.22.1                                                 timeout       
    sent=2 received=0 packet-loss=100%

Address 192.168.33.1 is pingable but also not from br-22

I expected the two bridges to be routed to and from each other by default. There is no firewall as I have used an internal CAP for this test. Every search I've done on this forum suggests that inter lan routing is handled by the static routes in/ip route unless blocked by /ip firewall or if layer 3 is bypassed by fasttrack or hw offload or something.

This is the simplest config that demonstrates my problem. It's not a real world config.

My full config:

# apr/14/2022 18:04:55 by RouterOS 7.1.5
# software id = GFYW-4X1S
#
# model = RBcAPGi-5acD2nD
# serial number = B8C00A3F6636
/interface bridge
add fast-forward=no name=br-22
add fast-forward=no name=br-33
add admin-mac=74:4D:28:A9:AD:AF auto-mac=no comment=defconf name=bridgeLocal
/interface wireless
# managed by CAPsMAN
# channel: 2452/20-Ce/gn/P(15dBm), SSID: xxxxxx, CAPsMAN forwarding
set [ find default-name=wlan1 ] antenna-gain=5 country=japan frequency-mode=\
    manual-txpower ssid=MikroTik station-roaming=enabled
# managed by CAPsMAN
# channel: 5640/20-eCee/ac/DP(21dBm), SSID: xxxxxx, CAPsMAN forwarding
set [ find default-name=wlan2 ] antenna-gain=2 country=japan ssid=MikroTik \
    station-roaming=enabled
/interface list
add name=WAN
add name=LAN
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/routing bgp template
set default as=65530 disabled=no name=default output.network=bgp-networks
/routing ospf instance
add name=default-v2
/routing ospf area
add disabled=yes instance=default-v2 name=backbone-v2
/system logging action
set 3 remote=192.168.88.53
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,passw\
    ord,web,sniff,sensitive,api,romon,dude,tikapp,rest-api"
/interface bridge port
add bridge=bridgeLocal comment=defconf ingress-filtering=no interface=ether1
add bridge=bridgeLocal comment=defconf ingress-filtering=no interface=ether2
add bridge=bridgeLocal ingress-filtering=no interface=wlan1
add bridge=bridgeLocal ingress-filtering=no interface=wlan2
/interface bridge settings
set allow-fast-path=no
/ip neighbor discovery-settings
set discover-interface-list=LAN
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface list member
add interface=ether1 list=LAN
add interface=ether2 list=LAN
add interface=wlan1 list=LAN
add interface=wlan2 list=LAN
add interface=br-33 list=LAN
add interface=br-22 list=LAN
/interface wireless cap
# 
set bridge=bridgeLocal discovery-interfaces=bridgeLocal enabled=yes interfaces=\
    wlan1,wlan2
/ip address
add address=192.168.22.1/24 interface=br-22 network=192.168.22.0
add address=192.168.33.1/24 interface=br-33 network=192.168.33.0
/ip dhcp-client
add comment="defconf test log" interface=bridgeLocal
/system clock
set time-zone-name=Africa/Harare
/system identity
set name=Cottage-CAP
/system logging
add action=remote topics=critical
add action=remote topics=error
add action=remote topics=info
add action=remote topics=warning
/system routerboard settings
set cpu-frequency=auto

mkx · Thu Apr 14, 2022 9:25 pm

I don't think your example command can work. When running ping, it's ROS which is packet sender. If you ping own address without setting egress interface, it'll select the best one, in this case br-22 and destination address is readily available. If you set egress interface to be br-33, then device own adress is not readily available on that interface, but direction is already egress because you took decission about egress interface in your own hands. In essence your test case is not the same as if packet targeting "non-native" IP address (e.g. 192.168.22.1) ingresses through an interface (e.g. br-33) because in that case routing engine decides what to do with the packet.

yossarian69 · Thu Apr 14, 2022 10:27 pm

Thank you, that makes sense. The interface= parameter of ping is the out going interface.

Route between LAN segments v7.1.5

Route between LAN segments v7.1.5

Re: Route between LAN segments v7.1.5

Re: Route between LAN segments v7.1.5

Who is online