However recently I started to try and get the RB4011 to use HW offload, this should be possible since I am only using a vlan aware bridge.
Now it originally had IGMP snooping on and this was turned on at all my other switches downstream, now that I am debugging a issue with subnets in my router I decided to turn IGMP off. This instantly made the ports hw offload, this came at the cost of breaking anything not on vlan 1.
If for whatever reason I turn on a feature which disables hw offload everything works again, I can also turn off hw offload on specific ports to fix the issue on said port. I am simply not experienced enough with RouterOS and networking as a whole to figure out just why hw offload breaks vlans on its own.
To be more specific: when HW offload is on a device on a vlan, in this example I made vlan 50 the native lan on port 7, the device will not see anything. It will only see itself and DUDE scanning. As to why it becomes so isolated I have no clue.
If I cannot fix this issue I'll simply turn off hw offloading but it would be a shame to make the cpu work harder than it has to.
My config is as follows:
Code: Select all
/interface bridge
add igmp-snooping=yes name=bridge vlan-filtering=yes
/interface ethernet
set [ find default-name=ether6 ] auto-negotiation=no
set [ find default-name=ether7 ] auto-negotiation=no
/interface bonding
add comment="proxmox link aggregate eth 2+3" mode=802.3ad name=bonding1 slaves=\
ether2,ether3 transmit-hash-policy=layer-2-and-3
/interface list
add name=WAN
add name=LAN
/port
set 0 name=serial0
set 1 name=serial1
/dude
set enabled=yes
/interface bridge port
add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged \
interface=ether1
add bridge=bridge interface=ether4
add bridge=bridge interface=ether5
add bridge=bridge interface=ether8
add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged \
interface=ether9 pvid=200
add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged \
interface=ether10 pvid=200
add bridge=bridge interface=sfp-sfpplus1 trusted=yes
add bridge=bridge interface=bonding1
add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged \
interface=ether6
add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged \
interface=ether7 pvid=50
/ip firewall connection tracking
set udp-timeout=10s
/interface bridge vlan
add bridge=bridge tagged=ether4,ether5,sfp-sfpplus1 vlan-ids=50
add bridge=bridge tagged=ether5,sfp-sfpplus1 vlan-ids=200
add bridge=bridge tagged=sfp-sfpplus1,bonding1 vlan-ids=99
/interface list member
add interface=ether1 list=WAN
add interface=ether2 list=LAN
add interface=ether3 list=LAN
add interface=ether4 list=LAN
add interface=ether5 list=LAN
add interface=ether6 list=LAN
add interface=ether7 list=LAN
add interface=ether8 list=LAN
add interface=ether9 list=LAN
add interface=ether10 list=LAN
add interface=sfp-sfpplus1 list=LAN
/ip dhcp-client
# DHCP client can not run on slave or passthrough interface!
add interface=sfp-sfpplus1
/ip dns
set servers=8.8.8.8
/system clock
set time-zone-name=Europe/Amsterdam
/system note
set show-at-login=no
/system routerboard settings
set enter-setup-on=delete-key