Hello
I recently bought a hap ax2 to replace my ac2 for better wifi speeds on wifi 6 devices. While configuring I thought I’ll implement some VLAN filtering for my iot devices and server stuff with separate ip ranges for everything. But here’s the thing. When configured with VLANs wifi speed caps at around 420Mbps but when I configure the router to only have one ip range for everything without any VLANs speed goes up to 7-800Mbps. I am fully aware that the switch chip in the device does not support HW offload with VLAN filtering, but the CPU doesn’t go above 30%. I am confused. Is it a HW limitation or did I just mess up the config?
Config:
# may/13/2023 13:52:53 by RouterOS 7.8
# software id = CPBF-L7HX
#
# model = C52iG-5HaxD2HaxD
# serial number = HE508PV0X13
/interface bridge
add ingress-filtering=no name=LAN pvid=10 vlan-filtering=yes
/interface vlan
add interface=LAN name=VLAN10_Network vlan-id=10
add interface=LAN name=VLAN101_Servers vlan-id=101
add interface=LAN name=VLAN102_LAN vlan-id=102
add interface=LAN name=VLAN103_WiFi vlan-id=103
add interface=LAN name=VLAN104_IoT vlan-id=104
/interface list
add name=All_LAN
/interface wifiwave2 security
add authentication-types=wpa2-psk,wpa3-psk disabled=no name=MeerkatSec
add authentication-types=wpa-psk,wpa2-psk disabled=no name=IoTSec
/interface wifiwave2
set [ find default-name=wifi1 ] channel.skip-dfs-channels=10min-cac \
configuration.country=Hungary .mode=ap .ssid=Meerkat_5G disabled=no \
security=MeerkatSec security.authentication-types=wpa2-psk,wpa3-psk
set [ find default-name=wifi2 ] channel.skip-dfs-channels=10min-cac \
configuration.mode=ap .ssid=Meerkat disabled=no security=MeerkatSec
add configuration.mode=ap .ssid=Meerkat_IoT disabled=no mac-address=\
4A:A9:8A:60:4B:49 master-interface=wifi2 name=wifi3 security=IoTSec
/ip pool
add name=dhcp_pool0 ranges=10.0.0.2-10.0.0.126
add name=dhcp_pool1 ranges=10.0.1.2-10.0.1.254
add name=dhcp_pool2 ranges=10.0.2.2-10.0.2.254
add name=dhcp_pool3 ranges=10.0.3.2-10.0.3.254
add name=dhcp_pool4 ranges=10.0.4.2-10.0.4.254
/ip dhcp-server
add address-pool=dhcp_pool0 interface=VLAN10_Network name=Network_DHCP
add address-pool=dhcp_pool1 interface=VLAN101_Servers name=Servers_DHCP
add address-pool=dhcp_pool2 interface=VLAN102_LAN name=LAN_DHCP
add address-pool=dhcp_pool3 interface=VLAN103_WiFi name=WiFi_DHCP
add address-pool=dhcp_pool4 interface=VLAN104_IoT name=IoT_DHCP
/port
set 0 name=serial0
/interface bridge port
add bridge=LAN interface=ether1 pvid=10
add bridge=LAN interface=ether3 pvid=102
add bridge=LAN interface=ether4 pvid=102
add bridge=LAN interface=wifi1 pvid=103
add bridge=LAN interface=wifi2 pvid=103
add bridge=LAN interface=wifi3 pvid=104
add bridge=LAN interface=ether2 pvid=102
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/ipv6 settings
set max-neighbor-entries=15360
/interface bridge vlan
add bridge=LAN tagged=VLAN10_Network,LAN,ether1 vlan-ids=10
add bridge=LAN tagged=LAN,ether1 vlan-ids=101
add bridge=LAN tagged=LAN,ether1 vlan-ids=102
add bridge=LAN tagged=LAN vlan-ids=103
add bridge=LAN tagged=LAN vlan-ids=104
/interface list member
add interface=LAN list=All_LAN
add interface=VLAN10_Network list=All_LAN
add interface=VLAN101_Servers list=All_LAN
add interface=VLAN102_LAN list=All_LAN
add interface=VLAN103_WiFi list=All_LAN
/ip address
add address=10.0.0.1/25 interface=VLAN10_Network network=10.0.0.0
add address=10.0.1.1/24 interface=VLAN101_Servers network=10.0.1.0
add address=10.0.2.1/24 interface=VLAN102_LAN network=10.0.2.0
add address=10.0.3.1/24 interface=VLAN103_WiFi network=10.0.3.0
add address=10.0.4.1/24 interface=VLAN104_IoT network=10.0.4.0
add address=192.168.0.5/24 interface=ether5 network=192.168.0.0
/ip dhcp-server network
add address=10.0.0.0/25 dns-server=1.1.1.1 gateway=10.0.0.1
add address=10.0.1.0/24 dns-server=1.1.1.1 gateway=10.0.1.1
add address=10.0.2.0/24 dns-server=1.1.1.1 gateway=10.0.2.1
add address=10.0.3.0/24 dns-server=1.1.1.1 gateway=10.0.3.1
add address=10.0.4.0/24 dns-server=1.1.1.1 gateway=10.0.4.1
/ip dns
set servers=1.1.1.1
/ip firewall address-list
add address=10.0.0.0/24 list=IoT_Block
add address=10.0.1.0/24 list=IoT_Block
add address=10.0.2.0/24 list=IoT_Block
add address=10.0.3.0/24 list=IoT_Block
/ip firewall filter
add action=fasttrack-connection chain=forward comment=FastTrack \
connection-state=established,related hw-offload=yes
add action=accept chain=input connection-state=established,related,untracked
add action=drop chain=input connection-state=invalid
add action=accept chain=input protocol=icmp
add action=drop chain=input in-interface-list=!All_LAN
add action=accept chain=forward connection-state=established,related,new
add action=drop chain=forward connection-state=invalid
add action=drop chain=forward dst-address-list=IoT_Block src-address=\
10.0.4.0/24
add action=drop chain=forward connection-nat-state=!dstnat in-interface=\
ether5
/ip firewall nat
add action=masquerade chain=srcnat src-address-list=IoT_Block
add action=masquerade chain=srcnat src-address=10.0.4.0/24
/ip route
add disabled=no dst-address=0.0.0.0/0 gateway=192.168.0.1 routing-table=main \
suppress-hw-offload=no
/system clock
set time-zone-name=Europe/Budapest