I am trying to set up the following network:
Main router - CCR1009
Will have a Bridge here with ports 1,2,3,4,Sfp+. I will connect switches in these ports
I will have multiple VLANS
In which i will connect
-Sfp+ - 1xCRS317-1G-16S+ 16X10 - used for storage traffic
-ether1 and 2 - 2xCRS326-24G-2S+ 24x1GB - used for client traffic
Once i enable filtering on the bridge as i;ve seen on the mikrotik WIKI, there is no longer HW Offload - is this normal behaviour or there is something wrong in my configuration?
interface bridge port print
Flags: X - disabled, I - inactive, D - dynamic, H - hw-offload
# INTERFACE BRIDGE HW PVID PR PATH-COST INTERNA... HORIZON
0 ether1 BR1 yes 1 0x 10 10 none
1 I ether2 BR1 yes 1 0x 10 10 none
2 I ether3 BR1 yes 1 0x 10 10 none
3 I ether4 BR1 yes 1 0x 10 10 none
The config is below:
Code: Select all
/interface ethernet
set [ find default-name=ether1 ] comment="##LINK TO: CRS317 - TRUNK - TAGGED TRAFFIC"
/interface bridge
add comment="##MAIN BRIDGE - TRUNK WITH ALL THE SWITCHES" name=BR1 vlan-filtering=yes
/interface vlan
add comment="##NET-Client1 - 172.16.119.0/24" interface=BR1 name=NET-Client1 vlan-id=119
add comment="##NET-Internal2 - 172.16.2.0/24" interface=BR1 name=NET-Internal2 vlan-id=2
add comment="##NET-Internal3 - 172.16.3.0/24" interface=BR1 name=NET-Internal3 vlan-id=3
add comment="##NET-MGMT 172.16.1.0/24" interface=BR1 name=NET-MGMT vlan-id=1011
add comment="##NET-Internal3 - 172.16.30.0/24" interface=BR1 name=NET-Internal3 vlan-id=1003
add comment="##NET-Test - 172.16.9.0/24" interface=BR1 name=NET-Test vlan-id=9
add comment="##NET-VPSPrivate - 172.16.10.0/24" interface=BR1 name=NET-VPSPrivate vlan-id=10
/interface list
add name=WAN
add name=VLAN
add name=MGMT
/interface bridge port
add bridge=BR1 frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=ether1
add bridge=BR1 frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=ether2
add bridge=BR1 frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=ether3
add bridge=BR1 frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=ether4
/interface bridge vlan
add bridge=BR1 comment="##NET-MGMT 172.16.1.0/24" tagged=BR1,ether1,ether2,ether3,ether4 vlan-ids=1011
add bridge=BR1 comment="##NET-Internal3 - 172.16.30.0/24" tagged=BR1,ether1,ether2,ether3,ether4 vlan-ids=1003
add bridge=BR1 comment="##NET-Internal2 - 172.16.2.0/24" tagged=BR1,ether1,ether2,ether3,ether4 vlan-ids=2
add bridge=BR1 comment="##NET-Internal3 - 172.16.3.0/24" tagged=BR1,ether1,ether2,ether3,ether4 vlan-ids=3
add bridge=BR1 comment="##NET-Test - 172.16.9.0/24" tagged=BR1,ether1,ether2,ether3,ether4 vlan-ids=9
add bridge=BR1 comment="##NET-VPSPrivate - 172.16.10.0/24" tagged=BR1,ether1,ether2,ether3,ether4 vlan-ids=10
add bridge=BR1 comment="##NET-Client1 - 172.16.119.0/24" tagged=BR1,ether1,ether2,ether3,ether4 vlan-ids=119
/interface list member
add interface=ether8 list=WAN
add interface=ether7 list=WAN
add interface=NET-MGMT list=MGMT
add interface=NET-Client1 list=VLAN
add interface=NET-Internal2 list=VLAN
add interface=NET-Internal3 list=VLAN
add interface=NET-MGMT list=VLAN
add interface=NET-Internal3 list=VLAN
add interface=NET-Test list=VLAN
add interface=NET-VPSPrivate list=VLAN
/ip address
add address=10.124.175.101/24 interface=ether8 network=10.124.175.0
add address=172.16.1.1/24 interface=NET-MGMT network=172.16.1.0
add address=172.16.2.1/24 interface=NET-Internal2 network=172.16.2.0
add address=172.16.3.1/24 interface=NET-Internal3 network=172.16.3.0
add address=172.16.119.1/24 interface=NET-Client1 network=172.16.119.0
add address=172.16.30.1/24 interface=NET-Internal3 network=172.16.30.0
add address=172.16.9.1/24 interface=NET-Test network=172.16.9.0
add address=172.16.10.1/24 interface=NET-VPSPrivate network=172.16.10.0
/ip dns
set servers=8.8.8.8,8.8.4.4
/ip firewall address-list
add address=10.124.175.5 list=Winbox_Allow
/ip firewall filter
add action=accept chain=input comment="##INPUT:Allow Winbox from Radu" connection-state="" in-interface-list=WAN src-address-list=Winbox_Allow
add action=accept chain=input comment="##INPUT:Allow Established and Related " connection-state=established,related
add action=accept chain=input comment="##INPUT:Allow Input from MGMT" in-interface-list=MGMT
add action=drop chain=input comment="##INPUT:DROP Everything Else" connection-state="" log-prefix=DROP
add action=accept chain=forward comment="##INPUT:Allow Winbox from Radu" connection-state="" in-interface-list=WAN src-address-list=Winbox_Allow
add action=accept chain=forward comment="##FORWARD:Allow Established and Related " connection-state=established,related
add action=accept chain=forward comment="##FORWARD: VLAN Internet Access only" connection-state=new in-interface-list=VLAN out-interface-list=WAN
/ip route
add distance=1 gateway=10.124.175.1
set name=LAB-CCR1009