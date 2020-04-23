Hey Team,

Have been long term lent a Mikrotik CRS125-24G-1S I have followed the guide to get it all setup. I am connected to the internet, getting data in and out to clients. My problem is SPEED! I am on Gig up and down with Spark and regularly hit 980-995 both directions on the Spark supplied router. Since putting in the Mikrotik, I was getting 100/100ish. I added a Fasttrack rule to the firewall and now getting around 300\300(to 500).

Is there anyone will to have a quick look over my config? Or is it just this is not suitable hardware?

ps I understand everyone working from home will be having an impact, but not that much.....at all times!

Thanks

# apr/23/2020 11:08:35 by RouterOS 6.46.5

# software id = DKRZ-CHEN

#

# model = CRS125-24G-1S

# serial number = 624E050337BA

/interface bridge

add admin-mac=E4:8D:8C:A6:A1:BD auto-mac=no comment=defconf name=bridge

/interface vlan

add interface=ether1 name="Spark UFB" vlan-id=10

/interface pppoe-client

add add-default-route=yes disabled=no interface="Spark UFB" name=pppoe-out1 \

user=user@xtrabb.co.nz

/interface list

add name=WAN

add name=LAN

/interface wireless security-profiles

set [ find default=yes ] supplicant-identity=MikroTik

/ip pool

add name=dhcp ranges=192.168.0.2-192.168.0.250

/ip dhcp-server

add address-pool=dhcp disabled=no interface=bridge lease-time=3d10m name=\

dhcp1

/interface bridge port

add bridge=bridge comment=defconf disabled=yes interface=ether1

add bridge=bridge comment=defconf interface=ether2

add bridge=bridge comment=defconf interface=ether3

add bridge=bridge comment=defconf interface=ether4

add bridge=bridge comment=defconf interface=ether5

add bridge=bridge comment=defconf interface=ether6

add bridge=bridge comment=defconf interface=ether7

add bridge=bridge comment=defconf interface=ether8

add bridge=bridge comment=defconf interface=ether9

add bridge=bridge comment=defconf interface=ether10

add bridge=bridge comment=defconf interface=ether11

add bridge=bridge comment=defconf interface=ether12

add bridge=bridge comment=defconf interface=ether13

add bridge=bridge comment=defconf interface=ether14

add bridge=bridge comment=defconf interface=ether15

add bridge=bridge comment=defconf interface=ether16

add bridge=bridge comment=defconf interface=ether17

add bridge=bridge comment=defconf interface=ether18

add bridge=bridge comment=defconf interface=ether19

add bridge=bridge comment=defconf interface=ether20

add bridge=bridge comment=defconf interface=ether21

add bridge=bridge comment=defconf interface=ether22

add bridge=bridge comment=defconf interface=ether23

add bridge=bridge comment=defconf interface=ether24

add bridge=bridge comment=defconf interface=sfp1

/interface list member

add interface=pppoe-out1 list=WAN

add interface=bridge list=LAN

/ip address

add address=192.168.0.1/24 interface=ether2 network=192.168.0.0

/ip dhcp-client

add interface=ether1

/ip dhcp-server lease

add address=192.168.0.89 client-id=1:a8:db:3:7:34:9 mac-address=\

A8:DB:03:07:34:09 server=dhcp1

add address=192.168.0.86 mac-address=DC:4F:22:0B:81:F1 server=dhcp1

add address=192.168.0.21 client-id=MitchTrans mac-address=00:0C:29:5A:C0:A1 \

server=dhcp1

add address=192.168.0.83 client-id=1:9c:5c:f9:1e:c1:cf comment=\

mac-address=9C:5C:F9:1E:C1:CF server=dhcp1

add address=192.168.0.8 mac-address=00:0C:29:2C:FA:95 server=dhcp1

add address=192.168.0.13 client-id=\

ff:9f:6e:85:24:0:2:0:0:ab:11:10:f4:72:8f:6a:d1:b:59 mac-address=\

00:0C:29:E9:77:C0 server=dhcp1

/ip dhcp-server network

add address=192.168.0.0/24 gateway=192.168.0.1 netmask=24

/ip dns

set servers=192.168.0.30,192.168.0.31

/ip firewall address-list

add address=192.168.0.0/24 list=support

/ip firewall filter

add action=fasttrack-connection chain=forward connection-state=\

established,related

add action=accept chain=forward comment=\

"DEFAULT: Accept established, related, and untracked traffic." \

connection-state=established,related,untracked

add action=accept chain=input comment=\

"DEFAULT: Accept established, related, and untracked traffic." \

connection-state=established,related,untracked

add action=accept chain=forward comment="DEFAULT: Accept In IPsec policy." \

ipsec-policy=in,ipsec

add action=accept chain=forward comment="DEFAULT: Accept Out IPsec policy." \

ipsec-policy=out,ipsec

add action=accept chain=forward connection-state=established,related

add action=accept chain=input comment="DEFAULT: Accept ICMP traffic." \

protocol=icmp

add action=drop chain=input comment="DEFAULT: Drop invalid traffic." \

connection-state=invalid

add action=drop chain=input comment=\

"DEFAULT: Drop all other traffic not coming from LAN." in-interface-list=\

!LAN

add action=drop chain=forward comment="DEFAULT: Drop invalid traffic." \

connection-state=invalid

add action=drop chain=forward comment=\

"DEFAULT: Drop all other traffic from WAN that is not DSTNATed." \

connection-nat-state=!dstnat connection-state=new in-interface-list=WAN

/ip firewall nat

add action=masquerade chain=srcnat out-interface-list=WAN

/system clock

set time-zone-name=Pacific/Auckland

/system routerboard settings

set silent-boot=yes

/system script

add dont-require-permissions=no name=script1 owner=admin policy=\

ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="/\

ip firewall\r\



add action=accept chain=input comment=\"defconf: accept established,rela\

ted,untracked\" connection-state=established,related,untracked;\r\



add action=drop chain=input comment=\"defconf: drop invalid\" connection\

-state=invalid;\r\



add action=accept chain=input comment=\"defconf: accept ICMP\" protocol=\

icmp;\r\



add action=drop chain=input comment=\"defconf: drop all not coming from \

LAN\" in-interface-list=!LAN;"