I want to achieve a seemingly simple goal: “split” ingress traffic to 2 VLANs received on an ethernet interface, using a CRS326 or similar 24-port switch. I have an ISP provided gateway that offers IPTV streams in some VPCs (not important) and besides this traffic, there’s a PPPoE connection offered to onprem routers - both on the same ethernet interface, unseparated. I want to set up 2 VLANs, one for internal LAN, and one for the STB devices that consume the IPTV streams. Let’s call them LAN and IPTV. What I want is to prevent the PPPoE frames flowing into the IPTV VLAN.
I know I can just probably create a forward filter on the bridge, but that might involve the CPU (I’m not sure), and thus it’s bound to be slow, so I probably need to add the filter directly to the switch config for HW offloading. But I’m not seeing rules to achieve that in [/mikrotik interface ethernet switch rule] so I’m not sure how I should proceed. Do all those filters in [/interface bridge filter] use HW offloading or not? I haven’t been able to find a definite answer to this.
Any insight is appreciated.