Hi, I just upgraded my css610-8g-2s+in’s firmware to v2.17 and experienced some severe packet loss issues. All devices attached to the CSS610 have either slow or no internet access, meanwhile, intranet works fine.
After configuration, if these two conditions are met simultaneously, the packet loss rate will rise significantly:
Packet size > 1000 bytes.
The packet is being forwarded to the internet.
Approximately 90% of the packets are lost during the ping test.
Examples of tests conducted:
Ping test: Laptop to Laptop, packet size = 25 - No packets lost.
Ping test: Laptop to Laptop, packet size = 2500 - No packets lost.
Ping test: Laptop to 8.8.8.8, size = 25 - No packets lost.
Ping test: Laptop to 8.8.8.8, size = 1000 - Packet loss occurred. I used port mirroring to capture packets on both the trunk port and the access port. I could see ping requests sent out from the laptop on the laptop’s access port and trunk port, but I couldn’t observe the packets passing through the access port connected to the router
Visiting websites from both laptops, as shown in the image, is nearly impossible. Using the browser’s network tool, the browser fetches only a few files from the website before the server becomes unresponsive, but if the laptop connects directly to the router’s LAN port the webpage will load with no issues.
When visiting both CSS610’s WebUIs from the internet through VPN, only the one connected to the router can be accessed with no issue. The one on the other side of the trunk link can only load a few (~60Bytes) bytes of the WebUI’s engine.js before the connection fails. While capturing the CSS610’s trunk port on the left side as the js file loads, I observe many TCP retransmissions but none of them get through to the access port connected to the router’s LAN port. However, any devices on the intranet can access to both CSS610’s WebUIs with no issue.
Any luck with a resolution? I’d recommend taking screenshots of the config of both switches, reset config of both switches and only set the IP of the switches and VLAN 200 for the uplink to the modem, router, and trunk ports, and the other ports on VLAN 300 and don’t adjust the VLAN Receiving setting, or port isolation, or anything else. Get a working base config then if things work, export config of both switches and then start fine tuning the rest of the configuration.
I am gathering that both switches are configured exactly the same (except presumably they have a different IP address). I am also gathering that the unnamed device on the left is the router.
Since laptop to laptop is working properly, I’m not sure this is a switch problem, but rather a router problem (or something in the interface between the router and the left switch).
You only showed part of the switch configs, but I don’t see anything obviously wrong there.
Hi, my router is an Asus ax-11000pro. I have tried disabling rstp/stp on both switches and router, I also tried adjusting MTU, enabling jumbo frame, and changing the trunk port, but none of them worked.
Try this test, configure a computer to connect to your ISP using pppoe and connect it to the same port on the switch as if it were the router. Is the pppoe connection successful?
I’d really like to see some forum moderator to merge the two threads that @OP opened for the same issue.
Back to the problem: last test result (PPPoE working if client is not the router on far left) still points in the direction of router on far left not playing nicely when connected to same switch using two physical links that I mentioned in my post #2 in the other thread. I’m not saying that it’s impossible to work around the issue @OP has, but if one can not control behaviour of the router in question (and that means detailed control, e.g. xSTP config), then chances of getting it to work are pretty slim.
And the problem has to be tackled both on left hand CSS (running SwOS, which is way less flexible than ROS, but ROS is not an option for CSS devices) and on the router in question. So it’s not a SwOS bug, it’s rather lack of flexibility (mostly on 3rd party device as it seems right now).
If I were you in this situation, I would do one of the two:
1: Move the 5-port router to the right of the diagram and connect it directly to the ISP, and get an access point that connects to the switch on the left.
2: Utilize the 5-port router as an access point (disable DHCP and change IP if you prefer) and setup another router hooked up directly to the ISP performing DHCP service for the LAN.
The problem has been temporarily solved.
I noticed that my router has the same MAC address on its LAN ports as on the WAN ports, I didn’t overthink this since I assumed that VLAN would split these two ports traffic apart, and I was wrong.
I use ACL to force redirect all packets that have VLAN ID 30 from SFP+1 to port 2, and everything on Switch B works now. Hope Mikrotik will fix this bug in the future SWOS Lite release.
Which is weird if those ports are truly independent … and expected if all ports are bridged together.
You can test if it’s the later by configuring one wired port as hybrid … allow both tagged and untagged traffic and set default VID to 300. Then connect router to this port only (single physical link). If both PPOoE and LAN works this way, then this means all ports on router are bridged.
