Hello,
I am currently trying to set up an CRS that should be deployed at our company. I set ether1 as master and the other ports as slave. So far so good. However I am a bit unsure about the best way to prevent loops.
I tried the suggestion mentioned here: http://forum.mikrotik.com/t/crs226-loop-protect-how/93733/14
/interface ethernet switch port
set 0 action-on-static-station-move=drop drop-dynamic-mac-move=yes dscp-based-qos-dscp-to-dscp-mapping=no learn-limit=10 learn-override=yes
set 1 action-on-static-station-move=drop drop-dynamic-mac-move=yes dscp-based-qos-dscp-to-dscp-mapping=no learn-limit=10 learn-override=yes
...
The loop protection works but - with this setup - it takes several minutes (= value of “Unicast FDB Timeout”) for hosts to be recognized when they are moved to a new port. To circumvent this issue, I reduced the unicast FDB timeout to 30 seconds.
/interface ethernet switch set unicast-fdb-timeout=30s
I am not sure if this is a good idea. On many pages on the web it is stated that windows has an arp timeout of approximately 4 hours and the recommendation is, to set the unicast FDB timeout to a value grater than that. Certainly this wouldn’t work well with the loop prevention as above.
On the other hand, with the low unicast FDB timeout value I expect to get significantly more load on the network.
I also tried to use the ingress port policer to limit loop traffic, but I wasn’t skilled enough to get that working.
http://wiki.mikrotik.com/wiki/Manual:CRS_examples#Traffic_Storm_Control
Can anyone of you give me a hint what the best way would be to prevent loops?
All the best,
Lui