Hello guys!

After a lot of researching through forums, I still can't find some "easy" tasks found in another L2/L3 switches. Of course, CRS have a very powerful chip inside the box, but the routerOS is not really prepared for noobs in mikrotik like me. Well, let's get started with one thing.

I have a HUGE bridged network. When I say huge, you can think in a lot of equipments inside a town, with a lot of CPE and etc. Now take a time to figure this network growing and growing up with no boundaries ;(

The solution was to put a managed switch in every knot in our network: Every "repeater" have one link coming from our core and it share the network to other interfaces. When I realized that CRS is a very accessible option, I though it would (and I still wondering) solve all my network problems! (But I need knowledge how to do that).

Let's see my scenario:

- All my CRS around my network have isolated port profile between port 1 and 2 all through other (I use ether1 and ether2 as uplink ports), so, any port won't see another but uplink ports.
- They act all as trunk ports, so, I have no VLAN filter between them.
- Some ports have Ubiquiti WDS Acccess points to multiple customers for each panel.

I was trying to put all my "Static MAC/IP" customers inside a VLAN to migrate them to PPPoE, but here we go to other scenario:

- Some customers do mistakes
- They are not "experts" in networking
- They (sometimes) put the ethernet cables in wrong ports (EG: Intranet switches) and so,  we start to have some headaches: DHCP through our network, discovery protocols all around the "HUGE FULL BRIDGE NETWORK" spreading thousands of multicast/broadcast traffic and etc.

I would like to isolate them in a VLAN (I already started that) group (EX, VLAN 100 only for PPPoE Traffic).

What I did until now:

- Created a Bridge Group
- Created filter between ports allowing only PPPoE in those VLANs

The cons? The switches with a lot of traffic just lock up due to lack of processor (Bridge rules makes the CPU going insane).

The question is (again): There is a way to allow ONLY PPPoE traffic through a VLAN through switch chip?

I will be very happy if this is a accessible and easy solution!

Thank you, I love all of you for those wonderful platforms! <3

I have a HUGE bridged network. When I say huge, you can think in a lot of equipments inside a town, with a lot of CPE and etc. Now take a time to figure this network growing and growing up with no boundaries ;(

That is never a good idea.  Take steps to migrate away from that.  I think you are already are taking steps towards that.
The switch has possibilities to define rules as well, don't use a bridge for that because it is loading the processor.
You can define rules that match on the ethertype.

Well,

Here in Brazil, most ISPs starts with the same infrastructure: Local network with few customers sharing a network. You start adding more devices to your network and so, sooner you will have problems. Now we are a ISP with an ASN with a lot of customers with the same initial structure. That's why I'm taking those steps further to make my network more "clean".

How can I filter ethertype allowing both Vlan 0 and as I told before "Only PPPoE through VLAN 100" for example? I want to receive everything through "ether5" but filter everything except PPPoE on VLAN 100. That's the point I'm trying to reach. This is mandatory because I need to do the changes one by one in my scenario, and slowly change my entire network to PPPoE.

I still can't figure any other solution rather than this.

Thank you for your attention anyway! o/

I don't have experience with CRS but I think you can make switch rules just like you now have made bridge rules.
(Ok a bit more limited but good enough to filter VLAN tags and ethertypes)
Check the manual under ethernet->switch->read more.

OMG, how I didn't saw that? ;(

We bought tons of CRS, but CRS125-24G-1S. Their switch chip doesn't allow ACL. Thats pretty bad! What can I do? There is no plans for their chip switch to support ACL in any way?

Really?  I thought the CRS switch chip was more advanced than in the small routers.
What type number does it have in the user interface?  (unfortunately the type number is not mentioned in the block diagram)

Here we go: QCA 8513L

Sad to hear/read that. They should mention this in their portfolio, not in the "manual" session.

Edit: Of course I didn't searched for ACL, but far as I know, a "managed" switch should support many wire-speed features like those mentioned before.