Here is a junior mikrotik user :)
And probably I made wrong decision.
CRS309 is in router mode. CRS has installed 3 SFP+ 10Gbit/Ethernet modules.
Situation is next:
My modem of ISP is in bridge mode. I have 10Gbit Internet.
Modem connected to CRS309 to one of 10Gbit SFP+ module. 2 wifi routers (in acccess point mode) connected to CRS309 to other SFP+ modules.
Looks like all works good except internet speed.
To check speed I use one of wifi routers which has 2.5Gbit WAN and run internal speed test. It showed about 1400Mbps.
If connect directly wifi routers to ISP modem the speed can be 2200Mbps.
So it looks like CRS lost somewhere WAN speed.
I tried another way to check speed. I used 2 notebookes wired connected to CRS and run simultaneously speedtest.net. And sum of speed of both of them was about 1400Mbps. So Download stream was for exmple 800 on 1st and 500 on 2nd, or 600/600 or 300/900.
If I connect 2 notebooks to Wifi router with 2.5Gbit WAN which connected to ISP modem directly (CRS excluded) and run the same speedtest.net, so both notebooks at the same time has 940 and 940 download stream, so together 2Gbps. From that I guess the problem is in CRS.
So here is question: is 1400Mbps maximal speed for CRS or there is some thing wrong in settings?
Thanks in advance,
Eugene.
Code: Select all
/export compact
# jul/22/2021 00:05:59 by RouterOS 6.49beta54
# software id = 4ZUV-FX8F
#
# model = CRS309-1G-8S+
# serial number = D8480EC2B181
/interface bridge
add admin-mac=2C:C8:1B:46:EF:AD auto-mac=no comment=defconf name=bridge
/interface ethernet
set [ find default-name=ether1 ] advertise=1000M-full
set [ find default-name=sfp-sfpplus1 ] advertise=10000M-full speed=10Gbps
set [ find default-name=sfp-sfpplus2 ] advertise=1000M-full,2500M-full,5000M-full,10000M-full speed=10Gbps
set [ find default-name=sfp-sfpplus3 ] advertise=1000M-full,2500M-full,5000M-full,10000M-full
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.25.100-192.168.25.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=dhcp1
/queue interface
set sfp-sfpplus1 queue=ethernet-default
set sfp-sfpplus2 queue=ethernet-default
/interface bridge port
add bridge=bridge comment=defconf interface=ether1
add bridge=bridge comment=defconf disabled=yes interface=sfp-sfpplus1
add bridge=bridge comment=defconf interface=sfp-sfpplus2
add bridge=bridge comment=defconf interface=sfp-sfpplus3
add bridge=bridge comment=defconf interface=sfp-sfpplus4
add bridge=bridge comment=defconf interface=sfp-sfpplus5
add bridge=bridge comment=defconf interface=sfp-sfpplus6
add bridge=bridge comment=defconf interface=sfp-sfpplus7
add bridge=bridge comment=defconf interface=sfp-sfpplus8
/ip neighbor discovery-settings
set discover-interface-list=none
/interface detect-internet
set detect-interface-list=all
/interface list member
add interface=bridge list=LAN
add interface=sfp-sfpplus1 list=WAN
/ip address
add address=192.168.25.1/24 comment=defconf interface=bridge network=192.168.25.0
/ip dhcp-client
# DHCP client can not run on slave interface!
add disabled=no interface=ether1
add disabled=no interface=sfp-sfpplus1
/ip dhcp-server lease
add address=192.168.25.60 client-id=1:0:11:32:81:36:f4 mac-address=00:11:32:81:36:F4 server=dhcp1
add address=192.168.25.50 client-id=1:6c:cd:d6:db:c:1a mac-address=6C:CD:D6:DB:0C:1A server=dhcp1
add address=192.168.25.70 client-id=1:0:11:32:8e:b0:c0 mac-address=00:11:32:8E:B0:C0 server=dhcp1
/ip dhcp-server network
add address=192.168.25.0/24 gateway=192.168.25.1 netmask=24
/ip dns
set servers=XX.XX.XX.XX
/ip firewall filter
add action=drop chain=input comment="drop ssh brute forcers" dst-port=22 protocol=tcp src-address-list=ssh_blacklist
add action=add-src-to-address-list address-list=ssh_blacklist address-list-timeout=1w3d chain=input connection-state=new dst-port=22 protocol=tcp src-address-list=ssh_stage3
add action=add-src-to-address-list address-list=ssh_stage3 address-list-timeout=1m chain=input connection-state=new dst-port=22 protocol=tcp src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_stage2 address-list-timeout=1m chain=input connection-state=new dst-port=22 protocol=tcp src-address-list=ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage1 address-list-timeout=1m chain=input connection-state=new dst-port=22 protocol=tcp
add action=fasttrack-connection chain=forward comment=FastTrack connection-state=established,related
add action=accept chain=forward comment="Established, Related" connection-state=established,related
add action=drop chain=forward comment="Drop invalid" connection-state=invalid log=yes log-prefix=invalid
add action=drop chain=forward comment="Drop tries to reach not public addresses from LAN" dst-address-list=not_in_internet in-interface=bridge log=yes log-prefix=!public_from_LAN \
out-interface=!bridge
add action=drop chain=forward comment="Drop incoming packets that are not NATted" connection-nat-state=!dstnat connection-state=new in-interface=sfp-sfpplus1 log=yes log-prefix=!NAT
add action=drop chain=forward comment="Drop incoming from internet which is not public IP" in-interface=sfp-sfpplus1 log=yes log-prefix=!public src-address-list=not_in_internet
add action=drop chain=forward comment="Drop packets from LAN that do not have LAN IP" in-interface=bridge log=yes log-prefix=LAN_!LAN src-address=!192.168.25.0/24
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN
/ip route
add disabled=yes distance=1 gateway=xx.xx.xx.xx
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www address=192.168.25.0/24
set ssh address=192.168.25.0/24 port=22534
set api disabled=yes
set winbox disabled=yes
set api-ssl disabled=yes
/ip ssh
set strong-crypto=yes
/system clock
set time-zone-name=Europe/Warsaw
/system package update
set channel=testing
/system routerboard settings
set boot-os=router-os
/system swos
set allow-from-ports=p1,p2,p3,p4,p5,p6,p7,p8,p9 identity=MikroTik
/tool mac-server
set allowed-interface-list=none