There some weird issue on my (RB2011UiAS-2HnD-IN): all interfaces get down and immediately up again when i got max (950MB/s-980MB/S) load from any interface, when download something from lan. They all bridged, no max CPU load or something.
Tested on ROS: 6.49.18 and 7.18.2
Hi
you should at least provide config info … (see forum notes on /export) We do not have a “cristal ball”
Ye, you right. I thought maybe there is some common issue of RB2011UiAS-2HnD.
# 2025-05-17 13:34:46 by RouterOS 7.15.2
# software id = 73IY-WZX7
#
# model = RB2011UiAS-2HnD
# serial number = 66C0050B4472
/interface bridge
add name=bridge-base port-cost-mode=short
add name=bridge-cosmos port-cost-mode=short
/interface wireless
set [ find default-name=wlan1 ] ssid=MikroTik
/interface ethernet
set [ find default-name=ether1 ] comment=ROUTER
set [ find default-name=ether2 ] comment="ISP1 - Cosmos"
set [ find default-name=ether3 ] comment=SERVER-FSG
set [ find default-name=ether6 ] disabled=yes
set [ find default-name=ether7 ] disabled=yes
set [ find default-name=ether8 ] disabled=yes
set [ find default-name=ether9 ] disabled=yes
set [ find default-name=ether10 ] disabled=yes
/interface vlan
add interface=ether3 name=vlan-cosmos vlan-id=5
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/port
set 0 name=serial0
/snmp community
set [ find default=yes ] addresses=0.0.0.0/0
/interface bridge port
add bridge=bridge-base hw=no ingress-filtering=no interface=ether1 \
internal-path-cost=10 path-cost=10
add bridge=bridge-cosmos ingress-filtering=no interface=vlan-cosmos \
internal-path-cost=10 path-cost=10
add bridge=bridge-cosmos ingress-filtering=no interface=ether2 \
internal-path-cost=10 path-cost=10
add bridge=bridge-base hw=no ingress-filtering=no interface=ether3 \
internal-path-cost=10 path-cost=10
add bridge=bridge-base hw=no ingress-filtering=no interface=ether4 \
internal-path-cost=10 path-cost=10
add bridge=bridge-base hw=no ingress-filtering=no interface=sfp1 \
internal-path-cost=10 path-cost=10
add bridge=bridge-base hw=no ingress-filtering=no interface=ether5 \
internal-path-cost=10 path-cost=10
/ip firewall connection tracking
set udp-timeout=10s
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface bridge vlan
add bridge=bridge-base comment=sfp-btk-sip tagged=bridge-base,ether5,sfp1 \
vlan-ids=50
add bridge=bridge-base comment=sfp-btk-byfly tagged=bridge-base,ether5,sfp1 \
vlan-ids=10
add bridge=bridge-base comment=sfp-btk-zala tagged=bridge-base,ether5,sfp1 \
vlan-ids=20
/interface ovpn-server server
set auth=sha1,md5
/ip dhcp-client
add interface=bridge-base
/lcd
set backlight-timeout=never default-screen=informative-slideshow enabled=no \
touch-screen=disabled
/lcd pin
set pin-number=1200
/lcd interface pages
set 0 interfaces="sfp1,ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8\
,ether9,ether10"
/routing bfd configuration
add disabled=no interfaces=all min-rx=200ms min-tx=200ms multiplier=5
/snmp
set enabled=yes
/system clock
set time-zone-name=Europe/Minsk
/system identity
set name="MikroTik - FSG GATE"
/system note
set show-at-login=no
/system ntp client servers
add address=193.134.29.12
add address=195.85.215.8
/system routerboard settings
set cpu-frequency=750MHz
/tool graphing interface
add interface=bridge-base
I disable Hardware Offload on these interfaces and this is fixed the issue but speed is drops cause of CPU.
I cannot reproduce this issue on my RB2011UiAS-2HnD running v6.49.18. Just did the test by copying a couple 100GBs from my NAS to my desktop and it’s doing ~950Mbps without causing any link downs. Have you tried using another power supply?
Given that
https://mikrotik.com/product/RB2011UiAS-2HnD-IN#fndtn-specifications
https://cdn.mikrotik.com/web-assets/product_files/Block-RB2011UAS-2HnD_130546.pdf
https://help.mikrotik.com/docs/spaces/ROS/pages/15302988/Switch+Chip+Features
add bridge=bridge-base hw=no
I suspect all bridge traffic is going to CPU, and given that link between gb switch and cpu is 1gb, it’s saturated.
why not use hw offloading (switching)?
why not use hw vlan handling? → bridge-cosmos: i would replace it vlan interface on bridge-base with eth2 part of it
as next step you could also consider inter-vlan routing using hw rules
@sebastia: he set hw=no as a workaround for the issue, as he mentions in the third post.
I actually managed to reproduce the issue on my RB2011 as well by a copying a couple of TBs of data from my NAS to my desktop. All ports on the first switch chip went down in the middle of the copy and immediately came back up again. Lost 3-4 pings. NIC on desktop also reports a clear link down event.
I disabled hw offloading as workaround to fix this issue. I also disable all VLANs just for test and problem still exist.
Interesting… this is exacly what i have. Also log of mikrotik says that all connected ports are link down and up.
About power supply, Its runs on POE (20v input) and i tried external 12v (1A) power supply and still have a same issue.
current config of vlan is not in line with switch chip recommendations, see links before
I would start with that
and then also upgrade to latest version, if still there → support ticket
and if not solved, downgrade to v6, as there some reported ok
Ye, seems like removing vlan from bridge-cosmos on eth2 fixed the problem. I still try to learn vlan stuff, but its kind of hard..
replace it vlan interface on bridge-base with eth2 part of it
Can you explin this part pls? (pictures will be great) All i need is just forward interface eth2 to my hyper-v vlan5 port. Like i plugget cable direct to my hyper-v VM interface.
I’m not using any VLANs and I still see this issue. Also, I confirmed in post #6 that I’m running the latest v6 and I can successfully reproduce the problem. I expect the problem to be related to the switch buffers being full, eventually causing a reset of the switch chip. We’ve seen this problem before (eg on the RB3011, RB4011 and CCR2004 series).
I tried without vlan and no problems.
hyper-v VM interface: is that the eth3 comment=SERVER-FSG?
is that a tagged or untagged / access port?
there is no need for vlan 5 access on router?
Yes, SERVER-FSG (eth3) - is there where VM with vlan5 port, there is no need for vlan 5 access on router, just need physical eth2 on mikrotik (there provider with static IP own DHCP and etc) connectet directly to VM on SERVER-FSG (VM port with vlan id5).
So this Mikrotik’s eth2 port should simply go directly to the virtual machine that behind eth3 mikrotik port.
based on your feedback I understood that:
/interface vlan
→ remove name=vlan-cosmos vlan-id=5
because no need to access vlan 5 on router
/interface bridge port
→ remove interface=vlan-cosmos
→ assign interface=ether2 to bridge-base pvid=5 frame-types=admit-only-untagged-and-priority-tagged
because eth2 will be part of main bridge, with (optional) vlan-filtering in hw
→ consider defining eth1 & eth4 explicitly in bridge config: access ports as for eth2 above or tagged
/interface bridge
→ remove name=bridge-cosmos
/interface bridge vlan
→ add vlan 5 with tagged=eth3 untagged=eth2
what is this about?
/ip dhcp-client
add interface=bridge-base
using default vlan 1? → make it explicit in /interface bridge vlan, see also comment above about eth1 & eth4
Thank you for your help and answers. Not working.
VM doesnt get any DHCP from this eth2.
upd: i enabled VLAN Filtering and it worked. But this option disables Hardware Offload
Keep in mind that the RB2011 is quite old and might require “Switch VLANs” instead.
Aka configuring Access Ports through the “Switch” button in WInbox/Webfig
(I don’t have 2011, hence can’t test)
Based on docs, as mentioned, this chip requires special config:
https://help.mikrotik.com/docs/spaces/ROS/pages/15302988/Switch+Chip+Features#SwitchChipFeatures-PortSettings
set default-vlan-id for access ports
→ eth2 needs vlan 5 set
/interface ethernet switch vlan
add ports=eth2,eth3 switch=switch1 vlan-id=5
(+rest of vlans)
/interface ethernet switch port
set ether2 vlan-mode=secure vlan-header=leave-as-is default-vlan-id=5
set ether3 vlan-mode=secure vlan-header=leave-as-is
(eth1 & 4 for you to elaborate)
some setup examples
https://help.mikrotik.com/docs/spaces/ROS/pages/15302988/Switch+Chip+Features#SwitchChipFeatures-VLANExample1(TrunkandAccessPorts)
Note: “On QCA8337 and Atheros8327 switch chips, a default vlan-header=leave-as-is”
Thanks, gonna try this.
Edit: looks like it worked vm is getting dhcp, but I’m loosing access to entier server on lans “bridge-base”.
Its works now, but cpu load is almoust 100 percent when i transfer files to the server… 
upd: change “Default VLAN ID” from 0 to 1 fixed cpu usage! Hooray!
Last thing to fix: is that the dhcp client from bridge-base can’t get address. Looks like everything behind ether 3 can’t see this mikrotik as well.
if you post your current config, someone can suggest fine-tuning …