Hi guys,
I have FTTH capable of 1000/100 and using 100/10 right now. I am trying to route Internet and IPTV to my network. The wiring is:
Internet is on VLAN 848 priority 0
IPTV in on VLAN 835 priority 4, multicast
ISP <--fibre--> Huawei GPON <--utp--> ether5 (pppoe) | RB960PGS | ether1 <--utp--> HP 1920 switch --> HOME
ether5 pppoe client is based on VLAN 848 interface
ether1 is trunk with vlans 8,10,11,12,13,14,835 for different purposes (mgmt, wifi, wired, surveilance).
HP1920 is the core switch responsible for access / trunk.
Routing / firewalling between VLANs is done in RouterOS.
And to the problem:
I was able to get Internet and IPTV working using VLANs and bridge, but IPTV quality is not good because of cpu overloading.
I read that I need to use switch chip on my RB and HW offloading. I did some experiments, but was not able to get both Internet and IPTV working.
I think I need to pass VLAN 835 as is from ether5 to ether1 overriding cpu and attach pppoe client on VLAN 848. Also VLAN 848 to the cpu for routing.
Is there anybody with similar setup who can advise how to start?
Many thanks, Martin
So far I was able to fix TV quality by attaching GPON to core switch port with trunk 848 (internet) and 835 (iptv).
Second switch port (access 848) is attached to ether-5 + pppoe for internet routing to LAN.
IPTV stays in switch.
But I don’t like this solution much, because it makes core switch another point of failure.
Any ideas how to solve this on Mikrotik alone? Or is there more suitable MT device for this scenario?
Before changing setup, make backup of device. If you don’t succeed in reconfiguring the device, you can still revert to current setup.
For switch-chip centric setup, the L2 setup should look something like this:
/interface ethernet switch
set ether1 vlan-header=leave-as-is vlan-mode=secure
set ether5 vlan-header=leave-as-is vlan-mode=secure
set switch1-cpu vlan-header=leave-as-is vlan-mode=secure
/interface ethernet switch vlan
add independent-learning=yes ports=ether1,ether5 switch=switch1 vlan-id=835 # IPTV will pass between ether1 and ether5 only
add independent-learning=yes ports=switch1-cpu,ether5 vlan-id=848 # PPPoE passing only between ether5 and CPU
add independent-learning=yes ports=switch1-cpu,ether1 vlan-id=8 # LAN VLAN between ether1 and CPU
add independent-learning=yes ports=switch1-cpu,ether1 vlan-id=10 # LAN VLAN between ether1 and CPU
add independent-learning=yes ports=switch1-cpu,ether1 vlan-id=11 # LAN VLAN between ether1 and CPU
# ... add other LAN VIDs as needed
/interface bridge
add name=bridge admin-mac=uu:vv:xx:yy:ww:zz name=bridge # mandatory setting is vlan-filtering=no (as it's default, it's not shown in exported configuration)
/interface bridge port
add bridge=bridge interface=ether1
add bridge=bridge interface=ether5
/interface vlan
add interface=bridge name=vlan848 vlan-id=848
add interface=bridge name=vlan8 vlan-id=8
add interface=bridge name=vlan10 vlan-id=10
# add other VLAN interfaces as required
#
# IP setup is then same as with VLAN-aware bridge, bound to appropriate VLAN interfaces
Beware that changing settings on the switch chip is a fast-track to locking yourself out of device and only way back is to perform factory-reset (not even winbox can help there). I guess the easiest way (still hard) would be to construct a configuration script with proper L2 config, perform reset of device to no config, user winbox to connect, upload config script and run it. Management connection will likely drop, but if everything done correctly, you should be able to re-connect and continue with L3 setup.
While syntactically it is possible to mix switch-chip VLAN setup and vlan-filtering bridge setup, result might be slightly undeterministic, so I suggest you not to mix both.
On the other hand I don’t understand your statement about core switch becoming another point of failure if you connected GPON to it. Unless you connect client devices (APs, wired computers, …) directly to PGS960, your core switch already is a significant point of failure.