Finally, I've changed ISP (and I have an external IP ^^). ISP declared speed is 800mbit and I can achieve that by connecting directly to the ISP modem, unfortunately, the device connected to mikrotik at 1GBit port isn't able to get more than 400mbit. I think my FastTrack is fine cause when I disable it gets down from 400 to 100mbit. I've checked the cables and all are fine, device and ISP modem connects at 1Gbps/Full.
Any idea what's wrong? Can't find any info on the forum what more I can check?
Below is my configuration:
Code: Select all
# dec/03/2022 11:35:44 by RouterOS 7.6
# software id = W809-WKMN
#
# model = RB2011UiAS
# serial number = 763107CFDDAF
/interface bridge
add admin-mac=64:D1:54:13:88:1C auto-mac=no fast-forward=no name=LOCAL-BRIDGE
/interface ethernet
set [ find default-name=ether1 ] name=ETH1-FIB-WAN
set [ find default-name=ether2 ] name=ETH2-LTE-WAN
set [ find default-name=ether3 ] name=ETH3-NAT
set [ find default-name=ether4 ] name=ETH4-NAT
set [ find default-name=ether5 ] name=ETH5-NAT
set [ find default-name=ether6 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=ETH6-NAT
set [ find default-name=ether7 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=ETH7-NAT
set [ find default-name=ether8 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=ETH8-NAT
set [ find default-name=ether9 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=ETH9-NAT
set [ find default-name=ether10 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=ETH10-NAT
set [ find default-name=sfp1 ] name=SFP-NAT
/interface vlan
add comment=GUEST interface=LOCAL-BRIDGE name=GUEST vlan-id=3
/interface list
add exclude=dynamic name=discover
add name=mactel
add name=mac-winbox
add name=WAN-INTERFACES
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] name=GUEST
/ip pool
add comment=LAN name=dhcp ranges=172.16.1.1-172.16.1.200
add comment=GUEST name=DHCP-GUEST ranges=192.168.0.100-192.168.0.150
/ip dhcp-server
add address-pool=dhcp authoritative=after-2sec-delay interface=LOCAL-BRIDGE name=DHCP-LAN
add address-pool=DHCP-GUEST interface=GUEST name=DHCP-GUEST
/port
set 0 name=serial0
/routing bgp template
set default disabled=no output.network=bgp-networks
/routing ospf instance
add disabled=no name=default-v2
/routing ospf area
add disabled=yes instance=default-v2 name=backbone-v2
/snmp community
add addresses=0.0.0.0/0,::/0 authentication-protocol=SHA1 encryption-protocol=AES name=monitoring security=private write-access=yes
/user group
add name=homeassistant policy=reboot,read,write,policy,test,api,!local,!telnet,!ssh,!ftp,!winbox,!password,!web,!sniff,!sensitive,!romon,!rest-api
/interface bridge port
add bridge=LOCAL-BRIDGE ingress-filtering=no interface=ETH6-NAT
add bridge=LOCAL-BRIDGE hw=no ingress-filtering=no interface=SFP-NAT
add bridge=LOCAL-BRIDGE ingress-filtering=no interface=ETH3-NAT
add bridge=LOCAL-BRIDGE ingress-filtering=no interface=ETH4-NAT
add bridge=LOCAL-BRIDGE ingress-filtering=no interface=ETH5-NAT
add bridge=LOCAL-BRIDGE ingress-filtering=no interface=ETH7-NAT
add bridge=LOCAL-BRIDGE ingress-filtering=no interface=ETH8-NAT
add bridge=LOCAL-BRIDGE ingress-filtering=no interface=ETH9-NAT
add bridge=LOCAL-BRIDGE ingress-filtering=no interface=ETH10-NAT
/ip neighbor discovery-settings
set discover-interface-list=none
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface list member
add interface=SFP-NAT list=discover
add interface=ETH2-LTE-WAN list=WAN-INTERFACES
add interface=ETH3-NAT list=discover
add interface=ETH4-NAT list=discover
add interface=ETH5-NAT list=discover
add interface=ETH6-NAT list=discover
add interface=ETH7-NAT list=discover
add interface=ETH8-NAT list=discover
add interface=ETH9-NAT list=discover
add interface=ETH10-NAT list=discover
add interface=LOCAL-BRIDGE list=discover
add interface=LOCAL-BRIDGE list=mactel
add interface=LOCAL-BRIDGE list=mac-winbox
add interface=ETH1-FIB-WAN list=WAN-INTERFACES
/interface ovpn-server server
set auth=sha1,md5
/ip address
add address=172.16.0.1/22 comment=LAN interface=LOCAL-BRIDGE network=172.16.0.0
add address=192.168.0.1/24 comment=GUEST interface=GUEST network=192.168.0.0
/ip dhcp-client
add interface=ETH1-FIB-WAN use-peer-dns=no use-peer-ntp=no
add default-route-distance=2 interface=ETH2-LTE-WAN use-peer-dns=no use-peer-ntp=no
/ip dhcp-server lease
add address=172.16.1.200 client-id=1:34:2:86:b3:26:c1 mac-address=34:02:86:B3:26:C1 server=DHCP-LAN
add address=172.16.1.222 client-id=1:60:6d:c7:1e:7c:f7 comment="Sony Bravia TV" mac-address=60:6D:C7:1E:7C:F7 server=DHCP-LAN
add address=172.16.0.30 comment="HP T620" mac-address=7C:D3:0A:10:9B:8B server=DHCP-LAN
add address=172.16.3.10 client-id=1:ec:71:db:6b:d0:99 mac-address=EC:71:DB:6B:D0:99 server=DHCP-LAN
add address=172.16.3.50 comment="Tuya WiFi Kotlownia" disabled=yes mac-address=84:E3:42:4E:34:34 server=DHCP-LAN
add address=172.16.3.100 client-id=1:50:eb:f6:5:98:89 comment="Wideodomofon - Client AP" mac-address=50:EB:F6:05:98:89 server=DHCP-LAN
add address=172.16.3.101 client-id=1:72:91:41:23:3d:56 comment="Wideodomofon - Tuya" mac-address=72:91:41:23:3D:56 server=DHCP-LAN
add address=172.16.3.102 comment="Tasmota OpenThermGW" mac-address=C8:C9:A3:5D:EC:0C server=DHCP-LAN
add address=172.16.0.99 client-id=1:b0:52:16:60:4d:8c mac-address=B0:52:16:60:4D:8C server=DHCP-LAN
add address=172.16.1.201 client-id=1:38:de:ad:e1:a4:97 mac-address=38:DE:AD:E1:A4:97 server=DHCP-LAN
add address=172.16.3.103 mac-address=94:B9:7E:FA:83:58 server=DHCP-LAN
/ip dhcp-server network
add address=172.16.0.0/22 comment=LAN dns-server=172.16.0.2,172.16.0.3 gateway=172.16.0.1 netmask=22 ntp-server=172.16.0.1
add address=192.168.0.0/24 comment=GUEST dns-server=192.168.0.1 gateway=192.168.0.1 netmask=24
/ip dns
set allow-remote-requests=yes cache-max-ttl=1d max-concurrent-queries=120 max-concurrent-tcp-sessions=30 servers=172.16.0.2
/ip dns static
add address=172.16.0.1 name=mikrotik.lan
add address=172.16.1.200 name=uBox.lan
add address=172.16.0.30 name=hp.srv
add address=172.16.0.2 name=raspberry.lan
add address=172.16.0.10 name=switch.lan
add address=172.16.0.20 name=ubiquiti1.lan
add address=172.16.0.20 name=ubiquiti2.lan
add address=172.16.0.99 name=printer.lan
add address=192.168.8.1 name=lte.lan
/ip firewall address-list
add address=172.16.0.0/12 list=local_traffic
add address=192.168.0.0/16 list=local_traffic
/ip firewall filter
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept established,related" connection-state=established,related
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=input comment="defconf: drop all from WAN" in-interface-list=WAN-INTERFACES
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related hw-offload=yes
add action=accept chain=forward comment="defconf: accept established,related" connection-state=established,related
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN-INTERFACES
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat comment="Hairpin NAT" dst-address=172.16.0.0/22 src-address=172.16.0.0/22
add action=masquerade chain=srcnat comment="defconf: masquerade" out-interface-list=WAN-INTERFACES
add action=masquerade chain=srcnat out-interface-list=WAN-INTERFACES src-address=192.168.0.0/24
add action=dst-nat chain=dstnat dst-port=80 in-interface-list=WAN-INTERFACES protocol=tcp to-addresses=172.16.0.42 to-ports=80
add action=dst-nat chain=dstnat dst-port=443 in-interface-list=WAN-INTERFACES protocol=tcp to-addresses=172.16.0.42 to-ports=443
/ip service
set telnet address=172.16.0.0/22
set ftp address=172.16.0.0/22
set www address=172.16.0.0/22
set ssh address=172.16.0.0/22
set www-ssl address=172.16.0.0/22 disabled=no
set api address=172.16.0.0/22 disabled=yes
set winbox address=172.16.0.0/22
set api-ssl address=172.16.0.0/22 certificate="Self-signed API certificate"
/ipv6 nd
set [ find default=yes ] advertise-dns=no
/lcd
set time-interval=weekly
/routing rule
add action=lookup-only-in-table disabled=no dst-address=172.16.0.0/22 table=main
add action=lookup-only-in-table disabled=no dst-address=192.168.8.0/30 table=main
/snmp
set contact=Upgreydd enabled=yes location=Rack trap-version=3
/system clock
set time-zone-name=Europe/Warsaw
/system ntp client
set enabled=yes
/system ntp server
set broadcast=yes enabled=yes manycast=yes multicast=yes
/system ntp client servers
add address=0.pool.ntp.org
add address=1.pool.ntp.org
add address=2.pool.ntp.org
add address=3.pool.ntp.org
/tool mac-server
set allowed-interface-list=mactel
/tool mac-server mac-winbox
set allowed-interface-list=mac-winbox
/tool sniffer
set filter-ip-address=167.86.69.101/32