Community discussions

Search found 88 matches

by artz
Wed Nov 21, 2018 11:40 am
Forum: General
Topic: Bridge and port VLANs
Replies: 19
Views: 1203

Re: Bridge and port VLANs

Yes, basically any decision to drop a packet based on its VLAN ID is done by checking the bridge VLAN table. Ingress filtering adds a second check when a packet is received (and then checked again before sent out). Of course frame-type will also be responsible for dropping appropriate packets. PVID ...
by artz
Wed Nov 21, 2018 9:54 am
Forum: General
Topic: Bridge and port VLANs
Replies: 19
Views: 1203

Re: Bridge and port VLANs

Hopefully this post will answer most of your questions. anav - PVID to work you only need VLAN filtering to be enabled, ingress filtering has a different purpose that adds another layer of security when deciding if a packet with a VLAN tag needs to be dropped or forwarded. This has been studied in t...
by artz
Tue Nov 20, 2018 5:52 pm
Forum: General
Topic: Bridge and port VLANs
Replies: 19
Views: 1203

Re: Bridge and port VLANs

If am I correct, this port will be like an untagged port for vlan 20. So packed with no tag coming inn to this port will be marked as vlan 20. You can also send taggeed packed to the port (eks tagged with vlan 30) They will enter the bridge with tagg 30 intact if you have: /interface bridge vlan ad...
by artz
Thu Nov 08, 2018 10:18 am
Forum: General
Topic: Manage Wireless bridge over LACP
Replies: 2
Views: 318

Re: Manage Wireless bridge over LACP

You should check out this guide: https://wiki.mikrotik.com/wiki/Manual:Layer2_misconfiguration#Bonding_between_Wireless_links Also read a note about LACP and why it is not the best choice in this type of setup. If you are not able to add a logical interface into a bond on your Cisco, then there will...
by artz
Mon Nov 05, 2018 10:07 am
Forum: Announcements
Topic: v6.44beta [testing] is released!
Replies: 365
Views: 83813

Re: v6.44beta [testing] is released!

Hi regarding the issue: bridge - fixed packet forwarding when changing MSTI VLAN mappings could someone from MT please elaborate? we have been quite unsuccessfull integrating crs317 devices in our network using MSTP the RSTP from other devices arriving on vlans is simply not being replicated to oth...
by artz
Fri Oct 26, 2018 10:02 am
Forum: General
Topic: VLAN trunking with multiple switch chips
Replies: 2
Views: 593

Re: VLAN trunking with multiple switch chips

Wiki has been updated with a note for this special case. In short, you can't use VLAN filtering between different switch chips, you will have to use bridge VLAN filtering if you want to filter out VLANs between both switch chips, but that will lower the throughput for your device. Another option is ...
by artz
Mon Oct 01, 2018 2:55 pm
Forum: Announcements
Topic: v6.42.9 [long-term] is released!
Replies: 119
Views: 26014

Re: v6.42.9 [long-term] is released!

This is a bad move! Now users of 6.40.x versions cannot install updates anymore. We need full support of hw-accelerated VLAN switching in the new bridge at some locations before versions >6.40 can be used. All VLAN related features are available in newer versions. they have been available since 6.4...
by artz
Thu Sep 13, 2018 5:43 pm
Forum: General
Topic: Port mirroring not working with CRS326-24G-2S+
Replies: 1
Views: 368

Re: Port mirroring not working with CRS326-24G-2S+

It seems you discovered a bug, a fix will be released in the next 6.44beta version and later in 6.43.x

Currently you will have to reset the configuration and reapply the configuration in order to fix this issue or wait until an update is released.

Sorry for the inconvenience!
by artz
Mon Sep 03, 2018 10:33 am
Forum: General
Topic: CRS326 LACP 802.3ad transmit hash policy TEST
Replies: 3
Views: 907

Re: CRS326 LACP 802.3ad hash policy TEST

CRS3xx series switches are using L2+L3+L4 as transmit hash policy globally, regardless what you select on the CRS3xx side. https://wiki.mikrotik.com/wiki/Manual:CRS3xx_series_switches#Bonding Note: The built-in switch chip will always use Layer2+Layer3+Layer4 for transmit hash policy, changing the t...
by artz
Wed Aug 22, 2018 2:17 pm
Forum: General
Topic: Block traffic same subnet VLAN
Replies: 35
Views: 2047

Re: Block traffic same subnet VLAN

By disabling MAC learning you are disabling a feature that prevents unnecessary traffic flood to all ports. If MAC learning is disabled (or rendered invalid due to an attack, not relevant for RouterOS), then all ports will be able to see the traffic that is passing through each port (broadcast traff...
by artz
Fri Aug 17, 2018 2:12 pm
Forum: General
Topic: Forward LACP in bridge?
Replies: 8
Views: 989

Re: Forward LACP in bridge?

In such case it is possible, here is an example:
/interface ethernet switch rule
add new-dst-ports=ether2 ports=ether1 switch=switch1
by artz
Fri Aug 17, 2018 11:12 am
Forum: General
Topic: [ASK] Bridge Port Priority and Bridge Path Cost
Replies: 2
Views: 547

Re: [ASK] Bridge Port Priority and Bridge Path Cost

These values are related to bridge STP. By changing these parameters you push port priority or path-cost (in most cases you should only be using one of them depending on your network's topology) when the port is added to the bridge you specified. If your L2TP clients are simply PCs or other devices,...
by artz
Fri Aug 17, 2018 11:03 am
Forum: General
Topic: Forward LACP in bridge?
Replies: 8
Views: 989

Re: Forward LACP in bridge?

This is possible by using the latest RC and protocol-mode=none. Are you sure you want to use LACP on links that are bridged? There can be some throughput issues since LACP requires both links to be with the same speed. I would guess that you are trying to use Wireless links, which can change the Wir...
by artz
Thu Aug 16, 2018 10:39 am
Forum: Announcements
Topic: v6.43rc [release candidate] is released!
Replies: 557
Views: 113303

Re: v6.43rc [release candidate] is released!

IntrusDave - you can find more information about this option here: https://wiki.mikrotik.com/wiki/Manual:Scripting#Script_repository https://wiki.mikrotik.com/wiki/Manual:Tools/Netwatch#Properties diablothebest - this can be done under /interface bridge port https://wiki.mikrotik.com/wiki/Manual:In...
by artz
Tue Aug 14, 2018 5:59 pm
Forum: Announcements
Topic: v6.43rc [release candidate] is released!
Replies: 557
Views: 113303

Re: v6.43rc [release candidate] is released!

*) bridge - added support for DHCP Option 82 (disables hardware offloading, CLI only); *) bridge - added support for DHCP Snooping (disables hardware offloading, CLI only); Could we please get some examples of how to use these features on the Wiki ? I cannot see any of the options I would expect, e...
by artz
Tue Aug 14, 2018 5:57 pm
Forum: General
Topic: BUG? export for interface bridge vlan not correct
Replies: 2
Views: 285

Re: BUG? export for interface bridge vlan not correct

The current-* values under /interface bridge vlan are dynamic values, they are generated based on your PVID and untagged ports. These dynamic values should only be used for monitoring purposes.
by artz
Tue Aug 14, 2018 10:15 am
Forum: General
Topic: Bridge port received packet with own address as source address, probably loop
Replies: 9
Views: 4125

Re: Bridge port received packet with own address as source address, probably loop

InoX - this bug has been fixed a long time ago and this warning message indicates a problem in network's topology or configuration. shunkica - by logic the warning tells you that this device has received a packet that it sent out, this means that another device in your network has decided to send ba...
by artz
Mon Aug 13, 2018 7:40 pm
Forum: General
Topic: Bridge port received packet with own address as source address, probably loop
Replies: 9
Views: 4125

Re: Same MAC on bridge, ether and vlan

The duplicate MAC address behaviour is expected. When you create a bridge, it requires a MAC address and by default it will use the same MAC address as one of its slave. This behaviour does not affect packet processing since packet handling for this port is overridden by the bridge (master) interfac...
by artz
Thu Aug 09, 2018 7:44 pm
Forum: General
Topic: VLAN Basic configuration
Replies: 8
Views: 1026

Re: VLAN Basic configuration

The wiki has been updated to be less confusing when using different CRS series switches: https://wiki.mikrotik.com/wiki/Manual:CRS_Router Hybrid ports are possible, use the guide provided above and combine it with this guide: https://wiki.mikrotik.com/wiki/Manual:CRS1xx/2xx_series_switches_examples#...
by artz
Tue Aug 07, 2018 3:36 pm
Forum: General
Topic: Hardware Offload
Replies: 3
Views: 4365

Re: Hardware Offload

It is possible to isolate multiple networks using VLANs, even on a hardware level. Check this guide to see how this can be done:
https://wiki.mikrotik.com/wiki/Manual:Switch_Router
by artz
Tue Aug 07, 2018 2:50 pm
Forum: General
Topic: Hardware Offload
Replies: 3
Views: 4365

Re: Hardware Offload

You can't, this is a hardware limitation. You should check this wiki page to understand this better: https://wiki.mikrotik.com/wiki/Manual:Layer2_misconfiguration#Bridges_on_a_single_switch_chip If you are looking for isolated ports, then you might want to consider to use port isolation feature: htt...
by artz
Mon Aug 06, 2018 2:18 pm
Forum: General
Topic: CSR3xx, HW-Offloading, Q-in-Q in 6.43
Replies: 10
Views: 2930

Re: CSR3xx, HW-Offloading, Q-in-Q in 6.43

CVID Stacking is now possible in the latest RC version, here is an example how to configure it:
https://wiki.mikrotik.com/wiki/Manual:I ... g_stacking
by artz
Mon Aug 06, 2018 2:05 pm
Forum: Announcements
Topic: v6.43rc [release candidate] is released!
Replies: 557
Views: 113303

Re: v6.43rc [release candidate] is released!

*) bridge - added per-port based "tag-stacking" feature Can this also be explained. Similar to selective q-in-q? Wiki has been updated with an example: https://wiki.mikrotik.com/wiki/Manual:Interface/Bridge#Tag_stacking Selective QinQ is not possible yet, only port based QinQ or CVID stacking is po...
by artz
Wed Jul 18, 2018 4:42 pm
Forum: General
Topic: Jumbo frames not fragmented on CRS with OS version 6.42.5
Replies: 3
Views: 509

Re: Jumbo frames not fragmented on CRS with OS version 6.42.5

Can you share more details about your setup? RB1<->CCR<->RB2 #RB1 /interface ethernet set [ find default-name=ether1 ] l2mtu=9000 mtu=9000 /ip address add address=192.168.1.2/24 interface=ether1 /ip route add gateway=192.168.1.1 #RB2 /interface ethernet set [ find default-name=ether2 ] l2mtu=1580 mt...
by artz
Thu Jul 12, 2018 10:20 am
Forum: General
Topic: CRS3XX and 802.1ad
Replies: 6
Views: 1083

Re: CRS3XX and 802.1ad

As soon as you set vlan-protocol=802.1ad, then all VLAN tagging, untagging and filtering is done by checking VLAN tag with Ethertype=0x88A8 (SVID), all CVID tags are ignored and considered as untagged traffic. Selective QinQ currently is not supported on CRS3xx. Also note that by setting vlan-protoc...
by artz
Fri Jul 06, 2018 4:37 pm
Forum: General
Topic: Non-leaky CRS3xx configuration
Replies: 4
Views: 581

Re: Non-leaky CRS3xx configuration

Note that frame-type applies to ingress traffic. We recently discovered a bug on CRS326 that it allows to forward packets that are internally tagged with PVID=1, this will be fixed in future versions, though this bug does not exist on CRS317. To avoid this bug, simply set PVID=2 to all ports that cu...
by artz
Thu Jul 05, 2018 7:02 pm
Forum: Beginner Basics
Topic: Tagged VLANs on CRS1xx
Replies: 5
Views: 878

Re: Tagged VLANs on CRS1xx

One option is to simply leave the MGMT Ethernet port out of a bridge and use Firewall filter rules to limit access to the device. There is a way if you really need to allow forwarding one SVID, but allow MGMT access from a certain CVID (trunk/access port setup with VLAN filtering), find an example b...
by artz
Mon Jul 02, 2018 12:10 pm
Forum: General
Topic: invalid MAC address
Replies: 1
Views: 446

Re: invalid MAC address

This is a hardware limitation, this has also been added to the wiki:
https://wiki.mikrotik.com/wiki/Manual:C ... Based_VLAN
by artz
Mon Jul 02, 2018 10:01 am
Forum: General
Topic: IGMP Snooping on the new bridge implementation (6.41 +)
Replies: 4
Views: 2245

Re: IGMP Snooping on the new bridge implementation (6.41 +)

Which RouterOS version are you using? There was a bug in 6.41 related to IGMP Snooping in 6.41, the problem description seems to match your problem, but it was fixed in 6.42

If you are already using 6.42, then you should send a supout.rif file to support@mikrotik.com since this might be a bug.
by artz
Fri Jun 29, 2018 2:49 pm
Forum: General
Topic: BPDU problem
Replies: 38
Views: 2774

Re: BPDU problem

I have some more questions: I have couple of VLANs: 10,20,30, 100 and 192 I created bridges for each vlan: bridge-vlan10,bridge-vlan20,bridge-vlan30,bridge-vlan100 and bridge-vlan192 My trunks are on physical ports SFP1, SPF2, SFP3 and SFP4 According to proposed solution (example): /interface bridg...
by artz
Fri Jun 29, 2018 2:27 pm
Forum: General
Topic: Limit number of MAC addresses per interface
Replies: 14
Views: 4406

Re: Limit number of MAC addresses per interface

This is possible on switch chips that are capable of ACL rules, you can find examples using CRS3xx and non-CRS1xx/CRS2xx devices here:
https://wiki.mikrotik.com/wiki/Manual:C ... t_Security
by artz
Fri Jun 29, 2018 10:12 am
Forum: General
Topic: BPDU problem
Replies: 38
Views: 2774

Re: BPDU problem

Most likely the Netgear is dropping tagged BPDUs, which are being sent out of your device because of misconfiguration.
You should read more about this case here:
https://wiki.mikrotik.com/wiki/Manual:L ... _interface
by artz
Thu Jun 28, 2018 4:51 pm
Forum: General
Topic: CRS326/8 untagged to tagged translation
Replies: 2
Views: 412

Re: CRS326/8 untagged to tagged translation

This is a common access-trunk port setup, you should follow this guide;
https://wiki.mikrotik.com/wiki/Manual:B ... s_switches
by artz
Thu Jun 28, 2018 12:28 pm
Forum: Beginner Basics
Topic: Future request / Ether / CRC errors [SOLVED]
Replies: 1
Views: 339

Re: Future request / Ether / CRC errors [SOLVED]

Scripts come in handy. Similarly you can monitor link flaps as well. :global InformedLinkStatus 0; #Monitor link rate /system script add name=ether1check owner=admin policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":local ss [/in eth mo \ ether1 as-value once];\r\ \n...
by artz
Thu Jun 28, 2018 10:26 am
Forum: General
Topic: HAP AC^2 switch configuration
Replies: 3
Views: 456

Re: HAP AC^2 switch configuration

This is a known issue and will be fixed in the next RC version. Currently you will have to configure switch related features using the terminal, you can use this guide as an example:
https://wiki.mikrotik.com/wiki/Manual:B ... witch_chip
by artz
Wed Jun 27, 2018 12:26 pm
Forum: General
Topic: 2 Bridges in Router RG850 Mikrotik
Replies: 3
Views: 380

Re: 2 Bridges in Router RG850 Mikrotik

It means that only 1 bridge is going to use the built-in switch chip, other bridges will be using the CPU to forward packets. You can control which bridge is going to use hardware offloading with "hw=yes" and "hw=no".
by artz
Wed Jun 27, 2018 9:50 am
Forum: General
Topic: 2 Bridges in Router RG850 Mikrotik
Replies: 3
Views: 380

Re: 2 Bridges in Router RG850 Mikrotik

You can have 1 bridge with hardware offloading on RB850Gx2 and more than 4096 (the limit is a lot higher) software bridges.
by artz
Wed Jun 27, 2018 9:46 am
Forum: General
Topic: Untagged VLAN Access port on hEX
Replies: 7
Views: 1985

Re: Untagged VLAN Access port on hEX

If you want to use your hEX as a router and a switch at the same time, you should follow this guide:
https://wiki.mikrotik.com/wiki/Manual:Switch_Router
by artz
Mon Jun 25, 2018 3:50 pm
Forum: General
Topic: hAP-AC2 6.42.4 - HWOffload [solved]
Replies: 13
Views: 2447

Re: hAP-AC2 6.42.4 - HWOffload

huntah - can you please elaborate what is missing in the new bridge implementation and what should be added to the wiki page? whatever - 1) Bridge VLAN filtering is not so easy to implement on these switch chips. 2) Which examples are missing vlan-header values? If you are talking about the hybrid ...
by artz
Mon Jun 25, 2018 10:22 am
Forum: General
Topic: Bridge VLAN Filtering
Replies: 22
Views: 7032

Re: Bridge VLAN Filtering

The wiki page is not outdated, we try to keep our wiki pages updated, the provided wiki link is fairly new, only 1 month old. You can always check how old is the wiki page by clicking on "View history". As shown in the wiki link, only CRS3xx is capable of bridge VLAN filtering in conjunction with ha...
by artz
Thu Jun 21, 2018 4:53 pm
Forum: Beginner Basics
Topic: Tagged VLANs on CRS1xx
Replies: 5
Views: 878

Re: Tagged VLANs on CRS1xx

Please note that multiple master-port/bridge setup is not supposed to work properly with VLANs. You should use a single bridge instead, it is very likely that your described issues are caused because of multiple isolated port groups by using multiple bridges. This has been mentioned in the manual as...
by artz
Thu Jun 21, 2018 11:23 am
Forum: General
Topic: Bridge VLAN Filtering
Replies: 22
Views: 7032

Re: Bridge VLAN Filtering

The bridge interface itself (LAN) is needed to allow VLAN5 to communicate with the CPU in order for DHCP to work. A physical port is also needed to allow the specified port to forward VLAN5 packets to the CPU. With your current configuration VLAN5 is allowed to access the CPU, but there is no way VL...
by artz
Thu Jun 21, 2018 10:18 am
Forum: General
Topic: Bridge VLAN Filtering
Replies: 22
Views: 7032

Re: Bridge VLAN Filtering

You are missing a tagged port on the CRS, most probably in your setup it is going to be ether8. Add ether8 to bridge VLAN table as a tagged port for VLAN5. Also note that RB3011 is capable of VLAN switching on a hardware level, you can find an example how to set it up here: https://wiki.mikrotik.com...
by artz
Wed Jun 20, 2018 10:42 am
Forum: Beginner Basics
Topic: Does it matter what port is Role Root ?
Replies: 4
Views: 1035

Re: Does it matter what port is Role Root ?

You should check this guide: https://wiki.mikrotik.com/wiki/Manual:Spanning_Tree_Protocol It contains a lot of useful information about how ports are elected and what does each port role mean. A "root port" is a port that is facing towards the root bridge, you shouldn't be worrying about which port ...
by artz
Wed Jun 20, 2018 10:05 am
Forum: SwOS
Topic: CRS328-24P-4S+RM "SFP4" doesn't run in SwOS but does in RouterOS
Replies: 2
Views: 1056

Re: CRS328-24P-4S+RM "SFP4" doesn't run in SwOS but does in RouterOS

There is a known issue with CRS328 running SwOS with SFP3, this port will not forward any traffic under some conditions. This will be fixed in SwOS 2.8, currently you will have to use RouterOS.
by artz
Wed Jun 20, 2018 10:01 am
Forum: SwOS
Topic: Two CRS328-24P-4S+RM - SFP3 won't forward
Replies: 7
Views: 1755

Re: Two CRS328-24P-4S+RM - SFP3 won't forward

The throughput issue, LAG issue and SFP port issue are known issues in SwOS, all of them will be fixed in upcoming SwOS version. Currently you will have to use RouterOS until the new SwOS version is released. The LAG issue will be fixed in RouterOS 6.43rc33 as well as SwOS 2.8
by artz
Tue Jun 19, 2018 5:28 pm
Forum: SwOS
Topic: SwOs CSS106 Only tagged
Replies: 2
Views: 665

Re: SwOs CSS106 Only tagged

You can set the switch to accept only tagged packets on the ingress port. To do so, set "VLAN Receive = only tagged" under the "VLAN" tab for Port1-Port4. To filter out all unknown VLANs and allow only 10,20,30, you need to set VLAN mode to either enabled or strict. Under the "VLAN" tab set "VLAN Mo...
by artz
Tue Jun 19, 2018 10:11 am
Forum: General
Topic: Bridge filter not matching (CRS328-4C-20S-1S+ with v6.42.3)
Replies: 7
Views: 703

Re: Bridge filter not matching (CRS328-4C-20S-1S+ with v6.42.3)

When hardware offloading is active, then bridge filter rules will be ignored since the packets are not processed by the CPU. You can read more about this case here: https://wiki.mikrotik.com/wiki/Manual:Layer2_misconfiguration#Packet_flow_with_hardware_offloading_and_MAC_learning You either need to ...
by artz
Mon Jun 18, 2018 10:54 am
Forum: General
Topic: VLAN Basic configuration
Replies: 8
Views: 1026

Re: VLAN Basic configuration

Wiki has been updated, thank you for pointing out the imperfections! The setup is not very simplistic, for this reason the configuration is going to be a bit more complex. Since you are using CRS1XX, then you have the option to use the built-in switch chip to offload some portion of traffic, the CAP...
by artz
Fri Jun 08, 2018 3:36 pm
Forum: General
Topic: more vlan trunks on CRS125 ?
Replies: 4
Views: 460

Re: more vlan trunks on CRS125 ?

All ports that are involved into switching MUST be added to a bridge. Trunk ports must be specified in /interface ethernet switch egress-vlan-tag: /interface ethernet switch egress-vlan-tag add tagged-ports=ether1,ether21,ether22,switch1-cpu vlan-id=10 add tagged-ports=ether1,ether21,ether22,switch1...
by artz
Fri Jun 08, 2018 2:27 pm
Forum: General
Topic: more vlan trunks on CRS125 ?
Replies: 4
Views: 460

Re: more vlan trunk on CRS125 ?s

It seems you found an imperfection in the Wiki guide. Before 6.41 you should have created the VLAN interface on top of the master-port interface, but after 6.41 the VLAN interface should be created on top of the bridge interface. This is actually a common mistake that has been studied here: https://...
by artz
Thu Jun 07, 2018 12:50 pm
Forum: Announcements
Topic: MikroTik News June 2018 (Issue #83)
Replies: 44
Views: 13620

Re: MikroTik News June 2018 (Issue #83)

You can always find MTU values for all our products here:
https://wiki.mikrotik.com/wiki/Manual:M ... 2.2FL2_MTU

RB450Gx4
ether1-ether5:9214

RB760iGS
ether1-ether5:2026; sfp1:2026
by artz
Wed Jun 06, 2018 3:17 pm
Forum: General
Topic: CRS125, 6.40 to 6.42, vlan/bridge
Replies: 3
Views: 590

Re: CRS125, 6.40 to 6.42, vlan/bridge

There is no need to change anything. When upgrading to 6.41.x or newer the master-port part is converted automatically, everything else will stay the same and does not require any adjustments. The /interface ethernet switch part will not change and is fully compatible with 6.41.x and newer. DIscover...
by artz
Wed Jun 06, 2018 1:59 pm
Forum: General
Topic: Blow vs Below: a mistyping on wiki?
Replies: 2
Views: 338

Re: Blow vs Below: a mistyping on wiki?

Thank you for pointing that out!
I fixed the issue, it should have been "below".
by artz
Wed Jun 06, 2018 10:58 am
Forum: SwOS
Topic: CRS317 boot issue after power failure
Replies: 22
Views: 3213

Re: CRS317 boot issue after power failure

We found a software issue that prevented SFP ports linking up properly after a power cycle in some cases. The fix will be included in the next SwOS version.
by artz
Thu May 31, 2018 10:53 am
Forum: Announcements
Topic: v6.43rc [release candidate] is released!
Replies: 557
Views: 113303

Re: v6.43rc [release candidate] is released!

*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address; *) dhcp - fixed DHCP server stuck in invalid state; *) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only); *) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI ...
by artz
Wed May 30, 2018 9:44 am
Forum: General
Topic: RB3011 <-> CRS317 bonding SFP/Eth won't work on 6.42+
Replies: 4
Views: 547

Re: RB3011 <-> CRS317 bonding SFP/Eth won't work on 6.42+

Please send supout.rif files from both devices to support@mikrotik.com
Also tell us how the two devices are connected, is it a SFP DAC or maybe using a S-RJ01 or S+RJ10 module with a Ethernet cable?
by artz
Tue May 29, 2018 10:11 am
Forum: General
Topic: crs-106-5s-1c vlan switch hi cpu load
Replies: 4
Views: 678

Re: crs-106-5s-1c vlan switch hi cpu load

First of, you should upgrade, one of your devices is using a bridge without hardware offloading. Upgrade to 6.41.x or newer and enable hardware offloading with /interface bridge port set [f] hw=yes Secondly, you are making a very common mistake: https://wiki.mikrotik.com/wiki/Manual:Layer2_misconfig...
by artz
Mon May 21, 2018 11:07 am
Forum: Announcements
Topic: v6.43rc [release candidate] is released!
Replies: 557
Views: 113303

Re: v6.43rc [release candidate] is released!

Currently it is not possible to select which frames are going to be tagged with an outer tag and which not. It is possible to use CRS3xx ACL rules to achieve a similar result though. /interface bridge add name=bridge vlan-filtering=yes vlan-protocol=802.1ad /interface bridge port add bridge=bridge i...
by artz
Fri May 18, 2018 6:36 pm
Forum: Announcements
Topic: v6.43rc [release candidate] is released!
Replies: 557
Views: 113303

Re: v6.43rc [release candidate] is released!

You can find an example here: https://wiki.mikrotik.com/wiki/Manual:Interface/Bridge#VLAN_Tunneling_.28Q-in-Q.29 Note that the same principles can be applied as for regular VLAN filtering (trunk, access, management port and so on). Do note that QinQ with RSTP is not supposed to work with bridges tha...
by artz
Fri May 18, 2018 11:13 am
Forum: General
Topic: How to configure multiple vlan with hw-offload
Replies: 30
Views: 3244

Re: How to configure multiple vlan with hw-offload

You can find examples with the new hardware offloading feature as well as for pre-6.41 here:
https://wiki.mikrotik.com/wiki/Manual:S ... s_Ports.29
by artz
Thu May 17, 2018 1:01 pm
Forum: General
Topic: Bug: CRS317 cuts off C-tag in qinq packets
Replies: 27
Views: 2454

Re: Bug: CRS317 cuts off C-tag in qinq packets

Currently RouterOS bridge is only 802.1Q aware, support for 802.1ad is planned (with hardware offloading for CRS3xx). RouterOS checks the outer tag and checks if the tag is 802.1Q (0x8100), but in case of SVID it sees 802.1ad (0x88A8) and assumes it as an untagged frame since a tagged frame is consi...
by artz
Thu May 10, 2018 3:05 pm
Forum: Announcements
Topic: v6.43rc [release candidate] is released!
Replies: 557
Views: 113303

Re: v6.43rc [release candidate] is released!

With RouterOS v6.43rc11 it is possible to do port isolation on devices with a switch chip, this includes CRS3xx as well.
Example can be found here:
https://wiki.mikrotik.com/wiki/Manual:S ... _isolation
by artz
Tue May 08, 2018 11:30 am
Forum: General
Topic: v6.42.1 Bridge Port Add
Replies: 1
Views: 500

Re: v6.42.1 Bridge Port Add

In simple terms, yes, you assumptions are correct.
Updated the wiki to have more detailed explanation:
https://wiki.mikrotik.com/wiki/Manual:I ... t_Settings

To be more specific, traffic is dropped when it should be sent out (egress), not when received (ingress).
by artz
Mon Apr 30, 2018 6:54 pm
Forum: General
Topic: VLAN aware bridges in 6.41 - difference between bridging /interface vlan?
Replies: 15
Views: 2572

Re: VLAN aware bridges in 6.41 - difference between bridging /interface vlan?

VLAN switching will not be removed and it is still possible to do VLAN switching when you have configured your device with 6.41.x or later. The configuration stays the same, only the master-port part is replaced (even converted) to a bridge configuration, VLAN switching configuration part has not be...
by artz
Mon Apr 30, 2018 2:20 pm
Forum: Beginner Basics
Topic: Differences between "Port based" and "bridge based" VLAN
Replies: 22
Views: 4475

Re: Differences between "Port based" and "bridge based" VLAN

"Port based" VLANs is the old type of configuration that has been left in the wiki page for legacy reasons, but it is known to cause issues with RSTP and can even cause loops. The "bridge based" VLANs should be used whenever possible since this type of configuration complies with IEEE 802.1Q and 802...
by artz
Mon Apr 30, 2018 10:42 am
Forum: Beginner Basics
Topic: Bonding LACP and VLAN trunk [SOLVED]
Replies: 2
Views: 2775

Re: Bonding LACP and VLAN trunk [SOLVED]

Note that bonding interfaces on CRS1xx/CRS2xx are not hardware offloaded, you should use trunking interfaces instead. You should check this guide for similar setup to yours: https://wiki.mikrotik.com/wiki/Manual:CRS1xx/2xx_VLANs_with_Trunks If you choose to use trunking interfaces (balance-xor), the...
by artz
Mon Apr 30, 2018 10:33 am
Forum: General
Topic: VLAN aware bridges in 6.41 - difference between bridging /interface vlan?
Replies: 15
Views: 2572

Re: VLAN aware bridges in 6.41 - difference between bridging /interface vlan?

Currently only CRS3xx series switches are able to hardware offload configurations with /interface bridge vlan. If a device (including the old CCR1009) has a switch chip and is capable of VLAN switching on a hardware level (look for VLAN table here: https://wiki.mikrotik.com/wiki/Manual:Switch_Chip_F...
by artz
Mon Apr 30, 2018 10:11 am
Forum: General
Topic: Help with inter vlan routings
Replies: 7
Views: 662

Re: Help with inter vlan routings

There is an error in your configuration, you have created a VLAN interface on top of a slave interface, you can read more about this case here: https://wiki.mikrotik.com/wiki/Manual:Layer2_misconfiguration#VLAN_interface_on_a_slave_interface If this is all of your configuration, then with this confi...
by artz
Tue Apr 24, 2018 4:27 pm
Forum: General
Topic: Bridge VLAN filtering + mac telnet
Replies: 2
Views: 574

Re: Bridge VLAN filtering + mac telnet

There is a problem in your AP's configuration, please check this guide:
https://wiki.mikrotik.com/wiki/Manual:L ... _interface
by artz
Mon Apr 23, 2018 2:10 pm
Forum: General
Topic: Need help with VLANs on crs125
Replies: 2
Views: 275

Re: Need help with VLANs on crs125

It is required to create the VLAN interface on the bridge interface, you have done that correctly. If you are intending to filter invalid VLANs on your switch (which you should), then you must specify which VLANs are allowed on each port, otherwise all VLANs will be dropped. Before you enable invali...
by artz
Fri Apr 20, 2018 6:20 pm
Forum: Beginner Basics
Topic: Trunking bridged VLANS
Replies: 9
Views: 835

Re: Trunking bridged VLANS

Please don't put VLAN interfaces in a bridge with a physical interface, that is known to cause issues: https://wiki.mikrotik.com/wiki/Manual:Layer2_misconfiguration#VLAN_in_bridge_with_a_physical_interface You should follow this guide for RB3011 to achieve wirespeed VLAN switching performance: https...
by artz
Fri Apr 20, 2018 10:46 am
Forum: General
Topic: Probably Loop (bridge port receive packets with own address as source address [SOLVED]
Replies: 3
Views: 4251

Re: Probably Loop (bridge port receive packets with own address as source address [SOLVED]

Note that this message means that a packet, that was sent out from this device, was received back. This means that something in your network is creating a loop and by logic this is most probably another device that is connected to that interface. Make sure you have not used this type of configuratio...
by artz
Thu Apr 19, 2018 5:03 pm
Forum: Beginner Basics
Topic: Bridge Vlan vs. Switch Vlan [SOLVED]
Replies: 5
Views: 8807

Re: Bridge Vlan vs. Switch Vlan [SOLVED]

This does not sound right. SOHO devices with switch chips, e.g. hap ac and hap ac 2, can be entirely configured for VLANs via bridge and with hardware support. There is no need to touch the /interface ethernet switch. No, bridge VLAN filtering is not hardware offloaded on any other device than CRS3...
by artz
Thu Apr 19, 2018 4:56 pm
Forum: Beginner Basics
Topic: VLAN setup [SOLVED]
Replies: 6
Views: 637

Re: VLAN setup [SOLVED]

Assuming that you are intending to do some routing with that untagged traffic on your router: /interface bridge add name=bridge /interface ethernet switch port set 0 vlan-mode=secure set 1 vlan-mode=secure set 2 default-vlan-id=6 vlan-mode=secure /interface bridge port add bridge=bridge interface=et...
by artz
Thu Apr 19, 2018 2:43 pm
Forum: General
Topic: RouterOS x86 - Block MAC
Replies: 4
Views: 383

Re: RouterOS x86 - Block MAC

You can add a single interface to a bridge and use bridge filters on it. /interface bridge add name=bridge /interface bridge port add bridge=bridge interface=ether1 /interface bridge filter add action=drop chain=input in-bridge=bridge in-interface=ether1 src-mac-address=4C:5E:0C:4D:12:45/FF:FF:FF:FF...
by artz
Thu Apr 19, 2018 10:41 am
Forum: Announcements
Topic: v6.42 [current]
Replies: 147
Views: 28086

Re: v6.42 [current]

Jamesits, csi -

Please write to support@mikrotik.com
We will need to see your network topology and your supout.rif from both devices.
There is something specific in your configuration or your setup that might be causing these issues.
by artz
Wed Apr 18, 2018 12:10 pm
Forum: General
Topic: CRS326-24G-2S+
Replies: 2
Views: 487

Re: CRS326-24G-2S+

Please don't post the same question in multiple topics. It is not always needed to specify ports as untagged ports. Ports are added dynamically as untagged ports for the VLAN that matches the PVID. For a simple trunk/access/hybrid port setup this behaviour can be untouched and let the bridge dynamic...
by artz
Mon Apr 16, 2018 3:03 pm
Forum: General
Topic: CRS326 - bridge VLAN problam [SOLVED]
Replies: 3
Views: 496

Re: CRS326 - bridge VLAN problam [SOLVED]

You are missing the management port.
https://wiki.mikrotik.com/wiki/Manual:I ... ement_port

You need to add the bridge interface itself as a tagged port in /interface bridge vlan.
by artz
Fri Apr 13, 2018 5:52 pm
Forum: Beginner Basics
Topic: Bridge Vlan vs. Switch Vlan [SOLVED]
Replies: 5
Views: 8807

Re: Bridge Vlan vs. Switch Vlan [SOLVED]

CRS1xx/CRS2xx and CRS3xx require a different approach to configure VLAN switching on a hardware level. Since 6.41 the master-port configuration is discarded and is replaced with a bridge configuration. Now in 6.41 as soon as you add ports to a bridge hardware offloading is enabled by default, this i...
by artz
Thu Apr 12, 2018 3:30 pm
Forum: General
Topic: Mikrotik Bonding with Cisco switch etherchannel - 802.3ad
Replies: 1
Views: 1742

Re: Mikrotik Bonding with Cisco switch etherchannel - 802.3ad

Make sure that the traffic is not single destination and make sure you are using a proper transmit hash policy.
You can read more about it here:
https://wiki.mikrotik.com/wiki/Manual:L ... _balancing
by artz
Fri Apr 06, 2018 11:02 am
Forum: General
Topic: Bridge problem on different version [SOLVED]
Replies: 3
Views: 464

Re: Bridge problem on different version [SOLVED]

It is very likely that you have misconfigured your device.
Check this guide to make sure you are not using a configuration that is known to cause issues:
https://wiki.mikrotik.com/wiki/Manual:L ... _interface
by artz
Wed Apr 04, 2018 12:01 pm
Forum: General
Topic: VLAN + Bridge + DHCP-Client = no worky
Replies: 6
Views: 1300

Re: VLAN + Bridge + DHCP-Client = no worky

My understanding of how VLAN's work in RouterOS when it comes to bridges.... (Correct me if i'm wrong) - If you add physical interfaces to a bridge, along with a vlan interface, then traffic going OUT all physical interfaces will be untagged for that VLAN. Traffic going OUT the vlan interface will ...
by artz
Thu Mar 22, 2018 1:02 pm
Forum: Beginner Basics
Topic: Still have RSTP problems with Mikrotik
Replies: 9
Views: 1659

Re: Still have RSTP problems with Mikrotik

Note that in most cases the device that has detected loops is not causing the loop. What this error means is that a packet, that was sent out by the device, is received back after it was forwarded into your network. You should check devices that are connected to ether1. We have noticed quite a few c...
by artz
Wed Mar 21, 2018 1:03 pm
Forum: RouterBOARD hardware
Topic: Can the CRS317 do LAG in hardware yet?
Replies: 3
Views: 656

Re: Can the CRS317 do LAG in hardware yet?

Since RouterOS 6.42rc23 LAG interfaces are hardware offloaded on CRS3xx series devices.
More information can be found here:
https://wiki.mikrotik.com/wiki/Manual:C ... es#Bonding
by artz
Fri Mar 09, 2018 4:54 pm
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 97187

Re: v6.42rc [release candidate] is released!

Well done!
I can confirm it's working on a CRS326 now. Still open is the issue to change MTU size.
[admin@MikroTik] /interface bonding> set bond2 mtu=8148
failure: could not set mtu
[admin@MikroTik] /interface bonding>
You must set L2MTU on slave interfaces first.
by artz
Wed Feb 28, 2018 10:36 am
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 97187

Re: v6.42rc [release candidate] is released!

Are you aware and have reproduced the LACP problem aswell? There is something specific to your setup that is causing access to the CPU being lost. Please write to support@mikrotik.com, attach the supout.rif file and a small, simplified network diagram (preferably with device's model name on the oth...