Mon Aug 08, 2022 10:39 am
Let's start from clarifying the terms.
When you say "from one network to another network", by "network" do you mean just a physical network consisting of multiple other devices or you mean an IP subnet? I.e. is the 2011 expected to bridge the traffic (forward it at L2) since source and destination devices are in the same IP subnet, or is it expected to route the traffic (forward it at L3) as source and destination devices are in different IP subnets?
If routing is not required, the 2011 may still forward the traffic at L2 using the software bridge, if pre-requisites for switch chip forwarding are not met. If vlan-filtering is set to yes on the bridge, or if hw is set to no on at least one of the ports in question under /interface bridge port, hardware forwarding will not be used.
Both the above can cause the CPU load to hit the ceiling.
If the traffic is eventually indeed broadcast to all ports, this is normal for any traffic towards a destination MAC address from which the switch (bridge) has not received any frame yet. So either it is a unicast MAC address and the destination has not responded yet, or it is a multicast/broadcast one, and in such case no device can use it as a source one ever, so the frames will keep being broadcast even if some of the recipients do respond. And since the CPU must also listen at multicast and broadcast MAC addresses, it must handle such frames at least to some extent, so even if switch chip forwarding is active on all switch chip ports, multicast and broadcast frames will cause some CPU load.