After struggling to find the right way to configure my RB4011 and CRS354 using VLANS with QoS and after everything seam to work well, I came to a point that connection, let's say from PC1-VLAN10 to PC2-VLAN10 not reaching the wire speed when copying between these two PCs while both PCs have Gigabit Interfaces!!
To be honest, the configuration might be a mess and I'm not sure if I did setup correctly but I think that something is going wrong with the hardware offload!!!
This is the configuration at the Router side:
Code: Select all
# 2024-03-09 13:38:44 by RouterOS 7.14
# software id = XXXX-XX2C
#
# model = RB4011iGS+
# serial number = XXXXXXXXVH2
/interface bridge
add name=bridge1 vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] name=ether1-ISP1
set [ find default-name=ether6 ] name=ether6-ISP2
set [ find default-name=ether10 ] name=ether10-Management
set [ find default-name=sfp-sfpplus1 ] comment="Link to Switch" name=\
sfp-sfpplus1-TRUNK
/interface vlan
add interface=sfp-sfpplus1-TRUNK name=vlan10-PC vlan-id=10
add interface=sfp-sfpplus1-TRUNK name=vlan20-PS vlan-id=20
add interface=sfp-sfpplus1-TRUNK name=vlan30-CCTV vlan-id=30
add interface=sfp-sfpplus1-TRUNK name=vlan40-AP vlan-id=40
add interface=sfp-sfpplus1-TRUNK name=vlan50-SHPIA vlan-id=50
add interface=sfp-sfpplus1-TRUNK name=vlan99-MGMT vlan-id=99
/interface list
add name=WAN
add name=LAN
add name=DISCOVERY
/ip pool
add name=dhcp_pool-Management ranges=192.168.99.5-192.168.99.254
add name=dhcp_pool-PC ranges=192.168.10.26-192.168.10.254
add name=dhcp_pool-PS ranges=192.168.20.2-192.168.20.254
add name=dhcp_pool-CCTV ranges=192.168.30.2-192.168.30.254
add name=dhcp_pool-WIFI ranges=192.168.40.2-192.168.40.254
add name=dhcp_pool5 ranges=192.168.50.2-192.168.50.254
/ip dhcp-server
add address-pool=dhcp_pool-Management interface=bridge1 name=dhcp-Management
add address-pool=dhcp_pool-PC interface=vlan10-PC name=dhcp-PC
add address-pool=dhcp_pool-PS interface=vlan20-PS name=dhcp-PS
add address-pool=dhcp_pool-CCTV interface=vlan30-CCTV name=dhcp-CCTV
add address-pool=dhcp_pool-WIFI interface=vlan40-AP name=dhcp-WIFI
add address-pool=dhcp_pool5 interface=vlan50-SHPIA name=dhcp-SHPIA
/ip smb users
set [ find default=yes ] disabled=yes
/port
set 0 name=serial0
set 1 name=serial1
/queue tree
add max-limit=56M name="All Bandwidth" parent=global
/queue type
add kind=pcq name=PCQ-Download pcq-classifier=dst-address
add kind=pcq name=PCQ-UIpload pcq-classifier=src-address
add kind=fq-codel name=FQ-CODEL
add kind=sfq name=WIFI-SFQ
/queue tree
add max-limit=56M name=Dwonload parent="All Bandwidth" queue=PCQ-Download
add max-limit=27M name=Upload parent="All Bandwidth" queue=PCQ-UIpload
add max-limit=50M name=VLAN10-PC-Down packet-mark=DOWN_PACKET_VLAN10 parent=\
Dwonload queue=FQ-CODEL
add max-limit=50M name=VLAN20-PS-Down packet-mark=DOWN_PACKET_VLAN20 parent=\
Dwonload queue=FQ-CODEL
add limit-at=5M max-limit=10M name=VLAN30-CCTV-Down packet-mark=\
DOWN_PACKET_VLAN30 parent=Dwonload queue=FQ-CODEL
add limit-at=10M max-limit=20M name=VLAN40-WIFI-Down packet-mark=\
DOWN_PACKET_VLAN40 parent=Dwonload queue=WIFI-SFQ
add limit-at=10M max-limit=20M name=VLAN50-SHPIA-Down packet-mark=\
DOWN_PACKET_VLAN50 parent=Dwonload queue=FQ-CODEL
add max-limit=20M name=VLAN10-PC-Up packet-mark=UP_PACKET_VLAN10 parent=\
Upload queue=FQ-CODEL
add max-limit=20M name=VLAN20-PS-Up packet-mark=UP_PACKET_VLAN20 parent=\
Upload queue=FQ-CODEL
add limit-at=5M max-limit=10M name=VLAN30-CCTV-Up packet-mark=\
UP_PACKET_VLAN30 parent=Upload queue=FQ-CODEL
add limit-at=5M max-limit=10M name=VLAN40-WIFI-Up packet-mark=\
UP_PACKET_VLAN40 parent=Upload queue=FQ-CODEL
add limit-at=5M max-limit=10M name=VLAN50-SHPIA-Up packet-mark=\
UP_PACKET_VLAN50 parent=Upload queue=FQ-CODEL
/interface bridge port
add bridge=bridge1 interface=sfp-sfpplus1-TRUNK
add bridge=bridge1 interface=ether10-Management
add bridge=bridge1 interface=vlan99-MGMT
/interface bridge settings
set use-ip-firewall-for-vlan=yes
/ip firewall connection tracking
set udp-timeout=10s
/ip neighbor discovery-settings
set discover-interface-list=DISCOVERY
/ipv6 settings
set disable-ipv6=yes forward=no
/interface list member
add interface=ether1-ISP1 list=WAN
add interface=ether6-ISP2 list=WAN
add interface=bridge1 list=LAN
add interface=vlan10-PC list=LAN
add interface=vlan20-PS list=LAN
add interface=vlan30-CCTV list=LAN
add interface=vlan40-AP list=LAN
add interface=vlan50-SHPIA list=LAN
add interface=bridge1 list=DISCOVERY
/ip address
add address=192.168.99.1/24 interface=bridge1 network=192.168.99.0
add address=192.168.10.1/24 interface=vlan10-PC network=192.168.10.0
add address=192.168.20.1/24 interface=vlan20-PS network=192.168.20.0
add address=192.168.30.1/24 interface=vlan30-CCTV network=192.168.30.0
add address=192.168.40.1/24 interface=vlan40-AP network=192.168.40.0
add address=192.168.50.1/24 interface=vlan50-SHPIA network=192.168.50.0
/ip arp
add address=192.168.99.2 interface=bridge1 mac-address=D4:01:C3:32:B6:F2
add address=192.168.99.3 interface=bridge1 mac-address=CC:2D:E0:19:C8:F2
/ip dhcp-client
add interface=ether1-ISP1 use-peer-dns=no
/ip dhcp-server network
add address=192.168.10.0/24 gateway=192.168.10.1
add address=192.168.20.0/24 gateway=192.168.20.1
add address=192.168.30.0/24 gateway=192.168.30.1
add address=192.168.40.0/24 gateway=192.168.40.1
add address=192.168.50.0/24 gateway=192.168.50.1
add address=192.168.99.0/24 gateway=192.168.99.1
/ip dns
set servers=8.8.8.8,8.8.4.4,1.1.1.1
/ip firewall address-list
add address=192.168.99.0/24 list=Management
add address=192.168.10.0/24 list=PC
add address=192.168.20.0/24 list=PS
add address=192.168.30.0/24 list=CCTV
add address=192.168.40.0/24 list=AP
add address=192.168.50.0/24 list=Shpia
/ip firewall filter
add action=drop chain=input comment=\
"Winbox Access Allowed Only Management Range" protocol=tcp \
src-address-list=!Management src-port=8291
/ip firewall mangle
add action=mark-connection chain=prerouting comment=UP-VLAN10 \
new-connection-mark=UP-Conn-VLAN10 passthrough=yes src-address=\
192.168.10.0/24
add action=mark-packet chain=prerouting connection-mark=UP-Conn-VLAN10 \
new-packet-mark=UP_PACKET_VLAN10 passthrough=yes
add action=mark-connection chain=postrouting comment=DOWN-VLAN10 dst-address=\
192.168.10.0/24 new-connection-mark=DOWN-Conn-VLAN10 passthrough=yes
add action=mark-packet chain=postrouting connection-mark=DOWN-Conn-VLAN10 \
new-packet-mark=DOWN_PACKET_VLAN10 passthrough=yes
add action=mark-connection chain=prerouting comment=UP-VLAN20 \
new-connection-mark=UP-Conn-VLAN20 passthrough=yes src-address=\
192.168.20.0/24
add action=mark-packet chain=prerouting connection-mark=UP-Conn-VLAN20 \
new-packet-mark=UP_PACKET_VLAN20 passthrough=yes
add action=mark-connection chain=postrouting comment=DOWN-VLAN20 dst-address=\
192.168.20.0/24 new-connection-mark=DOWN-Conn-VLAN20 passthrough=yes
add action=mark-packet chain=postrouting connection-mark=DOWN-Conn-VLAN20 \
new-packet-mark=DOWN_PACKET_VLAN20 passthrough=yes
add action=mark-connection chain=prerouting comment=UP-VLAN30 \
new-connection-mark=UP-Conn-VLAN30 passthrough=yes src-address=\
192.168.30.0/24
add action=mark-packet chain=prerouting connection-mark=UP-Conn-VLAN30 \
new-packet-mark=UP_PACKET_VLAN30 passthrough=yes
add action=mark-connection chain=postrouting comment=DOWN-VLAN30 dst-address=\
192.168.30.0/24 new-connection-mark=DOWN-Conn-VLAN30 passthrough=yes
add action=mark-packet chain=postrouting connection-mark=DOWN-Conn-VLAN30 \
new-packet-mark=DOWN_PACKET_VLAN30 passthrough=yes
add action=mark-connection chain=prerouting comment=UP-VLAN40 \
new-connection-mark=UP-Conn-VLAN40 passthrough=yes src-address=\
192.168.40.0/24
add action=mark-packet chain=prerouting connection-mark=UP-Conn-VLAN40 \
new-packet-mark=UP_PACKET_VLAN40 passthrough=yes
add action=mark-connection chain=postrouting comment=DOWN-VLAN40 dst-address=\
192.168.40.0/24 new-connection-mark=DOWN-Conn-VLAN40 passthrough=yes
add action=mark-packet chain=postrouting connection-mark=DOWN-Conn-VLAN40 \
new-packet-mark=DOWN_PACKET_VLAN40 passthrough=yes
add action=mark-connection chain=prerouting comment=UP-VLAN50 \
new-connection-mark=UP-Conn-VLAN50 passthrough=yes src-address=\
192.168.50.0/24
add action=mark-packet chain=prerouting connection-mark=UP-Conn-VLAN50 \
new-packet-mark=UP_PACKET_VLAN50 passthrough=yes
add action=mark-connection chain=postrouting comment=DOWN-VLAN50 dst-address=\
192.168.50.0/24 new-connection-mark=DOWN-Conn-VLAN50 passthrough=yes
add action=mark-packet chain=postrouting connection-mark=DOWN-Conn-VLAN50 \
new-packet-mark=DOWN_PACKET_VLAN50 passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1-ISP1
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ip smb shares
set [ find default=yes ] directory=/pub
/system clock
set time-zone-name=Europe/Tirane
/system identity
set name=Router
/system note
set show-at-login=no
/system ntp client
set enabled=yes
/system ntp client servers
add address=216.239.35.0
add address=129.250.35.250
/system routerboard settings
set enter-setup-on=delete-key
/tool bandwidth-server
set enabled=no
/tool mac-server
set allowed-interface-list=DISCOVERY
/tool mac-server mac-winbox
set allowed-interface-list=DISCOVERY
/tool romon
set enabled=yes
Code: Select all
# 2024-03-09 13:44:20 by RouterOS 7.14
# software id = XXXX-XXTA
#
# model = CRS354-48G-4S+2Q+
# serial number = XXXXXXXXW8V
/interface bridge
add dhcp-snooping=yes name=bridge1 vlan-filtering=yes
/interface ethernet
set [ find default-name=ether36 ] comment="Link to AP" name=ether36-TRUNK
set [ find default-name=ether38 ] comment="Link to Shpia" name=ether38-TRUNK
set [ find default-name=ether48 ] comment="Management Port"
set [ find default-name=sfp-sfpplus1 ] comment="Link to Router" name=\
sfp-sfpplus1-TRUNK
/interface list
add name=DISCOVERY
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/ip smb users
set [ find default=yes ] disabled=yes
/port
set 0 name=serial0
/interface bridge port
add bridge=bridge1 interface=sfp-sfpplus1-TRUNK trusted=yes
add bridge=bridge1 interface=ether1 pvid=10
add bridge=bridge1 interface=ether2 pvid=20
add bridge=bridge1 interface=ether3 pvid=10
add bridge=bridge1 interface=ether4 pvid=20
add bridge=bridge1 interface=ether5 pvid=10
add bridge=bridge1 interface=ether6 pvid=20
add bridge=bridge1 interface=ether7 pvid=10
add bridge=bridge1 interface=ether8 pvid=20
add bridge=bridge1 interface=ether9 pvid=10
add bridge=bridge1 interface=ether10 pvid=20
add bridge=bridge1 interface=ether11 pvid=10
add bridge=bridge1 interface=ether12 pvid=20
add bridge=bridge1 interface=ether13 pvid=10
add bridge=bridge1 interface=ether14 pvid=20
add bridge=bridge1 interface=ether15 pvid=10
add bridge=bridge1 interface=ether16 pvid=20
add bridge=bridge1 interface=ether17 pvid=10
add bridge=bridge1 interface=ether18 pvid=20
add bridge=bridge1 interface=ether19 pvid=10
add bridge=bridge1 interface=ether20 pvid=20
add bridge=bridge1 interface=ether21 pvid=10
add bridge=bridge1 interface=ether22 pvid=20
add bridge=bridge1 interface=ether23 pvid=10
add bridge=bridge1 interface=ether24 pvid=20
add bridge=bridge1 interface=ether25 pvid=10
add bridge=bridge1 interface=ether26 pvid=20
add bridge=bridge1 interface=ether27 pvid=10
add bridge=bridge1 interface=ether28 pvid=20
add bridge=bridge1 interface=ether29 pvid=10
add bridge=bridge1 interface=ether30 pvid=20
add bridge=bridge1 interface=ether31 pvid=10
add bridge=bridge1 interface=ether32 pvid=20
add bridge=bridge1 interface=ether33 pvid=10
add bridge=bridge1 comment=vlan30-CCTV interface=ether34 pvid=30
add bridge=bridge1 interface=ether35 pvid=10
add bridge=bridge1 comment=vlan40-AP interface=ether36-TRUNK
add bridge=bridge1 interface=ether37 pvid=10
add bridge=bridge1 comment=vlan50-SHPIA interface=ether38-TRUNK
add bridge=bridge1 interface=ether39 pvid=10
add bridge=bridge1 interface=ether40
add bridge=bridge1 interface=ether41 pvid=10
add bridge=bridge1 interface=ether42
add bridge=bridge1 interface=ether43 pvid=10
add bridge=bridge1 interface=ether44
add bridge=bridge1 interface=ether45 pvid=10
add bridge=bridge1 interface=ether46
add bridge=bridge1 interface=ether47 pvid=10
add bridge=bridge1 comment=vlan99-Management interface=ether48 pvid=99
/ip firewall connection tracking
set enabled=no udp-timeout=10s
/ip neighbor discovery-settings
set discover-interface-list=DISCOVERY
/ipv6 settings
set disable-ipv6=yes forward=no
/interface bridge vlan
add bridge=bridge1 tagged=sfp-sfpplus1-TRUNK untagged="ether1,ether3,ether5,et\
her7,ether9,ether11,ether13,ether15,ether17,ether19,ether21,ether23,ether2\
5,ether27,ether29,ether31,ether33,ether35,ether37,ether39,ether41,ether43,\
ether45,ether47" vlan-ids=10
add bridge=bridge1 tagged=sfp-sfpplus1-TRUNK untagged="ether2,ether4,ether6,et\
her8,ether10,ether12,ether14,ether16,ether18,ether20,ether22,ether24,ether\
26,ether28,ether30,ether32" vlan-ids=20
add bridge=bridge1 tagged=sfp-sfpplus1-TRUNK untagged=ether34 vlan-ids=30
add bridge=bridge1 tagged=sfp-sfpplus1-TRUNK,ether36-TRUNK vlan-ids=40
add bridge=bridge1 tagged=sfp-sfpplus1-TRUNK untagged=ether48 vlan-ids=99
/interface list member
add interface=sfp-sfpplus1-TRUNK list=DISCOVERY
add interface=bridge1 list=DISCOVERY
/ip address
add address=192.168.99.2/24 interface=bridge1 network=192.168.99.0
/ip dns
set servers=8.8.8.8,8.8.4.4,1.1.1.1
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
/ip route
add disabled=no dst-address=0.0.0.0/0 gateway=192.168.99.1 routing-table=main \
suppress-hw-offload=no
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ip smb shares
set [ find default=yes ] directory=/flash/pub
/system clock
set time-zone-name=Europe/Tirane
/system identity
set name=Switch
/system note
set show-at-login=no
/system ntp client
set enabled=yes
/system ntp client servers
add address=216.239.35.0
add address=129.250.35.250
/system routerboard settings
set boot-os=router-os enter-setup-on=delete-key
/tool bandwidth-server
set enabled=no
/tool mac-server
set allowed-interface-list=DISCOVERY
/tool mac-server mac-winbox
set allowed-interface-list=DISCOVERY
/tool romon
set enabled=yes
Code: Select all
# 2024-03-09 13:47:32 by RouterOS 7.13.5
# software id = XXXX-XX1G
#
# model = RB951Ui-2HnD
# serial number = XXXXXXXXDA7
/interface bridge
add dhcp-snooping=yes name=bridge1 vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] comment="Link to Switch" name=ether1-TRUNK
set [ find default-name=ether2 ] comment="Management Port"
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-g/n disabled=no installation=indoor \
mode=ap-bridge ssid=MikroTik wps-mode=disabled
/interface list
add name=DISCOVERY
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys \
supplicant-identity=MikroTik
/interface bridge port
add bridge=bridge1 comment="Link to Switch" interface=ether1-TRUNK trusted=\
yes
add bridge=bridge1 interface=wlan1 pvid=40
/ip firewall connection tracking
set enabled=no
/ip neighbor discovery-settings
set discover-interface-list=DISCOVERY
/ipv6 settings
set disable-ipv6=yes forward=no
/interface bridge vlan
add bridge=bridge1 tagged=ether1-TRUNK vlan-ids=99
add bridge=bridge1 tagged=ether1-TRUNK untagged=wlan1 vlan-ids=40
/interface ethernet switch vlan
add ports=ether1-TRUNK switch=switch1 vlan-id=40
/interface list member
add interface=ether1-TRUNK list=DISCOVERY
add interface=bridge1 list=DISCOVERY
/ip address
add address=192.168.99.3/24 interface=bridge1 network=192.168.99.0
/ip dns
set servers=8.8.8.8,8.8.4.4,1.1.1.1
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
/ip route
add disabled=no dst-address=0.0.0.0/0 gateway=192.168.99.1 routing-table=main \
suppress-hw-offload=no
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/system clock
set time-zone-name=Europe/Tirane
/system identity
set name=AP
/system note
set show-at-login=no
/system ntp client
set enabled=yes
/system ntp client servers
add address=216.239.35.0
add address=129.250.35.250
/tool mac-server
set allowed-interface-list=DISCOVERY
/tool mac-server mac-winbox
set allowed-interface-list=DISCOVERY
/tool romon
set enabled=yes
I really need some HELP!
Thanks in Advance!