Hi everyone,
I have a CRS326-24S+2Q+ installed in a rack connecting to a (non-MikroTik) core switch for internet access on port sfp-sfpplus24 and to a bunch of servers on the other ports.
I’ve been assigned 2 public subnets (edited):
1.1.1.188/30: That subnet connects the core switch (1.1.1.189) and the MikroTik switch (1.1.1.190)
2.2.2.128/26: This subnet is routed to 1.1.1.190 by the core switch and is used to access the servers.
To test things out I created a bridge “public” spanning the server ports and assigned IP 1.1.1.190 directly to port sfp-sfpplus24 to connect with the core switch. I also created a route to send all traffic with destination 0.0.0.0/0 to 1.1.1.189. This works in principle, the MikroTik as well as the servers do have internet access. The problem is that hardware offloading doesn’t work in this scenario, CPU usage is high and download speeds are low.
To make hardware-offloading work, my idea was to bundle the server ports in a new vlan 100 and add port sfp-sfpplus24 to the same bridge in a separate vlan 99 with IP 1.1.1.190 assigned to the interface for vlan 99 instead of sfp-sfpplus24 directly. The problem is that as soon as I do that, I lose connectivity to the core switch. Does anyone have an idea why that could be or how I could further debug this?
Here’s the relevant part of the switch configuration:
# 2024-08-07 08:56:43 by RouterOS 7.12.2
# model = CRS326-24S+2Q+
/interface bridge
add name=public vlan-filtering=yes
/interface vlan
add interface=public name=vlan-gateway vlan-id=99
add interface=public name=vlan-public vlan-id=100
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/port
set 0 name=serial0
/interface bridge port
add bridge=public comment=defconf interface=sfp-sfpplus2 pvid=100
add bridge=public comment=defconf interface=sfp-sfpplus4 pvid=100
add bridge=public comment=defconf interface=sfp-sfpplus6 pvid=100
add bridge=public comment=defconf interface=sfp-sfpplus8 pvid=100
add bridge=public comment=defconf interface=sfp-sfpplus10 pvid=100
add bridge=public comment=defconf interface=sfp-sfpplus12 pvid=100
add bridge=public comment=defconf interface=sfp-sfpplus14 pvid=100
add bridge=public comment=defconf interface=sfp-sfpplus16 pvid=100
/interface bridge vlan
add bridge=public tagged=public untagged="sfp-sfpplus10,sfp-sfpplus12,sfp-sfpp\
lus14,sfp-sfpplus16,sfp-sfpplus2,sfp-sfpplus4,sfp-sfpplus6,sfp-sfpplus8" \
vlan-ids=100
# sfp-sfpplus24 not a bridge port
add bridge=public tagged=public untagged=sfp-sfpplus24 vlan-ids=99
/ip address
add address=1.1.1.190/30 interface=sfp-sfpplus24 network=1.1.1.188
add address=2.2.2.129/26 interface=vlan-public network=2.2.2.128
/ip dns
set servers=1.1.1.1,8.8.8.8
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=1.1.1.189 \
pref-src="" routing-table=main scope=30 suppress-hw-offload=no \
target-scope=10
And here are the steps that make things break:
/interface bridge port remove [ find interface=sfp-sfpplus24 ]
/interface bridge port add bridge=public interface=sfp-sfpplus24 pvid=99
/ip address set [/ip address find address="1.1.1.190/30"] interface=vlan-gateway