As in topic, is this normal that with proper (i hope so) config i get bilions of “excessive broadcasts/multicast, probably a loop” entries in log?
RB951-2n got two IPTV settop box’es, i use switch chip to provide L2 to them.
vlan 300 - IPTV
vlan 701 - management
vlan 0 (untaged) - pppoe for mt or other dumb equipment
conf export:
/interface bridge
add mtu=1500 name=Internet
/interface ethernet
set [ find default-name=ether1 ] name=ether1_net
set [ find default-name=ether2 ] name=ether2_net
set [ find default-name=ether5 ] name=ether5_uplink
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether5_uplink max-mru=1480 \
max-mtu=1480 name=pppoe-internet password=xxx use-peer-dns=\
yes user=xxx
/interface vlan
add interface=ether5_uplink l2mtu=1594 name=MNG-vlan-701 vlan-id=701
/interface ethernet
set [ find default-name=ether3 ] master-port=ether5_uplink name=ether3_box
set [ find default-name=ether4 ] master-port=ether5_uplink name=ether4_box
/interface ethernet switch port
set 1 default-vlan-id=330 vlan-header=always-strip vlan-mode=secure
set 2 default-vlan-id=330 vlan-header=always-strip vlan-mode=secure
set 3 vlan-header=add-if-missing vlan-mode=secure
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa-psk,wpa2-psk mode=dynamic-keys name=profil1 \
wpa-pre-shared-key=xxx wpa2-pre-shared-key=xxx
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n country=poland disabled=no \
frequency=2422 frequency-mode=regulatory-domain l2mtu=2290 mode=ap-bridge \
security-profile=profil1 ssid=xxx wireless-protocol=802.11
/ip pool
add name=dhcp_pool1 ranges=192.168.120.2-192.168.120.254
/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=Internet lease-time=1d \
name=dhcp1
/interface bridge port
add bridge=Internet interface=ether2_net
add bridge=Internet interface=wlan1
add bridge=Internet interface=ether1_net
/interface ethernet switch vlan
add ports=ether5_uplink,switch1-cpu switch=switch1
add ports=ether3_box,ether4_box,ether5_uplink switch=switch1 vlan-id=330
add ports=ether5_uplink,switch1-cpu switch=switch1 vlan-id=701
/ip address
add address=192.168.120.1/24 interface=Internet network=192.168.120.0
/ip dhcp-client
add add-default-route=no dhcp-options=hostname,clientid disabled=no \
interface=MNG-vlan-701 use-peer-dns=no
/ip dhcp-server network
add address=192.168.120.0/24 gateway=192.168.120.1
/ip firewall filter
add chain=forward src-address=192.168.120.0/24
add chain=forward dst-address=192.168.120.0/24
add action=drop chain=forward
/ip firewall nat
add action=masquerade chain=srcnat out-interface=pppoe-internet src-address=\
192.168.120.0/24
/ip ipsec policy
set 0 dst-address=0.0.0.0/0 src-address=0.0.0.0/0
/ip proxy
set cache-path=web-proxy1
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh port=22xx
/romon port
add disabled=no
/system clock
set time-zone-autodetect=no time-zone-name=Europe/Warsaw
/system identity
set name=xxx
/system leds
set 0 interface=wlan1
/system ntp client
set enabled=yes primary-ntp=xxx
/system routerboard settings
set cpu-frequency=400MHz
/tool mac-server
set [ find default=yes ] interface=ether1_net
add interface=ether2_net
add interface=ether5_uplink
add
btw. MT thanks for the igmp snooping (crs as access switch is useless) and radius CoA (wiki says that it works but it never worked) 