I have just bought a CRS304 to use as a high speed switch to allow me to mirror my fibre connection WAN traffic and figure out why my IPv6 connection has stopped working. This is my first MikroTik device, so my learning curve is steep at the moment.
I have a fibre Internet connection with 1 gigabit/s download speed and 500 megabits/s upload speed, and it is has a lot of traffic most of the time. I am connecting to the Internet with an EdgeRouter 4 (ER4), which does allow me to run tcpdump or tshark from its command prompt to capture traffic, but they only see the traffic on the CPU’s Ethernet port, and do not see any packets routed by the offloading hardware, so it is very difficult to see exactly what is going on from there. I can connect the ER4 WAN port through my gigabit switch and see the WAN traffic on a mirror port. But since the total traffic is often above 1 gigabit/s, packets are lost when doing that. So I got the 10 Gbit/s CRS304 switch to fix that problem by allowing me to have the mirror port running faster than 1 Gbit/s. I have the CRS304 configured with the management port on ether5 as a standalone interface, and ether1, ether2 and ether3 bridged in the switch hardware. The connection from the fibre ONT goes to ether1 and ether2 is connected to the WAN port of the ER4. Currently ether3 is unused. Ether4 is configured as the mirror port, and connected to a 2.5 Gbit/s interface on an Ubuntu 24.04 PC where I can run tshark or Wireshark to see all the WAN traffic.
The bridge seems to be working as expected - my Internet connection works just as well as it did before being sent through the CRS304, and the ether1 and ether2 LEDs show lots of traffic. But the ether4 LED is not blinking nearly as rapidly and Wireshark is only seeing the traffic on the WAN connection that is outside the PPPoE connection that is used to run the IPv4 connection. So it just sees the IPv6 packets, which use a DHCPv6-PD connection. Both the PPPoE/IPv4 and IPv6 traffic are connected on VLAN 1, as prescribed by my ISP. Since the PPPoE traffic uses 8 bytes of headers, our fibre connections in New Zealand are overprovisioned for MTU 1508 to allow for that, so I initially set all the switch interfaces to MTU 1508, and later changed that to MTU 1532 to see if that would help, but it did not change anything.
So can someone please check my configuration and see if they can tell me what I have got wrong that prevents the PPPoE packets from also being mirrored.
# 2025-02-27 02:44:57 by RouterOS 7.18
# software id = 44M9-0APA
#
# model = CRS304-4XG
# serial number = <removed>
/interface bridge
add admin-mac=F4:1E:57:6C:9E:BE auto-mac=no comment=defconf name=bridge \
protocol-mode=none
/interface ethernet
set [ find default-name=ether1 ] l2mtu=1600 mtu=1508
set [ find default-name=ether2 ] l2mtu=1600 mtu=1508
set [ find default-name=ether3 ] l2mtu=1600 mtu=1508
set [ find default-name=ether4 ] l2mtu=1600 mtu=1508
/interface ethernet switch port
set 3 egress-rate=0bps ingress-rate=0bps mirror-egress=yes mirror-ingress=yes
/interface list
add name=WAN
add name=LAN
/port
set 0 name=serial0
/interface bridge port
add bridge=bridge comment=defconf interface=ether1
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
/interface detect-internet
set detect-interface-list=all
/interface list member
add interface=ether5 list=WAN
add interface=ether1 list=LAN
add interface=ether2 list=LAN
add interface=ether3 list=LAN
add interface=ether4 list=LAN
/interface ovpn-server server
add mac-address=FE:A7:86:B7:7D:49 name=ovpn-server1
/ip address
add address=10.0.2.243/24 comment=defconf interface=ether5 network=10.0.2.0
/ip dhcp-client
add disabled=yes interface=bridge
/ip dns
set servers=10.0.2.12,10.0.2.4,8.8.8.8
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/ip ipsec profile
set [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5
/ip route
add comment="IPv4 default" disabled=no distance=1 dst-address=0.0.0.0/0 \
gateway=10.0.2.251 routing-table=main scope=30 suppress-hw-offload=no \
target-scope=10
/ipv6 route
add comment="IPv6 default" disabled=no distance=1 dst-address=::/128 gateway=\
2406:e001:1:2802::251 routing-table=main suppress-hw-offload=no
/ipv6 address
add address=2406:e001:1:2802::243 interface=ether5
/system clock
set time-zone-name=Pacific/Auckland
/system note
set show-at-login=no
/system ntp client
set enabled=yes
/system ntp client servers
add address=ntp.jsw.gen.nz
/system swos
set address-acquisition-mode=static static-ip-address=10.0.2.243