Community discussions

just joined
Topic Author
Posts: 11
Joined: Thu Aug 01, 2019 8:20 pm

hAP AC2 performance question

Fri Aug 30, 2019 6:20 pm

I just want to confirm with some other owners if copy speed 600 Mbps between VLANs without fastrack with 4 FW rules is OK (CPU utilization 90%). Without FW rules it is working on cable speed.

As test I just copy 4GB file between 2 W10 computers (copy from VLAN34 to VLAN33).

I checked Test result on Mikrotik page and there is speed 1970 Mbps (25 IP filter rules / 1518) so I was awaiting something close to this :-( they are doing all port test and I tested with just one client ...

I want to be sure if this can handle 500 Mbps internet connection. Based on my result it will be so close. But based on mikrotik test result it should handle 1GB. I did my test without NAT so may be speed will be even lower when I enable NAT.

Some screenshots here: ... 2D0HAYiyGZ

My configuration:
/interface bridge
add admin-mac=86:55:D1:F1:4E:C5 auto-mac=no name=bridge-test protocol-mode=none
/interface ethernet switch port
set 0 vlan-header=add-if-missing vlan-mode=secure
set 1 default-vlan-id=33 vlan-header=always-strip vlan-mode=secure
set 2 default-vlan-id=33 vlan-header=always-strip vlan-mode=secure
set 3 default-vlan-id=33 vlan-header=always-strip vlan-mode=secure
set 4 default-vlan-id=34 vlan-header=always-strip vlan-mode=secure
set 5 vlan-header=add-if-missing vlan-mode=secure
/interface bridge port
add bridge=bridge-test interface=ether1
add bridge=bridge-test interface=ether2
add bridge=bridge-test interface=ether3
add bridge=bridge-test interface=ether4
add bridge=bridge-test interface=wlan1
add bridge=bridge-test interface=wlan2
add bridge=bridge-test interface=ether5
/interface ethernet switch vlan
add independent-learning=yes ports=ether1,ether2,ether3,ether4,switch1-cpu switch=switch1 vlan-id=33
add independent-learning=yes ports=ether1,ether5,switch1-cpu switch=switch1 vlan-id=34
/ip address
add address= comment=VLAN33 interface=VLAN33 network=
add address= interface=VLAN34 network=
/ip firewall address-list
add address= list=allowed_to_forward
add address= list=allowed_to_forward
add address= list=allowed_to_router
add address= list=allowed_to_router
/ip firewall filter
add action=accept chain=forward comment="Established, Related" connection-state=established,related
add action=drop chain=forward connection-state=new dst-address= src-address=
add action=accept chain=forward src-address-list=allowed_to_forward
add action=drop chain=forward
add action=accept chain=input comment="default configuration" connection-state=established,related
add action=accept chain=input src-address-list=allowed_to_router
add action=drop chain=input
Thank you,

Who is online

Users browsing this forum: No registered users and 21 guests