Hello,
I've just noticed that when enabling bridge vlan filtering on both RB4011 and RB5009 running 7.1rc4 FastTrack does not work.
this basically makes the switch on both RB's unusable.
with and without screenshots below:
/interface/bridge/vlan/print
Flags: D - DYNAMIC
Columns: BRIDGE, VLAN-IDS, CURRENT-TAGGED, CURRENT-UNTAGGED
# BRIDGE VLAN-IDS CURRENT-TAGGED CURRENT-UNTAGGED
0 bridge 88 bridge ether1
ether4
/interface export
/ip export
/interface bridge
add ingress-filtering=no name=bridge vlan-filtering=yes
/interface ethernet
set [ find default-name=sfp-sfpplus1 ] l2mtu=6200 mtu=6000 name=10g-sfp+1
set [ find default-name=ether1 ] l2mtu=6200 mtu=6000
set [ find default-name=ether2 ] l2mtu=6200 mtu=6000
set [ find default-name=ether3 ] l2mtu=6200 mtu=6000
set [ find default-name=ether4 ] l2mtu=6200 mtu=6000
set [ find default-name=ether5 ] l2mtu=6200 mtu=6000
set [ find default-name=ether6 ] l2mtu=6200 mtu=6000
set [ find default-name=ether7 ] l2mtu=6200 mtu=6000
set [ find default-name=ether8 ] l2mtu=6200 mtu=6000
/interface vlan
add disabled=yes interface=bridge mtu=4088 name=DMZ_vlan vlan-id=70
add interface=bridge name=Guest_vlan vlan-id=75
add interface=bridge mtu=4088 name=Home88_vlan vlan-id=88
add interface=bridge mtu=4088 name=Home_vlan vlan-id=10
add interface=bridge name=IoT_vlan vlan-id=80
add interface=bridge name=NoT_vlan vlan-id=85
add interface=bridge name=Transit_vlan vlan-id=200
add disabled=yes interface=bridge mtu=1600 name=WAN_vlan vlan-id=35
add disabled=yes interface=bridge name=vlan838 vlan-id=838
add disabled=yes interface=bridge name=vlan839 vlan-id=839
/interface pppoe-client
add disabled=yes add-default-route=yes interface=WAN_vlan name=PPPoEv4 user=****
add disabled=yes interface=WAN_vlan name=PPPoEv6 user=*****/ipv6
/interface list
add name=LAN
add name=WAN
add name=LOCAL
add name=Trusted
add name=Untrusted
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/interface bridge port
add bridge=bridge frame-types=admit-only-vlan-tagged ingress-filtering=no \
interface=10g-sfp+1
add bridge=bridge interface=ether1 pvid=88
add bridge=bridge interface=ether2 pvid=10
add bridge=bridge interface=ether3
add bridge=bridge interface=ether4 pvid=88
add bridge=bridge disabled=yes interface=ether5 pvid=88
add bridge=bridge interface=ether6 pvid=88
add bridge=bridge interface=ether7 pvid=10
add bridge=bridge interface=ether8
add bridge=bridge disabled=yes interface=*1D pvid=88
/interface bridge vlan
add bridge=bridge tagged=bridge untagged=ether8 vlan-ids=88
add bridge=bridge tagged=bridge,10g-sfp+1 vlan-ids=10
add bridge=bridge tagged=bridge,ether4 vlan-ids=35
add bridge=bridge tagged=bridge,10g-sfp+1 vlan-ids=70
add bridge=bridge tagged=bridge,10g-sfp+1 vlan-ids=100
add bridge=bridge tagged=bridge,10g-sfp+1 vlan-ids=110
add bridge=bridge tagged=bridge,10g-sfp+1 vlan-ids=120
add bridge=bridge tagged=bridge,10g-sfp+1 vlan-ids=200
/interface list member
add interface=PPPoEv4 list=WAN
add interface=PPPoEv6 list=WAN
add interface=Home_vlan list=Trusted
add interface=IoT_vlan list=Untrusted
add interface=NoT_vlan list=Untrusted
/ip dhcp-server option
add code=119 name=domain-search-option value="'lan'"
add code=26 name=mtu4088 value="'4088'"
/ip dhcp-server option sets
add name=Defconf options=domain-search-option
add name=Home_vlan options=domain-search-option,mtu4088
/ip pool
add name=Guest_Pool ranges=10.42.20.20-10.42.20.250
add name=IoT_Pool ranges=10.42.11.20-10.42.11.250
add name=NoT_Pool ranges=10.42.12.20-10.42.12.250
add name=ovpn-pool ranges=10.250.250.2-10.250.250.6
add name=DMZ_pool ranges=172.22.70.5-172.22.70.100
add name=Home_pool ranges=10.42.10.10-10.42.10.250
/ip dhcp-server
add address-pool=Home_pool dhcp-option-set=Home_vlan interface=Home_vlan \
lease-time=4w2d10m name=Home_DHCP
add address-pool=Guest_Pool dhcp-option-set=Defconf interface=Guest_vlan \
lease-time=3d10m name=Guest_DHCP
add address-pool=IoT_Pool dhcp-option-set=Defconf interface=IoT_vlan \
lease-time=4w2d10m name=IoT_DHCP
add address-pool=NoT_Pool dhcp-option-set=Defconf interface=NoT_vlan \
lease-time=4w2d10m name=NoT_DHCP
add address-pool=DMZ_pool interface=DMZ_vlan lease-time=2w6d name=DMZ_dhcp
/ip address
add address=10.42.10.1/24 interface=Home_vlan network=10.42.10.0
add address=10.42.20.1/24 interface=Guest_vlan network=10.42.20.0
add address=10.42.11.1/24 interface=IoT_vlan network=10.42.11.0
add address=10.42.12.1/24 interface=NoT_vlan network=10.42.12.0
add address=172.22.70.1/24 interface=DMZ_vlan network=172.22.70.0
add address=10.42.200.1/29 disabled=yes interface=Transit_vlan network=\
10.42.200.0
/ip cloud
set update-time=no
/ip dhcp-client
add interface=Home88_vlan use-peer-dns=no
/ip dhcp-server network
add address=10.42.10.0/24 dns-server=172.20.70.4,172.20.70.3 domain=\
.lan.wawi.local gateway=10.42.10.1
add address=10.42.11.0/24 dns-server=172.22.70.4,172.22.70.3 domain=\
.IoT.wawi.local gateway=10.42.11.1
add address=10.42.12.0/24 dns-server=172.22.70.4,172.22.70.3 domain=\
.NoT.wawi.local gateway=10.42.12.1
add address=10.42.20.0/24 dns-server=172.22.70.4,172.22.70.3 domain=\
.guest.wawi.local gateway=10.42.20.1
add address=172.22.70.0/24 dns-server=172.22.70.4,172.22.70.3 gateway=\
172.22.70.1
/ip dns
set servers=9.9.9.9,1.1.1.2
/ip dns static
/ip firewall address-list
add address=1.1.1.1 list=DNS_servers
add address=1.0.0.1 list=DNS_servers
add address=1.0.0.2 list=DNS_servers
add address=1.1.1.2 list=DNS_servers
add address=8.8.8.8 list=DNS_servers
add address=8.8.4.4 list=DNS_servers
add address=9.9.9.9 list=DNS_servers
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/ip firewall filter
add action=drop chain=forward in-interface-list=WAN src-address-list=\
ssh_blacklist
add action=drop chain=input in-interface-list=WAN src-address-list=\
ssh_blacklist
add action=fasttrack-connection chain=forward comment=fasttrack \
connection-state=established,related hw-offload=yes log-prefix=ftrak
add action=accept chain=forward comment=\
"accept established,related, untracked" connection-state=\
established,related,untracked
add action=accept chain=input comment="accept established,related,untracked" \
connection-state=established,related,untracked
add action=accept chain=forward in-interface-list=Trusted out-interface-list=\
Untrusted
# PPPoEv4 not ready
add action=accept chain=input dst-port=43231 in-interface=PPPoEv4 protocol=\
udp
add action=drop chain=forward dst-address-list=DNS_servers \
in-interface=DMZ_vlan protocol=!icmp src-address=!172.22.70.1-172.22.70.5
add action=drop chain=forward dst-address-list=DNS_servers \
in-interface=!DMZ_vlan protocol=!icmp src-address=!10.42.88.1-10.42.88.20
add action=accept chain=input comment="accept ICMP" protocol=icmp \
src-address-list=!ssh_blacklist
add action=accept chain=forward comment="accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=accept chain=forward comment="Allow WAN connections" in-interface=\
!NoT_vlan out-interface-list=WAN
add action=drop chain=forward in-interface-list=Untrusted out-interface-list=\
Trusted
add action=drop chain=input comment="drop invalid" connection-state=invalid \
log-prefix=Test
add action=drop chain=forward comment="drop invalid" connection-state=invalid
add action=drop chain=input comment="drop the rest" in-interface-list=WAN \
log-prefix=Test
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN
/ip service
set telnet disabled=yes
set ftp disabled=yes
set api disabled=yes
set api-ssl disabled=yes
# oct/06/2021 20:52:50 by RouterOS 6.48.4
# software id = *********
#
# model = RBD52G-5HacD2HnD
# serial number = *************
/interface bridge
add name=br-lan vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] l2mtu=6200 mtu=6200
set [ find default-name=ether2 ] l2mtu=6200 mtu=6200
set [ find default-name=ether3 ] l2mtu=6200 mtu=6200
set [ find default-name=ether4 ] l2mtu=6200 mtu=6200
set [ find default-name=ether5 ] l2mtu=6200 mtu=6200
/interface vlan
add interface=br-lan name=Guest_vlan vlan-id=100
add interface=br-lan mtu=1600 name=vlan35 vlan-id=35
/interface pppoe-client
add add-default-route=yes interface=vlan35 name=PPPoEv4 user=*****
add add-default-route=yes interface=vlan35 name=PPPoEv6 user=*****
/interface list
add name=WAN
add name=LAN
/ip pool
add name=dhcp_pool1 ranges=192.168.88.2-192.168.88.254
/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=br-lan name=dhcp1
/ipv6 dhcp-server
add interface=br-lan name=server1
add interface=Guest_vlan name=server2
/interface bridge port
add bridge=br-lan interface=ether2
add bridge=br-lan interface=ether3 pvid=100
add bridge=br-lan interface=ether4
add bridge=br-lan interface=ether5
add bridge=br-lan interface=wlan2
add bridge=br-lan interface=wlan1
add bridge=br-lan frame-types=admit-only-vlan-tagged interface=ether1
/interface bridge vlan
add bridge=br-lan tagged=br-lan,ether1 vlan-ids=35
/interface list member
add interface=PPPoEv4 list=WAN
add interface=br-lan list=LAN
/ip address
add address=192.168.88.1/24 interface=br-lan network=192.168.88.0
/ip dhcp-client
add interface=ether1
/ip dhcp-server network
add address=192.168.88.0/24 dns-server=8.8.8.8 gateway=192.168.88.1
/ip firewall filter
add action=fasttrack-connection chain=forward connection-state=\
established,related
# PPPoEv4 not ready
add action=accept chain=forward out-interface=PPPoEv4
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN
/ip service
set telnet disabled=yes
set ssh disabled=yes
set api disabled=yes
set winbox address=192.168.0.0/16
set api-ssl disabled=yes
/ipv6 dhcp-client
add add-default-route=yes interface=PPPoEv6 pool-name=v6 request=prefix
/system clock
set time-zone-name=Europe/Warsaw
On my RB5009 and RB4011 the fasttrack is working since the support for it was introduced back on some v7.1.sth. maybe you have something on your config preventing the fasttrack to work.
if you could post your config will be easier...
/interface bridge
add admin-mac=XX:XX:XX:XX:XX:XX auto-mac=no name=bridgeLocal protocol-mode=none
add admin-mac=XX:XX:XX:XX:XX:XX auto-mac=no name=bridgeTest protocol-mode=none
/interface vlan
add interface=ether10 name=ether10.832 vlan-id=832
/interface bridge filter
add action=set-priority chain=output dst-port=67 ip-protocol=udp \
mac-protocol=ip new-priority=6 out-bridge=bridgeTest passthrough=yes \
src-port=68
/interface bridge port
add bridge=bridgeLocal comment=defconf interface=ether1
add bridge=bridgeTest interface=ether10.832
/ip address
add address=192.168.88.1/24 interface=bridgeLocal network=192.168.88.0
add address=192.168.99.1/24 interface=bridgeTest network=192.168.99.0
/ip firewall filter
add action=fasttrack-connection chain=forward connection-state=established,related hw-offload=yes
ipv4-fasttrack-active: yes
ipv4-fasttrack-packets: 0
ipv4-fasttrack-bytes: 0
/interface/bridge/filter/set 0 disabled=yes
ipv4-fasttrack-active: yes
ipv4-fasttrack-packets: 103
ipv4-fasttrack-bytes: 14355