I use a bridge with a group of all 17 ports for vlans transit.
For CRS317 itself i have a management vlan and 1 IP address on it.
My customers traffic is mostly PPPoE, and it's OK. I can't see it with Torch because this traffic is processed on the Marvell packets controller.
But in FP RX column in Interfaces table i see transit broadcast packets in rented l2 vlans of corporate clients.
For example: PPPoE PADI, ARP who has, LBD 0x9000, bootpc.
As far as I understand, broadcast traffic from Switch is default redirected on the CPU and its bad for me because there is a way for unexpected issue
with broadcast/multicast storms on clients l2 channels and it will be affect on the CRS317 CPU.
Turning off broadcast-flood option on bridge ports does not limit traffic flood to the CPU.
Is it possible to completely isolate CPU from transit broadcast packets?