Can I use both switch groups as if they were completely independent switches with VLANs, with no CPU load?
Some time ago, there was a restriction that only the first bridge created could have HW offload, but I see the H flag in both.
RB1100AHx4 running ROS 7.6. Is this truly working, or H on second bridge wrongly shown?
Networks on bridge1 and bridge2 must be separated with no possibility to leak VLANs, cause bridge loops etc.
RB1100AHx4 block diagram suggests it shoud work, I’m just making sure before I make a more complex setup.
The restriction was always one bridge per switch chip. The gotcha is that only a few device models have more than one switch chip and even fewer of those had HW offload of non-trivial functions (AFAIK none before support for RTL8367). The config you’re showing was offloaded even in v6 … offload ceased if anything else was configured on bridge, such as VLAN filtering. You can try to force it by setting PVID on member ports (one value on two ports, another value on other ports) and set vlan-filtering=yes on corresponding bridge (you already did it). This would enable you to test a few things:
HW offload of simple VLAN operation - check if all ports still have H flag. Check wirespeed traffic forwarding between ports with same PVID - CPU load should remain at idle values
separation of ports with different PVID … traffic should not pass between ports with different PVID
For the tests above - without setting up IP to avoid potential dusturbances by router – you wouldn’t set up vlan interfaces on bridge being tested. Which in turn means you have to set IP address on test computers manually.
Re inter-bridge separation: networks are separated on L2 (as much as it is between different VLANs). If device has IP addresses on those networks, then it’s willing to route between those networks and you have to control traffic between different networks using firewall.