Community discussions

MikroTik App
 
Ren
just joined
Topic Author
Posts: 3
Joined: Wed Oct 26, 2022 8:10 pm

Setting up CRS354-48G-4S+2Q+ vs CRS125-24G-1S as CAPsMAN server and other questions.

Thu Oct 27, 2022 11:14 am

Hello, I recently got CRS354-48G-4S+2Q+ and switching from CRS125-24G-1S as my CAPsMAN server for my CAPs, but after setting it up and doing speed tests with internet speed test sites and all of them were doing 160mbps, but I have 1gbps incoming internet that splits into 2x HP ProCurve Switch 2510-48, CRS354-48G-4S+2Q+ and CRS125-24G-1S. Then I started looking at the bandwith test to RBwAPG-5HacD2HnD and tests showed 460mbps. I then set up load balancing on CRS354-48G-4S+2Q+, but no change was present in speed vise. After a few days looking at videos and forum posts here and now today out of curiosity went to see the spec page on the 2 switches. I saw the Switching and Ethernet test results and from the looks of it I have set up in switching mode, but I used bridging.

I have around 27 APs and thinking of adding more, so now after setting up the CRS354-48G-4S+2Q+ and looking at the speeds when compared against CRS125-24G-1S:
1. Should I switch back to CRS125-24G-1S as my CAPsMAN server?
2. If so, what is the recommended way for the remaining APs to be managed by the same server while connected to CRS354-48G-4S+2Q+?
3. What do I need to change on the CRS354-48G-4S+2Q+ so the speeds would switch from 160 to 460mbps?
Before I set up load balancing, I tested the simple queue. It worked, so I added load balancing, but once it's been done I can't figure out why the simple queue is no longer working.
What did I do that made the simple queue no longer work?

The configuration export for CRS354-48G-4S+2Q+ export hide-sensitive and other sensitive edits (static ip for x amount of clients, password, mail)
# oct/27/2022 10:26:54 by RouterOS 6.49.7
# software id = 1TEM-2DPD
#
# model = CRS354-48G-4S+2Q+
# serial number = 
/caps-man channel
add band=2ghz-b/g/n name=2GHz_user1
add band=2ghz-b/g/n name=2GHz_guest
add band=5ghz-a/n/ac name=5GHz_guest
add band=5ghz-a/n/ac name=5GHz_user1
/interface bridge
add disabled=yes name=user1_bridge
add name=bridge
/interface ethernet
set [ find default-name=ether1 ] name=ether1-wan1
set [ find default-name=ether45 ] name=ether45-wan2
/caps-man datapath
add bridge=bridge name=datapath
add bridge=user1_bridge name=datapath_user1
/caps-man security
add authentication-types=wpa2-psk encryption=aes-ccm name=user1_pass
add authentication-types=wpa2-psk encryption=aes-ccm name=Guest_pass
/caps-man configuration
add channel=2GHz_user1 country=latvia datapath=datapath installation=\
    outdoor mode=ap name=cfg1 rx-chains=0,1 security=Guest_pass ssid=WLAN-name \
    tx-chains=0,1
add channel=5GHz_user1 country=latvia datapath=datapath installation=\
    outdoor mode=ap name=cfg2 security=Guest_pass ssid="WLAN-name 5GHz"
add channel=2GHz_guest country=latvia datapath=datapath installation=outdoor \
    mode=ap name=cfg3 rx-chains=0,1 security=Guest_pass ssid=WLAN-name tx-chains=\
    0,1
add channel=5GHz_guest country=latvia datapath=datapath installation=outdoor \
    mode=ap name=cfg4 security=Guest_pass ssid="WLAN-name 5ghz"
add channel=2GHz_user1 country=latvia datapath=datapath_user1 \
    installation=outdoor mode=ap name=cfg_test rx-chains=0,1 security=\
    user1_pass ssid="WLAN-name test" tx-chains=0,1
add channel=5GHz_user1 country=latvia datapath=datapath_user1 \
    installation=outdoor mode=ap name=cfg_test5 security=Guest_pass ssid=\
    "WLAN-name test 5GHz"
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool0 ranges=\
    10.100.108.1-10.100.110.0,10.100.110.2-10.100.111.254
add name=dhcp_pool1 ranges=10.100.115.2-10.100.115.254
/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface=bridge lease-time=1d name=\
    dhcp1
add address-pool=dhcp_pool1 disabled=no interface=user1_bridge \
    lease-time=1d name=dhcp2
/queue simple
add disabled=yes name=Global target="10.100.115.0/24,10.100.108.0/24,10.100.10\
    9.0/24,10.100.111.0/24,10.100.110.0/24"
add disabled=yes name=user1 parent=Global priority=1/1 target=\
    10.100.115.0/24
add name=Test target=10.100.109.0/24
/caps-man access-list
add action=accept allow-signal-out-of-range=10s disabled=no signal-range=\
    -80..120 ssid-regexp=""
add action=reject allow-signal-out-of-range=10s disabled=no signal-range=\
    -120..81 ssid-regexp=""
/caps-man manager
set enabled=yes
/caps-man provisioning
add action=create-dynamic-enabled hw-supported-modes=b,gn \
    master-configuration=cfg1 name-format=prefix-identity
add action=create-dynamic-enabled disabled=yes hw-supported-modes=a \
    master-configuration=cfg_test5 name-format=prefix-identity
add action=create-dynamic-enabled disabled=yes hw-supported-modes=b,gn \
    master-configuration=cfg_test name-format=prefix-identity
add action=create-dynamic-enabled hw-supported-modes=a master-configuration=\
    cfg2 name-format=prefix-identity
/interface bridge port
add bridge=bridge interface=ether2
add bridge=bridge interface=ether3
add bridge=bridge interface=ether4
add bridge=bridge interface=ether5
add bridge=bridge interface=ether6
add bridge=bridge interface=ether7
add bridge=bridge interface=ether8
add bridge=bridge interface=ether9
add bridge=bridge interface=ether10
add bridge=bridge interface=ether11
add bridge=bridge interface=ether12
add bridge=bridge interface=ether13
add bridge=bridge interface=ether14
add bridge=bridge interface=ether15
add bridge=bridge interface=ether16
add bridge=bridge interface=ether17
add bridge=bridge interface=ether18
add bridge=bridge interface=ether19
add bridge=bridge interface=ether20
add bridge=bridge interface=ether21
add bridge=bridge interface=ether22
add bridge=bridge interface=ether23
add bridge=bridge interface=ether24
add bridge=bridge interface=ether25
add bridge=bridge interface=ether26
add bridge=bridge interface=ether27
add bridge=bridge interface=ether28
add bridge=bridge interface=ether29
add bridge=bridge interface=ether30
add bridge=bridge interface=ether31
add bridge=bridge interface=ether32
add bridge=bridge interface=ether33
add bridge=bridge interface=ether34
add bridge=bridge interface=ether35
add bridge=bridge interface=ether36
add bridge=bridge interface=ether37
add bridge=bridge interface=ether38
add bridge=bridge interface=ether39
add bridge=bridge interface=ether40
add bridge=bridge interface=ether41
add bridge=bridge interface=ether42
add bridge=bridge interface=ether43
add bridge=bridge interface=ether44
/interface detect-internet
set detect-interface-list=all
/ip address
add address=10.100.110.1/22 interface=bridge network=10.100.108.0
add address=10.100.115.1/24 interface=user1_bridge network=10.100.115.0
/ip dhcp-client
add add-default-route=no comment="internet detect" disabled=no interface=\
    ether1-wan1
add add-default-route=no comment="internet detect" disabled=no interface=\
    ether45-wan2
/ip dhcp-server network
add address=10.100.108.0/22 gateway=10.100.110.1
add address=10.100.115.0/24 gateway=10.100.115.1
add address=10.100.120.0/24 gateway=10.100.120.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked disabled=yes
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid disabled=yes
add action=accept chain=input comment="defconf: accept ICMP" disabled=yes \
    protocol=icmp
add action=accept chain=input comment=\
    "defconf: accept to local loopback (for CAPsMAN)" disabled=yes \
    dst-address=127.0.0.1
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    disabled=yes ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    disabled=yes ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related disabled=yes
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked disabled=yes
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid disabled=yes
/ip firewall mangle
add action=accept chain=prerouting dst-address=10.100.100.0/24 in-interface=\
    bridge
add action=accept chain=prerouting dst-address=10.100.101.0/24 in-interface=\
    bridge
add action=mark-connection chain=prerouting connection-mark=no-mark \
    in-interface=ether1-wan1 new-connection-mark=WAN1_conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark \
    in-interface=ether45-wan2 new-connection-mark=WAN2_conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark \
    dst-address-type=!local in-interface=bridge new-connection-mark=WAN1_conn \
    passthrough=yes per-connection-classifier=both-addresses:2/0
add action=mark-connection chain=prerouting connection-mark=no-mark \
    dst-address-type=!local in-interface=bridge new-connection-mark=WAN2_conn \
    passthrough=yes per-connection-classifier=both-addresses:2/1
add action=mark-routing chain=prerouting connection-mark=WAN1_conn \
    in-interface=bridge new-routing-mark=to_WAN1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN2_conn \
    in-interface=bridge new-routing-mark=to_WAN2 passthrough=yes
add action=mark-routing chain=output connection-mark=WAN1_conn \
    new-routing-mark=to_WAN1 passthrough=yes
add action=mark-routing chain=output connection-mark=WAN2_conn \
    new-routing-mark=to_WAN2 passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat
add action=masquerade chain=srcnat out-interface=ether1-wan1
add action=masquerade chain=srcnat out-interface=ether45-wan2
/ip route
add check-gateway=ping distance=1 gateway=10.100.100.1 routing-mark=to_WAN1
add check-gateway=ping distance=1 gateway=10.100.101.1 routing-mark=to_WAN2
add distance=1 gateway=10.100.100.1
add check-gateway=ping distance=1 gateway=10.100.100.1
add check-gateway=ping distance=1 gateway=10.100.101.1
/system clock
set time-zone-name=Europe/Riga
/system identity
set name="48 switch"
/system routerboard settings
set boot-os=router-os
/system scheduler
add interval=1d name="Automatic Reboot" on-event="system reboot" policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-date=sep/20/2022 start-time=02:01:00
/system script
add dont-require-permissions=yes name=217-down owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="/\
    tool e-mail send \\\
    \nfrom=\"capsman@gmail.com\" server=\"smtp.gmail.com\" body=\" \
    \" \\\
    \nsubject=\"217 AP Down\" to=\"adminl@gmail.com\""
add dont-require-permissions=yes name=216-down owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="/\
    tool e-mail send \\\
    \nfrom=\"capsman@gmail.com\" server=\"smtp.gmail.com\" body=\" \
    \" \\\
    \nsubject=\"216 AP Down\" to=\"adminl@gmail.com\""
add dont-require-permissions=yes name=133-down owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="/\
    tool e-mail send \\\
    \nfrom=\"capsman@gmail.com\" server=\"smtp.gmail.com\" body=\" \
    \" \\\
    \nsubject=\"133 AP Down\" to=\"adminl@gmail.com\""
add dont-require-permissions=yes name=213-down owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="/\
    tool e-mail send \\\
    \nfrom=\"capsman@gmail.com\" server=\"smtp.gmail.com\" body=\" \
    \" \\\
    \nsubject=\"213 AP Down\" to=\"adminl@gmail.com\""
add dont-require-permissions=yes name=220-down owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="/\
    tool e-mail send \\\
    \nfrom=\"capsman@gmail.com\" server=\"smtp.gmail.com\" body=\" \
    \" \\\
    \nsubject=\"220 AP Down\" to=\"adminl@gmail.com\""
add dont-require-permissions=yes name=222-down owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="/\
    tool e-mail send \\\
    \nfrom=\"capsman@gmail.com\" server=\"smtp.gmail.com\" body=\" \
    \" \\\
    \nsubject=\"222 AP Down\" to=\"adminl@gmail.com\""
add dont-require-permissions=yes name=224-down owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="/\
    tool e-mail send \\\
    \nfrom=\"capsman@gmail.com\" server=\"smtp.gmail.com\" body=\" \
    \" \\\
    \nsubject=\"224 AP Down\" to=\"adminl@gmail.com\""
add dont-require-permissions=yes name=informatika-down owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="/\
    tool e-mail send \\\
    \nfrom=\"capsman@gmail.com\" server=\"smtp.gmail.com\" body=\" \
    \" \\\
    \nsubject=\"informatika AP Down\" to=\"adminl@gmail.com\""
add dont-require-permissions=yes name=139-down owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="/\
    tool e-mail send \\\
    \nfrom=\"capsman@gmail.com\" server=\"smtp.gmail.com\" body=\" \
    \" \\\
    \nsubject=\"139 AP Down\" to=\"adminl@gmail.com\""
/tool e-mail
set address=smtp.gmail.com from=capsman@gmail.com port=587 \
    start-tls=yes user=capsman@gmail.com
/tool graphing interface
add interface=bridge
/tool netwatch
add down-script=217-down host=10.100.109.253
add down-script=216-down host=10.100.109.250
add down-script=133-down host=10.100.109.237
add down-script=213-down host=10.100.109.226
add down-script=220-down host=10.100.109.229
add down-script=222-down host=10.100.109.166
add down-script=224-down host=10.100.109.198
add down-script=informatika-down host=10.100.109.255
add down-script=139-down host=10.100.109.160
 
tdw
Forum Guru
Forum Guru
Posts: 1843
Joined: Sat May 05, 2018 11:55 am

Re: Setting up CRS354-48G-4S+2Q+ vs CRS125-24G-1S as CAPsMAN server and other questions.

Thu Oct 27, 2022 1:14 pm

CRS devices have low performance CPUs as they were intended as wire-speed layer 2 switches with minor use of the layer 3 services provided by the CPU, they were never intended to be high performance routers.

With RouterOS 7 some CRS3xx/CRS5xx devices can now use the switch chip layer 3 hardware offloading to make up for lack of CPU performance, see https://help.mikrotik.com/docs/display/ ... Offloading

The CAPsMAN controller does not have to run on the same Mikrotik which is acting as your router. If you use local forwarding the CPU utilisation is minimal, however using CAPsMAN forwarding uses the CPU as every packet to or from the CAPs has to be encapsulated or decapsulated, see https://help.mikrotik.com/docs/display/ ... with+VLANs
 
Ren
just joined
Topic Author
Posts: 3
Joined: Wed Oct 26, 2022 8:10 pm

Re: Setting up CRS354-48G-4S+2Q+ vs CRS125-24G-1S as CAPsMAN server and other questions.

Fri Oct 28, 2022 8:48 am

So I today turned on fastrack on the CRS354-48G-4S+2Q+ and the speed went down to like 25kbps, then I turned off my load balancing mangle rules, it then skyroketed to 480mbps.
For the time beeing the load balancing can be ignored, but I been searnching around of having fastrack on and simple queue working at the same time, but my goal with the simple queues is devices on 10.100.115.1/24 would have network priority over devices in 10.100.110.1/22. At the moment I haven't yet found a solution to my problem.
I know I could limit on the /22 network per device speed over pcq, but in that case the full bandwith woulnt be used.
 
tdw
Forum Guru
Forum Guru
Posts: 1843
Joined: Sat May 05, 2018 11:55 am

Re: Setting up CRS354-48G-4S+2Q+ vs CRS125-24G-1S as CAPsMAN server and other questions.

Fri Oct 28, 2022 3:02 pm

Mangle and queues both require handling by the CPU so are not compatible with fasttrack or L3 hardware offload.
 
User avatar
chechito
Forum Guru
Forum Guru
Posts: 2990
Joined: Sun Aug 24, 2014 3:14 am
Location: Bogota Colombia
Contact:

Re: Setting up CRS354-48G-4S+2Q+ vs CRS125-24G-1S as CAPsMAN server and other questions.

Fri Oct 28, 2022 3:07 pm

bad idea to use a switch for this role

you need a capable router to do the role of caps manager
 
Ren
just joined
Topic Author
Posts: 3
Joined: Wed Oct 26, 2022 8:10 pm

Re: Setting up CRS354-48G-4S+2Q+ vs CRS125-24G-1S as CAPsMAN server and other questions.

Fri Oct 28, 2022 3:49 pm

bad idea to use a switch for this role

you need a capable router to do the role of caps manager
Well sadly I wasn't the one who decided for the devices.

Who is online

Users browsing this forum: cmmike, Fogga, mszru and 40 guests