v7 and bridge configurations on crs hardware

syadnom · December 14, 2021, 7:01pm

I can’t seem to find info on how bridging works on v7 on hardware accelerated platforms regarding hardware acceleration.

For example, Netpower 16P, can I do multiple hardware accelerated bridges? or is it limited to 1 like on the switch chip hardware? Can I put VLAN interfaces on the bridge to get routeros ‘inside’ the VLAN to run DHCP on without breaking hardware routing?

More to the point..

NP16 as site switch and router. All APs need to be in a bridge and have a DHCP server running on that bridge AND need hardware routing. Additionally, there will be other bridges and potentially VLANs on those bridges.

This pushes me to doing 1 bridge and using VLANs with a ‘control’ VLAN on the bridge
ie,
bridge1 has all ports and vlan filtering is on
port 5-10 are PVID 150. Add a VLAN150 on bridge1 and assign IPs and DHCP to that vlan interface.
ports 11-15 are PVID 160. VLAN160 on bridge1 and assign IPs and DHCP to that vlan interface to match as well.

I think I also have to add bridge1 to tagged for each of those vlans in bridge/vlans as well.

Will this allow for hardware routing for both VLANs? Does ‘touching’ the VLAN via the sub-interface on the bridge mess with this at all?

expand this out. port 1 is the backhaul, set PVID 21, bridge has sub interface vlan21, bridge/vlan shows vlan21 as untagged on port1, tagged on bridge1
second backhaul on port 2, PVID 22, etc.

did I break hardware routing in any way here?

mkx · December 14, 2021, 8:01pm

Yes, you have to do it. Without bridge interface being made tagged member of affected VLANs, VLAN sub-interfaces don’t receive tagged frames to work on.

Will this allow for hardware routing for both VLANs? Does ‘touching’ the VLAN via the sub-interface on the bridge mess with this at all?

Without doing it, device doesn’t become IP member of corresponding IP subnet and consequently can’t route anything.

anav · December 14, 2021, 8:37pm

Looks good so far.
http://forum.mikrotik.com/t/using-routeros-to-vlan-your-network/126489/1

syadnom · December 14, 2021, 10:56pm

That link just says ‘how’, which I can do. I’m concerned primarily with configuring the devices so that I keep hardware accelerated routing on.

mkx · December 15, 2021, 6:19am

Did you go through L3 hardware offloading document? It should document everything necessary …

rushlife · December 15, 2021, 7:18am

+1, more examples from mikrotik would be nice

No, at least from my testing no. Tested on CRS354 and when more bridges are used and l3hw offload was enabled, device cannot even forward any data through second bridge…

Probably yes.

syadnom · December 15, 2021, 4:08pm

yeah, looks like I can only get one bridge working as well. But it appears that vlans on the bridge dont kill hardware routing so looks like I’ll be running these as one bridge with PVIDs and vlan filtering.

NationalWiFi · December 16, 2021, 2:35pm

This is the correct way… Bridge vlan filtering and PVID.