-
-
100percentjake
just joined
- Posts: 2
- Joined:
Network bottleneck since swapped out router
I recently swapped out our old RB951 with a gigabit-capable RB750GR3. This router receives internet from a wireless PTP link on eth0 and spits it out to an old Cisco switch on Ether5 that has trunk lines to other switches to serve the rest of the building. The router handles all of the building's routing and several VLANs for VOIP and keeping various leasees in the building from seeing each other's networks. The RB951 worked great but while we could get 300mbit via the PTP link to our datacenter we were limited by the 10/100 ports on the router. I bought the RB750 and copied over the config by doing /export compact on the old router and pasting the result into the new router's terminal, setting the new password, and installing it in our network. Since then things seem to be working find with the notable exception that any client device appears to be maxing out at roughly 3-9mbit of usable bandwidth. Notably, when doing a bandwidth test from RouterOS on one of the accesspoints (also routerboards) to the core router I am able to saturate the connection, but the speedtest I just did from my laptop on speedtest.net got 2mbit. A speedtest from my laptop in the datacenter gets ~300mbit down. So it would appear there is something different about this RB750GR3 that is restricting traffic to clients but not neighbors, or is restricting it on certain ports. For the life of me I can't figure out what it is. I checked for dropped packets and checked to make sure it was negotiating 1GBps to the switches. The ability of other mikrotik devices to saturate the link between themselves and the datacenter through the router seems to indicate the switches aren't at fault, though I did find a 16kbps MTU discrepency between the setting in the router and the switch it's connected to, which solved nothing. I'm a bit of a newbie at this, but help would be appreciated.
Re: Network bottleneck since swapped out router
Without seeing the config and knowing the code version on the old and new routers I can't offer much other than my hEX Gr3 works fine. I have it connected a Cisco 2960S and am routing the VLANs on the hEX. I'm not getting any kind constraint like you're seeing.
Re: Network bottleneck since swapped out router
I use a RB750Gr3 as my WAN router and it works great. I have a 100 Mbit connection to internet and 2 * 1 Gbit LACP to the core and I have no issues what to ever with performance.
But in you case the 750 is your core. Can you please share your config via /export
But in you case the 750 is your core. Can you please share your config via /export
-
-
100percentjake
just joined
- Posts: 2
- Joined:
Re: Network bottleneck since swapped out router
Here's my config, which I have tried to censor
The memory not running at default frequency struck me as odd, though the options given are " /system routerboard settings> set memory-frequency=
800DDR 1066DDR 1200DDR" and trying any of these settings results in the same "not running at default frequency" error.
Code: Select all
# apr/26/2017 10:08:01 by RouterOS 6.38.5
# software id = 6LWI-KQ5T
#
/interface bridge
add mtu=1500 name=Public-Br protocol-mode=none
/interface ethernet
set [ find default-name=ether1 ] mtu=1512
set [ find default-name=ether5 ] mtu=1504
/interface eoip
add clamp-tcp-mss=no !keepalive mac-address=02:D4:7B:0B:07:DB mtu=1500 name=Public-Tunnel-2 remote-address=10.10.15.36 tunnel-id=209
/interface vlan
add interface=ether5 name=VLAN-11-<client> vlan-id=11
add interface=ether5 name=VLAN-13-<client> vlan-id=13
add interface=ether5 name=VLAN-15-<client> vlan-id=15
add interface=ether5 name=VLAN-20-<client> vlan-id=20
add interface=ether5 name=VLAN-21-<client> vlan-id=21
add interface=ether5 name=VLAN-22-<client> vlan-id=22
add interface=ether5 name=VLAN-30-<client> vlan-id=30
add interface=ether5 name=VLAN-31-<client> vlan-id=31
add interface=ether5 name=VLAN-32-<client> vlan-id=310
add interface=ether5 name=VLAN-35-<client> vlan-id=35
add interface=ether5 name=VLAN-36-<client> vlan-id=36
add interface=ether5 name=VLAN-105-<client> vlan-id=105
add interface=ether5 name=VLAN-308-<client> vlan-id=308
add interface=ether5 name=VLAN-309-<client> vlan-id=309
add interface=ether5 name=VLAN-311-<client> vlan-id=311
add interface=ether5 name=VLAN-401-<client> vlan-id=401
add interface=ether5 name=VLAN-402-<client> vlan-id=402
add interface=ether5 name=VLAN-404-<client> vlan-id=404
add interface=ether5 name=VLAN-405-<client> vlan-id=405
add interface=ether5 name=VLAN-406-<client> vlan-id=406
add interface=ether5 name=VLAN-411-<client> vlan-id=411
add interface=ether5 name=VLAN-413-<client> vlan-id=413
add interface=ether5 name=VLAN-501-<client> vlan-id=501
add interface=ether5 name=VLAN-508-<client> vlan-id=508
add interface=ether5 name=VLAN-510-<client> vlan-id=510
add interface=ether5 name=VLAN-511-<client> vlan-id=511
add interface=ether5 name=VLAN-515-<client> vlan-id=515
add interface=ether5 name=VLAN-516-<client> vlan-id=516
add interface=ether5 name=VLAN-520-<client> vlan-id=520
add interface=ether5 name=VLAN-535-<client> vlan-id=535
add interface=ether5 name=VLAN-545-<client> vlan-id=545
add interface=ether5 name=VLAN-620-<client> vlan-id=620
add interface=ether5 name=VLAN-935 vlan-id=935
add interface=ether5 name=VLAN-1000-<client> vlan-id=1000
add interface=ether5 name=VLAN-1001-<client> vlan-id=1001
add interface=ether2 name=vlan2-voice vlan-id=2
add interface=ether5 name=vlan10 vlan-id=10
add interface=ether5 name=vlan254 vlan-id=254
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip dhcp-server option
add code=150 name=tftp value=0x0a010b0b
add code=150 name=tftp-<client> value=0x0A0A1E6E
add code=150 name=tftp-<client> value=0x0A00000E
add code=150 name=tftp-test value=0x3F4F0E9A
add code=150 name=tftp-<client> value=0x0A0A1E73
add code=150 name=tftp-<client> value=0x0A0A1E66
add code=150 name=tftp-<client> value=0x0A0A1E82
add code=150 name=tftp-<client> value=0x0A0A1E67
add code=150 name=tftp-PUB value=0x3F4F0E9E
add code=150 name=tftp-<client> value=0x0A0A1E4B
add code=160 name=snom value=0x0A0A1E6E
add code=67 name=110 value="'10.10.30.110'"
add code=128 name=tftp-minet value=0x0A0A1E6B
add code=129 name=option1 value=0x3F4F0E9A
add code=150 name=tftp-cisco-workforce value=0x0A0A1E79
add code=66 name=wec-server value="'10.10.30.118'"
add code=150 name=<client> value=0x0A0A1ECC
add code=150 name=tftp-bp value=0x0A0A1E75
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot login-by=mac,cookie,http-chap,mac-cookie
add hotspot-address=10.4.101.1 html-directory=flash/hotspot name=hsprof1
/ip hotspot user profile
set [ find default=yes ] shared-users=100
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=3des
/ip pool
add name=dhcp_pool4 ranges=10.140.2.25-10.140.2.225
add name=dhcp_pool5 ranges=10.140.4.25-10.140.4.225
add name=dhcp_pool6 ranges=10.140.6.25-10.140.6.225
add name=dhcp_pool7 ranges=10.4.10.15-10.4.10.240
add name=dhcp_pool8 ranges=10.4.209.25-10.4.209.225
add name=dhcp_pool9 ranges=10.140.5.25-10.140.5.225
add name=dhcp_pool10 ranges=10.4.11.25-10.4.11.225
add name=dhcp_pool11 ranges=10.4.13.2-10.4.13.254
add name=dhcp_pool12 ranges=10.4.69.2-10.4.69.254
add name=dhcp_pool13 ranges=10.4.15.22-10.4.15.222
add name=dhcp_pool14 ranges=10.4.154.2-10.4.154.254
add name=dhcp_pool16 ranges=10.4.21.22-10.4.21.222
add name=dhcp_pool17 ranges=10.4.22.22-10.4.22.222
add name=dhcp_pool18 ranges=10.4.35.22-10.4.35.222
add name=dhcp_pool19 ranges=10.4.31.22-10.4.31.222
add name=dhcp_pool20 ranges=10.4.51.22-10.4.51.222
add name=dhcp_pool21 ranges=10.4.52.22-10.4.52.222
add name=dhcp_pool22 ranges=10.4.53.22-10.4.53.222
add name=dhcp_pool23 ranges=10.4.54.22-10.4.54.222
add name=dhcp_pool24 ranges=10.4.52.22-10.4.52.222
add name=dhcp_pool25 ranges=10.4.54.2-10.4.54.254
add name=dhcp_pool26 ranges=10.4.61.25-10.4.61.225
add name=dhcp_pool27 ranges=10.4.36.22-10.4.36.222
add name=dhcp_pool28 ranges=10.4.55.65-10.4.55.225
add name=dhcp_pool29 ranges=10.4.38.25-10.4.38.225
add name=dhcp_pool30 ranges=10.4.39.25-10.4.39.225
add name=dhcp_pool31 ranges=10.4.57.25-10.4.57.225
add name=dhcp_pool32 ranges=10.4.105.25-10.4.105.225
add name=dhcp_pool33 ranges=10.4.32.200-10.4.32.225
add name=dhcp_pool34 ranges=10.4.56.25-10.4.56.225
add name=dhcp_pool35 ranges=10.4.93.25-10.4.93.225
add name=dhcp_pool36 ranges=10.4.101.25-10.4.101.225
add name=dhcp_pool37 ranges=10.4.100.25-10.4.100.225
add name=dhcp_pool15 ranges=192.168.209.120-192.168.209.180
add name=dhcp_pool2 ranges=10.4.20.25-10.4.20.225
add name=dhcp_pool1 ranges=10.0.1.2-10.0.1.254
add name=dhcp_pool3 ranges=10.4.62.25-10.4.62.225
add name=pool1 ranges=10.140.1.25
/ip dhcp-server
add address-pool=dhcp_pool4 disabled=no interface=VLAN-402-<client> lease-time=3d name=dhcp4
add address-pool=dhcp_pool5 disabled=no interface=VLAN-404-<client> lease-time=3d name=dhcp5
add address-pool=dhcp_pool6 disabled=no interface=VLAN-406-<client> lease-time=3d name=dhcp6
add address-pool=dhcp_pool8 disabled=no interface=VLAN-411-<client> lease-time=3d name=dhcp8
add address-pool=dhcp_pool9 disabled=no interface=VLAN-405-<client>lease-time=3d name=dhcp9
add address-pool=dhcp_pool11 disabled=no interface=VLAN-13-<client> lease-time=3d name=dhcp11
add address-pool=dhcp_pool13 disabled=no interface=VLAN-15-<client> lease-time=3d name=dhcp13
add address-pool=dhcp_pool14 disabled=no interface=VLAN-413-<client> lease-time=3d name=dhcp12
add address-pool=dhcp_pool16 disabled=no interface=VLAN-21-<client> lease-time=3d name=dhcp14
add address-pool=dhcp_pool17 disabled=no interface=VLAN-22-<client> lease-time=3d name=dhcp15
add address-pool=dhcp_pool18 disabled=no interface=VLAN-35-<client> lease-time=3d name=dhcp16
add address-pool=dhcp_pool19 disabled=no interface=VLAN-31-<client> lease-time=3d name=dhcp17
add address-pool=dhcp_pool20 disabled=no interface=VLAN-501-<client> lease-time=3d name=dhcp18
add address-pool=dhcp_pool22 disabled=no interface=VLAN-510-<client> lease-time=3d name=dhcp20
add address-pool=dhcp_pool24 disabled=no interface=VLAN-508-<client> lease-time=3d name=dhcp19
add address-pool=dhcp_pool25 disabled=no interface=VLAN-520-<client> lease-time=3d name=dhcp21
add address-pool=dhcp_pool26 disabled=no interface=VLAN-311-<client> lease-time=3d name=dhcp22
add address-pool=dhcp_pool27 disabled=no interface=VLAN-36-<client> lease-time=3d name=dhcp23
add address-pool=dhcp_pool29 disabled=no interface=VLAN-308-<client> lease-time=3d name=dhcp25
add address-pool=dhcp_pool30 disabled=no interface=VLAN-309-<client> lease-time=3d name=dhcp26
add address-pool=dhcp_pool31 disabled=no interface=VLAN-545-<client> lease-time=3d name=dhcp27
add address-pool=dhcp_pool32 disabled=no interface=VLAN-105-<client> lease-time=3d name=dhcp28
add address-pool=dhcp_pool33 disabled=no interface=VLAN-32-<client> lease-time=3d name=dhcp29
add address-pool=dhcp_pool35 disabled=no interface=VLAN-935 lease-time=3d name=dhcp31
add address-pool=dhcp_pool37 disabled=no interface=VLAN-1000-<client> lease-time=3d name=dhcp32
add address-pool=dhcp_pool36 disabled=no interface=VLAN-1001-<client> lease-time=1h name=dhcp33
add address-pool=pool1 disabled=no interface=VLAN-401-<client> lease-time=3d name=dhcp3
add address-pool=dhcp_pool34 disabled=no interface=VLAN-516-<client> lease-time=3d name=dhcp30
add address-pool=dhcp_pool28 disabled=no interface=VLAN-515-<client> lease-time=3d name=dhcp24
add address-pool=dhcp_pool15 disabled=no interface=VLAN-30-<client> lease-time=3d name=dhcp1
add address-pool=dhcp_pool10 disabled=no interface=VLAN-11-<client> lease-time=3d name=dhcp10
add address-pool=dhcp_pool2 disabled=no interface=VLAN-20-<client> lease-time=3d name=dhcp2
add address-pool=dhcp_pool1 disabled=no interface=vlan2-voice name=dhcp7
add address-pool=dhcp_pool3 disabled=no interface=VLAN-620-<client> lease-time=1h name=dhcp34
/routing ospf instance
set [ find default=yes ] redistribute-connected=as-type-2 redistribute-static=as-type-2 router-id=10.10.15.33
/snmp community
add addresses=0.0.0.0/0 name=kansashosting
/dude
set data-directory=disk1/dude enabled=yes
/interface bridge port
add bridge=Public-Br interface=Public-Tunnel-2
add bridge=Public-Br interface=VLAN-535-<client>-Public
/ip address
add address=10.10.15.33/29 interface=ether1 network=10.10.15.32
add address=10.10.15.1/29 interface=ether4 network=10.10.15.0
add address=10.0.0.1/24 disabled=yes interface=ether2 network=10.0.0.0
add address=10.4.254.1/24 interface=vlan254 network=10.4.254.0
add address=192.168.209.1/24 comment="added by setup" interface=VLAN-30-<client>network=192.168.209.0
add address=192.168.55.1/24 interface=VLAN-515-<client>network=192.168.55.0
add address=10.4.56.1/24 interface=VLAN-516-<client>network=10.4.56.0
add address=10.4.55.1/24 interface=VLAN-515-<client>network=10.4.55.0
add address=10.4.10.1/24 interface=vlan10 network=10.4.10.0
add address=10.4.11.1/24 interface=VLAN-11-<client>-voice network=10.4.11.0
add address=10.4.20.1/24 interface=VLAN-20-Data network=10.4.20.0
add address=10.140.1.1/24 interface=VLAN-401-<client>network=10.140.1.0
add address=10.140.4.1/24 interface=VLAN-404-<client>network=10.140.4.0
add address=10.140.6.1/24 interface=VLAN-406-<client>network=10.140.6.0
add address=10.4.209.1/24 interface=VLAN-411-<client>-VOICE network=10.4.209.0
add address=10.140.5.1/24 interface=VLAN-405-<client>network=10.140.5.0
add address=10.4.13.1/24 interface=VLAN-13-<client>network=10.4.13.0
add address=10.4.15.1/24 interface=VLAN-15-<client>network=10.4.15.0
add address=10.4.154.1/24 interface=VLAN-413-<client>-TEST network=10.4.154.0
add address=10.4.21.1/24 interface=VLAN-21-<client>network=10.4.21.0
add address=10.4.22.1/24 interface=VLAN-22-<client>network=10.4.22.0
add address=10.4.35.1/24 interface=VLAN-35-<client>-Ste-506 network=10.4.35.0
add address=10.4.31.1/24 interface=VLAN-31-<client>network=10.4.31.0
add address=10.4.51.1/24 interface=VLAN-501-<client>-Data network=10.4.51.0
add address=10.4.53.1/24 interface=VLAN-510-<client>-Data network=10.4.53.0
add address=10.4.52.1/24 interface=VLAN-508-<client>-Data network=10.4.52.0
add address=10.4.54.1/24 interface=VLAN-520-<client>network=10.4.54.0
add address=10.4.32.1/24 interface=VLAN-32-<client>-Data network=10.4.32.0
add address=10.4.61.1/24 interface=VLAN-311-<client>network=10.4.61.0
add address=10.4.36.1/24 interface=VLAN-36-<client>-310C network=10.4.36.0
add address=10.4.38.1/24 interface=VLAN-308-<client>network=10.4.38.0
add address=10.4.39.1/24 interface=VLAN-309-<client>-Voice network=10.4.39.0
add address=10.4.57.1/24 interface=VLAN-545-<client> network=10.4.57.0
add address=192.168.20.1/24 interface=VLAN-401-<client>network=192.168.20.0
add address=10.4.105.1/24 interface=VLAN-105-<client>network=10.4.105.0
add address=10.4.93.1/24 interface=VLAN-935 network=10.4.93.0
add address=10.4.101.1/24 interface=VLAN-1001-<client>-Guest network=10.4.101.0
add address=10.4.100.1/24 interface=VLAN-1000-<client>network=10.4.100.0
add address=192.168.100.1/24 interface=VLAN-30-<client>network=192.168.100.0
add address=10.0.0.1/24 disabled=yes interface=ether2 network=10.0.0.0
add address=10.0.1.1/24 interface=vlan2-voice network=10.0.1.0
add address=192.168.1.1/24 interface=VLAN-30-<client>network=192.168.1.0
add address=10.4.62.1/24 interface=VLAN-620-<client>network=10.4.62.0
add address=10.4.209.4/24 interface=VLAN-411-<client>-VOICE network=10.4.209.0
/ip dhcp-server lease
add address=10.4.100.29 client-id=1:c0:56:e3:3:5f:93 mac-address=C0:56:E3:03:5F:93 server=dhcp32
add address=10.4.55.40 client-id=1:0:25:36:26:c8:22 mac-address=00:25:36:26:C8:22 server=dhcp24
add address=192.168.209.156 client-id=1:0:26:73:78:31:d7 mac-address=00:26:73:78:31:D7 server=dhcp1
add address=10.4.100.40 client-id=1:0:8e:f2:f8:b8:34 mac-address=00:8E:F2:F8:B8:34 server=dhcp32
add address=10.4.100.61 client-id=1:9c:b6:54:40:32:f3 mac-address=9C:B6:54:40:32:F3 server=dhcp32
/ip dhcp-server network
add address=10.0.1.0/24 gateway=10.0.1.1
add address=10.4.10.0/24 dhcp-option=110,wec-server gateway=10.4.10.1 ntp-server=10.10.30.110
add address=10.4.11.0/24 dhcp-option=tftp-<client>gateway=10.4.11.1 ntp-server=10.10.30.110
add address=10.4.13.0/24 dhcp-option=tftp-<client>gateway=10.4.13.1 ntp-server=206.212.242.132
add address=10.4.15.0/24 dhcp-option=tftp-<client>gateway=10.4.15.1 ntp-server=206.212.242.132
add address=10.4.20.0/24 gateway=10.4.20.1 ntp-server=206.212.242.132
add address=10.4.21.0/24 gateway=10.4.21.1 ntp-server=206.212.242.132
add address=10.4.22.0/24 dns-server=208.67.222.222,208.67.220.220 gateway=10.4.22.1 ntp-server=206.212.242.132
add address=10.4.31.0/24 dhcp-option=tftp-wdc,110 gateway=10.4.31.1 ntp-server=206.212.242.132
add address=10.4.32.0/24 gateway=10.4.32.1
add address=10.4.35.0/24 gateway=10.4.35.1 ntp-server=206.212.242.132
add address=10.4.36.0/24 gateway=10.4.36.1 ntp-server=206.212.242.132
add address=10.4.38.0/24 gateway=10.4.38.1
add address=10.4.39.0/24 dhcp-option=tftp-cisco-workforce gateway=10.4.39.1
add address=10.4.51.0/24 gateway=10.4.51.1 ntp-server=206.212.242.132
add address=10.4.52.0/24 dhcp-option=tftp-wdc gateway=10.4.52.1 ntp-server=206.212.242.132
add address=10.4.53.0/24 gateway=10.4.53.1 ntp-server=206.212.242.132
add address=10.4.54.0/24 dhcp-option=tftp-wdc gateway=10.4.54.1 ntp-server=206.212.242.132
add address=10.4.55.0/24 gateway=10.4.55.1
add address=10.4.56.0/24 gateway=10.4.56.1
add address=10.4.57.0/24 gateway=10.4.57.1
add address=10.4.61.0/24 gateway=10.4.61.1 ntp-server=206.212.242.132
add address=10.4.62.0/24 gateway=10.4.62.1
add address=10.4.93.0/24 gateway=10.4.93.1
add address=10.4.100.0/24 dhcp-option=tftp-<client>gateway=10.4.100.1
add address=10.4.101.0/24 comment="hotspot network" gateway=10.4.101.1
add address=10.4.105.0/24 gateway=10.4.105.1
add address=10.4.154.0/24 dhcp-option=tftp-winning gateway=10.4.154.1
add address=10.4.209.0/24 dhcp-option=tftp-wdc,110 gateway=10.4.209.1 ntp-server=63.76.125.66
add address=10.140.1.0/24 gateway=10.140.1.1
add address=10.140.2.0/24 gateway=10.140.2.1
add address=10.140.4.0/24 dhcp-option=<client>gateway=10.140.4.1
add address=10.140.5.0/24 gateway=10.140.5.1
add address=10.140.6.0/24 gateway=10.140.6.1
add address=192.168.209.0/24 dhcp-option=tftp-wdc gateway=192.168.209.1 ntp-server=10.10.30.109
/ip dns
set allow-remote-requests=yes max-udp-packet-size=512 servers=8.8.8.8,8.8.4.4
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
add chain=forward src-address=192.168.20.0/24
add chain=forward dst-address=10.10.30.0/24 src-address=10.2.22.28
add chain=forward comment="<client>TEMP GOD RULE" dst-address=0.0.0.0/0 src-address=10.2.22.0/24
add chain=forward dst-address=10.10.30.0/24 src-address=10.4.100.0/24
add chain=forward dst-address=0.0.0.0/0 src-address=192.168.209.0/24
add chain=forward src-address=10.1.23.100
add chain=forward dst-address=10.1.23.100
add chain=forward comment="Fire Panel" dst-address=10.10.30.0/24 src-address=10.4.20.31
add chain=forward comment="Allow Established Traffic" connection-state=established
add chain=forward comment="Allow related traffic" connection-state=related
add chain=forward comment="Allow Winbox" dst-port=8291 protocol=tcp
add chain=forward comment="Allow DNS" dst-port=53 protocol=udp src-address=0.0.0.0/0
add chain=input comment="Accept DHCP" dst-port=67-68 protocol=udp
add chain=forward src-address=192.168.209.0/24
add chain=input src-address=192.168.209.0/24
add chain=forward comment="Allow <client>" src-address=10.140.4.0/24
add chain=forward comment="Allow VOIP and Building Services" dst-address=0.0.0.0/0 src-address=10.4.0.0/16
add chain=forward comment="ICMP Echo Reply" icmp-options=0 protocol=icmp src-address=0.0.0.0/0
add chain=forward comment="ICMP Echo Request" icmp-options=8 protocol=icmp src-address=0.0.0.0/0
add chain=forward comment="ICMP Time Exceeded" icmp-options=11 protocol=icmp src-address=0.0.0.0/0
add action=log chain=forward disabled=yes dst-address=10.0.0.0/8 src-address=10.140.0.0/16
add chain=forward comment="ICMP Source quench" icmp-options=4 protocol=icmp src-address=0.0.0.0/0
add action=log chain=forward comment="Log Invalid" connection-state=invalid disabled=yes log-prefix=invalid
add action=drop chain=forward comment="Drop Invalid" connection-state=invalid log-prefix=invalid
add action=drop chain=forward dst-address=10.0.0.0/8 src-address=10.140.0.0/16
add chain=forward src-address=192.168.20.0/24
add chain=forward dst-address=10.10.30.0/24 src-address=10.2.22.28
add chain=forward dst-address=10.10.30.0/24 src-address=10.4.100.0/24
add chain=forward dst-address=0.0.0.0/0 src-address=192.168.209.0/24
add chain=forward src-address=10.1.23.100
add chain=forward dst-address=10.1.23.100
add chain=forward comment="Fire Panel" dst-address=10.10.30.0/24 src-address=10.4.20.31
add chain=forward comment="Allow Established Traffic" connection-state=established
add chain=forward comment="Allow related traffic" connection-state=related
add chain=forward comment="Allow Winbox" dst-port=8291 protocol=tcp
add chain=forward comment="Allow DNS" dst-port=53 protocol=udp src-address=0.0.0.0/0
add chain=input comment="Accept DHCP" dst-port=67-68 protocol=udp
add chain=forward src-address=192.168.209.0/24
add chain=input src-address=192.168.209.0/24
add chain=forward comment="Allow <client>" src-address=10.140.4.0/24
add chain=forward comment="Allow VOIP and Building Services" dst-address=0.0.0.0/0 src-address=10.4.0.0/16
add chain=forward comment="ICMP Echo Reply" icmp-options=0 protocol=icmp src-address=0.0.0.0/0
add chain=forward comment="ICMP Echo Request" icmp-options=8 protocol=icmp src-address=0.0.0.0/0
add chain=forward comment="ICMP Time Exceeded" icmp-options=11 protocol=icmp src-address=0.0.0.0/0
add action=log chain=forward disabled=yes dst-address=10.0.0.0/8 src-address=10.140.0.0/16
add chain=forward comment="ICMP Source quench" icmp-options=4 protocol=icmp src-address=0.0.0.0/0
add action=log chain=forward comment="Log Invalid" connection-state=invalid disabled=yes log-prefix=invalid
add action=drop chain=forward comment="Drop Invalid" connection-state=invalid log-prefix=invalid
add action=drop chain=forward dst-address=10.0.0.0/8 src-address=10.140.0.0/16
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
add chain=forward src-address=192.168.20.0/24
add chain=forward dst-address=10.10.30.0/24 src-address=10.2.22.28
add chain=forward comment="<client>TEMP GOD RULE" dst-address=0.0.0.0/0 src-address=10.2.22.0/24
add chain=forward dst-address=10.10.30.0/24 src-address=10.4.100.0/24
add chain=forward dst-address=0.0.0.0/0 src-address=192.168.209.0/24
add chain=forward src-address=10.1.23.100
add chain=forward dst-address=10.1.23.100
add chain=forward comment="Fire Panel" dst-address=10.10.30.0/24 src-address=10.4.20.31
add chain=forward comment="Allow Established Traffic" connection-state=established
add chain=forward comment="Allow related traffic" connection-state=related
add chain=forward comment="Allow Winbox" dst-port=8291 protocol=tcp
add chain=forward comment="Allow DNS" dst-port=53 protocol=udp src-address=0.0.0.0/0
add chain=input comment="Accept DHCP" dst-port=67-68 protocol=udp
add chain=forward src-address=192.168.209.0/24
add chain=input src-address=192.168.209.0/24
add chain=forward comment="Allow <client>" src-address=10.140.4.0/24
add chain=forward comment="Allow VOIP and Building Services" dst-address=0.0.0.0/0 src-address=10.4.0.0/16
add chain=forward comment="ICMP Echo Reply" icmp-options=0 protocol=icmp src-address=0.0.0.0/0
add chain=forward comment="ICMP Echo Request" icmp-options=8 protocol=icmp src-address=0.0.0.0/0
add chain=forward comment="ICMP Time Exceeded" icmp-options=11 protocol=icmp src-address=0.0.0.0/0
add action=log chain=forward disabled=yes dst-address=10.0.0.0/8 src-address=10.140.0.0/16
add chain=forward comment="ICMP Source quench" icmp-options=4 protocol=icmp src-address=0.0.0.0/0
add action=log chain=forward comment="Log Invalid" connection-state=invalid disabled=yes log-prefix=invalid
add action=drop chain=forward comment="Drop Invalid" connection-state=invalid log-prefix=invalid
add action=drop chain=forward dst-address=10.0.0.0/8 src-address=10.140.0.0/16
add chain=forward src-address=192.168.20.0/24
add chain=forward dst-address=10.10.30.0/24 src-address=10.2.22.28
add chain=forward dst-address=10.10.30.0/24 src-address=10.4.100.0/24
add chain=forward dst-address=0.0.0.0/0 src-address=192.168.209.0/24
add chain=forward src-address=10.1.23.100
add chain=forward dst-address=10.1.23.100
add chain=forward comment="Fire Panel" dst-address=10.10.30.0/24 src-address=10.4.20.31
add chain=forward comment="Allow Established Traffic" connection-state=established
add chain=forward comment="Allow related traffic" connection-state=related
add chain=forward comment="Allow Winbox" dst-port=8291 protocol=tcp
add chain=forward comment="Allow DNS" dst-port=53 protocol=udp src-address=0.0.0.0/0
add chain=input comment="Accept DHCP" dst-port=67-68 protocol=udp
add chain=forward src-address=192.168.209.0/24
add chain=input src-address=192.168.209.0/24
add chain=forward comment="Allow <client>" src-address=10.140.4.0/24
add chain=forward comment="Allow VOIP and Building Services" dst-address=0.0.0.0/0 src-address=10.4.0.0/16
add chain=forward comment="ICMP Echo Reply" icmp-options=0 protocol=icmp src-address=0.0.0.0/0
add chain=forward comment="ICMP Echo Request" icmp-options=8 protocol=icmp src-address=0.0.0.0/0
add chain=forward comment="ICMP Time Exceeded" icmp-options=11 protocol=icmp src-address=0.0.0.0/0
add action=log chain=forward disabled=yes dst-address=10.0.0.0/8 src-address=10.140.0.0/16
add chain=forward comment="ICMP Source quench" icmp-options=4 protocol=icmp src-address=0.0.0.0/0
add action=log chain=forward comment="Log Invalid" connection-state=invalid disabled=yes log-prefix=invalid
add action=drop chain=forward comment="Drop Invalid" connection-state=invalid log-prefix=invalid
add action=drop chain=forward dst-address=10.0.0.0/8 src-address=10.140.0.0/16
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
/ip firewall service-port
set sip disabled=yes ports=5060,5061,8000
/ip ipsec policy
set 0 dst-address=0.0.0.0/0 src-address=0.0.0.0/0
/ip proxy
set cache-path=web-proxy1 max-cache-size=none parent-proxy=0.0.0.0
/ip route
add distance=1 gateway=10.10.15.36
add distance=1 gateway=10.10.15.36
/ip service
set telnet address=0.0.0.0/0
set ftp address=0.0.0.0/0
set www address=0.0.0.0/0
set ssh address=0.0.0.0/0
set www-ssl address=0.0.0.0/0
set api address=0.0.0.0/0 disabled=yes
set winbox address=0.0.0.0/0
/ip upnp
set allow-disable-external-interface=yes enabled=yes
/ppp profile
set *FFFFFFFE remote-address=*2C
/routing filter
add chain=ospf-out prefix=0.0.0.0/0
add chain=ospf-out prefix=0.0.0.0/0
/routing ospf interface
add interface=ether1 network-type=point-to-point
/routing ospf network
add area=backbone network=10.0.0.0/8
add area=backbone network=192.168.0.0/16
/snmp
set contact=WDC enabled=yes location="<location>" trap-target=0.0.0.0
/system clock
set time-zone-autodetect=no time-zone-name=America/Chicago
/system identity
set name=<name>
/system ntp client
set enabled=yes primary-ntp=23.99.222.162 secondary-ntp=199.102.46.77
/system routerboard settings
# Warning: memory not running at default frequency
set memory-frequency=1200DDR800DDR 1066DDR 1200DDR" and trying any of these settings results in the same "not running at default frequency" error.