Hello,
i'm testing my CRS125 with inter-vlan routing (i know it's basically only a cloud switch).
Without fasttrack i got ~315 MBits/sec with iperf3 and version 6.49.7 and 100% CPU (with version 7.8 only ~192 MBits/sec ???).
Now i want to try with fasttrack-connection, but after enabling the fasttrack firewall rule there is no connectivity at all between my 2 VLANs (lan10, lan20).
What am i doing wrong?
Best regards, Robert
Here is the complete configuration:
# mar/24/2023 13:39:48 by RouterOS 6.49.7
# software id = F6B4-X231
#
# model = CRS125-24G-1S
# serial number = 94500751F366
/interface bridge
add admin-mac=64:D1:54:FC:4C:4B auto-mac=no name=bridge
/interface vlan
add interface=bridge name=lan10 vlan-id=10
add interface=bridge name=lan20 vlan-id=20
add interface=bridge name=lan200 vlan-id=200
/interface ethernet switch
set forward-unknown-vlan=no
/interface lte apn
set [ find default=yes ] ip-type=ipv4-ipv6
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/interface bridge port
add bridge=bridge ingress-filtering=yes interface=ether1
add bridge=bridge ingress-filtering=yes interface=ether2
add bridge=bridge ingress-filtering=yes interface=ether3
add bridge=bridge ingress-filtering=yes interface=ether4
add bridge=bridge ingress-filtering=yes interface=ether5
add bridge=bridge ingress-filtering=yes interface=ether6
add bridge=bridge ingress-filtering=yes interface=ether7
add bridge=bridge ingress-filtering=yes interface=ether8
add bridge=bridge ingress-filtering=yes interface=ether9
add bridge=bridge ingress-filtering=yes interface=ether10
add bridge=bridge ingress-filtering=yes interface=ether11
add bridge=bridge ingress-filtering=yes interface=ether12
add bridge=bridge ingress-filtering=yes interface=ether13
add bridge=bridge ingress-filtering=yes interface=ether14
add bridge=bridge ingress-filtering=yes interface=ether15
add bridge=bridge ingress-filtering=yes interface=ether16
add bridge=bridge ingress-filtering=yes interface=ether17
add bridge=bridge ingress-filtering=yes interface=ether18
add bridge=bridge ingress-filtering=yes interface=ether19
add bridge=bridge ingress-filtering=yes interface=ether20
add bridge=bridge ingress-filtering=yes interface=ether21
add bridge=bridge ingress-filtering=yes interface=ether22
add bridge=bridge ingress-filtering=yes interface=ether23
add bridge=bridge ingress-filtering=yes interface=ether24
add bridge=bridge ingress-filtering=yes interface=sfp1
/ip settings
set max-neighbor-entries=4096
/interface ethernet switch egress-vlan-tag
add tagged-ports=switch1-cpu vlan-id=10
add tagged-ports=switch1-cpu vlan-id=20
add tagged-ports=switch1-cpu vlan-id=200
/interface ethernet switch ingress-vlan-translation
add new-customer-vid=20 ports=ether17,ether18,ether19,ether20,ether21,ether22,ether23,ether24
add new-customer-vid=10 ports=ether9,ether10,ether11,ether12,ether13,ether14,ether15,ether16
add new-customer-vid=200 ports=ether3,ether4,ether5,ether6,ether7,ether8,ether1,ether2
/interface ethernet switch vlan
add ports=ether9,ether10,ether11,ether12,ether13,ether14,ether15,ether16,switch1-cpu vlan-id=10
add ports=ether17,ether18,ether19,ether20,ether21,ether22,ether23,ether24,switch1-cpu vlan-id=20
add ports=ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,switch1-cpu vlan-id=200
/interface ovpn-server server
set auth=sha1,md5
/ip address
add address=172.20.20.1/24 interface=lan20 network=172.20.20.0
add address=172.20.10.1/24 interface=lan10 network=172.20.10.0
add address=172.20.0.2/24 interface=lan200 network=172.20.0.0
/ip dns
set servers=172.20.0.1
/ip firewall filter
add action=fasttrack-connection chain=forward connection-state=established,related
add action=accept chain=forward
/ip firewall nat
add action=masquerade chain=srcnat out-interface=lan200
/ip route
add distance=1 gateway=172.20.0.1
/lcd interface pages
set 0 interfaces=ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,ether9,ether10
/system clock
set time-zone-name=Europe/Bucharest