Hi everyone.
I have a strange issue with one device in my networks when i turning on Bridge VLAN filtering on my main routers(no matter it ROS 6 or ROS 7). Simplified schema:So i have main router (ROS 6 or ROS 7) i have switch attached to main router to bridge port. Clients are connected to the switch and also one cAP AC. I need to separate guest wifi clients from my lan network so i used bridge vlan filtering and isolated vlan for this clients. And everything works prfectly, PCs, laptops, wifi, TV's and other devices except one - thermal receipt fiscal printer. This printer has problem connectivity to main router, about 60% packet loss, internet connection working just partially(only servers check but not sending any data). The main problem that this is more than one case, i have at least 5 location with different switches, different routers where this problem presist(only when bridge vlan filtering on). All devices using native vlan 1 except guest wifi clients. So i made a simple stand and what did i manage to find out:
1. Even without any configuration on vlan but only with enabled option "bridge vlan filtering" - the printer has connectivity issues.
2. After i disabling "bridge vlan filtering" problem still presist until i turning on and off interface on router that connected to switch. After that there's no connectivity problems.
3. Replacing the switch had no effect(used unmanaged TP-Link, CSS-326, router RB-951 with all bridged ports)
4. Tried to manage vlans on switch, configured untagged port for printer and trunk on uplink - no effect.
5. PC that connected to the same switch has no connectivity issues with this printer. Connectivity issue only between Mikrotik router(with bridge vlan filtering on) and this printer.
6. I tried to hide this printer behind another router with NAT - no connectivity issues, everyting workin fine.
7. I thought it might be problem with MTU, but pinging with any size of packet with "dont fragment" flag did not bring any result.
Main settings on Mikrotik router just only with bridge vlan filtering on:Connectivity issue from main router to printer looks like this:I can understand that this is might be a problem with this printers, but i cant refuse to use this printers because they attached to tax service and at the same time i need vlans to isolate guests. I even dont know where to dig next to solve this problem. I will appreciate any advice. Thank you.
I have a strange issue with one device in my networks when i turning on Bridge VLAN filtering on my main routers(no matter it ROS 6 or ROS 7). Simplified schema:So i have main router (ROS 6 or ROS 7) i have switch attached to main router to bridge port. Clients are connected to the switch and also one cAP AC. I need to separate guest wifi clients from my lan network so i used bridge vlan filtering and isolated vlan for this clients. And everything works prfectly, PCs, laptops, wifi, TV's and other devices except one - thermal receipt fiscal printer. This printer has problem connectivity to main router, about 60% packet loss, internet connection working just partially(only servers check but not sending any data). The main problem that this is more than one case, i have at least 5 location with different switches, different routers where this problem presist(only when bridge vlan filtering on). All devices using native vlan 1 except guest wifi clients. So i made a simple stand and what did i manage to find out:
1. Even without any configuration on vlan but only with enabled option "bridge vlan filtering" - the printer has connectivity issues.
2. After i disabling "bridge vlan filtering" problem still presist until i turning on and off interface on router that connected to switch. After that there's no connectivity problems.
3. Replacing the switch had no effect(used unmanaged TP-Link, CSS-326, router RB-951 with all bridged ports)
4. Tried to manage vlans on switch, configured untagged port for printer and trunk on uplink - no effect.
5. PC that connected to the same switch has no connectivity issues with this printer. Connectivity issue only between Mikrotik router(with bridge vlan filtering on) and this printer.
6. I tried to hide this printer behind another router with NAT - no connectivity issues, everyting workin fine.
7. I thought it might be problem with MTU, but pinging with any size of packet with "dont fragment" flag did not bring any result.
Main settings on Mikrotik router just only with bridge vlan filtering on:
Code:
/interface bridgeadd name=bridge1 vlan-filtering=yes/interface ethernetset [ find default-name=ether1 ] comment=ISP_primaryset [ find default-name=ether2 ] comment=ISP_secondaryset [ find default-name=ether3 ] comment=LANset [ find default-name=sfp1 ] comment=Retail/interface listadd name=LANadd name=WAN/portset 0 name=serial0/interface bridge portadd bridge=bridge1 interface=ether2add bridge=bridge1 interface=ether3add bridge=bridge1 interface=ether4add bridge=bridge1 interface=ether5add bridge=bridge1 interface=ether6add bridge=bridge1 interface=ether7add bridge=bridge1 interface=ether8add bridge=bridge1 interface=ether10add bridge=bridge1 disabled=yes interface=ether9/ip firewall connection trackingset udp-timeout=10s/ip settingsset max-neighbor-entries=8192/ipv6 settingsset disable-ipv6=yes max-neighbor-entries=8192/interface list memberadd interface=bridge1 list=LANadd interface=ether1 list=WANadd interface=ether2 list=WAN/ip addressadd address=172.20.0.1/22 interface=bridge1 network=172.20.0.0/ip dnsset allow-remote-requests=yes servers=1.1.1.1,8.8.8.8/ip firewall filteradd action=accept chain=input comment=established/related connection-state=\ established,related,untrackedadd action=accept chain=forward comment=established/related connection-state=\ established,related,untrackedadd action=accept chain=input comment=ICMP protocol=icmpadd action=accept chain=forward comment=IPSEC ipsec-policy=in,ipsecadd action=accept chain=forward comment=IPSEC ipsec-policy=out,ipsecadd action=accept chain=input comment=MNG in-interface-list=MNG_listadd action=accept chain=input comment=MNG_IP src-address-list=MNG_privateadd action=drop chain=output comment="drop google for isp failover" \ dst-address=8.8.4.4 out-interface=sfp1add action=drop chain=input comment=invalid connection-state=invalidadd action=drop chain=forward comment=invalid connection-state=invalid \ in-interface-list=WANadd action=drop chain=forward comment="drop all except dstnat" \ connection-nat-state=!dstnat connection-state=new in-interface-list=WANadd action=drop chain=input comment="drop all except LAN" in-interface-list=\ !LAN/ip firewall natadd action=masquerade chain=srcnat out-interface=ether1/ip firewall rawadd action=drop chain=prerouting comment=DNS dst-port=53 in-interface-list=\ WAN protocol=udpadd action=drop chain=prerouting comment=DNS dst-port=53 in-interface-list=\ WAN protocol=tcpStatistics: Posted by kelarlee — Sat Mar 01, 2025 12:38 pm