CRS125: VLAN and HW Offload

Hardware MikroTik hardware general
1

Hi there.

Need some help on CRS with VLAN and HW-Offload.

I got a CRS125-24G-1S as main switch/router at home.
Port 1 is connected to ISP.
Port 2-24 are for inhouse network and added to bridge1 (192.168.0.0/24).

On Port 3 there’s a hAP ac2 (Wifi-AP). Ether1 goes to CRS.
On Port 8 there’s a hAP ac lite (Wifi-AP). Ether1 goes to CRS.

Now i’ve created 2.4 and 5GHz guest wlan interfaces (virtual) on both hAPs and i’m using VLAN-Filtering on bridge1 to handle it.

/interface bridge
add name=bridge1 vlan-filtering=yes

/interface vlan
add interface=bridge1 name=vlan20 vlan-id=20

/interface wireless
add disabled=no mac-address=xx master-interface=wlan1 name=wlan1-vlan20 security-profile=profile-guest ssid=xx vlan-id=20 vlan-mode=use-tag
add disabled=no mac-address=xx master-interface=wlan2 name=wlan2-vlan20 security-profile=profile-guest ssid=xx vlan-id=20 vlan-mode=use-tag

/interface bridge port
...
add bridge=bridge1 interface=vlan20 pvid=20
add bridge=bridge1 interface=wlan1-vlan20 pvid=20
add bridge=bridge1 interface=wlan2-vlan20 pvid=20

/interface bridge vlan
add bridge=bridge1 tagged=bridge1,ether1,vlan20,wlan1-vlan20,wlan2-vlan20 vlan-ids=20

/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=bridge1
add dhcp-options=hostname,clientid disabled=no interface=vlan20

I’m now getting untagged and tagged traffic on Port 3 and 8 of CRS.

To handle it on the CRS i’ve also created a vlan interface on bridge1 and enabled VLAN-Filtering.

/interface bridge
add name=bridge1 vlan-filtering=yes

/interface vlan
add interface=bridge1 name=vlan20 vlan-id=20

/interface bridge port
...
add bridge=bridge1 interface=vlan20 pvid=20

/interface bridge vlan
add bridge=bridge1 tagged=bridge1,vlan20,ether3,ether8 vlan-ids=20

/ip dhcp-server network
add address=192.168.0.0/24 dns-server=192.168.0.1 gateway=192.168.0.1 netmask=24
add address=192.168.10.0/24 dns-server=192.168.10.1 gateway=192.168.10.1 netmask=24

/ip dhcp-server
add add-arp=yes address-pool=pool authoritative=after-2sec-delay disabled=no interface=bridge1 lease-time=2d name=dhcp
add add-arp=yes address-pool=pool-vlan20 authoritative=after-2sec-delay disabled=no interface=vlan20 lease-time=1d name=dhcp-vlan20

It’s working like expected but enabling VLAN-Filtering breaks HW-Offloading on the CRS.

How’d you handle it without breaking HW-Offloading?

Edit: Got it working by creating an additional bridge “bridge-vlan” with filtering enabled, moved vlan interface “vlan20” from bridge1 to bridge-vlan, created vlan interfaces ether3-vlan20 and ether8-vlan20, added everything to bridge-vlan and changed tagging to

/interface bridge vlan
add bridge=bridge-vlan tagged=bridge-vlan,vlan20,ether3-vlan20,ether8-vlan20 vlan-ids=20

On bridge1 the filtering is disabled and hw offloading working.