L009UiGS dropping SFP randomly

Hi folks!

I recently got myself the L009UiGS. I’m on ROS v7.16.1, powered by PoE on port 1, with SFP WAN from Bell Aliant. The SFP module is a 3FE46541AA from ALCATELLUCENT, which I believe is also known as G-010S-A.

Unfortunately the L009 is randomly dropping the SFP link with no obvious cause. It usually takes a few minutes to get an IP from the ISP again. This happens multiple times per day; this is not acceptable. Here is a snipped from the log – note that “Bell Fibe” is a VLAN on top of sfp1, necessary for my ISP.

 18:47:16 interface,info sfp1 link down
 18:47:16 dhcp,info dhcp-client on Bell Fibe lost IP address 142.162.49.85 - lease stopped locally
 18:48:56 interface,info sfp1 link up (speed 2.5G, full duplex)
 18:49:00 dhcp,info dhcp-client on Bell Fibe got IP address 142.162.49.85
 19:11:18 dhcp,info Private deassigned 192.168.2.200 for 00:15:64:09:EE:53 X32C-09-EE-53
 19:11:18 dhcp,info Private assigned 192.168.2.200 for 00:15:64:09:EE:53 X32C-09-EE-53
 19:12:31 wireless,info D2:D3:F4:5E:C2:64@cAP ax (LR)-5-Private roamed to D2:D3:F4:5E:C2:64@cAP ax (JO)-5-Private, signal strength -48
 19:14:25 wireless,info D2:D3:F4:5E:C2:64@cAP ax (JO)-5-Private roamed to D2:D3:F4:5E:C2:64@cAP ax (JO)-2.4-Private, signal strength -52
 19:14:27 wireless,info 82:BB:FA:2D:A4:18@cAP ax (JO)-5-Private roamed to 82:BB:FA:2D:A4:18@cAP ax (LR)-5-Private, signal strength -54
 19:18:43 interface,info sfp1 link down
 19:18:44 dhcp,info dhcp-client on Bell Fibe lost IP address 142.162.49.85 - lease stopped locally
 19:20:20 interface,info sfp1 link up (speed 2.5G, full duplex)
 19:20:25 dhcp,info dhcp-client on Bell Fibe got IP address 142.162.49.85

To get it out of the way, here is my config:

# 2024-10-21 19:14:21 by RouterOS 7.16.1
# software id = T97P-F53U
#
# model = L009UiGS
# serial number = HGG09MS96Z5
/interface bridge
add admin-mac=D4:01:C3:B2:71:BB auto-mac=no comment=Master name=Bridge \
    vlan-filtering=yes
add comment=Management name=Management
/interface ethernet
set [ find default-name=sfp1 ] auto-negotiation=no
/interface vlan
add interface=sfp1 name="Bell Fibe" vlan-id=35
add interface=Bridge name="Guest VLAN" vlan-id=200
add interface=Bridge name="Private VLAN" vlan-id=100
add interface=Bridge name="cAPsMAN VLAN" vlan-id=99
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wifi channel
add band=5ghz-ax comment=5G disabled=no name=5 width=20/40/80mhz
add band=2ghz-ax comment=2.4G disabled=no name=2.4 width=20mhz
/interface wifi datapath
add bridge=Bridge comment=Private disabled=no name=Private vlan-id=100
add bridge=Bridge comment=Guest disabled=no name=Guest vlan-id=200
/interface wifi security
add authentication-types=wpa2-psk,wpa3-psk comment="Private Security" \
    disabled=no ft=yes ft-over-ds=yes name=Private
add authentication-types=wpa2-psk,wpa3-psk comment="Guest Security" disabled=\
    no ft=yes ft-over-ds=yes name=Guest
/interface wifi configuration
add channel=5 comment="Private 5" country=Canada datapath=Private disabled=no \
    mode=ap name="Private 5" security=Private ssid=SphericalCow tx-power=6
add channel=2.4 comment="Private 2.4" country=Canada datapath=Private \
    disabled=no mode=ap name="Private 2.4" security=Private ssid=SphericalCow
add channel=5 comment="Guest 5" datapath=Guest disabled=no mode=ap name=\
    "Guest 5" security=Guest ssid=CubicalBull
add channel=2.4 comment="Guest 2.4" country=Canada datapath=Guest disabled=no \
    mode=ap name="Guest 2.4" security=Guest ssid=CubicalBull
/ip pool
add comment="Private Pool" name=Private ranges=192.168.2.100-192.168.2.200
add comment="Management Pool" name=Management ranges=\
    192.168.0.100-192.168.0.200
add comment="Guest Pool" name=Guest ranges=192.168.200.100-192.168.200.200
/ip dhcp-server
add add-arp=yes address-pool=Private comment="Private DHCP Pool" interface=\
    "Private VLAN" lease-time=1h name=Private
add add-arp=yes address-pool=Management comment="Management DHCP Server" \
    interface=Management name=Management
add add-arp=yes address-pool=Guest comment="Guest DHCP Server" interface=\
    "Guest VLAN" name=Guest
/port
set 0 name=serial0
/disk settings
set auto-media-interface=Bridge auto-media-sharing=yes auto-smb-sharing=yes
/interface bridge port
add bridge=Bridge interface=ether2 pvid=100
add bridge=Bridge interface=ether3 pvid=100
add bridge=Bridge interface=ether4 pvid=100
add bridge=Bridge interface=ether5 pvid=100
add bridge=Bridge interface=ether6 pvid=100
add bridge=Bridge interface=ether7 pvid=100
add bridge=Management interface=ether8
add bridge=Bridge interface=ether1 pvid=100
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface bridge vlan
add bridge=Bridge comment=cAPsMAN tagged=Bridge,ether1,ether3 vlan-ids=99
add bridge=Bridge comment=Private tagged=Bridge,ether1,ether2,ether3 \
    untagged=ether4,ether5,ether6,ether7 vlan-ids=100
add bridge=Bridge comment=Guest tagged=Bridge,ether1,ether3 vlan-ids=200
/interface list member
add interface="Private VLAN" list=LAN
add interface="Bell Fibe" list=WAN
add interface=Management list=LAN
add interface="Guest VLAN" list=LAN
/interface wifi capsman
set enabled=yes interfaces="cAPsMAN VLAN" package-path="" \
    require-peer-certificate=no upgrade-policy=none
/interface wifi provisioning
add action=create-dynamic-enabled comment=5G disabled=no \
    master-configuration="Private 5" name-format=%I-5-Private \
    slave-configurations="Guest 5" slave-name-format=%I-5-Guest \
    supported-bands=5ghz-ax
add action=create-dynamic-enabled comment=2.4G disabled=no \
    master-configuration="Private 2.4" name-format=%I-2.4-Private \
    slave-configurations="Guest 2.4" slave-name-format=%I-2.4-Guest \
    supported-bands=2ghz-ax
/ip address
add address=192.168.2.1/24 comment=Private interface="Private VLAN" network=\
    192.168.2.0
add address=192.168.0.1/24 comment=Management interface=Management network=\
    192.168.0.0
add address=192.168.1.1/24 comment=cAPsMAN interface="cAPsMAN VLAN" network=\
    192.168.1.0
add address=192.168.200.1/24 comment=Guest interface="Guest VLAN" network=\
    192.168.200.0
/ip cloud
set update-time=no
/ip dhcp-client
add interface="Bell Fibe"
/ip dhcp-server network
add address=192.168.0.0/24 comment="Management Network" dns-server=\
    192.168.0.1 gateway=192.168.0.1
add address=192.168.2.0/24 comment="Private Network" dns-server=192.168.2.1 \
    gateway=192.168.2.1 netmask=24
add address=192.168.200.0/24 comment="Guest Network" dns-server=192.168.200.1 \
    gateway=192.168.200.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.2.1 comment=defconf name=router.lan type=A
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
    "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related hw-offload=yes
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ip upnp
set allow-disable-external-interface=yes enabled=yes
/ip upnp interfaces
add interface="Bell Fibe" type=external
add interface="Private VLAN" type=internal
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=\
    icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" \
    dst-port=33434-33534 protocol=udp
add action=accept chain=input comment=\
    "defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=\
    udp src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 \
    protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=\
    ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=\
    ipsec-esp
add action=accept chain=input comment=\
    "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment=\
    "defconf: drop everything else not coming from LAN" in-interface-list=\
    !LAN
add action=accept chain=forward comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
add action=drop chain=forward comment=\
    "defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" \
    hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=\
    icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=\
    500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=\
    ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=\
    ipsec-esp
add action=accept chain=forward comment=\
    "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment=\
    "defconf: drop everything else not coming from LAN" in-interface-list=\
    !LAN
/system clock
set time-zone-name=America/Moncton
/system identity
set name="L009UiGS"
/system note
set show-at-login=no
/system package update
set channel=testing
/system routerboard settings
set enter-setup-on=delete-key
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN

This has been happening for a few days. This was not an issue with my hEX S, which the L009 was supposed to replace.

Things I have tried:

• Upgrading to dev ROS
• Reset config and run MWE
• Cleaned the contacts of the SFP module
• Setting Interface>sfp1>“Rate Select” to “low” instead of “high”
• Disabling SFP auto-negotiation and fixing 2.5G, 1G, 100M
• Enabling Interface>sfp1>“Ignore RX LOS”
• Enabling Interface>sfp1>“Tx Flow Control” and “Rx Flow Control”
• Setting Interface>sfp1>“Loop Protect” to “off”

Nothing works.

Interesting things to note that may or may not be relevant:

• In the hEX S, Interface>sfp1>Status>“Link Partner Advertising” would populate with a list of advertised speeds from the Bell gateway I was connected to. This does not appear on the L009; the list is empty.
• In the L009, Interface>sfp1>SFP>“SFP Supported” shows “1G baseX” and “10G baseSR LR”. In the hEX S, this list was empty.
• The SFP link dropping does not appear to depend on the DHCP lease; i.e. there is no indication that this is a failure to renew the lease, as the link drop has occurred at random lease remain times.
• Acquiring an IP address is almost instant on the hEX S. On the L009, it takes upwards of two minutes between sfp1 going up and an IP being pulled from the gateway.
• The temperature is similar on both the L009 and the hEX S, about 45 C. It fluctuates between 40 C and 50 C.
• Auto negotiation on both the L009 and the hEX S gives me a 1G connection.

Please note that it is not possible to swap SFP modules as I must use the one provided by my ISP.

Any help that you can provide would be greatly appreciated – I want to like the L009 but if it keeps dropping me for two to three minutes at a time, multiple times per day, it’s going through a window.

On your Mikrotik - in the interface sfp section …
What is the distance and signal strength ?
also - did you reset your mac address on the sfp interface ?

Hi! Thanks for the reply.

1. The distance is 40km.
2. Tx Power is ~2.2 dBm.
3. Rx power is ~-17.2 dBm on the L009 and -16.8 dBm on the hEX S. Within margin of error, I imagine.
4. I did not reset any MAC addresses. Could you explain how this might help on the L009 but isn’t necessary on the hEX S?

If I am correct , your SFP module is a GPON adapter. ( I think it is a complete GPON on a stick module ). – Am I correct ?

Have you done a side by side export comparison of your configurations in both of your Mikrotik routers ?

You may also ( for the heck of it look at the temperature of your SFP device.

It is one of these: https://www.al-enterprise.com/-/media/assets/internet/documents/ale-gpon-nokia-ont-g-010s-a-datasheet-en.pdf

I have done a side-by-side comparison, or at least as much as I can with two different routers. I cannot find anything that would obviously cause this problem. I configured the L009 from scratch in the same fashion as I did the hEX S.

The SFP is slightly warmer in the hEX S, now that I’ve checked. It sits around 52 C. In the L009 is was at 45 C or so.

Running in to the same issue with a Zyxel PMG3000-D20B. Works fine in RB260GS (which I now use as a “media converter”.) but randomly dropping in my L009.

While I am sorry you are having trouble, I will admit I’m glad it’s not just a “me” problem.

In any case I lost my job this week and thus could not afford the luxury of waiting around for a $200 router to work properly. I have since returned the L009 and will be sticking with the hEX S for the time being.

I hope a fix comes out nonetheless.

I am having a similar issue after I moved and switched over to the G-010S-A, although not as frequent as OP. I am using the G-010S-A with a RB5009 on Bell.

Additionally, if I set auto-negotiation it will not negotiate to 2.5G but if I set it manually, it is fine.

I did not have this issue before I moved when I was using the Huawei SFP.

I got a new job and splurged on an RB5009.

I had the same issue but only if 10G was advertised. If I remove 10G from my advertised speeds, I immediately get an IP – but I only sync at 1G, not 2.5G which I would expect for my 1.5G plan.

I will experiment some more this evening with different link speeds and auto-negotiation selections and see what is stable.

I have been using a G-010S-P from ALCATELLUCENT (should be similar enough to your G-010S-A) since a couple of years with my RB5009 without any problem. You should try to turn off Auto-Negotiation and set the Speed to 2.5G baseX explicitly.

However, I do put head sinks on the G-010S-P and there is active airflow going around my RB5009, otherwise the G-010S-P would be very hot! The previous issues with your L009 might be heat-related.

Certainly not heat related. I was at around 50 degrees I believe.