I decided to replace the GPON operator terminal with my own one.
I purchased a MikroTik hex S and a GPON Stick Zyxel PMG3000-D20B for it. I installed SN from the “operator” terminal on the stick, the optical link “rose” (status O5), and on Mikrotik I collected all the interfaces in the bridge (eth1-5), except for sfp1. I configured a static IP on the SFP interface (the provider provides static ones), in general everything works and is good, BUT when running speedtest (from a PC connected to port eth1) the picture is as follows:
1. Download about 300MB (this is good, because the tariff is 300MB)
2 Upload does not rise above 5MB (from any port)
Please help me figure out where and what the problem is (maybe in Mikrotik or its settings, or in the stick itself)
P.S Export of settings is attached
Code: Select all
[mikrot@KLN-RT-01] > export hide-sensitive
# 2024-02-23 17:10:38 by RouterOS 7.13.5
# software id = CK0A-1JWD
#
# model = RB760iGS
# serial number = E1F10E4FXXX
/interface bridge
add admin-mac=2C:C8:1B:54:44:23 auto-mac=no comment=LAN name=bridge port-cost-mode=short priority=0
/interface ethernet
set [ find default-name=sfp1 ] auto-negotiation=no comment=WAN mac-address=94:4A:0C:40:E3:9F
/interface gre
add allow-fast-path=no comment=KLN_to_NSK local-address=146.158.113.xx name=gre-tunnel1 remote-address=109.174.xx.27
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/ip pool
add name=dhcp ranges=10.10.12.10-10.10.12.254
/ip dhcp-server
add add-arp=yes address-pool=dhcp interface=bridge lease-time=3d name=LAN
/port
set 0 name=serial0
/interface bridge port
add bridge=bridge comment=defconf interface=ether2 internal-path-cost=10 path-cost=10
add bridge=bridge comment=defconf interface=ether3 internal-path-cost=10 path-cost=10
add bridge=bridge comment=defconf interface=ether4 internal-path-cost=10 path-cost=10
add bridge=bridge comment=defconf interface=ether5 internal-path-cost=10 path-cost=10
add bridge=bridge interface=ether1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/ipv6 settings
set accept-redirects=no accept-router-advertisements=no disable-ipv6=yes forward=no
/interface l2tp-server server
set authentication=mschap2
/interface list member
add interface=bridge list=LAN
add interface=sfp1 list=WAN
/interface ovpn-server server
set auth=sha256,sha512 certificate=DigiCertGlobalRootCA.crt.pem_0 cipher=aes256-cbc,aes256-gcm protocol=udp tls-version=only-1.2
/interface pptp-server server
# PPTP connections are considered unsafe, it is suggested to use a more modern VPN protocol instead
set authentication=mschap2
/interface sstp-server server
set authentication=mschap2 tls-version=only-1.2
/ip address
add address=10.10.12.1/24 interface=bridge network=10.10.12.0
add address=146.158.113.xx/28 interface=sfp1 network=146.158.113.xx
add address=10.10.1.2/24 interface=sfp1 network=10.10.1.0
add address=10.11.12.10/30 interface=gre-tunnel1 network=10.11.12.8
/ip dhcp-server network
add address=10.10.12.0/24 dns-server=1.1.1.1,1.0.0.1 gateway=10.10.12.1 netmask=24
/ip dns
set use-doh-server=https://1.1.1.1/dns-query verify-doh-cert=yes
/ip firewall address-list
add address=116.203.xx.169 comment=HETZNER list=Winbox
add address=79.104.xx.242 comment=RABOTA list=Winbox
add address=109.174.xx.27 comment="NSK HOME" list=Winbox
/ip firewall filter
add action=accept chain=input comment="Established / Related" connection-state=established,related
add action=accept chain=forward connection-state=established,related
add action=drop chain=input comment=Invalid connection-state=invalid
add action=drop chain=forward connection-state=invalid
add action=accept chain=input comment="Winbox Input" dst-port=8291 in-interface-list=WAN protocol=tcp src-address-list=Winbox
add action=drop chain=input comment=DROP in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat ipsec-policy=out,none out-interface-list=WAN
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=146.158.113.xx pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add disabled=no dst-address=10.10.10.0/24 gateway=10.11.12.9 routing-table=main suppress-hw-offload=no
add disabled=no dst-address=10.10.20.0/24 gateway=10.11.12.9 routing-table=main suppress-hw-offload=no
add disabled=no dst-address=10.10.30.0/24 gateway=10.11.12.9 routing-table=main suppress-hw-offload=no
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set www-ssl tls-version=only-1.2
set api disabled=yes
set winbox port=8291
set api-ssl disabled=yes tls-version=only-1.2
/ip smb
set allow-guests=no
/ip ssh
set host-key-size=4096
/ipv6 nd
set [ find default=yes ] disabled=yes
/system console
set [ find ] disabled=yes
/system identity
set name=KLN-RT-01
/system note
set show-at-login=no
/tool bandwidth-server
set authenticate=no enabled=no
/tool mac-server
set allowed-interface-list=none
/tool mac-server mac-winbox
set allowed-interface-list=LAN
/tool mac-server ping
set enabled=no