I recently purchased a brand new CCR2004-1G-12S+2XS hoping to take full advantage of my upgraded ISP speeds. However, I’m struggling to get the expected performance out of it, and in some cases, it performs worse than my old CRS125-24G-1S-2HnD.
My CCR2004:
Firmware: 7.18.2
ROS: 7.18.2
Two MikroTik S+RJ10 , original ones, from Mikrotik
Vendor revision: 2.16
Manufacturing date: 24-07-24
Current Setup:
- ISP Speed: 1.2 Gbps download / 350 Mbps upload
- ISP Modem Ports: (2) 2.5 GbE & (4) 1 GbE
- Public IP: 1 provided by ISP (Modem also runs NAT/DHCP on 10.1.10.0/24)
- Old Router (CRS125-24G-1S-2HnD): Maxes out at 280 Mbps up/down even with FastTrack
- New Router (CCR2004-1G-12S+2XS): Speeds even slower than CRS125
- LAN: 10.0.0.0/24
Tests Performed:
1- Laptop directly to ISP modem (DHCP Client)
----Ookla Speed Test: 900/350 Mbps (Laptop only has 1 GbE port)
2- Laptop directly to ISP modem (Static Public IP)
----Ookla Speed Test: 900/350 Mbps
3- CCR2004 with latest firmware/RouterOS (7.18.2)
----Without FastTrack: 40/250 Mbps
----With FastTrack: 130/350 Mbps (Still much slower than CRS125)
4- CRS125 still outperforms CCR2004 despite having more firewall rules, VLANs, OpenVPN, etc.
5- Both routers connected to the same Cisco Catalyst switch, same PC used for testing.
CCR2004 Configuration Summary:
- sfp-sfpplus1 (WAN) → Connected to ISP modem (2.5Gbps link)
- sfp-sfpplus2 (LAN) → Connected to internal network (1Gbps link)
- NAT Masquerade enabled on WAN
- Default Route to ISP
- Tried with/without FastTrack
- Tried different bridge setups, NAT variations, still no improvement.
Additional Notes:
- I do NOT have physical access to the routers at the moment.
----I’m managing everything remotely using a small MikroTik router running OpenVPN, accessing both the CRS125 and CCR2004 via RoMon.
- I haven’t tested direct laptop-to-CCR2004 yet (limited remote assistance).
- Other devices on the Cisco Catalyst switch can transfer files at 120 MB/sec, so LAN performance should not be the issue.
Questions:
1- Why is my new CCR2004 performing worse than the CRS125?
2- Am I missing something obvious in the configuration?
3- Could it be an issue with the MikroTik S+RJ10 2.5G transceivers?
4- What should I check next to troubleshoot the slow speeds?
This is my config, very, very simple:
This is the config for the CCR2004 (I replaced some characters on my public IP)
Code: Select all
# 2025-03-19 03:29:54 by RouterOS 7.18.2
# software id = **ELIDED**
#
# model = CCR2004-1G-12S+2XS
# serial number = XXXXXXXXXXX
/interface bridge
add name=bridge1
/port
set 0 name=serial0
/interface bridge port
add bridge=bridge1 interface=sfp-sfpplus2
/ip address
add address=10.0.0.1/24 interface=bridge1 network=10.0.0.0
add address=AA2.17.AA3.201/30 interface=sfp-sfpplus1 network=AA2.17.AA3.200
/ip cloud
set ddns-enabled=yes
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip firewall nat
add action=masquerade chain=srcnat out-interface=sfp-sfpplus1
/ip route
add disabled=no dst-address=0.0.0.0/0 gateway=AA2.17.AA3.202 routing-table=main suppress-hw-offload=no
/system clock
set time-zone-name=**ELIDED**
/system note
set show-at-login=no
/system routerboard settings
set enter-setup-on=delete-key
/tool romon
set enabled=yesLIke I said, I tried also with fasttrack:
Code: Select all
# 2025-03-19 03:45:18 by RouterOS 7.18.2
# software id = **ELIDED**
#
# model = CCR2004-1G-12S+2XS
# serial number = XXXXXXXX
/interface bridge
add name=bridge1
/port
set 0 name=serial0
/interface bridge port
add bridge=bridge1 interface=sfp-sfpplus2
/ip address
add address=10.0.0.1/24 interface=bridge1 network=10.0.0.0
add address=AA2.17.AA3.201/30 interface=sfp-sfpplus1 network=AA2.17.AA3.200
/ip cloud
set ddns-enabled=yes
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip firewall filter
add action=fasttrack-connection chain=forward connection-state=established,related hw-offload=yes out-interface=\
sfp-sfpplus1
/ip firewall nat
add action=masquerade chain=srcnat out-interface=sfp-sfpplus1
/ip route
add disabled=no dst-address=0.0.0.0/0 gateway=AA2.17.AA3.202 routing-table=main suppress-hw-offload=no
/system clock
set time-zone-name=**ELIDED**
/system note
set show-at-login=no
/system routerboard settings
set enter-setup-on=delete-key
/tool romon
set enabled=yesI’d really appreciate any insight or recommendations! Thanks in advance for your help.
