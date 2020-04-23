Geekzone: technology news, blogs, forums
Forums LAN (ethernet/Wifi/routers/Bluetooth) Mikrotik Config review


10 posts

Wannabe Geek


#270100 23-Apr-2020 11:44
Hey Team,

 

Have been long term lent a Mikrotik CRS125-24G-1S I have followed the guide to get it all setup. I am connected to the internet, getting data in and out to clients. My problem is SPEED! I am on Gig up and down with Spark and regularly hit 980-995 both directions on the Spark supplied router. Since putting in the Mikrotik, I was getting 100/100ish. I added a Fasttrack rule to the firewall and now getting around 300\300(to 500).

 

Is there anyone will to have a quick look over my config? Or is it just this is not suitable hardware? 

 

ps I understand everyone working from home will be having an impact, but not that much.....at all times!

 

 

 

Thanks

 

# apr/23/2020 11:08:35 by RouterOS 6.46.5
# software id = DKRZ-CHEN
#
# model = CRS125-24G-1S
# serial number = 624E050337BA
/interface bridge
add admin-mac=E4:8D:8C:A6:A1:BD auto-mac=no comment=defconf name=bridge
/interface vlan
add interface=ether1 name="Spark UFB" vlan-id=10
/interface pppoe-client
add add-default-route=yes disabled=no interface="Spark UFB" name=pppoe-out1 \
    user=user@xtrabb.co.nz
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.0.2-192.168.0.250
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge lease-time=3d10m name=\
    dhcp1
/interface bridge port
add bridge=bridge comment=defconf disabled=yes interface=ether1
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=ether6
add bridge=bridge comment=defconf interface=ether7
add bridge=bridge comment=defconf interface=ether8
add bridge=bridge comment=defconf interface=ether9
add bridge=bridge comment=defconf interface=ether10
add bridge=bridge comment=defconf interface=ether11
add bridge=bridge comment=defconf interface=ether12
add bridge=bridge comment=defconf interface=ether13
add bridge=bridge comment=defconf interface=ether14
add bridge=bridge comment=defconf interface=ether15
add bridge=bridge comment=defconf interface=ether16
add bridge=bridge comment=defconf interface=ether17
add bridge=bridge comment=defconf interface=ether18
add bridge=bridge comment=defconf interface=ether19
add bridge=bridge comment=defconf interface=ether20
add bridge=bridge comment=defconf interface=ether21
add bridge=bridge comment=defconf interface=ether22
add bridge=bridge comment=defconf interface=ether23
add bridge=bridge comment=defconf interface=ether24
add bridge=bridge comment=defconf interface=sfp1
/interface list member
add interface=pppoe-out1 list=WAN
add interface=bridge list=LAN
/ip address
add address=192.168.0.1/24 interface=ether2 network=192.168.0.0
/ip dhcp-client
add interface=ether1
/ip dhcp-server lease
add address=192.168.0.89 client-id=1:a8:db:3:7:34:9 mac-address=\
    A8:DB:03:07:34:09 server=dhcp1
add address=192.168.0.86 mac-address=DC:4F:22:0B:81:F1 server=dhcp1
add address=192.168.0.21 client-id=MitchTrans mac-address=00:0C:29:5A:C0:A1 \
    server=dhcp1
add address=192.168.0.83 client-id=1:9c:5c:f9:1e:c1:cf comment=\
    mac-address=9C:5C:F9:1E:C1:CF server=dhcp1
add address=192.168.0.8 mac-address=00:0C:29:2C:FA:95 server=dhcp1
add address=192.168.0.13 client-id=\
    ff:9f:6e:85:24:0:2:0:0:ab:11:10:f4:72:8f:6a:d1:b:59 mac-address=\
    00:0C:29:E9:77:C0 server=dhcp1
/ip dhcp-server network
add address=192.168.0.0/24 gateway=192.168.0.1 netmask=24
/ip dns
set servers=192.168.0.30,192.168.0.31
/ip firewall address-list
add address=192.168.0.0/24 list=support
/ip firewall filter
add action=fasttrack-connection chain=forward connection-state=\
    established,related
add action=accept chain=forward comment=\
    "DEFAULT: Accept established, related, and untracked traffic." \
    connection-state=established,related,untracked
add action=accept chain=input comment=\
    "DEFAULT: Accept established, related, and untracked traffic." \
    connection-state=established,related,untracked
add action=accept chain=forward comment="DEFAULT: Accept In IPsec policy." \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="DEFAULT: Accept Out IPsec policy." \
    ipsec-policy=out,ipsec
add action=accept chain=forward connection-state=established,related
add action=accept chain=input comment="DEFAULT: Accept ICMP traffic." \
    protocol=icmp
add action=drop chain=input comment="DEFAULT: Drop invalid traffic." \
    connection-state=invalid
add action=drop chain=input comment=\
    "DEFAULT: Drop all other traffic not coming from LAN." in-interface-list=\
    !LAN
add action=drop chain=forward comment="DEFAULT: Drop invalid traffic." \
    connection-state=invalid
add action=drop chain=forward comment=\
    "DEFAULT: Drop all other traffic from WAN that is not DSTNATed." \
    connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN
/system clock
set time-zone-name=Pacific/Auckland
/system routerboard settings
set silent-boot=yes
/system script
add dont-require-permissions=no name=script1 owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="/\
    ip firewall\r\
    \nadd action=accept chain=input comment=\"defconf: accept established,rela\
    ted,untracked\" connection-state=established,related,untracked;\r\
    \nadd action=drop chain=input comment=\"defconf: drop invalid\" connection\
    -state=invalid;\r\
    \nadd action=accept chain=input comment=\"defconf: accept ICMP\" protocol=\
    icmp;\r\
    \nadd action=drop chain=input comment=\"defconf: drop all not coming from \
    LAN\" in-interface-list=!LAN;"

933 posts

Ultimate Geek

Trusted
Lifetime subscriber

  #2468527 23-Apr-2020 11:54
Haven't even looked at your config - It's a CRS. They're switches that support Level 3 Routing through Router OS but they are SLOW. You need a CCR or a Routerboard.

 

Take a look at this comparison of hardware between a RB750Gr3 and that switch

 

It's significantly slower, and if you look at the test results on each page you'll see by how much.




319 posts

Ultimate Geek

Subscriber

  #2468528 23-Apr-2020 11:54
you have a cloud core switch, not a router so you wont be getting much routing speed over it

 

Regards

 

Tim

 

 

 
 
 
 


7394 posts

Uber Geek

Trusted
Subscriber

  #2468529 23-Apr-2020 11:58
Hi, this device is not really suited to what you are doing, firstly it only has a 1G link between the switching chip and the CPU, therefore all routing is limited to roughly half that, and lastly it is a single core 600MHz device, which will stuggle to process PPPoE at much more than 100-200Mb/s as it has no hardware offload for that. I recommend you look at an RB4011 this will achieve the speeds you are after

 

Cyril



10 posts

Wannabe Geek


  #2468530 23-Apr-2020 11:58
Wow thanks for such a rapid response. I thought it would be a hardware issue rather than a config. I was amazed at how much a differnce the fastrack made though.

 

 

 

So time to save up for a 4011 or RB705 and use the CRS as a switch in bridge mode!

 

 

 

Thanks again team

319 posts

Ultimate Geek

Subscriber

  #2468531 23-Apr-2020 11:59
toejam316:

 

Haven't even looked at your config - It's a CRS. They're switches that support Level 3 Routing through Router OS but they are SLOW. You need a CCR or a Routerboard.

 

Take a look at this comparison of hardware between a RB750Gr3 and that switch

 

It's significantly slower, and if you look at the test results on each page you'll see by how much.

 

 

For Gig Connections that use PPPoE the RB4011 is the way to go RB750Gr3 is good for Gig on IPoE  (DHCP Connections)

5833 posts

Uber Geek


  #2468534 23-Apr-2020 12:03
The CRS125 is pretty much equivalent to the RB2011 series in terms of routerOS performance, so at the lower end of things. Generally OK for up to about 200 Mb/s depending on what you are doing with it. It's certainly more powerful than a switch, but not really up to gig throughput for anything complex.

 

There's also no hardware acceleration for IPsec, so that will bog it down a bit. Your performance will really depend on the traffic and how much fastrack can offload from the CPU.

 

Check system/resources to see the CPU load.

 

You might want to put the 192.168.0.1 address on the bridge, rather than port 2.

319 posts

Ultimate Geek

Subscriber

  #2468535 23-Apr-2020 12:03
Kelsey:

 

Wow thanks for such a rapid response. I thought it would be a hardware issue rather than a config. I was amazed at how much a differnce the fastrack made though.

 

So time to save up for a 4011 or RB705 and use the CRS as a switch in bridge mode!

 

Thanks again team

 

 

RB4011 is king of bang for buck, it also has a SFP+ port directly to the CPU for when those 10Gbps connections come online :)

