Boards are running fine since 11 months now.
I created a bridge and added all ports to it with hardware offloading enabled.
I have set up tagged and untagged vlans on the switch chip according to Mikrotik wiki.
Management vlan 100 (tagged) created on the bridge interface.
Untagged vlan 200 assigned to combo/ether port.
I wanted complete isolation of vlans but the problem is:
I can see traffic from tagged vlan 100 going to combo port. (broadcast and multicast traffic).
I can also see untagged traffic going to all ports in bridge (802.2 traffic)
What may be the problem?
Also shouldn't (interface ethernet switch set forward-unknown-vlan=no) eliminate this issue?
Here is my config export:
Code: Select all
/interface bridge
add name=bridge
/interface ethernet
set [ find default-name=combo1 ] name=combo-TP-LinkSwitch
set [ find default-name=sfp1 ] name=sfp1-Main
set [ find default-name=sfp2 ] name=sfp2
/interface vlan
add interface=bridge name=vlan-mgmt vlan-id=100
/interface ethernet switch
set forward-unknown-vlan=no
/interface list
add name=Management
add exclude=dynamic name=discover
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/snmp community
set [ find default=yes ] addresses=0.0.0.0/0
/interface bridge port
add bridge=bridge interface=sfp5
add bridge=bridge interface=sfp4
add bridge=bridge interface=sfp3
add bridge=bridge interface=sfp2
add bridge=bridge hw=no interface=combo-TP-LinkSwitch
add bridge=bridge interface=sfp1-Main
/ip neighbor discovery-settings
set discover-interface-list=Management
/interface ethernet switch egress-vlan-tag
add tagged-ports=sfp1-Main,sfp2,sfp3,sfp4,sfp5 vlan-id=200
/interface ethernet switch ingress-vlan-translation
add customer-vid=0 new-customer-vid=200 ports=combo-TP-LinkSwitch
/interface ethernet switch vlan
add ports=switch1-cpu,sfp1-Main,sfp2,sfp3,sfp4,sfp5 vlan-id=100
add ports=sfp1-Main,combo-TP-LinkSwitch,sfp2,sfp3,sfp4,sfp5 vlan-id=200
/interface list member
add interface=vlan-mgmt list=Management
/ip address
add address=192.168.25.52/24 interface=vlan-mgmt network=192.168.25.0
/ip dns
set servers=192.168.25.12,192.168.25.13
/ip route
add distance=1 gateway=192.168.25.1