I'm configuring my SFP ports to operate as trunk interfaces instead of Ethernet ports. I’ve duplicated the configuration from my existing trunk port to SFP1.
However, the SFP link is up and transmitting traffic but not receiving any. The same behavior is observed on the connected switch—it sends traffic but does not receive any.
Could someone help review the configurations and identify any discrepancies I might have missed?
Thanks in advance!
However, the SFP link is up and transmitting traffic but not receiving any. The same behavior is observed on the connected switch—it sends traffic but does not receive any.
Could someone help review the configurations and identify any discrepancies I might have missed?
Thanks in advance!
Code:
# serial number = HFK09FZCT8A/interface bridgeadd admin-mac=78:9A:18:F8:A2:FB auto-mac=no comment=defconf name=LAN-bridge port-cost-mode=short vlan-filtering=yesadd name=bridge-main/interface ethernetset [ find default-name=ether1 ] name=ether1-WANset [ find default-name=ether2 ] name=ether2-T-mgtset [ find default-name=ether4 ] disabled=yesset [ find default-name=ether5 ] disabled=yesset [ find default-name=ether6 ] disabled=yesset [ find default-name=ether7 ] auto-negotiation=no disabled=yesset [ find default-name=ether8 ] auto-negotiation=no name=ether8-trunk-SW1set [ find default-name=sfp1 ] auto-negotiation=no speed=1G-baseT-full/interface wireguardadd listen-port=13231 mtu=1420 name=wg-vpn/interface vlanadd interface=LAN-bridge name=Default vlan-id=5add interface=LAN-bridge name=Guest vlan-id=30add interface=LAN-bridge name=Home-Network vlan-id=50add interface=LAN-bridge name=IOT-Network vlan-id=20add interface=LAN-bridge name=Management vlan-id=10add interface=LAN-bridge name=Trust-Network vlan-id=40/interface listadd comment=defconf name=WANadd comment=defconf name=LANadd comment="all isolated vlans" name=ISOLATED_VLAN/interface wireless security-profilesset [ find default=yes ] supplicant-identity=MikroTik/ip pooladd name=default-dhcp ranges=192.168.88.10-192.168.88.254add name=temp-pool ranges=10.0.0.100-10.0.0.150add name=mgt_pool ranges=10.0.10.50-10.0.10.100add name=trust-pool ranges=10.0.40.100-10.0.40.200add name=guest_pool ranges=10.0.30.2-10.0.30.254add name=home_pool ranges=10.0.50.2-10.0.50.254add name=dhcp_pool10 ranges=10.10.100.2-10.10.100.254add name=dhcp_pool11 ranges=10.0.0.2-10.0.0.254add comment=iot-dhcp name=iot-dhcp ranges=192.168.20.2-192.168.20.254/ip dhcp-serveradd address-pool=mgt_pool interface=Management lease-time=1d name=mgt-dhcpadd address-pool=trust-pool interface=Trust-Network lease-time=1d name=trust-dhcpadd address-pool=guest_pool interface=Guest lease-time=12h name=guest-dhcpadd address-pool=home_pool interface=Home-Network lease-time=1d name=home-dhcpadd address-pool=dhcp_pool10 interface=ether2-T-mgt lease-time=8m name=dhcp2add address-pool=dhcp_pool11 disabled=yes interface=LAN-bridge lease-time=8m name=dhcp3add address-pool=iot-dhcp interface=IOT-Network lease-time=1d name=iot-dhcp/portset 0 name=serial0/queue typeadd cake-diffserv=diffserv4 cake-overhead=18 kind=cake name=cake-downadd cake-diffserv=diffserv4 cake-nat=yes cake-overhead=18 kind=cake name=cake-upadd cake-diffserv=besteffort cake-flowmode=dual-dsthost cake-overhead=18 cake-rtt=10ms kind=cake name=cake-downloadadd cake-diffserv=besteffort cake-flowmode=dual-srchost cake-nat=yes cake-overhead=18 cake-rtt=10ms kind=cake name=cake-upload/queue simpleadd disabled=yes max-limit=270M/270M name=CAKE-Download queue=cake-up/cake-down target=ether1-WANadd disabled=yes max-limit=270M/270M name=CAKE-Upload queue=cake-down/cake-up target=ether1-WAN/system logging actionset 3 remote=10.0.40.10 remote-log-format=syslog syslog-facility=local0/user groupadd name=mktxp_group policy=read,api,!local,!telnet,!ssh,!ftp,!reboot,!write,!policy,!test,!winbox,!password,!web,!sniff,!sensitive,!romon,!rest-api/interface bridge portadd bridge=LAN-bridge interface=ether3 internal-path-cost=10 path-cost=10add bridge=LAN-bridge interface=ether4 internal-path-cost=10 path-cost=10add bridge=LAN-bridge interface=ether5 internal-path-cost=10 path-cost=10add bridge=LAN-bridge interface=ether6 internal-path-cost=10 path-cost=10add bridge=LAN-bridge interface=ether8-trunk-SW1 internal-path-cost=10 path-cost=10 pvid=5add bridge=LAN-bridge interface=sfp1 internal-path-cost=10 path-cost=10 pvid=5add bridge=LAN-bridge interface=ether7/ip firewall connection trackingset udp-timeout=10s/ip neighbor discovery-settingsset discover-interface-list=LAN lldp-med-net-policy-vlan=1/ip settingsset max-neighbor-entries=14336/ipv6 settingsset disable-ipv6=yes max-neighbor-entries=7168/interface bridge vlanadd bridge=LAN-bridge tagged=ether8-trunk-SW1,LAN-bridge,sfp1 vlan-ids=10add bridge=LAN-bridge tagged=ether8-trunk-SW1,sfp1,LAN-bridge vlan-ids=20add bridge=LAN-bridge tagged=ether8-trunk-SW1,LAN-bridge,sfp1 vlan-ids=30add bridge=LAN-bridge tagged=ether8-trunk-SW1,LAN-bridge,sfp1 vlan-ids=40add bridge=LAN-bridge tagged=ether8-trunk-SW1,LAN-bridge,sfp1 vlan-ids=50add bridge=LAN-bridge tagged=ether8-trunk-SW1,sfp1 vlan-ids=5/interface list memberadd comment=defconf interface=LAN-bridge list=LANadd comment=defconf interface=ether1-WAN list=WANadd interface=ether2-T-mgt list=LANadd interface=IOT-Network list=ISOLATED_VLANadd interface=Home-Network list=ISOLATED_VLANadd interface=Guest list=ISOLATED_VLANadd interface=Home-Network list=LANadd interface=IOT-Network list=LANadd interface=Guest list=LANadd interface=Trust-Network list=LAN/interface ovpn-server serveradd mac-address=FE:66:F9:76:63:9D name=ovpn-server1/interface wireguard peersadd allowed-address=10.0.60.2/32 comment=Keith-Android interface=wg-vpn name=peer1 public-key="X"add allowed-address=10.0.60.3/32 client-address=10.0.60.3/32 comment=Oracle-VM disabled=yes endpoint-address=X endpoint-port=51820 interface=wg-vpn name=peer2 public-key="X"/ip addressadd address=192.168.88.1/24 comment=defconf disabled=yes interface=LAN-bridge network=192.168.88.0add address=10.0.10.1/24 interface=Management network=10.0.10.0add address=192.168.20.1/24 interface=IOT-Network network=192.168.20.0add address=10.0.0.1/24 interface=LAN-bridge network=10.0.0.0add address=10.0.30.1/24 interface=Guest network=10.0.30.0add address=10.0.40.1/24 interface=Trust-Network network=10.0.40.0add address=10.0.50.1/24 interface=Home-Network network=10.0.50.0add address=10.10.100.0/24 interface=ether2-T-mgt network=10.10.100.0add address=10.0.60.1/24 interface=wg-vpn network=10.0.60.0/ip dhcp-clientadd comment=defconf interface=ether1-WAN use-peer-dns=no/ip dhcp-server leaseadd address=192.168.20.247 mac-address=34:60:F9:CA:EE:49 server=iot-dhcpadd address=192.168.20.248 mac-address=9C:A2:F4:0C:8F:FF server=iot-dhcp/ip dhcp-server networkadd address=10.0.0.0/24 comment=Temporary-Network dns-server=9.9.9.9 gateway=10.0.0.1add address=10.0.10.0/24 comment=Management dns-server=10.0.40.10 gateway=10.0.10.1 netmask=24add address=10.0.20.0/24 dns-server=10.0.40.10 gateway=10.0.20.1add address=10.0.30.0/24 dns-server=10.0.40.10 gateway=10.0.30.1add address=10.0.40.0/24 dns-server=10.0.40.10,9.9.9.9,149.112.112.112 gateway=10.0.40.1add address=10.0.50.0/24 dns-server=10.0.40.10 gateway=10.0.50.1add address=10.10.100.0/24 dns-server=9.9.9.9 gateway=10.10.100.1add address=192.168.20.0/24 dns-server=10.0.40.10 gateway=192.168.20.1/ip dnsset servers=10.0.40.10,9.9.9.9 verify-doh-cert=yes/ip dns staticadd address=192.168.88.1 comment=defconf name=router.lan type=Aadd address=10.0.40.10 comment=Unifi-Controller name=unifi type=A/ip firewall address-listadd address=0.0.0.0/8 comment=RFC6890 list=not_in_internetadd address=172.16.0.0/12 comment=RFC6890 list=not_in_internetadd address=192.168.0.0/16 comment=RFC6890 list=not_in_internetadd address=10.0.0.0/8 comment=RFC6890 list=not_in_internetadd address=169.254.0.0/16 comment=RFC6890 list=not_in_internetadd address=127.0.0.0/8 comment=RFC6890 list=not_in_internetadd address=224.0.0.0/4 comment=Multicast list=not_in_internetadd address=198.18.0.0/15 comment=RFC6890 list=not_in_internetadd address=192.0.0.0/24 comment=RFC6890 list=not_in_internetadd address=192.0.2.0/24 comment=RFC6890 list=not_in_internetadd address=198.51.100.0/24 comment=RFC6890 list=not_in_internetadd address=203.0.113.0/24 comment=RFC6890 list=not_in_internetadd address=100.64.0.0/10 comment=RFC6890 list=not_in_internetadd address=240.0.0.0/4 comment=RFC6890 list=not_in_internetadd address=192.88.99.0/24 comment="6to4 relay Anycast [RFC 3068]" list=not_in_internet/ip firewall filteradd action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untrackedadd action=accept chain=input comment=Trust-Management dst-port=22,80,443,8921 in-interface=Trust-Network protocol=tcpadd action=accept chain=forward comment=allow-dns-tcp dst-address=10.0.40.10 dst-port=53 out-interface=Trust-Network protocol=tcpadd action=accept chain=forward comment=allow-dns-udp dst-address=10.0.40.10 dst-port=53 out-interface=Trust-Network protocol=udpadd action=accept chain=input comment="defconf: accept ICMP" in-interface=all-vlan protocol=icmpadd action=drop chain=input comment="defconf: drop invalid" connection-state=invalidadd action=accept chain=input comment=Allow-Inbound-WG port=13231 protocol=udpadd action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" disabled=yes dst-address=127.0.0.1add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LANadd action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsecadd action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsecadd action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related,untracked hw-offload=yesadd action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untrackedadd action=accept chain=forward comment=Allow-Outbound-All in-interface-list=LAN out-interface-list=WANadd action=accept chain=forward comment=Allow-WG-VPN out-interface-list=LAN src-address=10.10.60.0/24add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalidadd action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WANadd action=drop chain=forward comment="block isolated vlan to lan" in-interface-list=ISOLATED_VLAN out-interface-list=LANadd action=accept chain=input comment="Allow WireGuard tunnel traffic" disabled=yes dst-port=51820 protocol=udpadd action=drop chain=forward comment="Block Oracle VM WireGuard access to LAN" disabled=yes src-address=10.0.60.3/ip firewall natadd action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WANadd action=masquerade chain=srcnat src-address=10.0.60.0/24/ip firewall service-portset ftp disabled=yes/ip hotspot profileset [ find default=yes ] html-directory=hotspot/ip ipsec profileset [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5/ip serviceset telnet disabled=yesset ftp disabled=yesset www-ssl disabled=no tls-version=only-1.2/ip smb sharesset [ find default=yes ] directory=pub/ip sshset strong-crypto=yes/ipv6 firewall address-listadd address=::/128 comment="defconf: unspecified address" list=bad_ipv6add address=::1/128 comment="defconf: lo" list=bad_ipv6add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6add address=100::/64 comment="defconf: discard only " list=bad_ipv6add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6/ipv6 firewall filteradd action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untrackedadd action=drop chain=input comment="defconf: drop invalid" connection-state=invalidadd action=accept chain=input comment="defconf: accept ICMPv6" protocol=icmpv6add action=accept chain=input comment="defconf: accept UDP traceroute" port=33434-33534 protocol=udpadd action=accept chain=input comment="defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=udp src-address=fe80::/10add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 protocol=udpadd action=accept chain=input comment="defconf: accept ipsec AH" protocol=ipsec-ahadd action=accept chain=input comment="defconf: accept ipsec ESP" protocol=ipsec-espadd action=accept chain=input comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsecadd action=drop chain=input comment="defconf: drop everything else not coming from LAN" in-interface-list=!LANadd action=accept chain=forward comment="defconf: accept established,related,untracked" connection-state=established,related,untrackedadd action=drop chain=forward comment="defconf: drop invalid" connection-state=invalidadd action=drop chain=forward comment="defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6add action=drop chain=forward comment="defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" hop-limit=equal:1 protocol=icmpv6add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=icmpv6add action=accept chain=forward comment="defconf: accept HIP" protocol=139add action=accept chain=forward comment="defconf: accept IKE" dst-port=500,4500 protocol=udpadd action=accept chain=forward comment="defconf: accept ipsec AH" protocol=ipsec-ahadd action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=ipsec-espadd action=accept chain=forward comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsecadd action=drop chain=forward comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN/system clockset time-zone-name=America/New_York/system identityset name=MikroTik-FW1/system loggingset 0 action=remote prefix=:Infoset 1 action=remote prefix=:Errorset 2 action=remote prefix=:Warningset 3 action=remote prefix=:Criticaladd action=remote prefix=:Firewall topics=firewalladd action=remote prefix=:Account topics=accountadd action=remote prefix=:Caps topics=capsadd action=remote prefix=:Wireles topics=wireless/system noteset show-at-login=no/system ntp clientset enabled=yes/system ntp client serversadd address=pool.ntp.orgadd address=time-a-g.nist.govStatistics: Posted by mysicksi — Sat Mar 01, 2025 1:55 pm