I have an RB4011iGS+ and am having some odd performance issues.

I have 4 ASUS Zen AX access points connected to my router via wired links. My internet is 910mb FTTP. Perform a Internet speed test over Wi-Fi I Can get Up to 770mbs which isn’t bad (I have to borrow a modern phone from a friend to get 770mbs) - mine only gets 450mbps.

Over a cable to a laptop weirdly its much slower. What is even more strange is if I connect directly to the router it’s very slow (100mbs ish) connect an ASUS access point into the same socket and plug the laptop into the back of the ASUS access point it is 3 x faster (at least). How can this be! It appears that going via an access point Into the same socket is quicker than going direct through the router. Both are auto negotiating at 1gb full duplex

Any ideas?

Interfaces configured:

aug/24/2020 21:15:51 by RouterOS 6.47

software id =

model = RB4011iGS+

serial number = B8F30BBF29A2

/interface bridge
add admin-mac=C4:AD:34:55:D8:04 auto-mac=no comment=defconf name=bridge-local
/interface ethernet
set [ find default-name=ether1 ] comment=Internet mtu=1508 name=ether1-gateway
set [ find default-name=ether2 ] comment=“Lounge Switch”
set [ find default-name=ether3 ] comment=“Attick AP”
set [ find default-name=sfp-sfpplus1 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full,2500M-full,5000M-full,10000M-full comment=“2.5 Gbit Kitchen AP” rx-flow-control=auto tx-flow-control=auto
/interface pppoe-client
add add-default-route=yes comment=“Internet Dial-up” default-route-distance=3 disabled=no interface=ether1-gateway keepalive-timeout=60 max-mtu=1500 name=pppoe-vdsl password=*************** profile=InternetPPPoE user=*************
/interface ethernet switch port
set 0 default-vlan-id=0
set 1 default-vlan-id=0
set 2 default-vlan-id=0
set 3 default-vlan-id=0
set 4 default-vlan-id=0
set 5 default-vlan-id=0
set 6 default-vlan-id=0
set 7 default-vlan-id=0
set 8 default-vlan-id=0
set 9 default-vlan-id=0
set 10 default-vlan-id=0
set 11 default-vlan-id=0
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/interface bridge port
add bridge=bridge-local comment=defconf interface=ether2
add bridge=bridge-local comment=defconf interface=ether3
add bridge=bridge-local comment=defconf interface=ether4
add bridge=bridge-local comment=defconf interface=ether5
add bridge=bridge-local comment=defconf interface=ether6
add bridge=bridge-local comment=defconf interface=ether7
add bridge=bridge-local comment=defconf interface=ether8
add bridge=bridge-local comment=defconf interface=ether9
add bridge=bridge-local comment=defconf interface=ether10
add bridge=bridge-local comment=defconf interface=sfp-sfpplus1
/interface list member
add comment=defconf interface=bridge-local list=LAN
add comment=defconf interface=pppoe-vdsl list=WAN


Flags: D - dynamic, X - disabled, R - running, S - slave

NAME TYPE ACTUAL-MTU L2MTU MAX-L2MTU MAC-ADDRESS

0 R ;;; Internet
ether1-gateway ether 1508 1592 9578 C4:AD:34:55:D8:03
1 RS ;;; Lounge Switch
ether2 ether 1500 1592 9578 C4:AD:34:55:D8:04
2 RS ;;; Attick AP
ether3 ether 1500 1592 9578 C4:AD:34:55:D8:05
3 RS ether4 ether 1500 1592 9578 C4:AD:34:55:D8:06
4 S ether5 ether 1500 1592 9578 C4:AD:34:55:D8:07
5 S ether6 ether 1500 1592 9578 C4:AD:34:55:D8:08
6 S ether7 ether 1500 1592 9578 C4:AD:34:55:D8:09
7 RS ether8 ether 1500 1592 9578 C4:AD:34:55:D8:0A
8 S ether9 ether 1500 1592 9578 C4:AD:34:55:D8:0B
9 RS ether10 ether 1500 1592 9578 C4:AD:34:55:D8:0C
10 RS ;;; 2.5 Gbit Kitchen AP
sfp-sfpplus1 ether 1500 1600 9586 C4:AD:34:55:D8:0D
11 R ;;; defconf
bridge-local bridge 1500 1592 C4:AD:34:55:D8:04
12 R ;;; Internet Dial-up
pppoe-vdsl pppoe-out 1500

Hi, I still have the above problem! Please can someone help me?

Why is ether 1 mtu set at 1508?

It’s set to 1508 for the extra bytes required for the PPPOE header - or at least that is my understanding. It requires an extra 8 bytes. I think they are some times referred to as Baby Jumbo frames. This is for RFC4638.

I can ping google.co.uk -f -l1472 without any packet fragmentation connected to either directly or indirectly.

The 100Mb/s sounds suspicious. Check the connection speed on the laptop. Could be a cable issue. Gigabit normally requires all four pairs whereas 10Base-T and 100Base-T only uses two of the pairs.

The cable is a brand new CAT-7 moulded plugs patch lead. It is the same cable I am using for direct and via the ASUS also it negotiates at 1GB and this is displayed both in winbox and the laptop

This is only half of the config file, and your’e going through routing and the firewall. Who knows if there is something special?

Is there a reason to set the switch parameters? (vlan-id=0) RouterOS uses vlan-id=1 as default.
Is the PC or AP using any VLAN setting?

What do the statistic counters of the ethernet port show ?

Hi,

I am a novice, what command do I used to export all? (Without any passwords) and I will post, I have no reason to set vlan-id anyway will set back to default.

In terminal:

/export hide-sensitive file=yourfilename

“yourfilename” is a name you choose. The file will be in RAM under menu “Files” as “yourfilename.rsc” and can be downloaded.
The content of the file is pure TXT (text), and can be edited with a simple editor.
Passwords will not be shown (hide-sensitive).
MAC addresses are still there. You might want to delete MAC addresses of the public/WAN interface in the file, or overwrite with XXXX anything else you don’t want to share.

Text can be copied and enclosed between command above (the code - /code), or the file added as attachment.

I attempted changing the vlanid on one of my Ethernet ports - I had to create the vlan first but some how that bricked the switch - luckily I could get back on via the sfp+ port and reset the vlanid settings. Had to reboot the router to actually kick it back into life. Had a frantic hour Getting my router back into service - ready for another day working from home and allowing my kids to home school!!

Will get the config off it tomorrow!

Attached is my complete config, have xx’ed out the usernames, some sensitive IP addresses and mac addresses and removed all my static DHCP leases. My friend has set up a VPN between his and mine, so I have xxx’ed out their internal and external ip addresses.
exportxxx.rsc.txt (11.2 KB)

I hope somebody else can analyse your firewall settings. (I don’t understand the active role of the detect-ddos chain in this)

In your initial description it was clear the only difference was the connection to the router. (if the ASUS is acting as a bridge/switch)
PC-wifi-ethernet-ethernet is fast
PC-ethernet-ethernet is slower
PC-ethernet is 3 times slower than ethernet-ethernet

The fastest communication gives the lowest data throughput. (That fast communication could trigger some limiting rules (ddos-detect ?) or trigger TCP congestion avoidance? or anything else (buffer bloat?). No idea with this information here. I would start “sniffer” to find out the timing of the data packets and ACK’s. Or see what the difference in transfer is. (packet size (MSS used), TCP window size etc )

Hey guys,

Just an update, I replaced my Network Card and my problems went away! Was using a ms surface dock Ethernet adapter - plugged in a 2.5GB USB Ethernet adapter (into a 1GB Ethernet port on the MikroTik) auto negotiated at 1GB and I am getting the full 916mb down!