Thanks.
(1) Recommend move Vlanid=1 to vlan id=101 (dont use vlan1 for data as its the default vlan MT uses in the background
Right, but I don't think that's what slows down, my ingress just with wireguard
(2) Stemming from that, dont use the bridge for DHCP or anything else, just bridging.
On br-wan it's required:
1. My ISP requires internet to be on vlan 832
2. My ISP requires DHCP requests to be marked with COS 6 else you don't get an answer. Adding a bridge filter disables fasttrack as per routeros documentation. This is the only way to add COS to DHCP as DHCP requests uses raw sockets and skip the /ip firewall filter (so can't use postrouting for that)
3. This config is the only way to achieve 2. (some config is yet missing for VOD)
4. I've tried with the vlan832 not being part of the bridge (but being a slave of the bridge instead of being slave of the physical interface) and it doesn't change anything (the config is very different) but it wouldn't work with what's yet missing (aka VOD)
(3) So adding vlan101 into the mix there are SEVEN in total.
a. why only 4 pools
b. why only 4 dhcp servers
c. why only 4 dhcp server networks
Vlan 1,10,11,12 are devices vlan with dhcp.
Vlan 254 is the vlan used to access admin loopbacks of other network devices on my lan, no dhcp
Vlan255 is the vlan to access the LTE router, no dhcp required. Could be a /30
Vlan 832 is for internet, see above. Dhcp client only.
(4) Cannot wrap my head around these errors.........
/interface bridge port
add bridge=br-wan interface=vlan832
add bridge=bridge1 interface="SW2 Ports"
First, a vlan is not an interface to be identified in interface bridge ports, its one interface per line AKA an ethernet interface or a WLAN interface.
The second implies multiple interfaces on a single line, not done. But there is no SW2 Ports interface that I see?? You are mixing up interface with interface list.
One cannot put interface lists here!!
For vlan832, see my answer to 2)
For the list in an bridge, it's possible and supported as per routeros documentation:
Starting with RouterOS v6.41 it possible to add interface lists as a bridge port and sort them.
(5) Dont understand the bridge filter item and why its not applied only to BR-WAN. Never used bridge filters so not sure.
Also not sure why it has anything to do with fasstrack in the forward chain??
See my answer to 2)
(6) THis would have to be modified too.
add bridge=bridge1 tagged=bridge1 untagged=\
ether9,ether10,ether11,ether12,ether13,ether14,ether15,ether16 vlan-ids=101
Yes
(7) So all your ethernet ports are hybrid ports???
Not sure I understand this one?
(8) Find that you have gone overboard on firewall rules such that its near impossible to see teh forest for the trees.
Much better to get rid of all the pretent I am protecting my router BS and stick to two themes.
a. default rules
b. actual required rules for required traffic
c. drop all at end of both chains input/forward.
Maybe, I still need to simplify some things but overall it's tidy.
(9) Many items are above my head in the config.....
What can I say...