Community discussions

MikroTik App
 
marina
just joined
Topic Author
Posts: 7
Joined: Mon May 30, 2022 10:22 am

RB4011 not working with provider on same bridge

Wed Oct 12, 2022 2:32 pm

Hello.

I have configured an RB4011 for home use with two providers in active-backup way.

All ports are connected to one bridge. The bridge is configured with VLANs. One vlan for home, one vlan for provider, 3rd vlan for 2nd provider.

The problem is that one provider is not accessible thru bridge. No ping to provider's gw.
If I create another bridge with vlans and put that providers port in this bridge using same vlan ID - the ping works and internet is accessible thru this provider.
When putting back to first bridge - provider's gw does not ping.
Where the problem could be?

This configuration is for case when trouble provider is in separate bridge and this provider's gw is pinging:
/interface bridge
add name=bridge add-dhcp-option82=yes dhcp-snooping=yes frame-types=admit-only-vlan-tagged ingress-filtering=yes vlan-filtering=yes
add frame-types=admit-only-vlan-tagged ingress-filtering=yes name=bridge1 vlan-filtering=yes
/interface vlan
add interface=bridge name=provider1 vlan-id=102
add interface=bridge name=default vlan-id=1
add interface=bridge name=guest vlan-id=9
add interface=bridge name=home vlan-id=10
add interface=bridge1 name=provider2 vlan-id=101
/interface pppoe-client
add add-default-route=yes default-route-distance=10 dial-on-demand=yes disabled=no interface=provider1 name=provider1-ppoe password=... user=...
/interface list
add name="STP Filter"
/ppp profile
add change-tcp-mss=yes name=provider1-profile
/interface bridge filter
add action=drop chain=output dst-mac-address=01:80:C2:00:00:00/FF:FF:FF:FF:FF:FF out-interface-list="STP Filter"
add action=drop chain=forward dst-mac-address=01:80:C2:00:00:00/FF:FF:FF:FF:FF:FF in-interface-list="STP Filter"
add action=drop chain=forward dst-mac-address=01:80:C2:00:00:00/FF:FF:FF:FF:FF:FF out-interface-list="STP Filter"
/interface bridge port
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=ether2 pvid=101 restricted-role=yes restricted-tcn=yes
add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=ether3 pvid=102 restricted-role=yes restricted-tcn=yes trusted=yes
add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=ether4 pvid=10
/interface bridge vlan
add bridge=bridge tagged=bridge vlan-ids=1
add bridge=bridge tagged=bridge vlan-ids=9
add bridge=bridge tagged=bridge vlan-ids=101
add bridge=bridge tagged=bridge vlan-ids=102
add bridge=bridge tagged=bridge vlan-ids=10
add bridge=bridge1 tagged=bridge1 vlan-ids=101
/interface list member
add interface=ether2 list="STP Filter"
add interface=ether3 list="STP Filter"
/ip address
add address=.../24 interface=home network=...
add address=.../24 interface=provider2 network=...
/ip route
add check-gateway=ping distance=10 gateway=provider2_gw

and this is the case when trouble provider is on common bridge and pinging is not working:

/interface bridge
add name=bridge add-dhcp-option82=yes dhcp-snooping=yes frame-types=admit-only-vlan-tagged ingress-filtering=yes vlan-filtering=yes
add frame-types=admit-only-vlan-tagged ingress-filtering=yes name=bridge1 vlan-filtering=yes
/interface vlan
add interface=bridge name=provider1 vlan-id=102
add interface=bridge name=default vlan-id=1
add interface=bridge name=guest vlan-id=9
add interface=bridge name=home vlan-id=10
add interface=bridge name=provider2 vlan-id=101
/interface pppoe-client
add add-default-route=yes default-route-distance=10 dial-on-demand=yes disabled=no interface=provider1 name=provider1-ppoe password=... user=...
/interface list
add name="STP Filter"
/ppp profile
add change-tcp-mss=yes name=provider1-profile
/interface bridge filter
add action=drop chain=output dst-mac-address=01:80:C2:00:00:00/FF:FF:FF:FF:FF:FF out-interface-list="STP Filter"
add action=drop chain=forward dst-mac-address=01:80:C2:00:00:00/FF:FF:FF:FF:FF:FF in-interface-list="STP Filter"
add action=drop chain=forward dst-mac-address=01:80:C2:00:00:00/FF:FF:FF:FF:FF:FF out-interface-list="STP Filter"
/interface bridge port
add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=ether2 pvid=101 restricted-role=yes restricted-tcn=yes
add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=ether3 pvid=102 restricted-role=yes restricted-tcn=yes trusted=yes
add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=ether4 pvid=10
/interface bridge vlan
add bridge=bridge tagged=bridge vlan-ids=1
add bridge=bridge tagged=bridge vlan-ids=9
add bridge=bridge tagged=bridge vlan-ids=101
add bridge=bridge tagged=bridge vlan-ids=102
add bridge=bridge tagged=bridge vlan-ids=10
add bridge=bridge1 tagged=bridge1 vlan-ids=101
/interface list member
add interface=ether2 list="STP Filter"
add interface=ether3 list="STP Filter"
/ip address
add address=.../24 interface=home network=...
add address=.../24 interface=provider2 network=...
/ip route
add check-gateway=ping distance=10 gateway=provider2_gw

Who is online

Users browsing this forum: Amazon [Bot], voytecky and 93 guests