Just wanted to ensure that following setup is using switch chip for VLANs to reach near wire speed and doesn’t use the CPU on the box:
/interface ethernet
set [ find default-name=ether1 ] mac-address=00:0C:42:BD:D3:F7 name=
ether1-gateway
set [ find default-name=ether2 ] mac-address=00:0C:42:BD:D3:F8 name=
ether2-master-local
set [ find default-name=ether3 ] mac-address=00:0C:42:BD:D3:F9 master-port=
ether2-master-local name=ether3-slave-local
set [ find default-name=ether4 ] mac-address=00:0C:42:BD:D3:FA master-port=
ether2-master-local name=ether4-slave-local
set [ find default-name=ether5 ] mac-address=00:0C:42:BD:D3:FB name=
ether5-trunk
/interface vlan
add interface=ether5-trunk l2mtu=1516 name=vlan100-management vlan-id=100
add interface=ether5-trunk l2mtu=1516 name=vlan200-private vlan-id=200
add interface=ether5-trunk l2mtu=1516 name=vlan300-guest vlan-id=300
/interface ethernet switch port
set 4 vlan-mode=secure
/interface ethernet switch vlan
add ports=switch1-cpu,ether5-trunk switch=switch1 vlan-id=100
add ports=switch1-cpu,ether5-trunk switch=switch1 vlan-id=200
add ports=switch1-cpu,ether5-trunk switch=switch1 vlan-id=300Let me know if any other info is required. Thank you!
There are a couple of things there that need correcting.
Firstly, ether5 in your print-out isn’t assigned to the switch chip, it should be:
set [ find default-name=ether5 ] mac-address=00:0C:42:BD:D3:FB master-port=
ether2-master-local name=ether5-trunkYour Router port connected to the CPU then becomes ether2, so your Router VLANs need to be on that port instead:
/interface vlan
add interface=ether2-master-local l2mtu=1516 name=vlan100-management vlan-id=100
add interface=ether2-master-local l2mtu=1516 name=vlan200-private vlan-id=200
add interface=ether2-master-local l2mtu=1516 name=vlan300-guest vlan-id=300You haven’t assigned VLANs to any of the other ports in the switch either, currently you just have a trunk port with all three tagged VLANs and nothing else. As you’ve set the trunk port to secure, any untagged traffic from the other switch ports won’t traverse the trunk either.
OK I think I got it. My understanding of this switch cpu thing and wire-speeds, etc. was wrong and is not applicable in my case because I am not using the Mikrotik to pass traffic from an untagged interface to a tagged one. My VLAN are “created” on the Mikrotik and trunked onto a switch which makes use of them.
I’ve been using Mikrotik for quite some time now and I’m really happy with it. I still own a RB450G.
Today I was doing some transfers/iperf to “benchmark” my gigabit network and I noticed that speed were not the ones I expected.
Setup is always the same 3 VLANs are declared on the Mikrotik, trunked to a switch and they are distributed/un-tagged from there.
Put/Get file using FTP from a vlan to another reaches 14Mb/sec.
Put/Get file using FTP in the same vlan reaches 70Mb/sec.
When changing vlan, RB450G resources shows that CPU is going up to 100% so I guess this might be the bottleneck.
When on the same vlan, I’d guess packets don’t reach the router but the switch does it job maybe ?
Anyway, based on the above, do you guys think (1) there’s something to do to improve situation (2) would, for instance, a RB1100AHx2 perform better in that case because CPU is being used a lot to “transfer packets” from a vlan to another.
yes the CPU is the bottleneck. 1100AHx2 would definetly perform much better. We have some rb 1100AHx2 here and they are all performing good! But I would stay far away from anything from Mikrotik that says Cloud Core something, it’s like an expensive broken toy.
