i have a RB3011 with two QCA8337 based switches. Because these switches do NOT support VLAN hardware offloading when using Bridge based VLAN filtering, I have turned the new VLAN filtering off in the bridge configuration and i am NOT using the new Bridge based VLAN configuration. All VLAN configuration is done in switch configuration and appropriate VLANs with address and DHCP server configuration are added to the bridge. Everything is working fine despite of the following problem:
A device “A” at access port of switch 1 configured for VLAN 30 is not able to communicate with a device “B” behind a trunk port (VLAN 10/30) behind port of switch 2.
All packages get lost, ping between both devices are not working. When I move the device “A” to an access port of switch 2 (VLAN 30), the switch based VLAN configuration is working as expected with high speed.
So the problem seems to be that the bridge with disabled VLAN filtering is not able to transmit the VLAN packages from switch 1 to switch 2. Using torch I can see that some packages
are able to pass through the bridge (4% running ping for 5 Minutes). The current setup (both trunk and AP at same switch) helps me to get out, but I will need more ports and the second switch soon.
What is my bridge configuration missing? Or is this setup (Switch based VLAN configuration and bridging two switches with no VLAN filtering) not supported any more and I should switch to bridge based VLAN filtering without VLAN hardware offloading?
Do I have to use the new VLAN filtering of bridge and disable the switch based VLAN configuration?
I’ve not had chance to experiment with adding all the VLANs to both switch1cpu and switch2cpu (under Switch>VLAN) to see if the traffic would then, for example, take the path ether2 → [switch1] → switch1cpu → bridge → switch2cpu → [switch2] → ether8 - if this does work there would be CPU overhead as the traffic has to pass between the switch chips, but not as much as turning off hardware acceleration by using a VLAN-aware bridge.
Be warned that even with a VLAN-aware bridge (and no hardware offloading), leaving non-default settings in the Switch menu does weird things.
@andreasbehnke: can you post configuration of ethernet and bridge? (/interface ethernet export and /interface bridge export) … I’ve got an idea, but I’d like to see your current setup to think it over …
Thank you, this is the corrcet documentation… Either I have to use a cable to conect both switches (…) or have to not add all ports to one bridge. Think I have to figure out how to place the access ports and trunk ports to get max usage out of the two switches and to use multiple software bridges.
Uh, sorry, my idea does not apply to your settings, there’s nothing much I’d change. Only minor setting (and I’m not sure it’d make any difference): I’d set independent-learning to same value (my choice would be “no” although manual suggests “yes” to be wiser choice) on all vlans …
Potentially there’s a conflict: port ether6 is a member of VLAN 10, where IVL is enabled, and member of VLAN 30, where IVL is disabled. VLAN 30 ports from switch1 have IVL enabled …