Community discussions

MikroTik App
  4. RouterOS
  5. Beginner Basics

hex poe lite high cpu load management process

Post Reply
 
DAnEq
just joined
Topic Author
Posts: 1
Joined: Sun Mar 03, 2024 8:44 pm

hex poe lite high cpu load management process

Sun Mar 03, 2024 8:50 pm

hello
i have high cpu load management process
approximate management 35% cpu load, next - networking - 3.5%
firmware 7.13

config
Code: Select all
/interface bridge
add admin-mac=2C:C8:1B:C4:5D:AF auto-mac=no comment=defconf name=bridge port-cost-mode=short
/interface ethernet
set [ find default-name=ether5 ] name=1-floor
set [ find default-name=ether3 ] name=2-floor
set [ find default-name=ether4 ] name=3-floor
set [ find default-name=ether2 ] name=4-floor
set [ find default-name=ether1 ] name=Link_to_modem
/interface pppoe-client
add add-default-route=yes disabled=no interface=Link_to_modem name=pppoe-out2 service-name=pppoe1 use-peer-dns=yes user=05710831
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip kid-control
add fri=0s-1d mon=0s-1d name=system-dummy sat=0s-1d sun=0s-1d thu=0s-1d tue=0s-1d tur-fri=0s-1d tur-mon=0s-1d tur-sat=0s-1d tur-sun=0s-1d tur-thu=0s-1d tur-tue=0s-1d tur-wed=0s-1d wed=0s-1d
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.254
add name=vpn ranges=192.168.89.2-192.168.89.254
/ip dhcp-server
add address-pool=dhcp interface=bridge lease-time=8h name=defconf
/ppp profile
set *FFFFFFFE local-address=192.168.89.1 remote-address=vpn
/routing bgp template
set default disabled=no output.network=bgp-networks
/routing ospf instance
add disabled=no name=default-v2
/routing ospf area
add disabled=yes instance=default-v2 name=backbone-v2
/caps-man manager
set ca-certificate=auto certificate=auto
/interface bridge port
add bridge=bridge comment=defconf ingress-filtering=no interface=4-floor internal-path-cost=10 path-cost=10
add bridge=bridge comment=defconf ingress-filtering=no interface=2-floor internal-path-cost=10 path-cost=10
add bridge=bridge comment=defconf ingress-filtering=no interface=3-floor internal-path-cost=10 path-cost=10
add bridge=bridge comment=defconf ingress-filtering=no interface=1-floor internal-path-cost=10 path-cost=10
add bridge=bridge disabled=yes ingress-filtering=no interface=all internal-path-cost=10 path-cost=10
/ip neighbor discovery-settings
set discover-interface-list=LAN
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface l2tp-server server
set enabled=yes use-ipsec=yes
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=Link_to_modem list=WAN
add interface=*7 list=WAN
add interface=pppoe-out2 list=WAN
/interface ovpn-server server
set auth=sha1,md5
/interface sstp-server server
set default-profile=default-encryption
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=192.168.88.0
/ip cloud
set update-time=no
/ip dhcp-client
add comment=defconf disabled=yes interface=Link_to_modem
/ip dhcp-server lease
add address=192.168.88.251 client-id=1:dc:2c:6e:b8:44:88 mac-address=DC:2C:6E:B8:44:88 server=defconf
add address=192.168.88.252 client-id=1:dc:2c:6e:b3:20:d0 mac-address=DC:2C:6E:B3:20:D0 server=defconf
add address=192.168.88.253 client-id=1:dc:2c:6e:b8:44:4c mac-address=DC:2C:6E:B8:44:4C server=defconf
add address=192.168.88.254 client-id=1:dc:2c:6e:b3:21:3a mac-address=DC:2C:6E:B3:21:3A server=defconf
add address=192.168.88.250 client-id=1:b4:4c:3b:69:1a:9e mac-address=B4:4C:3B:69:1A:9E server=defconf
add address=192.168.88.20 client-id=1:dc:f5:5:c6:be:17 mac-address=DC:F5:05:C6:BE:17 server=defconf
add address=192.168.88.249 client-id=1:78:9a:18:d7:64:89 mac-address=78:9A:18:D7:64:89 server=defconf
add address=192.168.88.65 client-id=1:c4:35:d9:96:d6:4 mac-address=C4:35:D9:96:D6:04 server=defconf
add address=192.168.88.52 client-id=1:72:46:90:2:aa:ad mac-address=98:60:CA:EE:75:9A server=defconf
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf dns-server=8.8.8.8,8.8.4.4,1.1.1.1,1.0.0.1,9.9.9.9 gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes cache-max-ttl=3h max-concurrent-queries=256 max-concurrent-tcp-sessions=256 query-total-timeout=3s servers=8.8.8.8,8.8.4.4,9.9.9.9,1.1.1.1,1.0.0.1
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related hw-offload=yes
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid disabled=yes
add action=drop chain=input comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!srcnat,dstnat connection-state=new disabled=yes in-interface-list=WAN log=yes
add action=drop chain=input comment="block external dns querry" disabled=yes dst-port=53 in-interface=pppoe-out2 protocol=udp
add action=accept chain=input in-interface=pppoe-out2 log=yes src-address=8.8.8.8
add action=accept chain=output dst-address=8.8.8.8 out-interface=pppoe-out2
add action=accept chain=output dst-address=8.8.8.8 log=yes out-interface=bridge
add action=drop chain=input dst-port=53 in-interface=pppoe-out2 protocol=udp
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
add action=masquerade chain=srcnat comment="masq. vpn traffic" src-address=192.168.89.0/24
add action=dst-nat chain=dstnat disabled=yes dst-port=12251 protocol=tcp to-addresses=192.168.88.251 to-ports=80
add action=dst-nat chain=dstnat disabled=yes dst-port=12252 protocol=tcp to-addresses=192.168.88.252 to-ports=80
add action=dst-nat chain=dstnat disabled=yes dst-port=12253 protocol=tcp to-addresses=192.168.88.253 to-ports=80
add action=dst-nat chain=dstnat disabled=yes dst-port=12254 protocol=tcp to-addresses=192.168.88.254 to-ports=80
/ip nat-pmp
set enabled=yes
/ip nat-pmp interfaces
add interface=pppoe-out2 type=external
add interface=bridge type=internal
/ip service
set telnet address=192.168.88.0/23 disabled=yes
set ftp address=192.168.88.0/23 disabled=yes
set www address=192.168.88.0/23
set ssh address=192.168.88.0/23 disabled=yes
set www-ssl address=192.168.88.0/23
set api disabled=yes
set winbox address=192.168.88.0/23
set api-ssl address=192.168.88.0/23 disabled=yes
/ip smb
set allow-guests=no
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=pppoe-out2 type=external
add interface=bridge type=internal
/ppp secret
add name=vpn
/routing bfd configuration
add disabled=no
/snmp
set enabled=yes
/system clock
set time-zone-name=Europe/Kyiv
/system identity
set name=RiOni
/system note
set show-at-login=no
/system watchdog
set automatic-supout=no watchdog-timer=no
/tool bandwidth-server
set authenticate=no enabled=no
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
if i disable allow-remote-reqests than cpu load is less, but dns does not work
Top
Post Reply

Who is online

Users browsing this forum: mszru and 14 guests
  4. RouterOS
  5. Beginner Basics