BandaAncha

  • 🔍 en 📰 artículos ⏎
  • 🔍 en 💬 foros ⏎
  • 🔍 en 👇 este 💬 foro ⏎
  • 🔍 en 👇 este 💬 tema ⏎
Regístrate Regístrate Identifícate Identifícate
Fibra FTTH

No paso de 160 Mbps con Mikrotik en una FTTH de 600 Mbps

1
BocaDePez

Tengo el RouterBOARD 2011UiAS-2HnD para un FTTH de 600 Mbps con Movistar (Telefónica), y no puedo obtener más de 160 Mbps. Si cambio el router obtengo los 600 Mbps completos.

Intenté habilitar el fasttrak pero no he notado ninguna mejoría. Este es mi archivo de configuración:

/interface bridge
add admin-mac=4C:5E:0C:2C:1D:C6 auto-mac=no mtu=1500 name=bridge-local
/interface ethernet
set [ find default-name=ether1 ] advertise="10M-half,10M-full,100M-half,100M-f\
ull,1000M-half,1000M-full,2500M-full,5000M-full,10000M-full" comment=\
"WAN FTTH" name=ether1-gateway speed=100Mbps
set [ find default-name=ether2 ] advertise="10M-half,10M-full,100M-half,100M-f\
ull,1000M-half,1000M-full,2500M-full,5000M-full,10000M-full" comment=\
"LAN Madrid" name=ether2-master-local speed=100Mbps
set [ find default-name=ether3 ] name=ether3-slave-local speed=100Mbps
set [ find default-name=ether4 ] name=ether4-slave-local speed=100Mbps
set [ find default-name=ether5 ] name=ether5-slave-local speed=100Mbps
set [ find default-name=ether6 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether7 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether8 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether9 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether10 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=sfp1 ] name=spf
/interface wireless
set [ find default-name=wlan1 ] antenna-gain=0 band=2ghz-b/g/n country=canada \
disabled=no frequency-mode=manual-txpower mode=ap-bridge ssid=HOME \
tx-power-mode=all-rates-fixed wireless-protocol=802.11
/interface vlan
add interface=ether1-gateway name=vlan3 vlan-id=3
add interface=ether1-gateway name=vlan6 vlan-id=6
/interface pppoe-client
add add-default-route=yes allow=pap,chap disabled=no interface=vlan6 \
keepalive-timeout=60 max-mru=1492 max-mtu=1492 name=pppoe-out1 password=\
adslppp use-peer-dns=yes "user=adslppp"@telefonicanetpa
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys \
supplicant-identity=MikroTik wpa-pre-shared-key=11 \
wpa2-pre-shared-key=11
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=3des
/ip pool
add name=dhcp ranges=192.168.1.201-192.168.1.249
add name=vpn ranges=192.168.3.10-192.168.3.20
/ip dhcp-server
add address-pool=dhcp authoritative=after-2sec-delay disabled=no interface=\
bridge-local lease-time=3d name=dhcp1
/ppp profile
set *FFFFFFFE dns-server=192.168.3.250 local-address=192.168.3.250 \
remote-address=vpn
/interface bridge port
add bridge=bridge-local interface=ether2-master-local
add bridge=bridge-local interface=wlan1
add bridge=bridge-local interface=ether3-slave-local
add bridge=bridge-local interface=ether4-slave-local
add bridge=bridge-local interface=ether5-slave-local
/interface list member
add interface=ether1-gateway list=WAN
add interface=bridge-local list=LAN
/interface pptp-server server
set authentication=mschap2 enabled=yes
/ip address
add address=192.168.1.1/24 comment="default configuration" interface=\
ether2-master-local network=192.168.1.0
/ip dhcp-client
add add-default-route=no disabled=no interface=vlan3 use-peer-ntp=no
add disabled=no interface=ether1-gateway
/ip dhcp-server lease
add address=192.168.1.20 client-id=1:0:21:b7:22:69:20 mac-address=\
00:21:B7:22:69:20 server=dhcp1
/ip dhcp-server network
add address=192.168.1.0/24 dns-server=192.168.1.1 gateway=192.168.1.1 \
netmask=24
/ip dns
set allow-remote-requests=yes servers=1.1.1.1,199.85.127.10
/ip dns static
add address=192.168.1.1 name=router
add address=192.168.144.1 name=conversor-medios
/ip firewall filter
add action=accept chain=output dst-address=192.168.1.242
add action=accept chain=forward dst-address=192.168.1.242
add action=drop chain=forward comment="Drop Traceroute" disabled=yes \
icmp-options=11:0 protocol=icmp
add action=drop chain=forward icmp-options=3:3 protocol=icmp
add action=accept chain=output comment="Drop Brute Force" content=\
"530 Login incorrect" dst-limit=1/1m,9,dst-address/1m protocol=tcp
add action=add-dst-to-address-list address-list=Blacklist \
address-list-timeout=23h chain=output content="530 Login incorrect" \
protocol=tcp
add action=accept chain=forward comment="default configuration" \
connection-state=established
add action=accept chain=forward comment="default configuration" \
connection-state=related
add action=drop chain=forward comment="default configuration" \
connection-state=invalid
add action=accept chain=output dst-address=192.168.1.242
add action=accept chain=forward dst-address=192.168.1.242
add action=drop chain=forward comment="Drop Traceroute" icmp-options=11:0 \
protocol=icmp
add action=drop chain=forward icmp-options=3:3 protocol=icmp
add action=accept chain=output comment="Drop Brute Force" content=\
"530 Login incorrect" dst-limit=1/1m,9,dst-address/1m protocol=tcp
add action=add-dst-to-address-list address-list=Blacklist \
address-list-timeout=23h chain=output content="530 Login incorrect" \
protocol=tcp
add action=accept chain=forward comment="default configuration" \
connection-state=established
add action=accept chain=forward comment="default configuration" \
connection-state=related
add action=drop chain=forward comment="default configuration" \
connection-state=invalid
add action=accept chain=output dst-address=192.168.1.242
add action=accept chain=forward dst-address=192.168.1.242
add action=drop chain=forward comment="Drop Traceroute" icmp-options=11:0 \
protocol=icmp
add action=drop chain=forward icmp-options=3:3 protocol=icmp
add action=accept chain=output comment="Drop Brute Force" content=\
"530 Login incorrect" dst-limit=1/1m,9,dst-address/1m protocol=tcp
add action=add-dst-to-address-list address-list=Blacklist \
address-list-timeout=23h chain=output content="530 Login incorrect" \
protocol=tcp
add action=accept chain=forward comment="default configuration" \
connection-state=established
add action=accept chain=forward comment="default configuration" \
connection-state=related
add action=drop chain=forward comment="default configuration" \
connection-state=invalid
add action=accept chain=output dst-address=192.168.1.242
add action=accept chain=forward dst-address=192.168.1.242
add action=drop chain=forward comment="Drop Traceroute" icmp-options=11:0 \
protocol=icmp
add action=drop chain=forward icmp-options=3:3 protocol=icmp
add action=accept chain=output comment="Drop Brute Force" content=\
"530 Login incorrect" dst-limit=1/1m,9,dst-address/1m protocol=tcp
add action=add-dst-to-address-list address-list=Blacklist \
address-list-timeout=23h chain=output content="530 Login incorrect" \
protocol=tcp
add action=accept chain=forward comment="default configuration" \
connection-state=established
add action=accept chain=forward comment="default configuration" \
connection-state=related
add action=drop chain=forward comment="default configuration" \
connection-state=invalid
add action=accept chain=output dst-address=192.168.1.242
add action=accept chain=forward dst-address=192.168.1.242
add action=drop chain=forward comment="Drop Traceroute" icmp-options=11:0 \
protocol=icmp
add action=drop chain=forward icmp-options=3:3 protocol=icmp
add action=accept chain=output comment="Drop Brute Force" content=\
"530 Login incorrect" dst-limit=1/1m,9,dst-address/1m protocol=tcp
add action=add-dst-to-address-list address-list=Blacklist \
address-list-timeout=23h chain=output content="530 Login incorrect" \
protocol=tcp
add action=accept chain=forward comment="default configuration" \
connection-state=established
add action=accept chain=forward comment="default configuration" \
connection-state=related
add action=drop chain=forward comment="default configuration" \
connection-state=invalid
add action=accept chain=output dst-address=192.168.1.242
add action=accept chain=forward dst-address=192.168.1.242
add action=drop chain=forward comment="Drop Traceroute" icmp-options=11:0 \
protocol=icmp
add action=drop chain=forward icmp-options=3:3 protocol=icmp
add action=accept chain=output comment="Drop Brute Force" content=\
"530 Login incorrect" dst-limit=1/1m,9,dst-address/1m protocol=tcp
add action=add-dst-to-address-list address-list=Blacklist \
address-list-timeout=23h chain=output content="530 Login incorrect" \
protocol=tcp
add action=accept chain=forward comment="default configuration" \
connection-state=established
add action=accept chain=forward comment="default configuration" \
connection-state=related
add action=drop chain=forward comment="default configuration" \
connection-state=invalid
add action=accept chain=input protocol=icmp
add action=accept chain=input connection-state=established
add action=accept chain=input connection-state=related
add action=drop chain=input in-interface-list=!LAN
add action=fasttrack-connection chain=forward connection-state=\
established,related
add action=accept chain=forward connection-state=established,related
add action=drop chain=forward connection-state=invalid
add action=fasttrack-connection chain=forward connection-state=\
established,related
add action=accept chain=forward connection-state=established,related
/ip firewall mangle
add action=set-priority chain=postrouting new-priority=4 out-interface=vlan3 \
passthrough=yes
add action=set-priority chain=postrouting new-priority=1 out-interface=\
pppoe-out1 passthrough=yes
add action=set-priority chain=postrouting new-priority=4 out-interface=vlan3 \
passthrough=yes
add action=set-priority chain=postrouting new-priority=1 out-interface=\
pppoe-out1 passthrough=yes
add action=set-priority chain=postrouting new-priority=4 out-interface=vlan3 \
passthrough=yes
add action=set-priority chain=postrouting new-priority=1 out-interface=\
pppoe-out1 passthrough=yes
add action=set-priority chain=postrouting new-priority=4 out-interface=vlan3 \
passthrough=yes
add action=set-priority chain=postrouting new-priority=1 out-interface=\
pppoe-out1 passthrough=yes
add action=set-priority chain=postrouting new-priority=4 out-interface=vlan3 \
passthrough=yes
add action=set-priority chain=postrouting new-priority=1 out-interface=\
pppoe-out1 passthrough=yes
add action=set-priority chain=postrouting new-priority=4 out-interface=vlan3 \
passthrough=yes
add action=set-priority chain=postrouting new-priority=1 out-interface=\
pppoe-out1 passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" \
out-interface=pppoe-out1
add action=masquerade chain=srcnat comment="default configuration" \
out-interface=ether1-gateway
add action=masquerade chain=srcnat comment="default configuration" \
out-interface=vlan3
add action=masquerade chain=srcnat comment="default configuration" \
out-interface=pppoe-out1
add action=masquerade chain=srcnat comment="default configuration" \
out-interface=ether1-gateway
add action=masquerade chain=srcnat comment="default configuration" \
out-interface=vlan3
add action=masquerade chain=srcnat comment="default configuration" \
out-interface=pppoe-out1
add action=masquerade chain=srcnat comment="default configuration" \
out-interface=ether1-gateway
add action=masquerade chain=srcnat comment="default configuration" \
out-interface=vlan3
add action=masquerade chain=srcnat comment="default configuration" \
out-interface=pppoe-out1
add action=masquerade chain=srcnat comment="default configuration" \
out-interface=ether1-gateway
add action=masquerade chain=srcnat comment="default configuration" \
out-interface=vlan3
add action=masquerade chain=srcnat comment="default configuration" \
out-interface=pppoe-out1
add action=masquerade chain=srcnat comment="default configuration" \
out-interface=ether1-gateway
add action=masquerade chain=srcnat comment="default configuration" \
out-interface=vlan3
add action=masquerade chain=srcnat comment="default configuration" \
out-interface=pppoe-out1
add action=masquerade chain=srcnat comment="default configuration" \
out-interface=ether1-gateway
add action=masquerade chain=srcnat comment="default configuration" \
out-interface=vlan3
/ip ipsec policy
set 0 dst-address=0.0.0.0/0 src-address=0.0.0.0/0
/ip proxy
set cache-path=web-proxy1
/ip route
add disabled=yes distance=255 gateway=255.255.255.255
add disabled=yes distance=255 gateway=255.255.255.255
add distance=255 gateway=255.255.255.255
add distance=255 gateway=255.255.255.255
add distance=255 gateway=255.255.255.255
add distance=255 gateway=255.255.255.255
/ip ssh
set allow-none-crypto=yes forwarding-enabled=remote
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=bridge-local type=internal
add interface=pppoe-out1 type=external
/lcd
set enabled=no touch-screen=disabled
/routing rip interface
add interface=vlan3 passive=yes receive=v2
/routing rip network
add network=10.0.0.0/8
/system clock
set time-zone-autodetect=no time-zone-name=Europe/Madrid
/system logging
set 1 action=disk
/system ntp client
set enabled=yes primary-ntp=150.214.94.5 secondary-ntp=163.117.202.33
/tool graphing interface
add interface=ether1-gateway
add interface=ether1-gateway
add interface=ether1-gateway
add interface=ether1-gateway
add interface=ether1-gateway
add interface=ether1-gateway
/tool graphing queue
add
add
add
add
add
add
/tool graphing resource
add
add
add
add
add
add
PercebesBenz

Pon un pastebin, anda.

🗨️ 1
Alferez
2

Sin entrar mucho en la configuración, tienes varios fallos.

WiFi en Canada y ppp set a interface que ya no existe.

Por otro lado estás haciendo sufrir la cpu.

¿Necesitas tantas gráficas?

Tanto firewall y tanto mangle lo hace sufrir. Si sufre no rinde

🗨️ 4
BocaDePez
-1

Imposible. El mikrotik es tan bueno que puede soportar eso y ofrecer un tera de velocidad

🗨️ 2
BocaDePez

Buen chiste XD

BocaDePez

No se de donde sacas eso en el mejor de los casos despacha: 1,481.6Mbps

Los puertos de 1 a 5 son de 1000 y 6 a 10 de 100 en dos chip diferentes. no metas puertos de un lado y otro en el mismo bridge. usa hardware offload. ese equipo no es tan potente como crees.

mikrotik.com/product/RB2011UiAS-2HnD-IN#…-testresults

BocaDePez

Tengo lo de Canadá por optimizar las frecuencias wifi.

Miraré lo del ppp set que me dices.

La CPU normalmente no pasa del 25%,

Muchas gracias.

BocaDePez

Arreglado:

https://www.adslzone.net/foro/fibra-optica.94/no-paso-160-mbps-ftth-600-mbps-mikrotik.488070/

🗨️ 1
BocaDePez

Podrías poner la solución por aquí por si le interesa a alguien. Aparte que los enlaces a esa web están vetados aquí.