Hi,

I've been pulling my hair (and I don't have many left...) for some days now. I'll explain the setup and then explain the problem.

Recently, I added a layer 3 switch to my home network to be able to route between my different lab VLAN. My RB2011 was doing that job before but as I've added quite some device (to the dismay of my wife) to my network and I felt that it was getting quite loaded. So here is how it is now setup at layer 3:

Different lab VLAN <--> Layer 3 switch <--> transit VLAN <--> Mikrotik RB2011 <--> some other VLAN needing isolation and the Internet

Every thing works fine, I can route between my different VLAN, wherever they are being routed (L3 switch or Mikrotik) and almost everyone (that's the catch) can access Internet.

I've got one particularity, one of my VLAN is my "home" VLAN, where our "normal" PCs/iPhone/iPad/all-those-device-controlling-the-house-that-my-wife-don't-like are connected. This VLAN is also accessible via wifi through 3 access point, one being the radio in the RB2011, the other 2 are Apple Airport Express connected directly to the L3 switch in the right VLAN. Since that VLAN is being routed by the L3 switch, I brought a port from the L3 switch to the RB2011 and bridged these two so that my wifi SSID would end up bridged to the VLAN and routed through the L3 switch like everything else in that VLAN. Since I was lacking port on my L3 switch, I also used two other port on my RB2011 (again, bridged to the port coming from my L3 switch) to connect other devices.

I rapidly discovered that the device that are connecting through the RB2011 can't connect to the internet. Either using wifi or physical bridged port. BUT, these device work normally on the VLAN, they get an IP from the dhcp. I can access them from other routed VLAN, everything BEHIND the RB2011 works well. These just can't get past the Mikrotik. Traceroute shows that they are going through the L3 switch and the transit VLAN normally, it just stop there as I can't get an answer from anything from the other side of the RB2011.

After some digging and sniffing, I discovered that, for a reason I really don't understand, everything being connected directly to the RB2011 but being routed by the L3 aren't being NATted by the Mikrotik, the packet are sent straight to the Internet with their internal (and unroutable) address. If I move that device behind the L3 switch, it works, the packets are sent over the internet NATted as they should.

I played with the ARP functionnality of the different ports (since the VLAN doesn't have any IP presence, my guess is that it shouldn't even answer at the ARP level), with the MAC address of the different bridge/VLAN. Nothing works. I just can't understand why is the RB2011 behaving like that? Anyone got an idea?

There are many online shops that selling the hair wigs of different styles now such as teh European Style Wigs and also other style for people in all over the world and if you are in need of one just get the hair wigs from the top seller online shop I have bought one red wigs and it is of high quality and good design.

Human hair wigs now are helpful to more and more people now, and do you know why? Just here you will know how helpful the human hair wigs are to people now. In different conditions such as the party, in the office different hair style are suitable for different situation and even meet with people’s suit and so on. But if need to have the hair cut just to suit one case this is really a big trouble. If so then the blonde wigs for women will give a hand to people.