HW3 CCR 2116 Problem

Hello everyone, I have this network, where both the switch and the ccr2116 are in version 7.
Switch is active the HW3 on the switch chip.
On the ccr2216, if I activate HW3, the internet stops working, it no longer pings the internet, if I deactivate HW3 only on the sfp2 interface of the CCR2116, which is the interface that goes to the switch, the internet works again, or either I can’t activate the HW3 for the routes that come from the internet as in the case of bgp or is something missing?

By having two physical connections between CRS and CCR2116 you’re creating a loop in network topology. Default bridge setup has RSTP enabled and it’s RSTP’s responsibility to break such loops by disabling offending links (all but one of those contributing to loop).

There are a few possibilities to cure the problem, the most straight forward one is to use one connection configured as trunk (carrying both VLAN 100 and 200). If you need capacity, configure both physical links as bond and then configure trunk on top of that bond.

RSTP is not VLAN aware whereas MSTP is: https://help.mikrotik.com/docs/display/ROS/Spanning+Tree+Protocol#SpanningTreeProtocol-MultipleSpanningTreeProtocol

I don’t have Loop problems, they are different broadcasts, there is no Router bridge. My problem is with the HW3 option

as the ccr 1036 does not have hw3, I believe that its interface does not need to be on a bridge.
I think that for the internet link I need to create a bridge and associate the vlan with bridge pro hw3 to work correctly?

Consider that if you were correct you would not be here.
Consider that you just destroyed any incentive to help you.
Getting the most out of this forum by normis, MikroTik Support

Yes you do. To standard (Rapid) Spanning Tree the two links between your switch and your 2216 are a loop, even if they are in different VLANs/broadcast domains. You need to run MSTP if you want to fix this. Or use a trunk, as suggested.

Device block diagrams:

• CRS317 https://i.mt.lv/cdn/product_files/CRS317-1G-16S_220904.png
• CCR2216 https://i.mt.lv/cdn/product_files/CCR2216-1G-12XS-2XQ_220346.png

If you take sfp2 out of the bridge on the ccr2116 the issue should “disappear”. This would prove the loop issue as well. By removing sfp2 out of the bridge you would also lose L3HW offloading, but the routing should work if you are using vlan interfaces and assign vlan100 to sfp2 (this would be cpu only routing).

I have this exact same setup.

For L3HW offload to work properly (for any CRS3xx or CCR2xxx device):

• There must only be one bridge on the switch, and all VLANs must belong to it. VLANs cannot belong to ports.
• All ports participating in switching (or routing between VLANs) must belong to that bridge.
• All IP’s are assigned to VLAN interfaces or route-only (non-switch) Ethernet interfaces.
• NAT or FW rules are CPU-bound and won’t work between HW-offloaded interfaces (INPUT chain usually works).

In your case, once the bridge is properly configured on the 2116 as mentioned above, put both links between the 2116 and the 317 into an LACP bond and tag VLAN’s 100 and 200 to the bond interface on both devices. Then it should work.