Page 1 of 1

CRS3xx hardware offload with split-horizon? or similar setup?

Posted: Thu Jul 11, 2019 9:54 am
by millenium7
Setting a horizon value on a bridge port disables hardware offload on that port, so this isn't an option
But I have a setup that requires ports to be isolated from each other to prevent any accidental loop and reduce unnecessary broadcast traffic

How else can it be achieved without lots of messy filter rules?

Re: CRS3xx hardware offload with split-horizon? or similar setup?

Posted: Fri Jul 12, 2019 12:08 pm
by sindy
By means of not so messy /interface ethernet switch rule. For each ingress port you can specify a list of permitted egress ports. Sorry, on the phone, can't be more verbose.

Re: CRS3xx hardware offload with split-horizon? or similar setup?

Posted: Fri Jul 12, 2019 2:43 pm
by millenium7
Yeah I managed to set it, wasn't messy

Thing I really don't like though is switch commands don't show up in a /export

Re: CRS3xx hardware offload with split-horizon? or similar setup?

Posted: Fri Jul 12, 2019 3:40 pm
by sindy
Does at least print show them? It would be a workaround and missing parts of configuration in export are definitely a bug worth reporting to support@mikrotik.com, but better than nothing.

Re: CRS3xx hardware offload with split-horizon? or similar setup?

Posted: Fri Jul 12, 2019 3:59 pm
by mkx
If export doesn't show settings, then that's definitely a bug. On my RB951G export displays relevant settings:
[user@RB951G] /interface ethernet> export 
# jul/12/2019 12:50:53 by RouterOS 6.45.1
# software id = QCG5-PSG8
#
# model = 951G-2HnD
# serial number = 642E05BB727B
/interface ethernet
set [ find default-name=ether1 ] name=ether1-router
set [ find default-name=ether2 ] name=ether2-BOX
set [ find default-name=ether3 ] name=ether3-AV
set [ find default-name=ether4 ] name=ether4-TV
/interface ethernet switch
set 0 mirror-source=ether1-router
/interface ethernet switch port
set 0 vlan-mode=secure
set 1 default-vlan-id=40 vlan-header=always-strip vlan-mode=secure
set 2 default-vlan-id=42 vlan-header=always-strip vlan-mode=secure
set 3 default-vlan-id=42 vlan-header=always-strip vlan-mode=secure
set 4 default-vlan-id=42 vlan-header=always-strip vlan-mode=secure
set 5 vlan-header=add-if-missing vlan-mode=fallback
/interface ethernet switch vlan
add independent-learning=yes ports=\
    switch1-cpu,ether1-router,ether3-AV,ether4-TV,ether5 switch=switch1 \
    vlan-id=42
add independent-learning=yes ports=switch1-cpu,ether1-router switch=switch1 \
    vlan-id=2
add independent-learning=yes ports=ether1-router,ether2-BOX switch=switch1 \
    vlan-id=3999
add independent-learning=yes ports=switch1-cpu,ether1-router switch=switch1 \
    vlan-id=41
add independent-learning=yes ports=switch1-cpu,ether1-router,ether2-BOX \
    switch=switch1 vlan-id=40

Re: CRS3xx hardware offload with split-horizon? or similar setup?

Posted: Fri Jul 12, 2019 4:24 pm
by millenium7
Must be a bug then. Switch is a CRS317 running 6.44.3 so its a recent firmware. Definitely does not show up in a normal /export
It doesn't even show if I do a '/interface ethernet switch export'
I have to specifically do '/interface ethernet switch port export'

Re: CRS3xx hardware offload with split-horizon? or similar setup?

Posted: Sat Jul 13, 2019 12:50 am
by CZFan
It shows on my CRS326 running 6.44.3