Hi,
I have questions to the following rules:
copy-to-cpu = is this rule only for debugging purposes? Do we have two frames, one going to the CPU and from there to the destination and the other ones goes through the switch ASIC directly to the destination?
redirect-to-cpu = sames as above? Is the difference that only one frame will reach the destination?
In which cases do I use “copy” and in which “redirect”??
new-vlan-id = is this applied at ingress of the frame or at the egress?
From https://wiki.mikrotik.com/wiki/Manual:Switch_Chip_Features :
- copy-to-cpu=yes/no - a packet can be cloned and sent to cpu port
- redirect-to-cpu=yes/no - a packet can be redirected to cpu port
I don’t know about particular use cases. I guess copy-to-cpu is useful if you want to debug something using ROS tools (sniffer, …) which would otherwise bypass CPU (similar to mirror function only that target port is CPU instead of other ethernet port). redirect-to-cpu I guess can be useful if you’d want to perform some filtering of LAN-2-LAN traffic, similar to bridge use-IP-firewall or some such.
As to new-vlan-id: in the document I linked above this option is mentioned in a group of options which all get applied to ingress frames … hence I’d assume this option applies at ingress as well.