SwOS • SwOS lite 2.17 - violation of broadcast domain isolation?

Hi!

I'm using SwOS lite 2.17 on a MikroTik CSS610-8G-2S+IN Switch. The switch is new and it's my first MirkoTik. Better late than never!

• Port nr. 7 is connected to the LAN port of a standard internet router (Fritzbox 5530).
• Port nr. 7 is configured to be a member of VLAN 34 only (no other VLAN selected) in strict mode/only untagged/default VLAN ID 34/force VLAN ID disabled
• Ports 1&2 are configured as LAG 1 being member of all VLANs (tagged only). They are connected to another switch.

I have DHCP clients on multiple VLANs, meaning their DHCP discover packets will receive the mikrotik on LAG 1 as broadcasts (DHCP) and IPv6 multicasts (DHCPv6). These requests for sure are tagged with some VLAN tag - depending on the network they are coming from. But I'm talking about a devices not being in VLAN 34. E.g. there is a printer device in VLAN 3057.

Now I discovered that the Fritzbox received their DHCP requests although Port 7 is strict and not a member of any of these VLANs. I wiresharked it, filtered for that printer's MAC and discovered this: The broadcast packets received in VLAN 3057 on LAG1 are emitted on port 7 although port 7 is not a member of that VLAN:For me at first glance it looks like a bug in SwOS that violates the separation of broadcast domains? Of course I'm considering an error in ISO/OSI layer 8, so my question: Is there some setting I might have overlooked or some concept I might have misunderstood?

I found some reports in this forum about IVL, but I don't have duplicate mac addresses.

If somebody could give me a hint would be great! Thank you & cheers!
Sumpfdotter

Statistics: Posted by Sumpfdotter — Fri Jan 26, 2024 12:52 am

---