Comware

I recently purchased an HP1920-24g switch for my home network. I setup 1 vlan and only assigned 2 ports to it, when i plug into the ports with vlan my speedtest caps at 150mbps (my internet speed is 300/30). However, when I plug into any of the other ports which is technically assigned to default Vlan001 I get my max speed of around 350mbps. Is it normal to lose half your bandwidth routing through vlans? I only have 1 PC plugged in at the moment.

My network:

Arris Modem > Ubiquiti Edge Router Lite > HP 1920-24g Switch > PC

What are (and How are) you exactly testing?

A simple iperf{2,3} test made between two 1Gbps capable hosts belonging to the same VLAN should easily saturate involved ports' bandwidths.

More or less the same if you test hosts belonging to different VLANs on the same Switch when IP Routing functionality is managed by the Switch itself...so in which way are you measuring bandwidth usage of your home network?

I'm simply going to speedtest.net and checking my internet speed. When I'm on Vlan 1 (Trunk port) I get my expected 350mbps speeds. When I plug into vlan 2 it seems to cap my speed test at 150mbps. I don't have anything else plugged into the switch, just the one PC.

Who is doing IP Routing between your two VLANs? for sure your Ubiquiti Firewall is doing NAT and, probably, is providing to your VLANs (VLAN 1 and VLAN 2) routing to Internet (through NAT): what happens if you remove the Switch from the picture and test your Internet speed (it's unreliable, by the way) with your Host PC connected first on VLAN 1, then on VLAN 2, directly on the Firewall's LAN Side which provides those VLANs their Internet access?

That to verify if the culprit is (or is not) the Switch instead of being the Firewall.

The ubiquiti ERL is doing the IP routing between the two vlans. Aside from Masquerade, I don't really have any rules setup for NAT. I don't think I can setup the pc on a Vlan when connecting directly to the router. There is only 3 ports in total. I included both the config files of each device below:

ERL Router

firewall {
    all-ping enable
    broadcast-ping disable
    group {
    }
    ipv6-receive-redirects disable
    ipv6-src-route disable
    ip-src-route disable
    log-martians enable
    name WAN_IN {
        default-action drop
        description "Packets from Internet to LAN"
        enable-default-log
        rule 1 {
            action accept
            description "Allow established sessions"
            log disable
            protocol all
            state {
                established enable
                invalid disable
                new disable
                related enable
            }
        }
        rule 2 {
            action drop
            description "Drop invalid state"
            log disable
            protocol all
            state {
                established disable
                invalid enable
                new disable
                related disable
            }
        }
    }
    name WAN_LOCAL {
        default-action drop
        description "Packets from Intenet to Router"
        enable-default-log
        rule 1 {
            action accept
            description "Allow established sessions"
            log disable
            protocol all
            state {
                established enable
                invalid disable
                new disable
                related enable
            }
        }
        rule 2 {
            action drop
            description "Drop invalid state"
            log disable
            protocol all
            state {
                established disable
                invalid enable
                new disable
                related disable
            }
        }
    }
    receive-redirects disable
    send-redirects enable
    source-validation disable
    syn-cookies enable
}
interfaces {
    ethernet eth0 {
        address dhcp
        description WAN
        duplex auto
        firewall {
            in {
                name WAN_IN
            }
            local {
                name WAN_LOCAL
            }
            out {
            }
        }
        speed auto
    }
    ethernet eth1 {
        address 192.168.1.1/24
        description LAN
        duplex auto
        speed auto
        vif 10 {
            address 192.168.10.1/24
            description eth1.main_network
        }
    }
    ethernet eth2 {
        address 192.168.2.1/24
        description WiFi
        duplex auto
        speed auto
    }
    loopback lo {
    }
}
port-forward {
    auto-firewall enable
    hairpin-nat enable
    lan-interface eth1
    lan-interface eth2
    wan-interface eth0
}
protocols {
    static {
    }
}
service {
    dhcp-server {
        disabled false
        hostfile-update disable
        shared-network-name LAN {
            authoritative disable
            subnet 192.168.1.0/24 {
                default-router 192.168.1.1
                dns-server 68.105.28.12
                dns-server 68.105.29.12
                lease 86400
                start 192.168.1.100 {
                    stop 192.168.1.255
                }
                static-mapping EPSON41B5DF {
                    ip-address 192.168.1.210
                    mac-address ac:18:26:41:b5:df
                }
                static-mapping XboxOne {
                    ip-address 192.168.1.200
                    mac-address 4c:0b:be:3a:40:59
                }
            }
        }
        shared-network-name Main_Network {
            authoritative disable
            subnet 192.168.10.0/24 {
                default-router 192.168.10.1
                dns-server 192.168.10.1
                lease 86400
                start 192.168.10.100 {
                    stop 192.168.10.150
                }
            }
        }
        shared-network-name WiFi {
            authoritative disable
            subnet 192.168.2.0/24 {
                default-router 192.168.2.1
                dns-server 192.168.2.1
                lease 86400
                start 192.168.2.100 {
                    stop 192.168.2.200
                }
            }
        }
        use-dnsmasq disable
    }
    dns {
        forwarding {
            cache-size 5000
            listen-on eth1
            listen-on eth2
            listen-on eth1.10
        }
    }
    gui {
        http-port 80
        https-port 443
        older-ciphers enable
    }
    nat {
        rule 5000 {
            description "Masquerade for LAN"
            log disable
            outbound-interface eth0
            type masquerade
        }
    }
    ssh {
        port 22
        protocol-version v2
    }
    upnp {
        listen-on eth1 {
            outbound-interface eth0
        }
        listen-on eth2 {
            outbound-interface eth0
        }
    }
    upnp2 {
        listen-on eth1
        nat-pmp disable
        secure-mode disable
        wan eth0
    }
}
system {
    conntrack {
        expect-table-size 4096
        hash-size 4096
        table-size 32768
        tcp {
            half-open-connections 512
            loose enable
            max-retrans 3
        }
    }
    host-name ubnt
    login {
        user {
            authentication {
                encrypted-password 
                plaintext-password ""
            }
            full-name ""
            level admin
        }
    }
    ntp {
        server 0.ubnt.pool.ntp.org {
        }
        server 1.ubnt.pool.ntp.org {
        }
        server 2.ubnt.pool.ntp.org {
        }
        server 3.ubnt.pool.ntp.org {
        }
    }
    offload {
        hwnat disable
        ipsec enable
        ipv4 {
            forwarding enable
        }
        ipv6 {
            forwarding disable
        }
    }
    syslog {
        global {
            facility all {
                level notice
            }
            facility protocols {
                level debug
            }
        }
    }
    time-zone America/Los_Angeles
}

HP1920 Switch

#
 version 5.20.99, Release 1114
#
 sysname SW1
#
 clock timezone "Pacific Time(US,Canada)" minus 08:00:00 
#
 dhcp relay server-group 0 ip 192.168.1.1
#
 domain default enable system 
#
 ipv6
#
 telnet server enable 
#
 ssl version ssl3.0 disable
#
 web idle-timeout 999
#
 password-recovery enable
#
vlan 1
#
vlan 10
 description Main Network
#
domain system 
 access-limit disable 
 state active 
 idle-cut disable 
 self-service-url disable 
#
user-group system
 group-attribute allow-guest
#
local-user admin
 password cipher 
 authorization-attribute level 3
 service-type telnet terminal
 service-type web
#
 stp mode rstp
 stp enable
#
interface NULL0
#
interface Vlan-interface1
 ip address 192.168.1.2 255.255.255.0 
#
interface Vlan-interface10
 ip address 192.168.10.2 255.255.255.0 
 dhcp select relay
 dhcp relay server-select 0
#
interface GigabitEthernet1/0/1
 port link-type trunk
 port trunk permit vlan 1 10
 port auto-power-down
 stp edged-port enable
 dhcp-snooping trust
#
interface GigabitEthernet1/0/2
 port access vlan 10
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/3
 port link-type hybrid
 port hybrid vlan 1 untagged
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/4
 port access vlan 10
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/5
 port link-type hybrid
 port hybrid vlan 1 untagged
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/6
 port link-type hybrid
 port hybrid vlan 1 untagged
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/7
 port link-type hybrid
 port hybrid vlan 1 untagged
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/8
 port link-type hybrid
 port hybrid vlan 1 untagged
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/9
 port link-type hybrid
 port hybrid vlan 1 untagged
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/10
 port link-type hybrid
 port hybrid vlan 1 untagged
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/11
 port link-type hybrid
 port hybrid vlan 1 untagged
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/12
 port link-type hybrid
 port hybrid vlan 1 untagged
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/13
 port link-type hybrid
 port hybrid vlan 1 untagged
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/14
 port link-type hybrid
 port hybrid vlan 1 untagged
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/15
 port link-type hybrid
 port hybrid vlan 1 untagged
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/16
 port link-type hybrid
 port hybrid vlan 1 untagged
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/17
 port link-type hybrid
 port hybrid vlan 1 untagged
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/18
 port link-type hybrid
 port hybrid vlan 1 untagged
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/19
 port link-type hybrid
 port hybrid vlan 1 untagged
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/20
 port link-type hybrid
 port hybrid vlan 1 untagged
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/21
 port link-type hybrid
 port hybrid vlan 1 untagged
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/22
 port link-type hybrid
 port hybrid vlan 1 untagged
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/23
 port link-type hybrid
 port hybrid vlan 1 untagged
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/24
 port link-type hybrid
 port hybrid vlan 1 untagged
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/25
 port link-type hybrid
 port hybrid vlan 1 untagged
 stp edged-port enable
#
interface GigabitEthernet1/0/26
 port link-type hybrid
 port hybrid vlan 1 untagged
 stp edged-port enable
#
interface GigabitEthernet1/0/27
 port link-type hybrid
 port hybrid vlan 1 untagged
 stp edged-port enable
#
interface GigabitEthernet1/0/28
 port link-type hybrid
 port hybrid vlan 1 untagged
 stp edged-port enable
#
 dhcp-snooping
#
 ip route-static 0.0.0.0 0.0.0.0 192.168.1.1 preference 10
#
 undo info-center logfile enable
#
 snmp-agent
 snmp-agent local-engineid 383030303633413236353133443839343033454233414530
 snmp-agent sys-info contact Hewlett Packard Enterprise Company           3000 Hanover St           Palo Alto, CA 94304
 snmp-agent sys-info version v3
#
 dhcp enable 
#
 ntp-service source-interface Vlan-interface1
 ntp-service unicast-server 216.239.35.0
 ntp-service unicast-server 216.239.35.4
#
 load xml-configuration 
#
user-interface aux 0
 authentication-mode scheme
user-interface vty 0 15
 authentication-mode scheme
#
return

If I were you I would use the iperf tool [*] between your PC and the Ubiquiti EdgeRouter Lite router (iperf3 should be available through ERL shell and/or GUI) to test if really there are LAN speed differences between traffic flows between VLAN1 and ERL verus VLAN2 and ERL: that way you will test only the LAN (mono/bi-directional) speeds between a Host respectively connected to VLAN 1 port or to VLAN 2 port on the HPE 1920 and your Router excluding the Internet (WAN side) from the equation; testing the speed of your internet connection should eventually be done between your Router (from your Router or from a Host behind your Router) and a Server on Internet...but that is another whole different story because there are too many variables in between (Internet!) with respect to a test performed inside your LAN (Host <--> Switch <--> ERL).

If you change:

offload hwnat disable

on ERL to enable...what happens?

[*] read here, as example.

I enabled the the hwnat using the following options below from what I found online and that seemed to do it. The ERL doesn't allow to use the hwnat enable option. I noticed before enabling the offload my CPU was pegged at 100% each time I ran the speed test online. Is there a better way for inter-vlan routing? While it has improved it does still seem a bit more taxing on the ERL which still seems to reduced my bandwidth. My concern is that this is only 1 pc trying to reach the internet not a network of devices.

BTW Parnassus, thank you so much for helping me with this issue!

Enabling these are similar for the ER-Lite model:

set system offload ipv4 forwarding enable
set system offload ipv4 vlan enable
set system offload ipv4 pppoe enable

 

Since you both have a L3 switch and an edgerouter:
Let the 1920 do intervlan routing requiring at wirespeed,  and let the ER do NAT, and (statefull) firewalling.