I'm having a problem with bridge rules on my L009 that is used as a switch. In my testing I wanted to block access for a device with some MAC address.
I created rule, added option to log and when I connect device to ether6 for which I created rule to block that device, that device connects to network... But what is strange I see that I have about 40 dropped packets and I can see in logs that rule is doing something but device still connects.
Like something is bypassing rules. I tried to disable HW offload but then there is no connection with or without rules.
Here is my config:
I created rule, added option to log and when I connect device to ether6 for which I created rule to block that device, that device connects to network... But what is strange I see that I have about 40 dropped packets and I can see in logs that rule is doing something but device still connects.
Like something is bypassing rules. I tried to disable HW offload but then there is no connection with or without rules.
Here is my config:
Code:
# 2024-02-06 06:17:16 by RouterOS 7.13.3# software id = ## model = L009UiGS# serial number = /interface bridgeadd name=bridge1 vlan-filtering=yes/interface vlanadd interface=bridge1 name=VLAN_100_MGMT vlan-id=100/portset 0 name=serial0/interface bridge filteradd action=drop chain=forward in-interface=ether6 log=yes log-prefix=filter \ src-mac-address=10:27:F5:66:03:36/FF:FF:FF:FF:FF:FF/interface bridge portadd bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged \ interface=ether2 pvid=100add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged \ interface=ether3 pvid=200add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged \ interface=ether4 pvid=200add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged \ interface=ether5 pvid=200add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged \ interface=ether6 pvid=200add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged \ interface=ether7 pvid=200add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged \ interface=ether8 pvid=200add bridge=bridge1 frame-types=admit-only-vlan-tagged interface=sfp1/interface bridge settingsset use-ip-firewall-for-vlan=yes/ipv6 settingsset disable-ipv6=yes/interface bridge vlanadd bridge=bridge1 tagged=bridge1,sfp1 vlan-ids=100add bridge=bridge1 tagged=sfp1 vlan-ids=150add bridge=bridge1 tagged=sfp1 vlan-ids=200/ip addressadd address=172.16.0.1/24 comment=OFF_BRIDGE_MGMT interface=ether1 network=\ 172.16.0.0/ip dhcp-clientadd interface=VLAN_100_MGMT/system clockset time-zone-name=Europe/Zagreb/system noteset show-at-login=no/system routerboard settingsset enter-setup-on=delete-keyStatistics: Posted by gigabyte091 — Tue Feb 06, 2024 7:30 am