Page 1 of 1

[6.43rc44] Hardware offloaded bridge and 'Switch Port Isolation' not working.

Posted: Fri Jul 20, 2018 2:26 pm
by orangetek
Models Tested: RB750UP-r2 and RB960PGS (Firmware also updated)

Both units were reset to defaults with no config. These are the steps i took to set up a simple bridge and port isolation:
1. Create bridge with protocol mode to none
2. add all ethernet ports to bridge making sure hw offload is enabled for each. (verified with 'H' flag next to each port)

note: ether1 is the uplink port and ether2/3 are PC's
3. Switch>Port Isolation>ether2>Forwarding Overide ticked>Forward to ether1
4. Switch>Port Isolation>ether3>Forwarding Overide ticked>Forward to ether1
No internet access or communication between PC's. Router is accessible. If i disable Hardware offload for ether1 in the bridge ports, things work as expected. If i re enable Hardware offload on ether1 but disable it on ether2, the PC on ether2 gets internet access but the PC on ether3 does not.

Am i doing something wrong or is this RC still very buggy?

regards.

Re: [6.43rc44] Hardware offloaded bridge and 'Switch Port Isolation' not working.

Posted: Fri Jul 20, 2018 2:40 pm
by mkx
Am i doing something wrong or is this RC still very buggy?
Or support for port isolation is simply not available on switch chips (QCA9531 in case of hEX PoE lite or QCA8337 in case of hEX PoE) and thus can not be offloaded from CPU to HW. I guess that's something to ask support@mikrotik.com about ...

Re: [6.43rc44] Hardware offloaded bridge and 'Switch Port Isolation' not working.

Posted: Sat Jul 21, 2018 11:16 pm
by marekm
Even old SwOS on RB250GS and RB260GSP allows setting up the matrix specifying between which ports traffic can be forwarded. So it's a pretty basic switch chip feature that even simple switch chips should have, that just needs to be properly exposed in RouterOS to allow port isolation.

Re: [6.43rc44] Hardware offloaded bridge and 'Switch Port Isolation' not working.

Posted: Sun Jul 22, 2018 4:57 am
by chechito
on RB960PGS which has QCA8337 switch chip, you can do port isolation using switch rules

RB750UP-r2 which has Atheros8227 switch chip, you can't because dont support switch rules

the good news is you can do port isolation by software using cpu resources using bridge horizon, in the end RB750UP-r2 only have 100mbps ethernet ports, maybe CPU can manage bridging at this speed