Hi,
I use a MikroTik CRS112-8P-4S-IN switch at a site where multicast traffic is used to send videos to clients on the LAN. Besides VLAN1 for regular users there is VLAN20 for guest Wi-Fi configured. The goal is to have IGMP Snooping along with HW offloading.
Reading the WIKI pages concerning the configuration of such I came across the following note:
Note: CRS series switches are capable of running IGMP Snooping along with hardware offloading, but CRS1xx and CRS2xx series switches will not work properly with IGMP Snooping if VLAN filtering is configured on the switch chip. It is possible to use IGMP Snooping along with VLAN filtering, but then you must make sure that IGMP packets are sent out with the correct VLAN tag using egress ACL rules.
Source: https://wiki.mikrotik.com/wiki/Manual:Interface/Bridge#IGMP_Snooping
Now what exactly does that mean? What would such ACL rules look like (never worked with these before)?
Advice and help would be much appreciated. Thanks!
Config:
/interface bridge
add admin-mac=DE:AD:00:BE:EF:09 auto-mac=no comment=LAN-Bridge igmp-snooping=yes mtu=1500 name=bridge priority=0x1000
/interface ethernet
set [ find default-name=ether1 ] comment=MikroTik-RO speed=100Mbps
set [ find default-name=ether2 ] comment=MikroTik-AP-OF speed=100Mbps
set [ find default-name=ether3 ] comment=MikroTik-CAP-OF speed=100Mbps
set [ find default-name=ether4 ] speed=100Mbps
set [ find default-name=ether5 ] comment=WS speed=100Mbps
set [ find default-name=ether6 ] comment=NAS speed=100Mbps
set [ find default-name=ether7 ] comment=PRT speed=100Mbps
set [ find default-name=ether8 ] speed=100Mbps
set [ find default-name=sfp9 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=sfp10 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=sfp11 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=sfp12 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/port
set 0 baud-rate=9600
/interface bridge port
add bridge=bridge interface=ether1
add bridge=bridge interface=ether2
add bridge=bridge interface=ether3
add bridge=bridge interface=ether4
add bridge=bridge interface=ether5
add bridge=bridge interface=ether6
add bridge=bridge interface=ether7
add bridge=bridge interface=ether8
add bridge=bridge interface=sfp9
add bridge=bridge interface=sfp10
add bridge=bridge interface=sfp11
add bridge=bridge interface=sfp12
/interface ethernet switch egress-vlan-tag
add tagged-ports=ether1,ether2,ether3 vlan-id=20
/interface ethernet switch vlan
add ports=ether1,ether2,ether3 vlan-id=20
/ip address
add address=192.168.101.9/24 interface=bridge network=192.168.101.0
/ip dns
set servers=192.168.101.1
/ip route
add distance=1 gateway=192.168.101.1
/ip ssh
set allow-none-crypto=yes
/snmp
set contact="Name" enabled=yes location=Office trap-version=2
/system clock
set time-zone-name=Europe/Berlin
/system identity
set name=MikroTik-CRS
/system ntp client
set enabled=yes primary-ntp=192.168.101.1
/system routerboard settings
set auto-upgrade=yes
/tool romon
set enabled=yes id=DE:AD:00:AD:00:09