Community discussions

MikroTik App
 
dima1002
Member Candidate
Member Candidate
Topic Author
Posts: 160
Joined: Fri Jan 26, 2018 8:40 pm

CRS354-48P - CPU Slow after Upgrade to 7

Tue Jul 05, 2022 3:29 pm

We have a CRS354-48P-4S+2Q+ and updated from 6 to 7.3.1. Since then we have massive problems with SFP. We disabled autosense, it's been a little better since then.
But the CPU runs almost permanently at 100%. What can we do?

I have already tested with these values, but any change.
SNMP or /interface ethernet switch set 0 l3-hw-offloading=yes
/interface bridge
add name=bridge_DMZ
add name=bridge_FIRMA
add name=bridge_GAST
add name=bridge_PRIVAT
add name=bridge_TELEFON
/interface ethernet
set [ find default-name=ether27 ] poe-out=off
set [ find default-name=ether31 ] 
set [ find default-name=ether44 ] 
set [ find default-name=sfp-sfpplus1 ] auto-negotiation=no 
set [ find default-name=sfp-sfpplus2 ] auto-negotiation=no 
set [ find default-name=sfp-sfpplus3 ] auto-negotiation=no 
set [ find default-name=sfp-sfpplus4 ] auto-negotiation=no
/interface vlan
add interface=bridge_FIRMA name=vlan99 vlan-id=99
add interface=sfp-sfpplus1 name=vlan200_sfp1 vlan-id=200
add interface=sfp-sfpplus2 name=vlan200_sfp2 vlan-id=200
add interface=sfp-sfpplus3 name=vlan200_sfp3 vlan-id=200
add interface=sfp-sfpplus4 name=vlan200_sfp4 vlan-id=200
add interface=sfp-sfpplus1 name=vlan800_sfp1 vlan-id=800
add interface=sfp-sfpplus2 name=vlan800_sfp2 vlan-id=800
add interface=sfp-sfpplus3 name=vlan800_sfp3 vlan-id=800
add interface=sfp-sfpplus4 name=vlan800_sfp4 vlan-id=800
/interface ethernet switch
set 0 l3-hw-offloading=yes
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/port
set 0 name=serial0
/snmp community
add addresses=192.168.177.0/24,10.16.0.0/16 authentication-protocol=SHA1 disabled=yes encryption-protocol=AES name=Test security=private
/system logging action
add disk-file-count=1 disk-file-name=auth.log disk-lines-per-file=5000 name=auth target=disk
/user group
add name=dudepass policy=winbox,dude,!local,!telnet,!ssh,!ftp,!reboot,!read,!write,!policy,!test,!password,!web,!sniff,!sensitive,!api,!romon,!rest-api
/interface bridge port
add bridge=bridge_FIRMA ingress-filtering=no interface=ether1
add bridge=bridge_FIRMA ingress-filtering=no interface=ether2
add bridge=bridge_FIRMA ingress-filtering=no interface=ether3
add bridge=bridge_FIRMA ingress-filtering=no interface=ether4
add bridge=bridge_FIRMA ingress-filtering=no interface=ether5
add bridge=bridge_FIRMA ingress-filtering=no interface=ether6
add bridge=bridge_FIRMA ingress-filtering=no interface=ether7
add bridge=bridge_TELEFON ingress-filtering=no interface=ether8
add bridge=bridge_TELEFON ingress-filtering=no interface=ether9
add bridge=bridge_FIRMA ingress-filtering=no interface=ether10
add bridge=bridge_FIRMA ingress-filtering=no interface=ether11
add bridge=bridge_FIRMA ingress-filtering=no interface=ether12
add bridge=bridge_FIRMA ingress-filtering=no interface=ether13
add bridge=bridge_FIRMA ingress-filtering=no interface=ether14
add bridge=bridge_FIRMA ingress-filtering=no interface=ether15
add bridge=bridge_FIRMA ingress-filtering=no interface=ether16
add bridge=bridge_FIRMA ingress-filtering=no interface=ether17
add bridge=bridge_FIRMA ingress-filtering=no interface=ether18
add bridge=bridge_FIRMA ingress-filtering=no interface=ether19
add bridge=bridge_TELEFON ingress-filtering=no interface=ether20
add bridge=bridge_FIRMA ingress-filtering=no interface=ether21
add bridge=bridge_TELEFON ingress-filtering=no interface=ether22
add bridge=bridge_FIRMA ingress-filtering=no interface=ether23
add bridge=bridge_FIRMA ingress-filtering=no interface=ether24
add bridge=bridge_FIRMA ingress-filtering=no interface=ether25
add bridge=bridge_FIRMA ingress-filtering=no interface=ether26
add bridge=bridge_FIRMA ingress-filtering=no interface=ether27
add bridge=bridge_FIRMA ingress-filtering=no interface=ether28
add bridge=bridge_FIRMA ingress-filtering=no interface=ether29
add bridge=bridge_FIRMA ingress-filtering=no interface=ether30
add bridge=bridge_FIRMA ingress-filtering=no interface=ether31
add bridge=bridge_FIRMA ingress-filtering=no interface=ether32
add bridge=bridge_FIRMA ingress-filtering=no interface=ether33
add bridge=bridge_FIRMA ingress-filtering=no interface=ether34
add bridge=bridge_FIRMA ingress-filtering=no interface=ether35
add bridge=bridge_FIRMA ingress-filtering=no interface=ether36
add bridge=bridge_FIRMA  ingress-filtering=no interface=ether37
add bridge=bridge_FIRMA ingress-filtering=no interface=ether38
add bridge=bridge_FIRMA ingress-filtering=no interface=ether39
add bridge=bridge_FIRMA ingress-filtering=no interface=ether40
add bridge=bridge_FIRMA ingress-filtering=no interface=ether41
add bridge=bridge_FIRMA ingress-filtering=no interface=ether42
add bridge=bridge_FIRMA ingress-filtering=no interface=ether43
add bridge=bridge_FIRMA ingress-filtering=no interface=ether44
add bridge=bridge_FIRMA ingress-filtering=no interface=ether45
add bridge=bridge_FIRMA  ingress-filtering=no interface=ether46
add bridge=bridge_DMZ  ingress-filtering=no interface=ether47
add bridge=bridge_DMZ ingress-filtering=no interface=ether48
add bridge=bridge_FIRMA ingress-filtering=no interface=sfp-sfpplus1
add bridge=bridge_FIRMA ingress-filtering=no interface=sfp-sfpplus2
add bridge=bridge_FIRMA ingress-filtering=no interface=sfp-sfpplus3
add bridge=bridge_FIRMA ingress-filtering=no interface=sfp-sfpplus4
add bridge=bridge_TELEFON ingress-filtering=no interface=vlan200_sfp1
add bridge=bridge_TELEFON ingress-filtering=no interface=vlan200_sfp2
add bridge=bridge_TELEFON ingress-filtering=no interface=vlan200_sfp3
add bridge=bridge_TELEFON ingress-filtering=no interface=vlan200_sfp4
add bridge=bridge_DMZ ingress-filtering=no interface=vlan800_sfp1
add bridge=bridge_DMZ ingress-filtering=no interface=vlan800_sfp2
add bridge=bridge_DMZ ingress-filtering=no interface=vlan800_sfp3
add bridge=bridge_DMZ ingress-filtering=no interface=vlan800_sfp4
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface ovpn-server server
set auth=sha1,md5
/ip dhcp-client
add disabled=yes interface=bridge_FIRMA
add disabled=yes interface=bridge_TELEFON
add add-default-route=no disabled=yes interface=bridge_DMZ
add add-default-route=no interface=vlan99 use-peer-dns=no use-peer-ntp=no
/ip dns
set servers=8.8.8.8
/ip firewall address-list
add address=192.168.177.0/24 list=local
add address=10.16.0.0/16 list=local
add address=192.168.0.0/24 list=local
/ip route
add disabled=no dst-address=10.16.0.0/16 gateway=10.99.34.1
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=10.99.34.1 pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add disabled=no dst-address=192.168.177.0/24 gateway=10.99.34.1
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh port=16381
set api disabled=yes
/ip ssh
set host-key-size=4096 strong-crypto=yes
/snmp
set contact="Test <mikrotik@test.de>" location=Test trap-community=Test trap-version=3
/system clock
set time-zone-name=Europe/Berlin
/system identity
set name=TESTSWITCH
/system logging
add action=auth topics=account
/system ntp client servers
add address=85.215.93.137
/system routerboard settings
set auto-upgrade=yes boot-os=router-os silent-boot=yes
/tool bandwidth-server
set enabled=no
/tool romon
set enabled=yes

 
Zacharias
Forum Guru
Forum Guru
Posts: 3459
Joined: Tue Dec 12, 2017 12:58 am
Location: Greece

Re: CRS354-48P - CPU Slow after Upgrade to 7

Tue Jul 05, 2022 3:40 pm

Since then we have massive problems with SFP.
What kind of problem ?
But the CPU runs almost permanently at 100%
So its always stuck at 100% ?

Also i think you could configure your VLANs in a better way...
Although adding VLAN interfaces as Bridge ports is not wrong, there are cases it could cause problems...
You can read here https://help.mikrotik.com/docs/display/ ... figuration

Why don't you use Bridge VLAN filtering ?
 
dima1002
Member Candidate
Member Candidate
Topic Author
Posts: 160
Joined: Fri Jan 26, 2018 8:40 pm

Re: CRS354-48P - CPU Slow after Upgrade to 7

Tue Jul 05, 2022 3:48 pm

SFP Problems, we have many Link Downs. With version 6 everything still worked.
Down1.JPG
I know about the VLAN. With version 6 it still worked.
I don't know how to change this in live mode. Have about 40 switches in a network.
Do you have any advice for me?
You do not have the required permissions to view the files attached to this post.
 
Zacharias
Forum Guru
Forum Guru
Posts: 3459
Joined: Tue Dec 12, 2017 12:58 am
Location: Greece

Re: CRS354-48P - CPU Slow after Upgrade to 7

Tue Jul 05, 2022 3:54 pm

Since Bridge VLAN filtering is not enabled ( and CRS3xx devices support bridge VLAN filtering in Hardware ) all the VLAN handling is done in software to the CRS...
 
dima1002
Member Candidate
Member Candidate
Topic Author
Posts: 160
Joined: Fri Jan 26, 2018 8:40 pm

Re: CRS354-48P - CPU Slow after Upgrade to 7

Tue Jul 05, 2022 4:10 pm

Is that ok, can you switch it on in live mode?
Bridge1.JPG
You do not have the required permissions to view the files attached to this post.
 
Zacharias
Forum Guru
Forum Guru
Posts: 3459
Joined: Tue Dec 12, 2017 12:58 am
Location: Greece

Re: CRS354-48P - CPU Slow after Upgrade to 7

Tue Jul 05, 2022 4:15 pm

 
dima1002
Member Candidate
Member Candidate
Topic Author
Posts: 160
Joined: Fri Jan 26, 2018 8:40 pm

Re: CRS354-48P - CPU Slow after Upgrade to 7

Tue Jul 05, 2022 4:31 pm

OK thanks.
But my bigger problem are the crashes from the SFP. Could the problem be in the bridges? or what else can I do?
 
dima1002
Member Candidate
Member Candidate
Topic Author
Posts: 160
Joined: Fri Jan 26, 2018 8:40 pm

Re: CRS354-48P - CPU Slow after Upgrade to 7

Tue Jul 05, 2022 6:42 pm

Is so better?
/interface bridge
add ingress-filtering=no name=BRIDGE vlan-filtering=yes
/interface ethernet
set [ find default-name=sfp-sfpplus1 ] auto-negotiation=no
set [ find default-name=sfp-sfpplus2 ] auto-negotiation=no
set [ find default-name=sfp-sfpplus3 ] auto-negotiation=no
set [ find default-name=sfp-sfpplus4 ] auto-negotiation=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/port
set 0 name=serial0
/interface bridge port
add bridge=BRIDGE interface=ether1 pvid=100
add bridge=BRIDGE interface=ether2 pvid=100
add bridge=BRIDGE interface=ether3
add bridge=BRIDGE interface=ether4
add bridge=BRIDGE interface=ether5
add bridge=BRIDGE interface=ether6
add bridge=BRIDGE interface=ether7
add bridge=BRIDGE interface=ether8
add bridge=BRIDGE interface=ether9
add bridge=BRIDGE interface=ether10
add bridge=BRIDGE interface=ether11
add bridge=BRIDGE interface=ether12
add bridge=BRIDGE interface=ether13
add bridge=BRIDGE interface=ether14
add bridge=BRIDGE interface=ether15
add bridge=BRIDGE interface=ether16 pvid=200
add bridge=BRIDGE interface=ether17 pvid=200
add bridge=BRIDGE interface=ether18 pvid=200
add bridge=BRIDGE interface=ether19
add bridge=BRIDGE interface=ether20
add bridge=BRIDGE interface=ether21
add bridge=BRIDGE interface=ether22
add bridge=BRIDGE interface=ether23
add bridge=BRIDGE interface=ether24
/interface bridge vlan
add bridge=BRIDGE comment=DMZ tagged=sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4 untagged=ether1,ether2 vlan-ids=100
add bridge=BRIDGE comment=TELEFON tagged=sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4 untagged=ether16,ether17,ether18 vlan-ids=200
add bridge=BRIDGE comment=PRIVAT tagged=sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4 vlan-ids=300
add bridge=BRIDGE comment=GAST tagged=sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4 vlan-ids=400
add bridge=BRIDGE comment=MGT tagged=sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4,BRIDGE vlan-ids=99
/ip dhcp-client
add interface=BRIDGE
/system clock
set time-zone-name=Europe/Berlin
/system routerboard settings
set auto-upgrade=yes boot-os=router-os silent-boot=yes

 
Zacharias
Forum Guru
Forum Guru
Posts: 3459
Joined: Tue Dec 12, 2017 12:58 am
Location: Greece

Re: CRS354-48P - CPU Slow after Upgrade to 7

Tue Jul 05, 2022 8:11 pm

Although there is no relation between the VLANs and the SFP flapping, i can certainly see you have enabled Bridge VLAN filtering now... :D
Is there any improvement on the CPU usage now ?
 
dima1002
Member Candidate
Member Candidate
Topic Author
Posts: 160
Joined: Fri Jan 26, 2018 8:40 pm

Re: CRS354-48P - CPU Slow after Upgrade to 7

Tue Jul 05, 2022 8:39 pm

Yes is better.
Is it better to put the bridge in each VLAN? or just management?

What can trigger the SFP flapping? Everything worked until 6.48.6. We've only had problems since the update.
With other networks, however, everything works with the same hardware.

We only have CRS3xxx and S+85DLC03D, autosense off and manual on 1GB.
 
Zacharias
Forum Guru
Forum Guru
Posts: 3459
Joined: Tue Dec 12, 2017 12:58 am
Location: Greece

Re: CRS354-48P - CPU Slow after Upgrade to 7

Tue Jul 05, 2022 8:48 pm

The Bridge should and must be added as Tagged member for those VLANs that need to have access to the CPU ( IP services and more )...
In the case of a Switch, that is the Management VLAN... A switch handles Layer 2 traffic... So you only have the Management VLAN as Layer 3 traffic that needs the Bridge as Tagged member so that you can actually access it using an IP :D ...

There are cases, e.g. on Routers that might have Bridge VLAN filtering enabled, where the Bridge must be added as Tagged member for all the VLANs configured so that they are able to access the CPU... Otherwise those VLANs that the Bridge is not added as Tagged member won't get IP services...

Nice topic to read is viewtopic.php?t=143620
Yes is better.
So from 100% it went down to ?
We only have CRS3xxx and S+85DLC03D, autosense off and manual on 1GB.
Why 1 and not 10Gbps ?
 
dima1002
Member Candidate
Member Candidate
Topic Author
Posts: 160
Joined: Fri Jan 26, 2018 8:40 pm

Re: CRS354-48P - CPU Slow after Upgrade to 7

Tue Jul 05, 2022 9:08 pm

Why 1 and not 10Gbps ?
With 1 GB the flapping was less. Unfortunately, the flapping is not just on one port. But in the whole network, on different switches. I.e. there can be no MiniGbic module defect and also no cable. Can something like RSTP possibly be the reason?
 
Zacharias
Forum Guru
Forum Guru
Posts: 3459
Joined: Tue Dec 12, 2017 12:58 am
Location: Greece

Re: CRS354-48P - CPU Slow after Upgrade to 7

Tue Jul 05, 2022 9:10 pm

Are all the switches (with the port flapping issue ) CRS354 ?

Also can you please mention the CPU usage improvement ?
 
dima1002
Member Candidate
Member Candidate
Topic Author
Posts: 160
Joined: Fri Jan 26, 2018 8:40 pm

Re: CRS354-48P - CPU Slow after Upgrade to 7

Tue Jul 05, 2022 9:28 pm

No, we have CRS328, CRS326, CRS226, CRS112.....
CPU usage is around 70-100%. But so far they are all built with bridges.
I'll try to rebuild everything tonight, let's see how it turns out.
Do you have me an example of VLAN for CRS1xx/2xx devices?
 
Zacharias
Forum Guru
Forum Guru
Posts: 3459
Joined: Tue Dec 12, 2017 12:58 am
Location: Greece

Re: CRS354-48P - CPU Slow after Upgrade to 7

Tue Jul 05, 2022 9:40 pm

The CPU usage on your switches is still very very high...
Is there any other special configuration on the switches (that you excluded from the posted configuration above )?

For CRS1xx and CRS2xx devices read here https://help.mikrotik.com/docs/pages/vi ... =103841836
 
dima1002
Member Candidate
Member Candidate
Topic Author
Posts: 160
Joined: Fri Jan 26, 2018 8:40 pm

Re: CRS354-48P - CPU Slow after Upgrade to 7

Tue Jul 05, 2022 10:01 pm

Is that so right?

SFP is Uplink and Ports 2,3,4 Untrunk Ports in VLAN 100........
/interface bridge add name=BRIDGE
/interface bridge port add bridge=BRIDGE interface=ether2 hw=yes
/interface bridge port add bridge=BRIDGE interface=ether3 hw=yes
/interface bridge port add bridge=BRIDGE interface=ether4 hw=yes
/interface bridge port add bridge=BRIDGE interface=ether5 hw=yes
/interface bridge port add bridge=BRIDGE interface=ether6 hw=yes
/interface bridge port add bridge=BRIDGE interface=ether7 hw=yes
/interface bridge port add bridge=BRIDGE interface=ether8 hw=yes
/interface bridge port add bridge=BRIDGE interface=sfp1 hw=yes
/interface bridge port add bridge=BRIDGE interface=sfp2 hw=yes
/interface bridge port add bridge=BRIDGE interface=sfp3 hw=yes
/interface bridge port add bridge=BRIDGE interface=sfp4 hw=yes

/interface ethernet switch egress-vlan-tag add tagged-ports=sfp1 vlan-id=100
/interface ethernet switch egress-vlan-tag add tagged-ports=sfp1 vlan-id=200
/interface ethernet switch egress-vlan-tag add tagged-ports=sfp1 vlan-id=300
/interface ethernet switch egress-vlan-tag add tagged-ports=sfp1 vlan-id=400

/interface ethernet switch egress-vlan-tag add tagged-ports=sfp2 vlan-id=100
/interface ethernet switch egress-vlan-tag add tagged-ports=sfp2 vlan-id=200
/interface ethernet switch egress-vlan-tag add tagged-ports=sfp2 vlan-id=300
/interface ethernet switch egress-vlan-tag add tagged-ports=sfp2 vlan-id=400

/interface ethernet switch egress-vlan-tag add tagged-ports=sfp3 vlan-id=100
/interface ethernet switch egress-vlan-tag add tagged-ports=sfp3 vlan-id=200
/interface ethernet switch egress-vlan-tag add tagged-ports=sfp3 vlan-id=300
/interface ethernet switch egress-vlan-tag add tagged-ports=sfp3 vlan-id=400

/interface ethernet switch egress-vlan-tag add tagged-ports=sfp4 vlan-id=100
/interface ethernet switch egress-vlan-tag add tagged-ports=sfp4 vlan-id=200
/interface ethernet switch egress-vlan-tag add tagged-ports=sfp4 vlan-id=300
/interface ethernet switch egress-vlan-tag add tagged-ports=sfp4 vlan-id=400

/interface ethernet switch ingress-vlan-translation
add ports=ether2 customer-vid=0 new-customer-vid=100
add ports=ether3 customer-vid=0 new-customer-vid=100
add ports=ether4 customer-vid=0 new-customer-vid=100

/interface ethernet switch ingress-vlan-translation
add ports=ether5 customer-vid=0 new-customer-vid=200
add ports=ether6 customer-vid=0 new-customer-vid=200
add ports=ether7 customer-vid=0 new-customer-vid=200

/interface ethernet switch vlan add ports=sfp1,sfp2,sfp3,sfp4,ether2 vlan-id=100
/interface ethernet switch vlan add ports=sfp1,sfp2,sfp3,sfp4,ether3 vlan-id=100
/interface ethernet switch vlan add ports=sfp1,sfp2,sfp3,sfp4,ether4 vlan-id=100

/interface ethernet switch vlan add ports=sfp1,sfp2,sfp3,sfp4,ether5 vlan-id=200
/interface ethernet switch vlan add ports=sfp1,sfp2,sfp3,sfp4,ether6 vlan-id=200
/interface ethernet switch vlan add ports=sfp1,sfp2,sfp3,sfp4,ether7 vlan-id=200

/interface ethernet switch set drop-if-invalid-or-src-port-not-member-of-vlan-on-ports=ether2,ether3,ether4,ether5,ether6,ether7,ether8,sfp1,sfp2,sfp2,sfp3,sfp4

/interface vlan add interface=BRIDGE name=MGMT vlan-id=99
/ip address add address=192.168.100.1/24 interface=MGMT
/interface ethernet switch set drop-if-invalid-or-src-port-not-member-of-vlan-on-ports=ether2,ether3,ether4,ether5,ether6,ether7,ether8,sfp1,sfp2,sfp2,sfp3,sfp4
 
User avatar
raimondsp
MikroTik Support
MikroTik Support
Posts: 267
Joined: Mon Apr 27, 2020 10:14 am

Re: CRS354-48P - CPU Slow after Upgrade to 7

Wed Jul 06, 2022 9:09 am

CRS3xx series support only ONE hardware bridge. Others get software-forwarded and, therefore, software-routed. So the rule of thumb is to have only one bridge, segregating networks with VLANs (vlan-filtering=yes). If you need Inter-VLAN routing, add the bridge interface itself to the tagged members of the VLANs.

"/interface ethernet switch vlan" is a legacy option (e.g., for CRS1xx/CRS2xx devices). CRS3xx series use the new VLAN configuration via "/interface/bridge/vlan".

L3 Hardware Offloading Wiki
 
Zacharias
Forum Guru
Forum Guru
Posts: 3459
Joined: Tue Dec 12, 2017 12:58 am
Location: Greece

Re: CRS354-48P - CPU Slow after Upgrade to 7

Wed Jul 06, 2022 4:06 pm

Is that so right?
You should add the switch-cpu port also in /interface ethernet switch vlan and /interface ethernet switch egress-vlan-tag
See again the Management access configuration in the Manual...
https://help.mikrotik.com/docs/pages/vi ... figuration

Who is online

Users browsing this forum: JDF and 16 guests