Rb5009 sfp altibox fiber

RouterOS Beginner Basics
1

Hi,

I’m having problem with this with no traffic going out to the WAN
I’m getting no ip from isp with my sfp :\

vlans used by isp : 100 (VOIP), 101 (IPTV) and 102 (Internet)

Info about the gbic:
/interface/ethernet/monitor sfp-sfpplus1
name: sfp-sfpplus1
status: link-ok
auto-negotiation: done
rate: 1Gbps
full-duplex: yes
tx-flow-control: no
rx-flow-control: no
supported: 10M-baseT-half,10M-baseT-full,100M-baseT-half,100M-baseT-full,1G-baseT-half,1G-baseT-full,1G-baseX,2.5G-baseT,2.5G-baseX,5G-baseT,10G-baseT,10G-baseSR-LR,10G-baseCR
sfp-supported: 1G-baseX
advertising: 1G-baseX
link-partner-advertising:
sfp-module-present: yes
sfp-rx-loss: no
sfp-tx-fault: no
sfp-type: SFP/SFP+/SFP28/SFP56
sfp-connector-type: LC
sfp-link-length-sm: 20km
sfp-vendor-name: OEM
sfp-vendor-part-number: SFP-BX-U31
sfp-vendor-revision: 1.0
sfp-vendor-serial: F10GU14542
sfp-manufacturing-date: 23-01-04
sfp-wavelength: 1310nm
sfp-temperature: 30C
sfp-supply-voltage: 3.316V
sfp-tx-bias-current: 23mA
sfp-tx-power: -6.051dBm
sfp-rx-power: -6.802dBm
eeprom-checksum: good
eeprom: 0000: 03 04 07 00 00 00 00 00 00 00 00 01 0d 00 14 c8 … …
0010: 00 00 00 00 4f 45 4d 20 20 20 20 20 20 20 20 20 …OEM
0020: 20 20 20 20 00 00 00 00 53 46 50 2d 42 58 2d 55 … SFP-BX-U
0030: 33 31 20 20 20 20 20 20 31 2e 30 20 05 1e 00 a1 31 1.0 …
0040: 00 1a 00 00 46 31 30 47 55 31 34 35 34 32 20 20 …F10G U14542
0050: 20 20 20 20 32 33 30 31 30 34 20 20 68 90 01 80 2301 04 h…
0060: 2d 00 11 81 64 a2 0e c9 9c cd 67 bf 7b 13 8a c5 -…d… ..g.{…
0070: 69 01 e1 00 00 00 00 00 00 00 00 00 58 6b 9e cd i… …Xk..
0080: 64 00 d8 00 5a 00 dd 00 8b 74 76 5c 88 b8 77 ec d…Z… .tv..w.
0090: af c8 03 e8 9c 40 07 d0 18 a6 03 e8 13 94 04 eb …@.. …
00a0: 18 a6 00 3f 13 94 00 4f 00 00 00 00 00 00 00 00 …?..O …
00b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 … …
00c0: 00 00 00 00 3f 80 00 00 00 00 00 00 01 00 00 00 …?.. …

And here is my running config:

# 1970-01-02 01:41:43 by RouterOS 7.16.1
# software id = 9QMV-VT77
#
# model = RB5009UPr+S+
# serial number = <edited>
/disk
set usb1 media-interface=none media-sharing=no
/interface bridge
add admin-mac=74:4D:28:27:8E0 auto-mac=no comment=defconf igmp-snooping=yes \
name=bridge-lan
/interface ethernet
set [ find default-name=ether7 ] name="ether7[wifi-ap]"
set [ find default-name=ether8 ] name="ether8[htpc-dl]"
set [ find default-name=sfp-sfpplus1 ] mac-address=XX:XX:XX:XX:XX:XX (Mac adresse hjemmesentral)
/interface vlan
add interface=sfp-sfpplus1 name=vlan-altibox-internett vlan-id=102
add interface=sfp-sfpplus1 name=vlan-altibox-iptv vlan-id=101
add interface=sfp-sfpplus1 name=vlan-altibox-voip vlan-id=100
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/ip dhcp-client option
add code=60 name=vendor-class-identifier value=0x46542D503334313042
/ip dhcp-server option
add code=43 name=q22 value=\
"'Altibox-TMS-Server-Address:https://tmc.services.altibox.net:37020/acs'"
/ip pool
add name=dhcp ranges=192.168.1.50-192.168.1.100
/ip dhcp-server
add address-pool=dhcp interface=bridge-lan lease-time=23h59m name=lan
/interface bridge port
add bridge=bridge-lan comment=defconf ingress-filtering=no interface=ether2
add bridge=bridge-lan comment=defconf ingress-filtering=no interface=ether3
add bridge=bridge-lan comment=defconf ingress-filtering=no interface=ether4
add bridge=bridge-lan comment=defconf ingress-filtering=no interface=ether5
add bridge=bridge-lan comment=defconf ingress-filtering=no interface=ether6
add bridge=bridge-lan comment=defconf ingress-filtering=no interface=\
"ether7[wifi-ap]"
add bridge=bridge-lan comment=defconf ingress-filtering=no interface=\
"ether8[htpc-dl]"
add bridge=bridge-lan ingress-filtering=no interface=ether1
/interface list member
add comment=defconf interface=bridge-lan list=LAN
add comment=defconf interface=vlan-altibox-internett list=WAN
/ip address
add address=192.168.1.1/24 comment=defconf interface=ether1 network=\
192.168.1.0
/ip dhcp-client
add add-default-route=special-classless default-route-distance=100 \
dhcp-options=vendor-class-identifier interface=vlan-altibox-voip \
use-peer-dns=no use-peer-ntp=no
add add-default-route=special-classless default-route-distance=100 \
dhcp-options=vendor-class-identifier interface=vlan-altibox-iptv \
use-peer-dns=no use-peer-ntp=no
add dhcp-options=vendor-class-identifier interface=vlan-altibox-internett
add interface=sfp-sfpplus1
/ip dhcp-server network
add address=192.168.1.0/24 comment=defconf dhcp-option=q22 dns-server=\
192.168.1.1 gateway=192.168.1.1 netmask=24 ntp-server=\
92.220.229.76,109.247.114.45,45.14.53.68,92.220.229.77
/ip firewall address-list
add address=192.168.1.2-192.168.1.254 list=allowed_to_router
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=accept chain=input in-interface=vlan-altibox-iptv protocol=igmp
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related hw-offload=yes
add action=accept chain=forward connection-state=established,related
add action=accept chain=input src-address-list=allowed_to_router
add action=accept chain=input comment="WAN to router" connection-state=\
established,related in-interface-list=WAN
add action=accept chain=input src-address-list=allowed_to_router
add action=drop chain=input in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none log=yes out-interface=vlan-altibox-internett
add action=masquerade chain=srcnat out-interface=vlan-altibox-iptv
add action=masquerade chain=srcnat out-interface=vlan-altibox-voip
/ipv6 address
# address pool error: pool not found: ipv6-pd (4)
add address=::1 from-pool=ipv6-pd interface=bridge-lan
/ipv6 dhcp-client
add add-default-route=yes comment="Altibox pd" interface=\
vlan-altibox-internett pool-name=ipv6-pd prefix-hint=::/56 request=\
address,prefix use-peer-dns=no
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
add address=::224.0.0.0/100 comment="defconf: other" list=bad_ipv6
add address=::127.0.0.0/104 comment="defconf: other" list=bad_ipv6
add address=::/104 comment="defconf: other" list=bad_ipv6
add address=::255.0.0.0/104 comment="defconf: other" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=\
ipsec-ah
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=\
icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" port=\
33434-33534 protocol=udp
add action=accept chain=input comment=\
"defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=\
udp src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 \
protocol=udp
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=\
ipsec-esp
add action=accept chain=input comment=\
"defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment=\
"defconf: drop everything else not coming from LAN" in-interface-list=\
!LAN
add action=accept chain=forward comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
add action=drop chain=forward comment=\
"defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" \
hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=\
icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=\
500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=\
ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=\
ipsec-esp
add action=accept chain=forward comment=\
"defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment=\
"defconf: drop everything else not coming from LAN" in-interface-list=\
!LAN
/ipv6 nd
set [ find default=yes ] interface=bridge-lan other-configuration=yes
/routing igmp-proxy
set quick-leave=yes
/routing igmp-proxy interface
add alternative-subnets=0.0.0.0/0 interface=vlan-altibox-iptv upstream=yes
add interface=bridge-lan
/system clock
set time-zone-name=Europe/Oslo
/system note
set show-at-login=no
/system ntp client
set enabled=yes
/system ntp client servers
add address=ntp.altibox.no
Compatibility with Ubiquiti SFP+ transcoders on Mikrotik switch
2

IMO the problem is this:

advertising: 1G-baseX
link-partner-advertising:

Note the empty field “link-partner-advertising”. Which means that autonegotiation doesn’t happen. Try to set port speed to 1Gbps and disable autonegotiation on sfp-sfpplus1 port (under ethernet configuration).

3

i’ve received this info from another user using a mikrotik gbic and link-partner-advertising:is empty too

/interface/ethernet/monitor sfp-sfpplus1
name: sfp-sfpplus1
status: link-ok
auto-negotiation: done
rate: 1Gbps
full-duplex: yes
tx-flow-control: no
rx-flow-control: no
fec: off
supported: 10M-baseT-half,10M-baseT-full,100M-baseT-half,100M-baseT-full,1G-baseT-half,1G-baseT-full,1G-baseX,10G-baseT,10G-baseSR-LR,10G-baseCR
sfp-supported: 1G-baseX
advertising: 1G-baseX
link-partner-advertising:
sfp-module-present: yes
sfp-rx-loss: no
sfp-tx-fault: no
sfp-type: SFP/SFP+/SFP28/SFP56
sfp-connector-type: LC
sfp-link-length-sm: 20km
sfp-vendor-name: MikroTik
sfp-vendor-part-number: S-35LC20D
sfp-vendor-serial: MT812106525
sfp-manufacturing-date: 19-01-04
sfp-wavelength: 1310nm
sfp-temperature: 58C
sfp-supply-voltage: 3.2V
sfp-tx-bias-current: 23mA
sfp-tx-power: -5.909dBm
sfp-rx-power: -6.607dBm
eeprom-checksum: good
eeprom: 0000: 03 04 07 00 00 00 40 22 00 01 00 01 0d 00 14 c8 …@" …
0010: 00 00 00 00 4d 69 6b 72 6f 54 69 6b 20 20 20 20 …Mikr oTik
0020: 20 20 20 20 00 00 00 00 53 2d 33 35 4c 43 32 30 … S-35LC20
0030: 44 20 20 20 20 20 20 20 20 20 20 20 05 1e 00 25 D …%
0040: 00 1a 00 00 4d 54 38 31 32 31 30 36 35 32 35 20 …MT81 2106525
0050: 20 20 20 20 31 39 30 31 30 34 20 20 68 90 01 91 1901 04 h…
0060: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
0070: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 00 .
0080: 5a 00 d3 00 55 00 d8 00 94 3e 6d 92 87 5a 7a 76 Z…U… .>m..Zzv
0090: c3 50 00 00 b9 8c 00 00 1b a7 03 7b 18 a6 03 e8 .P… …{…
00a0: 1b a7 00 1c 18 a6 00 20 00 00 00 00 00 00 00 00 … …
00b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 … …
00c0: 00 00 00 00 3f 80 00 00 00 00 00 00 01 00 00 00 …?.. …
00d0: 01 00 00 00 01 00 00 00 01 00 00 00 00 00 00 bc … …
00e0: 3a 7f 7d 04 2e b0 0a 05 08 88 01 00 58 ff 00 00 :.}… …X…
00f0: 00 00 28 17 00 00 a5 08 01 48 02 ff ff ff ff 00 ..(… .H…

4

This gbic is working fine with a Ubiquiti Edgerouter X which i’m using right now.

Compatibility with Ubiquiti SFP+ transcoders on Mikrotik switch
5

ROS is a bit notorious for not supporting properly just any SFP module, thrown at. So the positive experience when using same SFP in different device brand means very little in this case (it only proves that SFP can talk to link peer on the fiber side).
But essentially this means that when things don’t work out of the box, one has to fiddle (a lot) to make things work in ROS … and ultimate success is not even granted.

The SFP which produced output “from another user” is Mikrotik’s own product and these generally work fine in ROS (but not in 100% of cases :open_mouth: ).

Compatibility with Ubiquiti SFP+ transcoders on Mikrotik switch
6

ok, then i will order this: S-3553LC20D https://mikrotik.com/product/S-3553LC20D and try :\

7

My ISP is Altibox and am using the original SFP, provided by Altibox, in my hEX S.
It was recognized without any hassle, as was the spare one i bought to experiment with.

I have an aquintance that has an RB5009 and the original SFP is reported to work as well

The brand is CTST and the type THMPRS-3511-10A (Tx 1310 / Rx 1550)

Maybe this wil help.

8

I received the mikrotik sfp today, but i’m having the same problem :\

9

How exactly is your SFP port configured? Post outputs of commands

/interface/ethernet/export
/interface/ethernet/monitor [ find default-name=sfp-sfpplus1 ] once

My guess so far: since MT SFP is without “+” (i.e. 1Gbps) and RB5009 SFP port is SFP+ (i.e. 10Gbps), you’ll have to disable auto negotiation on sfp-sfpplus1 and set speed to 1G-baseX …

10

Here's the output:
/interface/ethernet/export

2024-12-03 05:44:39 by RouterOS 7.16.2

software id = 9QMV-VT77

model = RB5009UPr+S+

serial number = XXXXXXXXXXX

/interface ethernet
set [ find default-name=sfp-sfpplus1 ] auto-negotiation=no mac-address=8C:59:73:53:7D:60 speed=1G-baseX


/interface/ethernet/monitor [ find default-name=sfp-sfpplus1 ] once

name: sfp-sfpplus1
status: link-ok
auto-negotiation: disabled
rate: 1Gbps
full-duplex: yes
tx-flow-control: no
rx-flow-control: no
supported: 10M-baseT-half,10M-baseT-full,100M-baseT-half,100M-baseT-full,1G-baseT-half,1G-baseT-full,1G-baseX,2.5G-baseT,2.5G-baseX,5G-baseT,10G-baseT,10G-baseSR-LR,10G-baseCR
sfp-supported: 1G-baseX
sfp-module-present: yes
sfp-rx-loss: no
sfp-tx-fault: no
sfp-type: SFP/SFP+/SFP28/SFP56
sfp-connector-type: LC
sfp-link-length-sm: 20km
sfp-vendor-name: MikroTik
sfp-vendor-part-number: S-35LC20D
sfp-vendor-revision: 1.0
sfp-vendor-serial: OL23022103536
sfp-manufacturing-date: 23-02-21
sfp-wavelength: 1310nm
sfp-temperature: 27C
sfp-supply-voltage: 3.21V
sfp-tx-bias-current: 14mA
sfp-tx-power: -5.948dBm
sfp-rx-power: -7.767dBm
eeprom-checksum: good
eeprom: 0000: 03 04 07 00 00 00 00 00 00 00 00 01 0d 00 14 c8 ........ ........
0010: 00 00 00 00 4d 69 6b 72 6f 54 69 6b 20 20 20 20 ....Mikr oTik
0020: 20 20 20 20 00 00 00 00 53 2d 33 35 4c 43 32 30 .... S-35LC20
0030: 44 20 20 20 20 20 20 20 31 2e 30 20 05 1e 00 f1 D 1.0 ....
0040: 00 1a 00 00 4f 4c 32 33 30 32 32 31 30 33 35 33 ....OL23 02210353
0050: 36 20 20 20 32 33 30 32 32 31 20 20 68 b0 01 c3 6 2302 21 h...
0060: 2d 00 08 9b 81 55 78 40 a1 eb 39 3e 6a 4d 61 cc -....Ux@ ..9>jMa.
0070: 5c 65 b2 00 00 00 00 00 00 00 00 00 4b 89 36 b3 \e...... ....K.6.
0080: 64 00 d8 00 5f 00 dd 00 8c a0 6d 60 88 b8 71 48 d..._... ..m`..qH
0090: 9c 40 01 f4 88 b8 03 e8 18 a6 03 e8 13 94 04 eb .@...... ........
00a0: 4d f1 00 14 27 10 00 28 00 00 00 00 00 00 00 00 M...'..( ........
00b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
00c0: 00 00 00 00 3f 80 00 00 00 00 00 00 01 00 00 00 ....?... ........
00d0: 01 00 00 00 01 00 00 00 01 00 00 00 00 00 00 19 ........ ........
00e0: 1b e4 7d 68 1d 3a 09 ee 06 88 ff ff ff ff 08 ff ..}h.:.. ........

11

According to SFP diagnostics, it seems that Rx works … One can not be sure if Tx is fine as well without checking on the other side of fiber, but on your side seems to be fine as well.

12

Output on my router for: interface/ethernet/monitor [find default-name=sfp1] once

                      name: sfp1
                    status: link-ok
          auto-negotiation: done
                      rate: 1Gbps
               full-duplex: yes
           tx-flow-control: no
           rx-flow-control: no
                 supported: 10M-baseT-half,10M-baseT-full,100M-baseT-half,100M-baseT-full,1G-baseT-half,1G-baseT-full
               advertising: 10M-baseT-half,10M-baseT-full,100M-baseT-half,100M-baseT-full,1G-baseT-half,1G-baseT-full
  link-partner-advertising: 10M-baseT-half,10M-baseT-full
        sfp-module-present: yes
               sfp-rx-loss: no
                  sfp-type: SFP/SFP+/SFP28/SFP56
        sfp-connector-type: SC
        sfp-link-length-sm: 10km
           sfp-vendor-name: Tsuhan
    sfp-vendor-part-number: THMPRS-3511-10A
       sfp-vendor-revision: A
         sfp-vendor-serial: F21092208356
    sfp-manufacturing-date: 21-09-22
            sfp-wavelength: 1310nm
           sfp-temperature: 48C
        sfp-supply-voltage: 3.307V
       sfp-tx-bias-current: 23mA
              sfp-tx-power: -6.307dBm
              sfp-rx-power: -21.023dBm
           eeprom-checksum: good
                    eeprom: 0000: 03 04 01 00 00 00 40 12  00 01 00 01 0d 00 0a 64  ......@. .......d
                            0010: 00 00 00 00 54 73 75 68  61 6e 20 20 20 20 20 20  ....Tsuh an      
                            0020: 20 20 20 20 00 00 00 00  54 48 4d 50 52 53 2d 33      .... THMPRS-3
                            0030: 35 31 31 2d 31 30 41 20  41 20 20 20 05 1e 00 12  511-10A  A   ....
                            0040: 00 1a 00 00 46 32 31 30  39 32 32 30 38 33 35 36  ....F210 92208356
                            0050: 20 20 20 20 32 31 30 39  32 32 20 20 68 f0 01 df      2109 22  h...
                            0060: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  ........ ........
                            *
                            0080: 5a 00 f6 00 55 00 fb 00  8c a0 75 30 88 b8 79 18  Z...U... ..u0..y.
                            0090: 7e f4 01 f4 6b 6c 05 dc  31 2d 01 bf 13 94 04 62  ~...kl.. 1-.....b
                            00a0: 31 2d 00 32 13 94 00 7e  00 00 00 00 00 00 00 00  1-.2...~ ........
                            00b0: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  ........ ........
                            00c0: 00 00 00 00 3f 80 00 00  00 00 00 00 01 00 00 00  ....?... ........
                            00d0: 01 00 00 00 01 00 00 00  01 00 00 00 00 00 00 04  ........ ........
                            00e0: 30 80 81 2e 2d 03 09 24  00 4f 00 00 00 00 00 00  0...-..$ .O......
                            00f0: 00 00 00 00 00 40 00 00  ff ff ff ff ff ff ff 00  .....@.. ........

Very strange is the automatic setting of link-partner-advertising to: 10M-baseT-half,10M-baseT-full

I am following the thread to see if i can help finding out where the problem lies.

Anyways, hope this helps

13

In over my head…but where is vlan102 in IP DHCP client settings???

/ip dhcp-client
add add-default-route=special-classless default-route-distance=100
dhcp-options=vendor-class-identifier interface=vlan-altibox-voip
use-peer-dns=no use-peer-ntp=no

14

Hi, just checking in to see if you ever found a working solution to this.

I am attempting the same setup with an RB5009 and I am seeing very similar behavior. The SFP link comes up and the VLAN configuration looks correct, but I never receive an IP address from Altibox on the internet VLAN as DHCP is stuck on searching.

Did you ever get this working directly on the RB5009, or did you end up using an ONT or media converter in front of it?