The very simple use-case I've got:
ISP delivers a /29 over SFP.
I'm trying to share this SFP on L2 via a Bridge with two other devices, which I'll configure with static IPs from that /29.
I want MTIK to use this bridge and assign 2 IPs on it. so I can then use other ports (and VLANs on them) to do FW NAT.
So far simple stuff.
Here is how I'd usually do it:The problem I'm having:
This exact config will NOT work as soon as I enable the first IP address on the bridge. I'd loose all L2 on the ports 2 and 3 (they can't even see the ARP of the Gateway on SFP port, but they will see the ARP of the static IP I've just enabled.
I've tried this on an hEx S and on an L009UiGS. The "fix" was to put the SFP in an 260GS to do the switch part, and leave the L3 for the hEx S in my case.
And the exact same config imported on a crs125-24g-1s-rm works just fine, as I'd expect it to, there I've got the issues of the old CPU which can't NAT a gigabit uplink, so ... yeah.
Any ideas ?
ISP delivers a /29 over SFP.
I'm trying to share this SFP on L2 via a Bridge with two other devices, which I'll configure with static IPs from that /29.
I want MTIK to use this bridge and assign 2 IPs on it. so I can then use other ports (and VLANs on them) to do FW NAT.
So far simple stuff.
Here is how I'd usually do it:
Code:
/interface bridgeadd admin-mac=AA:AA:AA:A2:C2:1C auto-mac=no name=EXT-Net \ port-cost-mode=short protocol-mode=rstp/interface bridge portadd bridge=EXT-Net comment=defconf ingress-filtering=no interface=ether2 \ internal-path-cost=10 path-cost=10add bridge=EXT-Net comment=defconf ingress-filtering=no interface=ether3 \ internal-path-cost=10 path-cost=10add bridge=EXT-Net comment=defconf ingress-filtering=no interface=sfp1 \ internal-path-cost=10 path-cost=10/interface bridge settingsset use-ip-firewall=yesadd address=1.1.1.2/29 interface=EXT-Net network=1.1.1.0add address=1.1.1.3/29 disabled=yes interface=EXT-Net network=\ 1.1.1.0This exact config will NOT work as soon as I enable the first IP address on the bridge. I'd loose all L2 on the ports 2 and 3 (they can't even see the ARP of the Gateway on SFP port, but they will see the ARP of the static IP I've just enabled.
I've tried this on an hEx S and on an L009UiGS. The "fix" was to put the SFP in an 260GS to do the switch part, and leave the L3 for the hEx S in my case.
And the exact same config imported on a crs125-24g-1s-rm works just fine, as I'd expect it to, there I've got the issues of the old CPU which can't NAT a gigabit uplink, so ... yeah.
Any ideas ?
Statistics: Posted by siv — Mon Mar 18, 2024 12:03 am