Согласен был не прав.
Почитал, поизучал.
Впредь буду сдержанней.
Собственно вопрос:
Приобрели Mikrotik RB951UI взамен zuxel keetic 4g2
почему то просела локалка, особенно при работе с 1С
netcps выдает по тестам 2мбит/сек
независимо какой IP у компьютера(полученный по DHCP или статический)
Топология сети:
на WAN порт приходит интернет от провайдера со статическим IP
порт2: сервер
порт3: сервер2
порт4: витая на неуправляемый свитч(стоял и ранее) - далее в сети есть еще свитчи и примерно 18 ПК
WLAN: основная точка доступа плюс Virtual AP(все в одной подсети) - нагрузка примерно 8 устройств(мобильные, планшеты)
есть конечно подозрение на несброшенные настройки(увы сразу не позаботился и правил уже так) - а работа предприятия в режиме 24/7 и нет возможности выезда.
конфиг ниже
правила filter rules отключал все кроме VPN и доступа к Winbox(результат тот же)
в NAT исключительно правила необходимые(проброс портов для RDP и служебных приложений).
подскажите в чем может быть затык.
если ставишь назад zuxel то все работает как и ранее.
Код: Выделить всё
# sep/27/2015 11:01:57 by RouterOS 6.23
# software id = UMFQ-I0PW
#
/interface bridge
add admin-mac=E4:8D:8C:A0:E4:C5 arp=proxy-arp auto-mac=no comment=LAN name=\
bridge-local
/interface ethernet
set [ find default-name=ether1 ] comment=WAN name=ether1-gateway
set [ find default-name=ether2 ] auto-negotiation=no comment="TO LAN PORTS"
set [ find default-name=ether3 ] auto-negotiation=no
set [ find default-name=ether4 ] auto-negotiation=no
set [ find default-name=ether5 ] auto-negotiation=no
/ip neighbor discovery
set ether1-gateway comment=WAN discover=no
set ether2 comment="TO LAN PORTS" discover=no
set ether3 discover=no
set ether4 discover=no
set ether5 discover=no
set bridge-local comment=LAN
/interface wireless security-profiles
add authentication-types=wpa2-psk eap-methods="" management-protection=\
allowed mode=dynamic-keys name=name1 supplicant-identity="" \
wpa2-pre-shared-key=pass1
add authentication-types=wpa2-psk eap-methods="" management-protection=\
allowed mode=dynamic-keys name=guest supplicant-identity="" \
wpa2-pre-shared-key=pass2
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=\
20/40mhz-ht-above comment=WI-FI disabled=no distance=indoors frequency=\
auto l2mtu=2290 mode=ap-bridge name=name1 security-profile=\
name1 ssid=name1 tx-power=25 tx-power-mode=all-rates-fixed \
wireless-protocol=802.11
add disabled=no l2mtu=2290 mac-address=E6:8D:8C:A0:E4:C9 master-interface=\
name1 name=guest security-profile=guest ssid=guest wds-cost-range=0 \
wds-default-cost=0
/interface wireless manual-tx-power-table
set name1 comment=WI-FI
/ip neighbor discovery
set name1 comment=WI-FI discover=no
set guest discover=no
/interface wireless nstreme
set name1 comment=WI-FI
/ip pool
add name=dhcp_pool1 ranges=192.168.4.50-192.168.4.240
add name=dhcp_pool2 ranges=192.168.2.2-192.168.2.254
/ip dhcp-server
add add-arp=yes address-pool=dhcp_pool1 authoritative=yes disabled=no \
interface=bridge-local lease-time=6d name=dhcp1
/interface bridge port
add bridge=bridge-local interface=ether2
add bridge=bridge-local interface=name1
add bridge=bridge-local interface=ether3
add bridge=bridge-local interface=ether4
add bridge=bridge-local interface=ether5
add bridge=bridge-local interface=guest
/interface pptp-server server
set authentication=pap,chap,mschap1,mschap2 enabled=yes
/ip address
add address=192.168.4.245/24 comment=LAN interface=bridge-local network=\
192.168.4.0
add address=37.112.63.72/24 interface=ether1-gateway network=37.112.63.0
/ip dhcp-client
add comment="default configuration" dhcp-options=hostname,clientid disabled=\
no interface=ether1-gateway
add default-route-distance=0 dhcp-options=hostname,clientid disabled=no
/ip dhcp-server lease
add address=192.168.4.102 client-id=1:60:92:17:81:7b:38 mac-address=\
60:92:17:81:7B:38 server=dhcp1
add address=192.168.4.97 client-id=1:ac:cf:5c:a8:39:9 mac-address=\
AC:CF:5C:A8:39:09 server=dhcp1
add address=192.168.4.94 client-id=1:e0:3f:49:52:4f:1f mac-address=\
E0:3F:49:52:4F:1F server=dhcp1
add address=192.168.4.90 client-id=1:74:d4:35:6:26:4 mac-address=\
74:D4:35:06:26:04 server=dhcp1
add address=192.168.4.88 client-id=1:d4:3d:7e:5:65:5f mac-address=\
D4:3D:7E:05:65:5F server=dhcp1
add address=192.168.4.87 client-id=1:94:de:80:a8:da:c2 mac-address=\
94:DE:80:A8:DA:C2 server=dhcp1
add address=192.168.4.128 client-id=1:0:26:5a:6b:ee:cf mac-address=\
00:26:5A:6B:EE:CF server=dhcp1
add address=192.168.4.74 client-id=1:8:60:6e:84:97:ec mac-address=\
08:60:6E:84:97:EC server=dhcp1
add address=192.168.4.73 client-id=1:94:de:80:a2:91:e3 mac-address=\
94:DE:80:A2:91:E3 server=dhcp1
add address=192.168.4.77 client-id=1:d8:50:e6:4c:7:30 mac-address=\
D8:50:E6:4C:07:30 server=dhcp1
add address=192.168.4.69 client-id=1:94:de:80:e:5a:e3 mac-address=\
94:DE:80:0E:5A:E3 server=dhcp1
add address=192.168.4.93 client-id=1:d8:50:e6:d3:cf:96 mac-address=\
D8:50:E6:D3:CF:96 server=dhcp1
add address=192.168.4.109 always-broadcast=yes client-id=1:0:61:71:3c:73:f2 \
mac-address=00:61:71:3C:73:F2 server=dhcp1
add address=192.168.4.108 client-id=1:f4:1b:a1:83:d:ca mac-address=\
F4:1B:A1:83:0D:CA server=dhcp1
add address=192.168.4.89 client-id=1:bc:5f:f4:cd:33:cb mac-address=\
BC:5F:F4:CD:33:CB server=dhcp1
add address=192.168.4.63 client-id=1:d4:3d:7e:90:ee:29 mac-address=\
D4:3D:7E:90:EE:29 server=dhcp1
add address=192.168.4.70 client-id=1:bc:ee:7b:98:f1:5e mac-address=\
BC:EE:7B:98:F1:5E server=dhcp1
add address=192.168.4.76 client-id=1:94:de:80:0:2:ac mac-address=\
94:DE:80:00:02:AC server=dhcp1
add address=192.168.4.75 client-id=1:90:2b:34:ab:c4:d1 mac-address=\
90:2B:34:AB:C4:D1 server=dhcp1
/ip dhcp-server network
add address=192.168.4.0/24 dns-server=192.168.4.245 gateway=192.168.4.245
/ip dns
set allow-remote-requests=yes servers=109.194.0.1,109.194.1.1
/ip dns static
add address=192.168.88.1 name=router
/ip firewall filter
add chain=input comment="default configuration" protocol=icmp
add chain=input comment=WINBOX dst-port=8291 in-interface=ether1-gateway \
protocol=tcp
add chain=input comment="default configuration" connection-state=\
established,related
add chain=forward comment="default configuration" connection-state=\
established,related
add chain=input comment=VPN dst-port=1723 protocol=tcp
add chain=input comment=GREVPN protocol=gre
add action=drop chain=forward dst-port=3389 in-interface=ether1-gateway \
protocol=tcp
add action=drop chain=input comment="default configuration" in-interface=\
ether1-gateway
add action=drop chain=forward comment="default configuration" \
connection-nat-state=!dstnat connection-state=new in-interface=\
ether1-gateway
/ip firewall nat
add action=masquerade chain=srcnat comment=MASCUERADING out-interface=\
ether1-gateway
add action=dst-nat chain=dstnat comment=RDP dst-port=55887 in-interface=\
ether1-gateway protocol=tcp to-addresses=192.168.4.2 to-ports=55887
add action=dst-nat chain=dstnat comment=RADMIN dst-port=10883 in-interface=\
ether1-gateway protocol=tcp to-addresses=192.168.4.2 to-ports=10883
add action=dst-nat chain=dstnat comment=AGENT dst-port=5555-5558 \
in-interface=ether1-gateway protocol=tcp to-addresses=192.168.4.2 \
to-ports=0-65535
add action=dst-nat chain=dstnat comment=RAD dst-port=4899 in-interface=\
ether1-gateway protocol=tcp to-addresses=192.168.4.1 to-ports=4899
add action=dst-nat chain=dstnat comment=SSH dst-port=55522 in-interface=\
ether1-gateway protocol=tcp to-addresses=192.168.4.245 to-ports=55522
add action=dst-nat chain=dstnat comment=RDP2 dst-port=55588 in-interface=\
ether1-gateway protocol=tcp to-addresses=192.168.4.3 to-ports=55588
add action=dst-nat chain=dstnat comment=WINBOX dst-port=8291 in-interface=\
ether1-gateway protocol=tcp to-addresses=192.168.4.245 to-ports=8291
/ip route
add distance=1 gateway=37.112.63.254
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www address=192.168.4.0/24 disabled=yes port=50580
set ssh disabled=yes port=55522
set api disabled=yes
set api-ssl disabled=yes
/ip upnp
set enabled=yes
/ppp secret
add local-address=192.168.4.245 name=name5 password=pass3 \
remote-address=192.168.4.10 service=pptp
/system clock
set time-zone-name=Europe/Moscow
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=bridge-local
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=bridge-local
/tool traffic-monitor
add interface=bridge-local name=tmon1 threshold=0