Situation

# 多個WAN上行且出口閘道橋接進內網
Multiple WAN uplinks and gateway is bridged into the internal network.

# 內網有些設備沒有辦法上網
Some devices inside the LAN cannot reach the Internet.

Introduction

# Reference
https://www.cht.com.tw/home/campaign/Hinet/fttx.html

# 中華電信(ISP)光世代固定IP的電路有8個MAC上限
The Chunghwa Telecom (ISP) fixed-IP circuit has a limit of 20 MACs.

Solution

# 將WAN與LAN網段切開或是用內網用VLAN分隔開來
Separate the WAN and LAN networks or isolate them using VLANs.

Why?

# 
Destination MAC在路由查詢完後會被替換成下一跳的MAC，
Source MAC則是本機出口介面的MAC，
機房的設備收到封包後會記錄出口閘道的MAC從哪一個Port上來放在FDB裡面，
沒有切開廣播網域的情況下會讓機房設備學到下層的MAC。
#

#
After the routing lookup, the destination MAC is replaced with the next-hop MAC.
The source MAC is replaced with the router’s outgress interface MAC.
When ISP equipments received the packet, it only learns the router’s MAC and records it in FDB based on the ingress port.
When the broadcast domains are not separated, ISP equipments will learn the MAC from LAN network.
#