Hello everyone,
After struggling to find the right way to configure my RB4011 and CRS354 using VLANS with QoS and after everything seam to work well, I came to a point that connection, let's say from PC1-VLAN10 to PC2-VLAN10 not reaching the wire speed when copying between these two PCs while both PCs have Gigabit Interfaces!!
To be honest, the configuration might be a mess and I'm not sure if I did setup correctly but I think that something is going wrong with the hardware offload!!!
This is the configuration at the Router side:this is the configuration at the Switch side:
and this is the configuration of "RB951Ui-2HnD" which is acting as a temporary AP because I am going to use a "cAP ax" AP instead:
Just to note that everything works well until now, DHCP server, QoS, VLAN connectivity etc EXCEPT THE WIRE TRANSFER BETWEEN PCs WITHIN THE SAME VLAN and a 20-30 seconds delay at the DORA/DHCP PROCESS WHEN THE ARP TABLE IS CLEANED!
I really need some HELP!
Thanks in Advance!
After struggling to find the right way to configure my RB4011 and CRS354 using VLANS with QoS and after everything seam to work well, I came to a point that connection, let's say from PC1-VLAN10 to PC2-VLAN10 not reaching the wire speed when copying between these two PCs while both PCs have Gigabit Interfaces!!
To be honest, the configuration might be a mess and I'm not sure if I did setup correctly but I think that something is going wrong with the hardware offload!!!
This is the configuration at the Router side:
Code:
# 2024-03-09 13:38:44 by RouterOS 7.14# software id = XXXX-XX2C## model = RB4011iGS+# serial number = XXXXXXXXVH2/interface bridgeadd name=bridge1 vlan-filtering=yes/interface ethernetset [ find default-name=ether1 ] name=ether1-ISP1set [ find default-name=ether6 ] name=ether6-ISP2set [ find default-name=ether10 ] name=ether10-Managementset [ find default-name=sfp-sfpplus1 ] comment="Link to Switch" name=\ sfp-sfpplus1-TRUNK/interface vlanadd interface=sfp-sfpplus1-TRUNK name=vlan10-PC vlan-id=10add interface=sfp-sfpplus1-TRUNK name=vlan20-PS vlan-id=20add interface=sfp-sfpplus1-TRUNK name=vlan30-CCTV vlan-id=30add interface=sfp-sfpplus1-TRUNK name=vlan40-AP vlan-id=40add interface=sfp-sfpplus1-TRUNK name=vlan50-SHPIA vlan-id=50add interface=sfp-sfpplus1-TRUNK name=vlan99-MGMT vlan-id=99/interface listadd name=WANadd name=LANadd name=DISCOVERY/ip pooladd name=dhcp_pool-Management ranges=192.168.99.5-192.168.99.254add name=dhcp_pool-PC ranges=192.168.10.26-192.168.10.254add name=dhcp_pool-PS ranges=192.168.20.2-192.168.20.254add name=dhcp_pool-CCTV ranges=192.168.30.2-192.168.30.254add name=dhcp_pool-WIFI ranges=192.168.40.2-192.168.40.254add name=dhcp_pool5 ranges=192.168.50.2-192.168.50.254/ip dhcp-serveradd address-pool=dhcp_pool-Management interface=bridge1 name=dhcp-Managementadd address-pool=dhcp_pool-PC interface=vlan10-PC name=dhcp-PCadd address-pool=dhcp_pool-PS interface=vlan20-PS name=dhcp-PSadd address-pool=dhcp_pool-CCTV interface=vlan30-CCTV name=dhcp-CCTVadd address-pool=dhcp_pool-WIFI interface=vlan40-AP name=dhcp-WIFIadd address-pool=dhcp_pool5 interface=vlan50-SHPIA name=dhcp-SHPIA/ip smb usersset [ find default=yes ] disabled=yes/portset 0 name=serial0set 1 name=serial1/queue treeadd max-limit=56M name="All Bandwidth" parent=global/queue typeadd kind=pcq name=PCQ-Download pcq-classifier=dst-addressadd kind=pcq name=PCQ-UIpload pcq-classifier=src-addressadd kind=fq-codel name=FQ-CODELadd kind=sfq name=WIFI-SFQ/queue treeadd max-limit=56M name=Dwonload parent="All Bandwidth" queue=PCQ-Downloadadd max-limit=27M name=Upload parent="All Bandwidth" queue=PCQ-UIploadadd max-limit=50M name=VLAN10-PC-Down packet-mark=DOWN_PACKET_VLAN10 parent=\ Dwonload queue=FQ-CODELadd max-limit=50M name=VLAN20-PS-Down packet-mark=DOWN_PACKET_VLAN20 parent=\ Dwonload queue=FQ-CODELadd limit-at=5M max-limit=10M name=VLAN30-CCTV-Down packet-mark=\ DOWN_PACKET_VLAN30 parent=Dwonload queue=FQ-CODELadd limit-at=10M max-limit=20M name=VLAN40-WIFI-Down packet-mark=\ DOWN_PACKET_VLAN40 parent=Dwonload queue=WIFI-SFQadd limit-at=10M max-limit=20M name=VLAN50-SHPIA-Down packet-mark=\ DOWN_PACKET_VLAN50 parent=Dwonload queue=FQ-CODELadd max-limit=20M name=VLAN10-PC-Up packet-mark=UP_PACKET_VLAN10 parent=\ Upload queue=FQ-CODELadd max-limit=20M name=VLAN20-PS-Up packet-mark=UP_PACKET_VLAN20 parent=\ Upload queue=FQ-CODELadd limit-at=5M max-limit=10M name=VLAN30-CCTV-Up packet-mark=\ UP_PACKET_VLAN30 parent=Upload queue=FQ-CODELadd limit-at=5M max-limit=10M name=VLAN40-WIFI-Up packet-mark=\ UP_PACKET_VLAN40 parent=Upload queue=FQ-CODELadd limit-at=5M max-limit=10M name=VLAN50-SHPIA-Up packet-mark=\ UP_PACKET_VLAN50 parent=Upload queue=FQ-CODEL/interface bridge portadd bridge=bridge1 interface=sfp-sfpplus1-TRUNKadd bridge=bridge1 interface=ether10-Managementadd bridge=bridge1 interface=vlan99-MGMT/interface bridge settingsset use-ip-firewall-for-vlan=yes/ip firewall connection trackingset udp-timeout=10s/ip neighbor discovery-settingsset discover-interface-list=DISCOVERY/ipv6 settingsset disable-ipv6=yes forward=no/interface list memberadd interface=ether1-ISP1 list=WANadd interface=ether6-ISP2 list=WANadd interface=bridge1 list=LANadd interface=vlan10-PC list=LANadd interface=vlan20-PS list=LANadd interface=vlan30-CCTV list=LANadd interface=vlan40-AP list=LANadd interface=vlan50-SHPIA list=LANadd interface=bridge1 list=DISCOVERY/ip addressadd address=192.168.99.1/24 interface=bridge1 network=192.168.99.0add address=192.168.10.1/24 interface=vlan10-PC network=192.168.10.0add address=192.168.20.1/24 interface=vlan20-PS network=192.168.20.0add address=192.168.30.1/24 interface=vlan30-CCTV network=192.168.30.0add address=192.168.40.1/24 interface=vlan40-AP network=192.168.40.0add address=192.168.50.1/24 interface=vlan50-SHPIA network=192.168.50.0/ip arpadd address=192.168.99.2 interface=bridge1 mac-address=D4:01:C3:32:B6:F2add address=192.168.99.3 interface=bridge1 mac-address=CC:2D:E0:19:C8:F2/ip dhcp-clientadd interface=ether1-ISP1 use-peer-dns=no/ip dhcp-server networkadd address=192.168.10.0/24 gateway=192.168.10.1add address=192.168.20.0/24 gateway=192.168.20.1add address=192.168.30.0/24 gateway=192.168.30.1add address=192.168.40.0/24 gateway=192.168.40.1add address=192.168.50.0/24 gateway=192.168.50.1add address=192.168.99.0/24 gateway=192.168.99.1/ip dnsset servers=8.8.8.8,8.8.4.4,1.1.1.1/ip firewall address-listadd address=192.168.99.0/24 list=Managementadd address=192.168.10.0/24 list=PCadd address=192.168.20.0/24 list=PSadd address=192.168.30.0/24 list=CCTVadd address=192.168.40.0/24 list=APadd address=192.168.50.0/24 list=Shpia/ip firewall filteradd action=drop chain=input comment=\ "Winbox Access Allowed Only Management Range" protocol=tcp \ src-address-list=!Management src-port=8291/ip firewall mangleadd action=mark-connection chain=prerouting comment=UP-VLAN10 \ new-connection-mark=UP-Conn-VLAN10 passthrough=yes src-address=\ 192.168.10.0/24add action=mark-packet chain=prerouting connection-mark=UP-Conn-VLAN10 \ new-packet-mark=UP_PACKET_VLAN10 passthrough=yesadd action=mark-connection chain=postrouting comment=DOWN-VLAN10 dst-address=\ 192.168.10.0/24 new-connection-mark=DOWN-Conn-VLAN10 passthrough=yesadd action=mark-packet chain=postrouting connection-mark=DOWN-Conn-VLAN10 \ new-packet-mark=DOWN_PACKET_VLAN10 passthrough=yesadd action=mark-connection chain=prerouting comment=UP-VLAN20 \ new-connection-mark=UP-Conn-VLAN20 passthrough=yes src-address=\ 192.168.20.0/24add action=mark-packet chain=prerouting connection-mark=UP-Conn-VLAN20 \ new-packet-mark=UP_PACKET_VLAN20 passthrough=yesadd action=mark-connection chain=postrouting comment=DOWN-VLAN20 dst-address=\ 192.168.20.0/24 new-connection-mark=DOWN-Conn-VLAN20 passthrough=yesadd action=mark-packet chain=postrouting connection-mark=DOWN-Conn-VLAN20 \ new-packet-mark=DOWN_PACKET_VLAN20 passthrough=yesadd action=mark-connection chain=prerouting comment=UP-VLAN30 \ new-connection-mark=UP-Conn-VLAN30 passthrough=yes src-address=\ 192.168.30.0/24add action=mark-packet chain=prerouting connection-mark=UP-Conn-VLAN30 \ new-packet-mark=UP_PACKET_VLAN30 passthrough=yesadd action=mark-connection chain=postrouting comment=DOWN-VLAN30 dst-address=\ 192.168.30.0/24 new-connection-mark=DOWN-Conn-VLAN30 passthrough=yesadd action=mark-packet chain=postrouting connection-mark=DOWN-Conn-VLAN30 \ new-packet-mark=DOWN_PACKET_VLAN30 passthrough=yesadd action=mark-connection chain=prerouting comment=UP-VLAN40 \ new-connection-mark=UP-Conn-VLAN40 passthrough=yes src-address=\ 192.168.40.0/24add action=mark-packet chain=prerouting connection-mark=UP-Conn-VLAN40 \ new-packet-mark=UP_PACKET_VLAN40 passthrough=yesadd action=mark-connection chain=postrouting comment=DOWN-VLAN40 dst-address=\ 192.168.40.0/24 new-connection-mark=DOWN-Conn-VLAN40 passthrough=yesadd action=mark-packet chain=postrouting connection-mark=DOWN-Conn-VLAN40 \ new-packet-mark=DOWN_PACKET_VLAN40 passthrough=yesadd action=mark-connection chain=prerouting comment=UP-VLAN50 \ new-connection-mark=UP-Conn-VLAN50 passthrough=yes src-address=\ 192.168.50.0/24add action=mark-packet chain=prerouting connection-mark=UP-Conn-VLAN50 \ new-packet-mark=UP_PACKET_VLAN50 passthrough=yesadd action=mark-connection chain=postrouting comment=DOWN-VLAN50 dst-address=\ 192.168.50.0/24 new-connection-mark=DOWN-Conn-VLAN50 passthrough=yesadd action=mark-packet chain=postrouting connection-mark=DOWN-Conn-VLAN50 \ new-packet-mark=DOWN_PACKET_VLAN50 passthrough=yes/ip firewall natadd action=masquerade chain=srcnat out-interface=ether1-ISP1/ip firewall service-portset ftp disabled=yesset tftp disabled=yesset h323 disabled=yesset sip disabled=yesset pptp disabled=yes/ip serviceset telnet disabled=yesset ftp disabled=yesset www disabled=yesset ssh disabled=yesset api disabled=yesset api-ssl disabled=yes/ip smb sharesset [ find default=yes ] directory=/pub/system clockset time-zone-name=Europe/Tirane/system identityset name=Router/system noteset show-at-login=no/system ntp clientset enabled=yes/system ntp client serversadd address=216.239.35.0add address=129.250.35.250/system routerboard settingsset enter-setup-on=delete-key/tool bandwidth-serverset enabled=no/tool mac-serverset allowed-interface-list=DISCOVERY/tool mac-server mac-winboxset allowed-interface-list=DISCOVERY/tool romonset enabled=yesCode:
# 2024-03-09 13:44:20 by RouterOS 7.14# software id = XXXX-XXTA## model = CRS354-48G-4S+2Q+# serial number = XXXXXXXXW8V/interface bridgeadd dhcp-snooping=yes name=bridge1 vlan-filtering=yes/interface ethernetset [ find default-name=ether36 ] comment="Link to AP" name=ether36-TRUNKset [ find default-name=ether38 ] comment="Link to Shpia" name=ether38-TRUNKset [ find default-name=ether48 ] comment="Management Port"set [ find default-name=sfp-sfpplus1 ] comment="Link to Router" name=\ sfp-sfpplus1-TRUNK/interface listadd name=DISCOVERY/interface wireless security-profilesset [ find default=yes ] supplicant-identity=MikroTik/ip hotspot profileset [ find default=yes ] html-directory=hotspot/ip smb usersset [ find default=yes ] disabled=yes/portset 0 name=serial0/interface bridge portadd bridge=bridge1 interface=sfp-sfpplus1-TRUNK trusted=yesadd bridge=bridge1 interface=ether1 pvid=10add bridge=bridge1 interface=ether2 pvid=20add bridge=bridge1 interface=ether3 pvid=10add bridge=bridge1 interface=ether4 pvid=20add bridge=bridge1 interface=ether5 pvid=10add bridge=bridge1 interface=ether6 pvid=20add bridge=bridge1 interface=ether7 pvid=10add bridge=bridge1 interface=ether8 pvid=20add bridge=bridge1 interface=ether9 pvid=10add bridge=bridge1 interface=ether10 pvid=20add bridge=bridge1 interface=ether11 pvid=10add bridge=bridge1 interface=ether12 pvid=20add bridge=bridge1 interface=ether13 pvid=10add bridge=bridge1 interface=ether14 pvid=20add bridge=bridge1 interface=ether15 pvid=10add bridge=bridge1 interface=ether16 pvid=20add bridge=bridge1 interface=ether17 pvid=10add bridge=bridge1 interface=ether18 pvid=20add bridge=bridge1 interface=ether19 pvid=10add bridge=bridge1 interface=ether20 pvid=20add bridge=bridge1 interface=ether21 pvid=10add bridge=bridge1 interface=ether22 pvid=20add bridge=bridge1 interface=ether23 pvid=10add bridge=bridge1 interface=ether24 pvid=20add bridge=bridge1 interface=ether25 pvid=10add bridge=bridge1 interface=ether26 pvid=20add bridge=bridge1 interface=ether27 pvid=10add bridge=bridge1 interface=ether28 pvid=20add bridge=bridge1 interface=ether29 pvid=10add bridge=bridge1 interface=ether30 pvid=20add bridge=bridge1 interface=ether31 pvid=10add bridge=bridge1 interface=ether32 pvid=20add bridge=bridge1 interface=ether33 pvid=10add bridge=bridge1 comment=vlan30-CCTV interface=ether34 pvid=30add bridge=bridge1 interface=ether35 pvid=10add bridge=bridge1 comment=vlan40-AP interface=ether36-TRUNKadd bridge=bridge1 interface=ether37 pvid=10add bridge=bridge1 comment=vlan50-SHPIA interface=ether38-TRUNKadd bridge=bridge1 interface=ether39 pvid=10add bridge=bridge1 interface=ether40add bridge=bridge1 interface=ether41 pvid=10add bridge=bridge1 interface=ether42add bridge=bridge1 interface=ether43 pvid=10add bridge=bridge1 interface=ether44add bridge=bridge1 interface=ether45 pvid=10add bridge=bridge1 interface=ether46add bridge=bridge1 interface=ether47 pvid=10add bridge=bridge1 comment=vlan99-Management interface=ether48 pvid=99/ip firewall connection trackingset enabled=no udp-timeout=10s/ip neighbor discovery-settingsset discover-interface-list=DISCOVERY/ipv6 settingsset disable-ipv6=yes forward=no/interface bridge vlanadd bridge=bridge1 tagged=sfp-sfpplus1-TRUNK untagged="ether1,ether3,ether5,et\ her7,ether9,ether11,ether13,ether15,ether17,ether19,ether21,ether23,ether2\ 5,ether27,ether29,ether31,ether33,ether35,ether37,ether39,ether41,ether43,\ ether45,ether47" vlan-ids=10add bridge=bridge1 tagged=sfp-sfpplus1-TRUNK untagged="ether2,ether4,ether6,et\ her8,ether10,ether12,ether14,ether16,ether18,ether20,ether22,ether24,ether\ 26,ether28,ether30,ether32" vlan-ids=20add bridge=bridge1 tagged=sfp-sfpplus1-TRUNK untagged=ether34 vlan-ids=30add bridge=bridge1 tagged=sfp-sfpplus1-TRUNK,ether36-TRUNK vlan-ids=40add bridge=bridge1 tagged=sfp-sfpplus1-TRUNK untagged=ether48 vlan-ids=99/interface list memberadd interface=sfp-sfpplus1-TRUNK list=DISCOVERYadd interface=bridge1 list=DISCOVERY/ip addressadd address=192.168.99.2/24 interface=bridge1 network=192.168.99.0/ip dnsset servers=8.8.8.8,8.8.4.4,1.1.1.1/ip firewall service-portset ftp disabled=yesset tftp disabled=yesset h323 disabled=yesset sip disabled=yesset pptp disabled=yes/ip routeadd disabled=no dst-address=0.0.0.0/0 gateway=192.168.99.1 routing-table=main \ suppress-hw-offload=no/ip serviceset telnet disabled=yesset ftp disabled=yesset www disabled=yesset ssh disabled=yesset api disabled=yesset api-ssl disabled=yes/ip smb sharesset [ find default=yes ] directory=/flash/pub/system clockset time-zone-name=Europe/Tirane/system identityset name=Switch/system noteset show-at-login=no/system ntp clientset enabled=yes/system ntp client serversadd address=216.239.35.0add address=129.250.35.250/system routerboard settingsset boot-os=router-os enter-setup-on=delete-key/tool bandwidth-serverset enabled=no/tool mac-serverset allowed-interface-list=DISCOVERY/tool mac-server mac-winboxset allowed-interface-list=DISCOVERY/tool romonset enabled=yesCode:
# 2024-03-09 13:47:32 by RouterOS 7.13.5# software id = XXXX-XX1G## model = RB951Ui-2HnD# serial number = XXXXXXXXDA7/interface bridgeadd dhcp-snooping=yes name=bridge1 vlan-filtering=yes/interface ethernetset [ find default-name=ether1 ] comment="Link to Switch" name=ether1-TRUNKset [ find default-name=ether2 ] comment="Management Port"/interface wirelessset [ find default-name=wlan1 ] band=2ghz-g/n disabled=no installation=indoor \ mode=ap-bridge ssid=MikroTik wps-mode=disabled/interface listadd name=DISCOVERY/interface wireless security-profilesset [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys \ supplicant-identity=MikroTik/interface bridge portadd bridge=bridge1 comment="Link to Switch" interface=ether1-TRUNK trusted=\ yesadd bridge=bridge1 interface=wlan1 pvid=40/ip firewall connection trackingset enabled=no/ip neighbor discovery-settingsset discover-interface-list=DISCOVERY/ipv6 settingsset disable-ipv6=yes forward=no/interface bridge vlanadd bridge=bridge1 tagged=ether1-TRUNK vlan-ids=99add bridge=bridge1 tagged=ether1-TRUNK untagged=wlan1 vlan-ids=40/interface ethernet switch vlanadd ports=ether1-TRUNK switch=switch1 vlan-id=40/interface list memberadd interface=ether1-TRUNK list=DISCOVERYadd interface=bridge1 list=DISCOVERY/ip addressadd address=192.168.99.3/24 interface=bridge1 network=192.168.99.0/ip dnsset servers=8.8.8.8,8.8.4.4,1.1.1.1/ip firewall service-portset ftp disabled=yesset tftp disabled=yesset h323 disabled=yesset sip disabled=yesset pptp disabled=yes/ip routeadd disabled=no dst-address=0.0.0.0/0 gateway=192.168.99.1 routing-table=main \ suppress-hw-offload=no/ip serviceset telnet disabled=yesset ftp disabled=yesset www disabled=yesset ssh disabled=yesset api disabled=yesset api-ssl disabled=yes/system clockset time-zone-name=Europe/Tirane/system identityset name=AP/system noteset show-at-login=no/system ntp clientset enabled=yes/system ntp client serversadd address=216.239.35.0add address=129.250.35.250/tool mac-serverset allowed-interface-list=DISCOVERY/tool mac-server mac-winboxset allowed-interface-list=DISCOVERY/tool romonset enabled=yesI really need some HELP!
Thanks in Advance!
Statistics: Posted by kmp101 — Sat Mar 09, 2024 3:11 pm