Re: HP1920 Vlan caps bandwidth at 150Mbps

I'm simply going to speedtest.net and checking my internet speed. When I'm on Vlan 1 (Trunk port) I get my expected 350mbps speeds. When I plug into vlan 2 it seems to cap my speed test at 150mbps. I don't have anything else plugged into the switch, just the one PC.

The ubiquiti ERL is doing the IP routing between the two vlans. Aside from Masquerade, I don't really have any rules setup for NAT. I don't think I can setup the pc on a Vlan when connecting directly to the router. There is only 3 ports in total. I included both the config files of each device below:

ERL Router

firewall {
    all-ping enable
    broadcast-ping disable
    group {
    }
    ipv6-receive-redirects disable
    ipv6-src-route disable
    ip-src-route disable
    log-martians enable
    name WAN_IN {
        default-action drop
        description "Packets from Internet to LAN"
        enable-default-log
        rule 1 {
            action accept
            description "Allow established sessions"
            log disable
            protocol all
            state {
                established enable
                invalid disable
                new disable
                related enable
            }
        }
        rule 2 {
            action drop
            description "Drop invalid state"
            log disable
            protocol all
            state {
                established disable
                invalid enable
                new disable
                related disable
            }
        }
    }
    name WAN_LOCAL {
        default-action drop
        description "Packets from Intenet to Router"
        enable-default-log
        rule 1 {
            action accept
            description "Allow established sessions"
            log disable
            protocol all
            state {
                established enable
                invalid disable
                new disable
                related enable
            }
        }
        rule 2 {
            action drop
            description "Drop invalid state"
            log disable
            protocol all
            state {
                established disable
                invalid enable
                new disable
                related disable
            }
        }
    }
    receive-redirects disable
    send-redirects enable
    source-validation disable
    syn-cookies enable
}
interfaces {
    ethernet eth0 {
        address dhcp
        description WAN
        duplex auto
        firewall {
            in {
                name WAN_IN
            }
            local {
                name WAN_LOCAL
            }
            out {
            }
        }
        speed auto
    }
    ethernet eth1 {
        address 192.168.1.1/24
        description LAN
        duplex auto
        speed auto
        vif 10 {
            address 192.168.10.1/24
            description eth1.main_network
        }
    }
    ethernet eth2 {
        address 192.168.2.1/24
        description WiFi
        duplex auto
        speed auto
    }
    loopback lo {
    }
}
port-forward {
    auto-firewall enable
    hairpin-nat enable
    lan-interface eth1
    lan-interface eth2
    wan-interface eth0
}
protocols {
    static {
    }
}
service {
    dhcp-server {
        disabled false
        hostfile-update disable
        shared-network-name LAN {
            authoritative disable
            subnet 192.168.1.0/24 {
                default-router 192.168.1.1
                dns-server 68.105.28.12
                dns-server 68.105.29.12
                lease 86400
                start 192.168.1.100 {
                    stop 192.168.1.255
                }
                static-mapping EPSON41B5DF {
                    ip-address 192.168.1.210
                    mac-address ac:18:26:41:b5:df
                }
                static-mapping XboxOne {
                    ip-address 192.168.1.200
                    mac-address 4c:0b:be:3a:40:59
                }
            }
        }
        shared-network-name Main_Network {
            authoritative disable
            subnet 192.168.10.0/24 {
                default-router 192.168.10.1
                dns-server 192.168.10.1
                lease 86400
                start 192.168.10.100 {
                    stop 192.168.10.150
                }
            }
        }
        shared-network-name WiFi {
            authoritative disable
            subnet 192.168.2.0/24 {
                default-router 192.168.2.1
                dns-server 192.168.2.1
                lease 86400
                start 192.168.2.100 {
                    stop 192.168.2.200
                }
            }
        }
        use-dnsmasq disable
    }
    dns {
        forwarding {
            cache-size 5000
            listen-on eth1
            listen-on eth2
            listen-on eth1.10
        }
    }
    gui {
        http-port 80
        https-port 443
        older-ciphers enable
    }
    nat {
        rule 5000 {
            description "Masquerade for LAN"
            log disable
            outbound-interface eth0
            type masquerade
        }
    }
    ssh {
        port 22
        protocol-version v2
    }
    upnp {
        listen-on eth1 {
            outbound-interface eth0
        }
        listen-on eth2 {
            outbound-interface eth0
        }
    }
    upnp2 {
        listen-on eth1
        nat-pmp disable
        secure-mode disable
        wan eth0
    }
}
system {
    conntrack {
        expect-table-size 4096
        hash-size 4096
        table-size 32768
        tcp {
            half-open-connections 512
            loose enable
            max-retrans 3
        }
    }
    host-name ubnt
    login {
        user {
            authentication {
                encrypted-password 
                plaintext-password ""
            }
            full-name ""
            level admin
        }
    }
    ntp {
        server 0.ubnt.pool.ntp.org {
        }
        server 1.ubnt.pool.ntp.org {
        }
        server 2.ubnt.pool.ntp.org {
        }
        server 3.ubnt.pool.ntp.org {
        }
    }
    offload {
        hwnat disable
        ipsec enable
        ipv4 {
            forwarding enable
        }
        ipv6 {
            forwarding disable
        }
    }
    syslog {
        global {
            facility all {
                level notice
            }
            facility protocols {
                level debug
            }
        }
    }
    time-zone America/Los_Angeles
}

HP1920 Switch

#
 version 5.20.99, Release 1114
#
 sysname SW1
#
 clock timezone "Pacific Time(US,Canada)" minus 08:00:00 
#
 dhcp relay server-group 0 ip 192.168.1.1
#
 domain default enable system 
#
 ipv6
#
 telnet server enable 
#
 ssl version ssl3.0 disable
#
 web idle-timeout 999
#
 password-recovery enable
#
vlan 1
#
vlan 10
 description Main Network
#
domain system 
 access-limit disable 
 state active 
 idle-cut disable 
 self-service-url disable 
#
user-group system
 group-attribute allow-guest
#
local-user admin
 password cipher 
 authorization-attribute level 3
 service-type telnet terminal
 service-type web
#
 stp mode rstp
 stp enable
#
interface NULL0
#
interface Vlan-interface1
 ip address 192.168.1.2 255.255.255.0 
#
interface Vlan-interface10
 ip address 192.168.10.2 255.255.255.0 
 dhcp select relay
 dhcp relay server-select 0
#
interface GigabitEthernet1/0/1
 port link-type trunk
 port trunk permit vlan 1 10
 port auto-power-down
 stp edged-port enable
 dhcp-snooping trust
#
interface GigabitEthernet1/0/2
 port access vlan 10
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/3
 port link-type hybrid
 port hybrid vlan 1 untagged
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/4
 port access vlan 10
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/5
 port link-type hybrid
 port hybrid vlan 1 untagged
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/6
 port link-type hybrid
 port hybrid vlan 1 untagged
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/7
 port link-type hybrid
 port hybrid vlan 1 untagged
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/8
 port link-type hybrid
 port hybrid vlan 1 untagged
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/9
 port link-type hybrid
 port hybrid vlan 1 untagged
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/10
 port link-type hybrid
 port hybrid vlan 1 untagged
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/11
 port link-type hybrid
 port hybrid vlan 1 untagged
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/12
 port link-type hybrid
 port hybrid vlan 1 untagged
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/13
 port link-type hybrid
 port hybrid vlan 1 untagged
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/14
 port link-type hybrid
 port hybrid vlan 1 untagged
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/15
 port link-type hybrid
 port hybrid vlan 1 untagged
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/16
 port link-type hybrid
 port hybrid vlan 1 untagged
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/17
 port link-type hybrid
 port hybrid vlan 1 untagged
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/18
 port link-type hybrid
 port hybrid vlan 1 untagged
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/19
 port link-type hybrid
 port hybrid vlan 1 untagged
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/20
 port link-type hybrid
 port hybrid vlan 1 untagged
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/21
 port link-type hybrid
 port hybrid vlan 1 untagged
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/22
 port link-type hybrid
 port hybrid vlan 1 untagged
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/23
 port link-type hybrid
 port hybrid vlan 1 untagged
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/24
 port link-type hybrid
 port hybrid vlan 1 untagged
 port auto-power-down
 stp edged-port enable
#
interface GigabitEthernet1/0/25
 port link-type hybrid
 port hybrid vlan 1 untagged
 stp edged-port enable
#
interface GigabitEthernet1/0/26
 port link-type hybrid
 port hybrid vlan 1 untagged
 stp edged-port enable
#
interface GigabitEthernet1/0/27
 port link-type hybrid
 port hybrid vlan 1 untagged
 stp edged-port enable
#
interface GigabitEthernet1/0/28
 port link-type hybrid
 port hybrid vlan 1 untagged
 stp edged-port enable
#
 dhcp-snooping
#
 ip route-static 0.0.0.0 0.0.0.0 192.168.1.1 preference 10
#
 undo info-center logfile enable
#
 snmp-agent
 snmp-agent local-engineid 383030303633413236353133443839343033454233414530
 snmp-agent sys-info contact Hewlett Packard Enterprise Company           3000 Hanover St           Palo Alto, CA 94304
 snmp-agent sys-info version v3
#
 dhcp enable 
#
 ntp-service source-interface Vlan-interface1
 ntp-service unicast-server 216.239.35.0
 ntp-service unicast-server 216.239.35.4
#
 load xml-configuration 
#
user-interface aux 0
 authentication-mode scheme
user-interface vty 0 15
 authentication-mode scheme
#
return

I enabled the the hwnat using the following options below from what I found online and that seemed to do it. The ERL doesn't allow to use the hwnat enable option. I noticed before enabling the offload my CPU was pegged at 100% each time I ran the speed test online. Is there a better way for inter-vlan routing? While it has improved it does still seem a bit more taxing on the ERL which still seems to reduced my bandwidth. My concern is that this is only 1 pc trying to reach the internet not a network of devices.

BTW Parnassus, thank you so much for helping me with this issue!

Enabling these are similar for the ER-Lite model:

set system offload ipv4 forwarding enable
set system offload ipv4 vlan enable
set system offload ipv4 pppoe enable

Since you both have a L3 switch and an edgerouter:
Let the 1920 do intervlan routing requiring at wirespeed,  and let the ER do NAT, and (statefull) firewalling.