I am about to rip the last few strands of hair out of my head.
As per the attached image, we have a CCR1036 hosted in a remote datacenter. Connectivity to this router is provided to us via 2 separate fiber lines on VLAN ID112 (Not the real id).
I have created a VLAN interface on Router A on sfp1. As this is a CCR I am getting wirespeed on this router. All good.
Fiber line 1 goes to router B, and fiber line 2 goes to router C. Router D & E is connected to Router B & C each with our own fiber line. No vlans needed here.
The router D & E is connected to each other via our own fiber line. No vlan needed here. The link between Router D & E acts as a failover. If one of the "cloud" fiber links should go down, we enable the link between D & E, and traffic routes over whichever "cloud" fiber link is active.
Now I create a bridge with vlan filtering on router B, and the same on router C. This all works great. Connectivity is up and running fine.
This is now where my issues comes in. As this is an "internal" network, I need to be able to access all routers at all times via IP/Winbox, no matter which link is active, or if failover is active or not.
But as soon as I enable vlan filtering on the bridges I loose connectivity to the router. Now I have added the management VLAN as per mikrotik wiki, but this creates an issue where if the fiber link that the management vlan goes down, I cannot access the router anymore.
Any help or insight would be greatly appreciated. Below is the config of Router B. As stated above, the vlan on Router A is the normal /interface vlan add method. Router B & C is using bridge with vlan filtering.
Code: Select all
/interface bridge
add name=bridge1 vlan-filtering=yes
/interface ethernet
/interface vlan
add comment=MGMT-Reflex-VLAN interface=bridge1 name=MGMT vlan-id=10
/interface bridge port
add bridge=bridge1 interface=sfp-sfpplus1
add bridge=bridge1 interface=ether1 pvid=112
add bridge=bridge1 interface=sfp-sfpplus2 pvid=112
add bridge=bridge1 interface=sfp-sfpplus3 pvid=112
add bridge=bridge1 interface=sfp-sfpplus4 pvid=112
add bridge=bridge1 interface=sfp-sfpplus5 pvid=112
add bridge=bridge1 interface=sfp-sfpplus6 pvid=112
add bridge=bridge1 interface=sfp-sfpplus7 pvid=112
add bridge=bridge1 interface=sfp-sfpplus8 pvid=112
add bridge=bridge1 interface=sfp-sfpplus9 pvid=112
add bridge=bridge1 interface=sfp-sfpplus10 pvid=112
add bridge=bridge1 interface=sfp-sfpplus11 pvid=112
add bridge=bridge1 interface=sfp-sfpplus12 pvid=112
add bridge=bridge1 interface=sfp-sfpplus13 pvid=112
add bridge=bridge1 interface=sfp-sfpplus14 pvid=112
add bridge=bridge1 interface=sfp-sfpplus15 pvid=112
/interface bridge vlan
add bridge=bridge1 tagged=sfp-sfpplus1 untagged=bridge1 vlan-ids=112
add bridge=bridge1 untagged=bridge1,sfp-sfpplus2 vlan-ids=1
add bridge=bridge1 tagged=bridge1,sfp-sfpplus1 vlan-ids=10
/ip address
add address=192.168.252.55/23 interface=bridge1 network=192.168.252.0
add address=192.168.254.55/24 interface=MGMT network=192.168.254.0
/ip firewall nat
add action=masquerade chain=srcnat out-interface=MGMT
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.254.1 \
pref-src=0.0.0.0 routing-table=main scope=30 suppress-hw-offload=no \
target-scope=10
add dst-address=192.168.254.1/32 gateway=MGMT
