UTP cable speeds capabilities and other problems

recently I’ve upgraded my home network with RB2011UiAS-2HnD-IN. Great device, way out of my knowledge league but I’m willing to learn everything about it and I’ve managed to set up basics with YT tutorials.
Now comes the more advanced problems:
I have 4 PC with Win 7 x64. Every PC is in another room, connected to a wall UTP socket - few years ago I’ve installed UTP cables around my house so every room has wired LAN. Problem is that back then I didn’t know that gigabit LAN requires at least CAT 5e grade cable so now I really don’t know what CAT UTP grade cables I’ve installed and I want to test them for gigabit speed capabilities because I’ve noticed that transfer speeds for copying files from one PC to another are very slow, 100mbit at the best and I’m not sure if it’s due the cable or due the PCs itself.
I’ve found that /interface monitor ether command displays ethernets values but I don’t understand them completely. Here’s the log of my first five gigabit ports:
[admin@Multimulac] /interface ethernet> monitor ether1
;;; WAN
name: ether1
status: link-ok
auto-negotiation: done
rate: 100Mbps
full-duplex: yes
tx-flow-control: no
rx-flow-control: no
advertising: 10M-half,10M-full,100M-half,100M-full,1000M-half,
1000M-full
link-partner-advertising: 10M-half,10M-full,100M-half,100M-full

[admin@Multimulac] /interface ethernet> monitor ether2
;;; LAN
name: ether2
status: link-ok
auto-negotiation: done
rate: 1Gbps
full-duplex: yes
tx-flow-control: no
rx-flow-control: no
advertising: 10M-half,10M-full,100M-half,100M-full,1000M-half,
1000M-full
link-partner-advertising: 10M-half,10M-full,100M-half,100M-full,1000M-half,
1000M-full

[admin@Multimulac] /interface ethernet> monitor ether3
name: ether3
status: link-ok
auto-negotiation: done
rate: 1Gbps
full-duplex: yes
tx-flow-control: no
rx-flow-control: no
advertising: 10M-half,10M-full,100M-half,100M-full,1000M-half,
1000M-full
link-partner-advertising: 10M-half,10M-full,100M-half,100M-full,1000M-full

[admin@Multimulac] /interface ethernet> monitor ether4
name: ether4
status: link-ok
auto-negotiation: done
rate: 1Gbps
full-duplex: yes
tx-flow-control: no
rx-flow-control: no
advertising: 10M-half,10M-full,100M-half,100M-full,1000M-half,
1000M-full
link-partner-advertising: 10M-half,10M-full,100M-half,100M-full,1000M-full

[admin@Multimulac] /interface ethernet> monitor ether5
name: ether5
status: link-ok
auto-negotiation: done
rate: 100Mbps
full-duplex: yes
tx-flow-control: no
rx-flow-control: no
advertising: 10M-half,10M-full,100M-half,100M-full,1000M-half,
1000M-full
link-partner-advertising: 10M-half,10M-full,100M-half,100M-full

To explain:
ether1 - ISPs router, connected via 1m UTP cable
ether2, 3, 4 & 5 - PCs connected thru wall cables (all of the PCs have gigabit eth. LAN)

1. about “/interface monitor” results - what do they mean exactly? is it the speed which can be transferred thru cable or only hardware capabilities of devices on network but not the speed of the network itself, meaning that maybe hardware will not achieve 1Bbps because the cable will not be able to transfer 1gbps speed
2. I don’t know how to check which PC is connected to which eth. port - what is command for that (or how to see that in winbox)
3. Is there way to check UTP cable speed capabilities and if yes - how?
4. every PC has ESET smart security 8 fw/av installed - do I really need firewall on every PC if I set up mikrotik right and can software fw on pc cause problems with file speed transfers?

bonus question (just in case someone could know):
6. one PC is laptop Asus K72JR with Qualcomm / Atheros AR8131 PCI-E Gigabit Ethernet Controller (chip is identified via hardware ID and with help of the internet) - so laptop should have gigabit LAN but in network cards properties under “advanced - > speed & duplex” i don’t have “1gbit/1000 mbit full/half duplex” value, only 10 and 100 combinations. On every other PC i have 1gbit/1000mbit. I’ve reinstalled drivers with newest one form atheros but it didn’t help, still no options for gigabit lan - how can I check if the chip is really gigabit, is the problem in driver or windows or something else

double post

pls help?

Ad. 1

Let me explain:

name:
easy …router’s port name
status:
link-ok - there is cable connected, connection between devices is established
auto-negotation:
computer/router/etc could have staticaly/manually selected port connection parameters or it could be set to auto. When it is set to auto then special protocol is used to advertise capabilities of both ends: full-duplex, tx-flow-control, rx-flow-control and link speed.
Protocol checks all combinations and selects the “best” common denominator for both ends. As you see router advertises speeds of: 10M-half,10M-full,100M-half,100M-full,1000M-half, 1000M-full. Your computer (link-partner as computer is partner for router) advertises the same set of speeds. Therefore common denominator is “rate” 1Gbps. Flow control is negotiated to “flow-duplex”

As you see your cables are good enough to carry 1Gbps connections so do not blame yourself.

Ad. 2.
The easiest way is to unplug computer and watch the router see which led goes off and then describe the cable and the wall socket.

Ad. 3.
There are special testers which check cable attentuation, SNR, length and many other parameters but they are quite expensive. Look for eg. FLUKE devices.

Ad. 4.
Local firewall is not needed behind Mikrotik firewall but antivirus is essential tool. Firewall on Mikrotik is “a big muscleman” just before entry to your LAN. But if a wise guy will sidle in then you need some “antivirus guys”.

let me get this straight: if machine and link-partner-advertising have both 1000M-full that means the speed is going to be 1gbit? I tought it only means that both devices can do 1gbit speed BUT if the cable is CAT5 or lower, they won’t (they will try but the actual speed will never reach 1gbit). I’m thinking that because the copy speed btw. two PCs was around 160mbits

yea… but i was hopping for a command or something from winbox that would say “ether4; current IP:xxx.xxx.xxx.xxx (or Device ID: PC #2)”. I had router with Tomato firmware before and it was very simple to know which device on the network was using which port and which IP was assigned to which port

uh, to expensive… but thnx for suggestion
for that price I could buy two laptops with gigabit connection just for testing connections

that is great news! I really hate ESET firewall (and I hate other software FW even more) because it’s very stubborn in it’s way to produce “smart” security.
But I then would need info about how to block certain applications on certain PC which is on the network from connecting to it’s servers (ESET has ability to block directly application from making a contact with server which is more convenient than trying to block IP addresses of undesired servers) - is there way to do the same with mikrotik?

[ciach-ciach]
Ad. 1

…I’m thinking that because the copy speed btw. two PCs was around 160mbits…

A. Are you sure that it is 160 megabits not megaBYTES ? 160MB * 8 gives almost 1 Gbps
B. ether5 is 100 Mbps not 1Gbps. Have you target connected to it ?

Ad.2.
Look at Winbox/Tools/Torch or Winbox/Interfaces/particular_interface/Torch.
You can watch source and destination IPs flowing via particular interface. I know that is not Tomato like but better than nothing.

Anything over 100Mbits means that the line rate is 1gbps.
There is no such thing as 200mb ethernet.

A low rate like that tends to indicate one of a few things.
The most common ones are:
Performance limitations of some device involved in the transfer
Errors in communication path causing tcp slowdown / udp re-transmits
inefficient protocol (such as tftp) that really cannot approach anything near 100% throughput.

If you connect the two computers directly with a known good cable, and they can reach near 1gbps of throughput, then you know that if it’s #1, it’s not the two computers. It sounds like you’re using the gig-e switch chip of the 2011 correctly, but if you’re using CPU bridge interface between them, then the mikrotik’s cpu is going to only be able to reach about 160Mbps of throughput.

Look in bridge → hosts, or switch → hosts to see a list of MAC addresses and what ports they’re on.

You can use IP > Arp or IP > Dhcp-Server > Leases to see what IPs belong to what MAC addresses. DHCP leases is easier because it also shows the hostnames the pcs used to request their leases.

These two tools combine to show exactly which host is on exactly which interface. I recommend that once you discover it, set comments on the interfaces such as “living room, kitchen, media room” etc -

Finally, once you can know which port has which pc, you can delve further into the question I raised about CPU bridging vs. switch chip bridging. If the two hosts are on, e.g. ports 3 and 4, check to see if one is running slave to the other, or if they’re both set as slaves to the same port. If either of these statements is true, then you’re using the switch chip, which is able to go full 1gbps. If not, then the hosts are connecting through the cpu bridge, and you’re seeing a limitation of the 2011.

yes. movie around 12Gbytes copies with speed of about 20mbytes/s around 10-15min which is around 160mbits speed…

dunno what you mean? PC1 with movie is connected to eth2. PC2 who is receiving movie is connected to eth3. Both eth are gigabit ones (above log is copy of those connections)

thnx

i know that there’s no such thing as 200mb ethernet so I’m suspecting that speed is lower than full gigabit due cabling (CAT 5 or lower cable)?

well, as I stated before, all PC have gigabit network cards, all are installed well and all have their settings set to default.

how can I see is that the case and how can i set up that they use other than CPU bridge between them?
As I said, I’ve set up router via youtube videos and set up was very simple in a way: “under DHCP server set up that eth2 was master and eth 3, 4 and 5 are slaves to eth2 and that is your LAN. Then make bridge connection with eth1 (which is WAN) to give them internet access”
I don’t know even tiny fractal of router os without videos so it would be really helpful if someone could suggest me some video which shows how the router should be set up for basic usage with gigabit speeds surely working

Everything except “bridge to WAN interface” sounds good.
In a basic, general-purpose, one-size-fits-most configuration for a 2011, you will have these interfaces:
ether1 = WAN (dhcp client or pppoe-out client configured on this interface)
ether3-ether5 set to use ether2 as master (this creates a wire-speed switch between these 4 gigabit ports.)
ether7-ether10 set to use ether6 as master (this creates a wire-speed 100Mbps switch on ports 6-10)
bridge = LAN - connect ports ether2, ether6, and wlan1
wlan1 → set an SSID and wpa2-aes security profile on wlan 1

IP address / DHCP server on LAN bridge. This is a CPU bridge. It is necessary if you want the gigabit switch, 100Mbps switch, and wireless to all be the same single LAN.

Firewall rules for srcnat action masquerade out-interface=ether1 (or pppoe-out1 if pppoe is used)
basic “allow established, block new” rules on WAN interface, all packets allowed to go OUT the WAN.

That will cover 99% of basic home users.

If your configuration is similar to this, then your gigabit hosts are communicating via the hardware switch, not the cpu bridge. (look in bridge > hosts - if your two test computers’ mac addresses are on the same port from the bridge’s point of view, then you’re using the hardware switch)

If THAT is the case, then your problem is likely to be cabling.

if i got this correctly:
under IP > Addresses i have two IPs:

1. is marked “D”, it has current wan IP and under interface it says ether1
2. has no markings, address ip is 192.168.88.1/24, network is 192.168.88.0 and under interface it says bridge1 → should it be ether2?

heres scr.cap of my setup. also i dunno why I have 3 dhcp pools and why #3 is chosen

You’ve obviously configured DHCP with the wizard 3 times.

If you want to completely remove a DHCP setup, you must remove the server, the network, and the IP pool.

(Interestingly, the IP pool could actually be in use by other services which draw from pools.
For instance, you could have DHCP on one local interface, and PPPoE for other links and the pppoe server assigns addresses from the same pool. Neat, huh?)

Almost certainly, pools 1 and 2 are not in use by anything and can be deleted.
You can actually rename pool3 to pool1 without breaking anything. (stuff is linked by internal reference numbers - the names are just labels. If you change the name, then everywhere it’s referenced will show the new name.)

noob question: does this setup with the DHCP makes a “CPU bridge” you were talking about and which makes 1gbit speeds unreachable?

actually i don’t need DHCP. I’ve configured it cause I was convenient not to set up IPs on every PC but it’s not the problem to set up every PC by itself. Actually I was thinking about fixed IP for my torrent PC because i couldn’t get UPnP to work (I suspect ESET FW was the problem but I’ve set everything in it as well). So I was thinking about port forwarding and that as I know requires fixed IP address

So, any suggestion how to set up everything without DHCP?

dhcp has nothing to do with cpu bridges.
It’s just a way to assign IP addresses to devices automatically from a central server that keeps track of what’s in use and what’s free.

Likewise, turning it off doesn’t really change anything about your network. It just means that you must track the IP address assignment yourself and configure each host manually. This is especially a pain if you have any devices that move from place to place. (like your smartphone?)

The best thing is to set the IP pool not to use the entire network. It defaults on a /24 network to using …2 - …254
Make it use .65 - .254 This way, if you want to statically assign something like the torrent server, you can just use an IP below 65 and know that it won’t conflict with DHCP, but still have DHCP so you don’t have to go change your phone or laptop’s settings every time you take it with you somewhere.

I still haven’t understand you if I have CPU bridge or not…
here’s the cap of bridge interface:

also I’ve checked the cables: only one from my PC to wall socket was CAT5 and I’ve changed it temporarily with some flat no name no spec that I have from god knows where. Other cables are all CAT 5e (those in wall too). So now my speed had jumped up a bit but still isn’t full gigabit: it’s about 400mbit (50 mbytes copy speed from PC to PC). I’m fairly pleased but it still must go higher…

You have both a cpu bridge and a switched bridge.
The cpu bridge is only used whenever:

• wireless device talks to LAN
• any device on lan / wlan talks to the Mikrotik itself.

So in your case, both computers being hard wired LAN clients, they are using the switched path to reach each other.

by the way, ether6-10 (the 100mbps ports) are not connected to the LAN in any way. This may be on purpose, but I just thought I’d point that out since I noticed it.

So I guess the conclusion is that any speed issues are going to be cabling / pc related (unless a port is negotiating speed/dpulex wrong) If you just move the computers to different ports on the switch one at a time, watch for any speed differences. If there is no change, then you can say the mikrotik’s ports are good.

ok, so I’m on hardware bridge…
thanks for suggestion, i’ll try to test speeds with moving computers to different ports

yea, I don’t need them for time being so I’ve disabled them. I will probably use just two ports which doesn’t have to be 1gbit (print server)

Simple things first: switch off ESET and then retest transfer speed.

good advice but that’s the problem with ESET: u can’t ever completely switch it off. That’s why i don’t like it - it has “smart” protection systems that keep on going even if you disable protection. I was thinking of uninstalling it completely but then I have mayor problems with making firewall list of blocked addresses cause, for example, only PowerDVD has at least 10 IP addresses on port 80 on which it want to connect (due reporting, marketing, ect.) and I’m afraid how much other apps have… ESET FW has simple solution for that: block the application itself and I can’t do that in routerOS…

There are two possible ways:

1. Uninstall ESET, test transfer and reinstall ESET. There is small chance to be infected during local tests.
2. Try to use two “foreign” computers without ESET installed.

I suggest (1).