For anyone who will find this post and struggling to offload PowerBox PRO (hex poe) to unload CPU because with full bridge VLAN filtering it does around 350-400 mbps tops.
Bridging VLAN interface is not good, but the only option to commutate on CPU level and stick software sfp1 port into switch chip filtering.
The load is asynchronous, DL is up to 700 mbps with 60-70% CPU load (ISP is shaping), probably can reach 1 gbit. UL is around 350-400 still, will recheck config later, but it seems that chip offload works in only one direction regarding vlan88 ISP, maybe it should be that way.
NB! @MikroTik please make new revisions of good old soho devices, with multicore ARM cpu and full poe support. Such as hex s, powerbox pro\hex poe etc. Sometimes you need a long poe daisy chain and new l009 and 5009 doesn't support poe passthrough and you have to use PSU which is inconvenient. hex s is great, but sfp port not on chip (thanks for offloading vlan filtering though) and hex poe is too weak with 1 core CPU and unstable if you try to overclock it.
Bridging VLAN interface is not good, but the only option to commutate on CPU level and stick software sfp1 port into switch chip filtering.
Code:
/interface bridgeadd fast-forward=no name=bridge1add fast-forward=no name=bridge88 protocol-mode=none/interface vlanadd interface=bridge1 loop-protect=off name=vlan88_ISP vlan-id=88add interface=bridge1 loop-protect=off name=vlan241_mgmt vlan-id=241/interface ethernet switchset 0 cpu-flow-control=no/interface ethernet switch portset 0 vlan-mode=secureset 1 default-vlan-id=246 vlan-mode=secureset 2 default-vlan-id=242 vlan-mode=secureset 3 default-vlan-id=246 vlan-mode=secureset 4 vlan-mode=secureset 5 vlan-mode=secure/interface bridge portadd bridge=bridge1 interface=ether1add bridge=bridge1 interface=ether2add bridge=bridge1 interface=ether3add bridge=bridge1 interface=ether4add bridge=bridge1 interface=ether5add bridge=bridge88 interface=sfp1add bridge=bridge88 interface=vlan88_ISP/interface ethernet switch vlanadd independent-learning=yes ports=ether1,switch1-cpu switch=switch1 vlan-id=88add independent-learning=yes ports=switch1-cpu,ether1,ether5 switch=switch1 vlan-id=241add independent-learning=yes ports=ether1,ether5 switch=switch1 vlan-id=240add independent-learning=yes ports=ether1,ether3,ether5 switch=switch1 vlan-id=242add independent-learning=yes ports=ether1,ether2,ether4 switch=switch1 vlan-id=246add independent-learning=yes ports=ether1,ether5 switch=switch1 vlan-id=247NB! @MikroTik please make new revisions of good old soho devices, with multicore ARM cpu and full poe support. Such as hex s, powerbox pro\hex poe etc. Sometimes you need a long poe daisy chain and new l009 and 5009 doesn't support poe passthrough and you have to use PSU which is inconvenient. hex s is great, but sfp port not on chip (thanks for offloading vlan filtering though) and hex poe is too weak with 1 core CPU and unstable if you try to overclock it.
Statistics: Posted by DJGlooM — Sat Jun 01, 2024 3:26 pm