Community discussions

MikroTik App
 
idunno
just joined
Topic Author
Posts: 1
Joined: Fri Dec 31, 2021 2:25 am

[RB3011] huge upload speed drop when enabling bridge vlan filtering

Tue Jan 18, 2022 1:56 pm

I recently switched from a Mikrotik hEX S to an RB3011UiAS-RM. However, I now get a huge performance loss to my upload when I enable vlan filtering on my bridge. Is the MT7621A in the hEX S so much better than the IPQ-8064 cpu that my (perhaps bad) configuration worked on the hEX S but not on RB3011? With vlan bridge filtering disabled i get around 900/800mbit speeds and with vlan bridge filtering enabled i'm dropping down to 900/250mbit on my fiber gigabit connection.

As far as relevant, my vlans consist of an untagged port to which an Apple Airport Express in bridge is connected for my IOT related devices. Further two tagged vlans for my htpc and web applications which are handled by my Unraid server. Can anyone help me regain my upload speed without disabling vlan filtering :oops:
[admin@MikroTik-RB3011] > /export hide-sensitive
# jan/18/2022 12:46:46 by RouterOS 7.1.1
# software id = xxx-xxx
#
# model = RouterBOARD 3011UiAS
# serial number = xxxxxxxxxx

/interface bridge
add admin-mac=11:22:33:44:55:66 auto-mac=no comment=defconf name=bridge vlan-filtering=yes

/interface ethernet
set [ find default-name=ether1 ] name=ether01
set [ find default-name=ether2 ] name=ether02
set [ find default-name=ether3 ] name=ether03
set [ find default-name=ether4 ] name=ether04
set [ find default-name=ether5 ] name=ether05-workR
set [ find default-name=ether6 ] name=ether06-workL
set [ find default-name=ether7 ] name=ether07-livingR-amplifi
set [ find default-name=ether8 ] name=ether08-livingL-iot
set [ find default-name=ether9 ] name=ether09-stairsR-unraid
set [ find default-name=ether10 ] name=ether10-stairsL-ipmi

/interface vlan
add interface=bridge name=vlan20-iot vlan-id=20
add interface=bridge name=vlan30-htpc vlan-id=30
add interface=bridge name=vlan40-webapps vlan-id=40

/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN

/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik

/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.254
add name=dhcp_pool_vlan30 ranges=192.168.30.20-192.168.30.254
add name=dhcp_pool_vlan40 ranges=192.168.40.20-192.168.40.254
add name=dhcp_pool_vlan20 ranges=192.168.20.20-192.168.20.254

/ip dhcp-server
add address-pool=dhcp interface=bridge name=defconf
add address-pool=dhcp_pool_vlan30 interface=vlan30-htpc name=dhcp-vlan30
add address-pool=dhcp_pool_vlan40 interface=vlan40-webapps name=dhcp-vlan40
add address-pool=dhcp_pool_vlan20 interface=vlan20-iot name=dhcp-vlan20

/port
set 0 name=serial0

/interface bridge port
add bridge=bridge comment=defconf interface=ether02
add bridge=bridge comment=defconf interface=ether03
add bridge=bridge comment=defconf interface=ether04
add bridge=bridge comment=defconf interface=ether05-workR
add bridge=bridge comment=defconf interface=ether06-workL
add bridge=bridge comment=defconf interface=ether07-livingR-amplifi
add bridge=bridge comment=defconf interface=ether08-livingL-iot pvid=20
add bridge=bridge comment=defconf interface=ether09-stairsR-unraid
add bridge=bridge comment=defconf interface=ether10-stairsL-ipmi
add bridge=bridge comment=defconf disabled=yes interface=sfp1
add bridge=bridge interface=ether01

/ip neighbor discovery-settings
set discover-interface-list=LAN

/ipv6 settings
set disable-ipv6=yes

/interface bridge vlan
add bridge=bridge tagged=bridge,ether09-stairsR-unraid vlan-ids=30
add bridge=bridge tagged=bridge,ether09-stairsR-unraid vlan-ids=40
add bridge=bridge tagged=bridge,ether09-stairsR-unraid untagged=ether08-livingL-iot vlan-ids=20

/interface list member
add comment=defconf interface=bridge list=LAN
add interface=sfp1 list=WAN

/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=192.168.88.0
add address=192.168.30.1/24 interface=vlan30-htpc network=192.168.30.0
add address=192.168.40.1/24 interface=vlan40-webapps network=192.168.40.0
add address=192.168.20.1/24 interface=vlan20-iot network=192.168.20.0

/ip dhcp-client
add comment=defconf interface=sfp1

/ip dhcp-server network
add address=192.168.20.0/24 gateway=192.168.20.1
add address=192.168.30.0/24 gateway=192.168.30.1
add address=192.168.40.0/24 gateway=192.168.40.1
add address=192.168.88.0/24 comment=defconf dns-server=192.168.88.1 gateway=192.168.88.1

/ip dns
set allow-remote-requests=yes

/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan

/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related hw-offload=yes
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
add action=drop chain=forward comment="drop traffic from vlan20-iot to bridge" in-interface=vlan20-iot out-interface=bridge
add action=drop chain=forward comment="drop traffic from vlan40-webapps to bridge" in-interface=vlan40-webapps out-interface=bridge

/ip firewall nat
add action=masquerade chain=srcnat comment=Hairpin dst-address=192.168.88.0/24 src-address=192.168.88.0/24
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
add action=dst-nat chain=dstnat comment="Unraid - Swag 80" dst-address=[my-wan-ip] dst-port=80 protocol=tcp to-addresses=192.168.40.10
add action=dst-nat chain=dstnat comment="Unraid - Swag 443" dst-address=[my-wan-ip] dst-port=443 protocol=tcp to-addresses=192.168.40.10

Who is online

Users browsing this forum: bpwl, lmeira, rjuho and 32 guests