Community discussions

MikroTik App
 
misterdp
just joined
Topic Author
Posts: 6
Joined: Mon Feb 19, 2024 12:10 am

CRS125-24G-1S - Internet Link

Mon Feb 19, 2024 4:58 am

I'm a newbie to this forum so please forgive my knowledge. :o I have a CRS125-24G-1S, configured as a router behind a 300Mbps service. I've setup a bridge and have ether1-WAN and ether2-LAN ports with the remaining slaved to ether2. The entire infrastructure is wired with CAT6 and all devices are 1Gb capable. In testing, I'm finding none of my devices will exceed 100-130Mbps with typical test sites like Google and Fast.com. If I remove the router/switch and connect a test device directly to the cable modern, it easily achieves the subscribed service level. So my CRS125-24G seems to be the bottleneck.

I've gone over the basic configuration but I must be missing something. Any advice on how to best narrow down would be greatly appreciated.
 
erlinden
Forum Guru
Forum Guru
Posts: 1958
Joined: Wed Jun 12, 2013 1:59 pm
Location: Netherlands

Re: CRS125-24G-1S - Internet Link

Mon Feb 19, 2024 9:44 am

The S in CRS stands for switch, you are using a switch as router. It is functionally capable of working as router, but with the lack of routing performance.

You could expect around 250Mbps max, according to this (routring, 25 ip filter rules):
https://mikrotik.com/product/CRS125-24G ... estresults

There seems to be some improvement possible, can you share your current config?
/export file=anynameyoulike
Remove serial and private info like public IP address
 
misterdp
just joined
Topic Author
Posts: 6
Joined: Mon Feb 19, 2024 12:10 am

Re: CRS125-24G-1S - Internet Link

Mon Feb 19, 2024 5:15 pm

Thanks, yes. I recall when I bought it several years ago that configuration as a router would reduce throughput, but at the time I only have 50Mbps service and thought this would be fine. I'm hoping to eek a little more then current 130Mbps max - 250Mbps would be a dream! I've captured the configuration as requested. I immediately see all ports seems to be bound to 100Mbps despite advertising 1000Mbps:

/interface ethernet
set [ find default-name=ether1 ] comment=WAN name="ether1-[Internet]" speed=100Mbps
set [ find default-name=ether2 ] comment="LAN - All ports are switched off Ethernet2" name=ether2-LAN speed=100Mbps
set [ find default-name=ether3 ] name=ether3-slave-local speed=100Mbps
set [ find default-name=ether4 ] name=ether4-slave-local speed=100Mbps
set [ find default-name=ether5 ] name=ether5-slave-local speed=100Mbps
set [ find default-name=ether6 ] name=ether6-slave-local speed=100Mbps
set [ find default-name=ether7 ] name=ether7-slave-local speed=100Mbps
set [ find default-name=ether8 ] name=ether8-slave-local speed=100Mbps
set [ find default-name=ether9 ] name=ether9-slave-local speed=100Mbps
set [ find default-name=ether10 ] name=ether10-slave-local speed=100Mbps
set [ find default-name=ether11 ] name=ether11-slave-local speed=100Mbps
set [ find default-name=ether12 ] name=ether12-slave-local speed=100Mbps
set [ find default-name=ether13 ] name=ether13-slave-local speed=100Mbps
set [ find default-name=ether14 ] name=ether14-slave-local speed=100Mbps
set [ find default-name=ether15 ] name=ether15-slave-local speed=100Mbps
set [ find default-name=ether16 ] name=ether16-slave-local speed=100Mbps
set [ find default-name=ether17 ] name=ether17-slave-local speed=100Mbps
set [ find default-name=ether18 ] name=ether18-slave-local speed=100Mbps
set [ find default-name=ether19 ] name=ether19-slave-local speed=100Mbps
set [ find default-name=ether20 ] name=ether20-slave-local speed=100Mbps
set [ find default-name=ether21 ] name=ether21-slave-local speed=100Mbps
set [ find default-name=ether22 ] name=ether22-slave-local speed=100Mbps
set [ find default-name=ether23 ] name=ether23-slave-local speed=100Mbps
set [ find default-name=ether24 ] name=ether24-slave-local speed=100Mbps
set [ find default-name=sfp1 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=sfp1-gateway

My complete config is attached.
CRS125.txt
Appreciate the assist!
You do not have the required permissions to view the files attached to this post.
 
misterdp
just joined
Topic Author
Posts: 6
Joined: Mon Feb 19, 2024 12:10 am

Re: CRS125-24G-1S - Internet Link

Wed Feb 21, 2024 2:16 am

Update! I've done a couple of items to test:
- I've removed 3 filter rules from my firewall configuration. I'm now down to 7 from 10.
- I tried to force negotiation to 1000Mbps on the LAN & WAN ports (ethernet 2 and 1 respectively). This failed and I lost internet! Connected back via winbox.exe / MAC address and reset.
I'm wondering if I can streamline my firewall ruleset further. I can't help but think the issue is stemming from here.
 
jaclaz
Long time Member
Long time Member
Posts: 624
Joined: Tue Oct 03, 2023 4:21 pm

Re: CRS125-24G-1S - Internet Link

Wed Feb 21, 2024 11:50 am

I don't know, but if the published tests talk of 240-250 with 25 firewall rules and you get 100-130 with 10 (or 7), it sounds like there is *something else* slowing down the network.

The speed=100Mbps should be irrelevant, you should have auto-negotiation=yes, then the speed value is not used at all, see:
viewtopic.php?t=100057
viewtopic.php?t=172797
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11593
Joined: Thu Mar 03, 2016 10:23 pm

Re: CRS125-24G-1S - Internet Link

Wed Feb 21, 2024 6:32 pm

I don't know, but if the published tests talk of 240-250 with 25 firewall rules and you get 100-130 with 10 (or 7), it sounds like there is *something else* slowing down the network.
AFAIK test results are achievable if fasttrack is in use, otherwise not easily. OP's config is a slight mess as it pulls lots if legacy (pre-6.40 bridge config, etc.). And it lacks quite a few useful firewall rules, fasttrack included. I'd reset it to defaults and apply default firewall config for small routers (it probably comes without routing config being a CRS). And then add specifics.

Or go for a faster router (any of modern hAP device can do at least 1Gbps) and use CRS for what it is: a switch.
 
misterdp
just joined
Topic Author
Posts: 6
Joined: Mon Feb 19, 2024 12:10 am

Re: CRS125-24G-1S - Internet Link

Thu Feb 22, 2024 2:32 am

Completely agree my config is a “slight mess” or more and going to be the bottleneck - not the network otherwise, which I have proven by removing the CRS from the equation. My experience with network routing and switching is limited so I’m sure I messed something up several years ago when I purchased and originally configured. Back then my service was only 50Mbps, so the performance loss was not a concern. I’ve only recently received the service uplift to 300Mbps so now it has become more apparent. I’m going to try the reset back to default configuration and layer in a simple firewall rule set to see if anything improves. Otherwise, I’ll just front it with an appropriate router (thinking of a basic hEX 5-port) and converting the CRS back to switch mode. Thanks for the responses everyone. I’ll update the thread when I finalize.
 
misterdp
just joined
Topic Author
Posts: 6
Joined: Mon Feb 19, 2024 12:10 am

Re: CRS125-24G-1S - Internet Link

Sun Feb 25, 2024 7:41 pm

**UPDATE**
I reset the CRS back to factory defaults and configured QuickSet in ROUTER mode, using pretty much standard, out-of-box recommendations. I then:

1. Set a new password for admin access. (new user+password with admin disabled). Also only allow for MAC driven access - not internal IP.
2. Shutdown all external services that come enabled by default with the OOB config, including Telnet, WWW, SSH. Within the first 5 min of the being online, the device was flooded with "invalid login" attempts across a variety of standard usernames (admin, telecoadmin, root, etc.)
3. Set DNS resolution to my internal pi-hole which points to google and cloud flare upstream DNS servers.
4. Ran speedtest via Google. I immediately noticed 200-210Mbps download, almost doubling my hardwired speed. Much better. I was thinking I would be satisfied with this, but then I moved on to Mikrotik firewall recommended settings (help.mikrotik.com) and populated a recommended firewall ruleset, including FastTrack rules for established and related connections, giving me a total of 18 firewall rules.

Running speedtest now, I am getting above my subscribed rate (300/30), giving me 343Mbps down and 31Mbps up which is also beyond what is expected / published for the Mikrotik in router mode! I couldn't be happier and didn't need to purchase a new upstream router and revert the CRS to switch mode.

Thanks to everyone who steered me in the right direction!
Last edited by misterdp on Sun Feb 25, 2024 7:46 pm, edited 1 time in total.
 
erlinden
Forum Guru
Forum Guru
Posts: 1958
Joined: Wed Jun 12, 2013 1:59 pm
Location: Netherlands

Re: CRS125-24G-1S - Internet Link

Sun Feb 25, 2024 7:45 pm

Within the first 5 min of the being online, the device was flooded with "invalid login" attempts across a variety of standard usernames (admin, telecoadmin, root, etc.)
This indicates that your logging is working! Is it logged by the default block rule in the input chain, or did you by chance open too many ports?
 
misterdp
just joined
Topic Author
Posts: 6
Joined: Mon Feb 19, 2024 12:10 am

Re: CRS125-24G-1S - Internet Link

Sun Feb 25, 2024 7:52 pm

This was before I set any firewall rules, period. Just highlighting how quickly I was being attacked when I simply set the default configuration which comes with Telnet, WWW, SSH open by default. Shutting down those services halted the attacks and now of course the new firewall ruleset shores everything up from external actors.

Who is online

Users browsing this forum: Bing [Bot], pfturner and 43 guests