Community discussions

MikroTik App
 
mc68040
just joined
Topic Author
Posts: 4
Joined: Tue Apr 24, 2018 7:58 pm

CRS125 fasttrack-connection broken?

Fri Mar 24, 2023 1:48 pm

Hello,

i'm testing my CRS125 with inter-vlan routing (i know it's basically only a cloud switch).
Without fasttrack i got ~315 MBits/sec with iperf3 and version 6.49.7 and 100% CPU (with version 7.8 only ~192 MBits/sec ???).
Now i want to try with fasttrack-connection, but after enabling the fasttrack firewall rule there is no connectivity at all between my 2 VLANs (lan10, lan20).

What am i doing wrong?

Best regards, Robert

Here is the complete configuration:
# mar/24/2023 13:39:48 by RouterOS 6.49.7
# software id = F6B4-X231
#
# model = CRS125-24G-1S
# serial number = 94500751F366
/interface bridge
add admin-mac=64:D1:54:FC:4C:4B auto-mac=no name=bridge
/interface vlan
add interface=bridge name=lan10 vlan-id=10
add interface=bridge name=lan20 vlan-id=20
add interface=bridge name=lan200 vlan-id=200
/interface ethernet switch
set forward-unknown-vlan=no
/interface lte apn
set [ find default=yes ] ip-type=ipv4-ipv6
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/interface bridge port
add bridge=bridge ingress-filtering=yes interface=ether1
add bridge=bridge ingress-filtering=yes interface=ether2
add bridge=bridge ingress-filtering=yes interface=ether3
add bridge=bridge ingress-filtering=yes interface=ether4
add bridge=bridge ingress-filtering=yes interface=ether5
add bridge=bridge ingress-filtering=yes interface=ether6
add bridge=bridge ingress-filtering=yes interface=ether7
add bridge=bridge ingress-filtering=yes interface=ether8
add bridge=bridge ingress-filtering=yes interface=ether9
add bridge=bridge ingress-filtering=yes interface=ether10
add bridge=bridge ingress-filtering=yes interface=ether11
add bridge=bridge ingress-filtering=yes interface=ether12
add bridge=bridge ingress-filtering=yes interface=ether13
add bridge=bridge ingress-filtering=yes interface=ether14
add bridge=bridge ingress-filtering=yes interface=ether15
add bridge=bridge ingress-filtering=yes interface=ether16
add bridge=bridge ingress-filtering=yes interface=ether17
add bridge=bridge ingress-filtering=yes interface=ether18
add bridge=bridge ingress-filtering=yes interface=ether19
add bridge=bridge ingress-filtering=yes interface=ether20
add bridge=bridge ingress-filtering=yes interface=ether21
add bridge=bridge ingress-filtering=yes interface=ether22
add bridge=bridge ingress-filtering=yes interface=ether23
add bridge=bridge ingress-filtering=yes interface=ether24
add bridge=bridge ingress-filtering=yes interface=sfp1
/ip settings
set max-neighbor-entries=4096
/interface ethernet switch egress-vlan-tag
add tagged-ports=switch1-cpu vlan-id=10
add tagged-ports=switch1-cpu vlan-id=20
add tagged-ports=switch1-cpu vlan-id=200
/interface ethernet switch ingress-vlan-translation
add new-customer-vid=20 ports=ether17,ether18,ether19,ether20,ether21,ether22,ether23,ether24
add new-customer-vid=10 ports=ether9,ether10,ether11,ether12,ether13,ether14,ether15,ether16
add new-customer-vid=200 ports=ether3,ether4,ether5,ether6,ether7,ether8,ether1,ether2
/interface ethernet switch vlan
add ports=ether9,ether10,ether11,ether12,ether13,ether14,ether15,ether16,switch1-cpu vlan-id=10
add ports=ether17,ether18,ether19,ether20,ether21,ether22,ether23,ether24,switch1-cpu vlan-id=20
add ports=ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,switch1-cpu vlan-id=200
/interface ovpn-server server
set auth=sha1,md5
/ip address
add address=172.20.20.1/24 interface=lan20 network=172.20.20.0
add address=172.20.10.1/24 interface=lan10 network=172.20.10.0
add address=172.20.0.2/24 interface=lan200 network=172.20.0.0
/ip dns
set servers=172.20.0.1
/ip firewall filter
add action=fasttrack-connection chain=forward connection-state=established,related
add action=accept chain=forward
/ip firewall nat
add action=masquerade chain=srcnat out-interface=lan200
/ip route
add distance=1 gateway=172.20.0.1
/lcd interface pages
set 0 interfaces=ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,ether9,ether10
/system clock
set time-zone-name=Europe/Bucharest
 
steginger
just joined
Posts: 8
Joined: Sat Apr 11, 2020 2:26 pm

Re: CRS125 fasttrack-connection broken?

Sun Mar 26, 2023 11:56 am

I had the same problem with my CRS125.
Sorry to say, I never got it resolved.
I am pretty sure that it is a problem with the CRS125, as exactly the same configuration did run perfectly fine on different hAP I then used for routing instead of the CRS125.
 
mc68040
just joined
Topic Author
Posts: 4
Joined: Tue Apr 24, 2018 7:58 pm

Re: CRS125 fasttrack-connection broken?

Tue Mar 28, 2023 11:40 am

> Check your firewall rules: You can verify that the fasttrack-connection firewall rule is configured correctly and not blocking traffic between your VLANs.

As in my initial post the firewall rule is (exactly as described in https://wiki.mikrotik.com/wiki/Manual:IP/Fasttrack):

/firewall filter add action=fasttrack-connection chain=forward connection-state=established,related

> Disable fasttrack connection rule: Try disabling the fasttrack-connection firewall rule and test the connectivity between the VLANs again. If the connectivity is restored, then the issue may have been related to the firewall rule.

After disabling this firewall rule the connectivity is ok.

>Check VLAN configuration: Verify that the VLAN configuration is correct and that the VLANs are assigned to the correct interfaces.
>Check switch configuration: Verify that the switch configuration is correct and that the VLANs are properly configured on the switch.
>Upgrade RouterOS: Consider upgrading your RouterOS to the latest version, as this may resolve any bugs or issues related to fasttrack connections.

Again: After disabling the fasttrack firewall rule in my configuration i have a working connectivity between my vlans, enabling the fasttrack rule again then connectivity is lost.

I tested with 6.49.7 and 7.8.

Is fasttrack-connection supposed to work on CRS125 in my inter-vlan routing setup?

Best regards, Robert

Who is online

Users browsing this forum: Ahrefs [Bot], dmitris, karlisi, loloski, onnyloh, sadjoe and 93 guests