Community discussions

MikroTik App
 
mada3k
Long time Member
Long time Member
Topic Author
Posts: 682
Joined: Mon Jul 13, 2015 10:53 am
Location: Sweden

hEX-S and hardware VLAN switching

Wed Oct 06, 2021 12:56 pm

Hi,

Is there some way to configure a hEX-S to do VLAN switching in hardware? There is a a bunch of options under /interface ethernet switch, but none seems to make any difference. Simple tagged and untagged/pvid settings will do fine.

The situation is that we are planning to run multicast audio and video (>25Mbps) passing over a hEX-S, and it will simply consume to much CPU to do that in a software bridge, and it may introduce jitter/stuttering and so on. We are doing it today with a RB260GS and it works fine, but we are trying to avoid those because of lack of manageability.
 
User avatar
CZFan
Forum Guru
Forum Guru
Posts: 2098
Joined: Sun Oct 09, 2016 8:25 pm
Location: South Africa, Krugersdorp (Home town of Brad Binder)
Contact:

Re: hEX-S and hardware VLAN switching

Wed Oct 06, 2021 1:35 pm

hEX S switch chip does not support Vlan tables
 
User avatar
CZFan
Forum Guru
Forum Guru
Posts: 2098
Joined: Sun Oct 09, 2016 8:25 pm
Location: South Africa, Krugersdorp (Home town of Brad Binder)
Contact:

Re: hEX-S and hardware VLAN switching

Wed Oct 06, 2021 1:45 pm

With lack of complete view, I am failing to understand why you think the >25Mb/s multicast will kill the hEX S?

If you need to change this, this is where the trusty old RB2011 will shine
 
mada3k
Long time Member
Long time Member
Topic Author
Posts: 682
Joined: Mon Jul 13, 2015 10:53 am
Location: Sweden

Re: hEX-S and hardware VLAN switching

Wed Oct 06, 2021 4:55 pm

Yes, it does actually. But RouterOS uses the VLAN to separate each switch-port to a logical interface within RouterOS. So my question is if this setup is changeable, so there will only be one logical interface to the cpu-side (as it's actually connected) and you can run a couple of hardware VLANs instead. The menu options is there strangly.

It won't kill it, of course, but since the packet forwarding will be done in software, there is risks of latency/jitter/stuttering depending on cpu load.
 
User avatar
CZFan
Forum Guru
Forum Guru
Posts: 2098
Joined: Sun Oct 09, 2016 8:25 pm
Location: South Africa, Krugersdorp (Home town of Brad Binder)
Contact:

Re: hEX-S and hardware VLAN switching

Wed Oct 06, 2021 6:02 pm

Yes, it does actually. ...

Not sure if above refers to my post saying hEX S switch chip does not support Vlan tables...
You do not have the required permissions to view the files attached to this post.
 
mada3k
Long time Member
Long time Member
Topic Author
Posts: 682
Joined: Mon Jul 13, 2015 10:53 am
Location: Sweden

Re: hEX-S and hardware VLAN switching

Wed Oct 06, 2021 6:42 pm

Again, yes, it does.
http://www.trolink.cn/UploadFiles/Produ ... _77763.pdf - Page 6

RouterOS uses this VLAN support to create logical interfaces, that is hidden from the user and configuration. Or maybe there are many variants of MT7621.

Anyways, would be nice if there was a way to "disable logical ports layout" and get back the VLAN capability.
 
tifkat
just joined
Posts: 3
Joined: Fri Jul 10, 2020 6:12 am

Re: hEX-S and hardware VLAN switching

Mon Apr 11, 2022 7:55 am

It looks like RouterOS 7.1rc5 added functionality for HW offload of VLAN filtering:

"*) bridge - added HW offload support for vlan-filtering on MT7621 switch chip (hEX, hEX S, RBM33G, RBM11G, LtAP);"

viewtopic.php?t=179755
 
User avatar
chechito
Forum Guru
Forum Guru
Posts: 2989
Joined: Sun Aug 24, 2014 3:14 am
Location: Bogota Colombia
Contact:

Re: hEX-S and hardware VLAN switching

Mon Apr 11, 2022 3:11 pm

It looks like RouterOS 7.1rc5 added functionality for HW offload of VLAN filtering:

"*) bridge - added HW offload support for vlan-filtering on MT7621 switch chip (hEX, hEX S, RBM33G, RBM11G, LtAP);"

viewtopic.php?t=179755
yes is expected to be enabled

https://help.mikrotik.com/docs/display/ ... Offloading
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: hEX-S and hardware VLAN switching

Mon Apr 11, 2022 5:14 pm

Okay but that does not mean setting up the router any differently with regard to the 'new' method of bridges and vlan filtering does it.
I thought its simply checking off a box somewhere.
 
PackElend
Member Candidate
Member Candidate
Posts: 268
Joined: Tue Sep 29, 2020 6:05 pm

Re: hEX-S and hardware VLAN switching

Mon Apr 25, 2022 10:32 pm

I can confirm that is supported from ROS v7 but I noticed that VLANs have to have access to the bridge port (at least to forward the DHCP request to the uplink router).

host cannot obtain IP address, configuration as https://help.mikrotik.com/docs/display/ ... witchchips:
/interface bridge
add name=bridge1 frame-types=admit-only-vlan-tagged

/interface bridge port
add bridge=bridge1 interface=sfp1 frame-types=admit-only-vlan-tagged
add bridge=bridge1 interface=ether2 pvid=20 frame-types=admit-only-untagged-and-priority-tagged

/interface bridge vlan
add bridge=bridge1 tagged=sfp1, ether2 vlan-ids=20
add bridge=bridge1 tagged=sfp1,bridge1 vlan-ids=99

/interface bridge
set bridge1 vlan-filtering=yes
host obtains IP address:
/interface bridge
add name=bridge1 frame-types=admit-only-vlan-tagged

/interface bridge port
add bridge=bridge1 interface=sfp1 frame-types=admit-only-vlan-tagged
add bridge=bridge1 interface=ether2 pvid=20 frame-types=admit-only-untagged-and-priority-tagged

/interface bridge vlan
add bridge=bridge1 tagged=sfp1, ether2, bridge1  vlan-ids=20
add bridge=bridge1 tagged=sfp1,bridge1 vlan-ids=99

/interface bridge
set bridge1 vlan-filtering=yes

The first configuration does work on my CRS328s.
I enable the conntrack temporarily on the hEX S but it showed only VLAN 99 traffic, so VLAN 20 traffic is only on the Switch Chip, which means L2HW does actually work.
I dare to say it is a bug, isn't it?
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: hEX-S and hardware VLAN switching

Tue Apr 26, 2022 9:20 am

I dare to say it is a bug, isn't it?
So your DHCP server is on a machine beyond sfp1 port? In this case it seems like a bug indeed.
If DHCP server is running on hEX S device itself, then it's not a bug.
 
PackElend
Member Candidate
Member Candidate
Posts: 268
Joined: Tue Sep 29, 2020 6:05 pm

Re: hEX-S and hardware VLAN switching

Tue Apr 26, 2022 9:44 am

I dare to say it is a bug, isn't it?
So your DHCP server is on a machine beyond sfp1 port? In this case it seems like a bug indeed.
this is the case
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: hEX-S and hardware VLAN switching

Tue Apr 26, 2022 4:04 pm

In this case you should open a support ticket with Mikrotik. A supout.rif file will be probably handy for them to analyze the problem.
 
PackElend
Member Candidate
Member Candidate
Posts: 268
Joined: Tue Sep 29, 2020 6:05 pm

Re: hEX-S and hardware VLAN switching

Tue Apr 26, 2022 5:01 pm

will do
can I provide any logs as well?
a log for each configuration?
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: hEX-S and hardware VLAN switching

Tue Apr 26, 2022 8:17 pm

supout.rif files, taken while problem is hapoening, are supposed to contain 100% of device state, including any (internal) debug files etc.
 
Zacharias
Forum Guru
Forum Guru
Posts: 3459
Joined: Tue Dec 12, 2017 12:58 am
Location: Greece

Re: hEX-S and hardware VLAN switching

Tue Apr 26, 2022 8:45 pm

What is your ROS version ? Did you update to latest 7.2.1 ?
Also a network diagram would help understand your network topology better.
 
PackElend
Member Candidate
Member Candidate
Posts: 268
Joined: Tue Sep 29, 2020 6:05 pm

Re: hEX-S and hardware VLAN switching

Tue Apr 26, 2022 11:06 pm

I have been upgrading all devices to 7.2.1. hEX S was replaced by an updated one, one by one.
I will reset my new spare one and repeat the configuration but I'm sure it will happen again.

network topology: hEX S --> CRS328 SFP --> CCR1009 (router on stick design)
 
Zacharias
Forum Guru
Forum Guru
Posts: 3459
Joined: Tue Dec 12, 2017 12:58 am
Location: Greece

Re: hEX-S and hardware VLAN switching

Wed Apr 27, 2022 11:05 pm

You could try to use Wireshark on the host to make a more detailed packet analysis...
 
PackElend
Member Candidate
Member Candidate
Posts: 268
Joined: Tue Sep 29, 2020 6:05 pm

Re: hEX-S and hardware VLAN switching

Fri Jun 24, 2022 4:23 pm

Hi,
the solution is quite simple the SFP-Port is not connected to the Switch-Chip tough block diagram leaving room for interpretation. In particular, if you combine it with official documentation like https://help.mikrotik.com/docs/display/ ... VLAN+Trunk (replace wlan1 by sfp1)
This is more as built:
image-1.png
There is one benefit of all the efforts, the following note was added to https://help.mikrotik.com/docs/display/ ... VLAN+Trunk:
For devices with hardware offloaded VLAN filtering and wireless interface support (e.g. RB4011 with RTL8367 switch chip, or LtAP with MT7621 switch chip), more attention needs to be paid. Packets going from HW offloaded ports to wireless can be filtered, if the VLAN access to the CPU is not allowed. It is possible to allow CPU access for a certain VLAN by adding the bridge interface as a VLAN member (similar to the VLAN99 example) or disabling HW offloading on bridge ports.


If anyone has some concerns regarding limiting access to managing function of the device:
  1. The web-config access is handled via the core router and its firewall.
  2. Winbox by simply allowing the MAC WinBox Server only on the MGTM interface
  3. (if you still want to be able to access the device via WinBox locally you use ACL-Rules)
You do not have the required permissions to view the files attached to this post.

Who is online

Users browsing this forum: mseidler and 25 guests