Несколько дней назад пришёл долгожданный RB2011UiAS-RM и только вчера пришёл SFP модуль. Сегодня всё настроил, всё лишнее отключил и получил WAN(SFP) <=> LAN максимум RX|TX: 100|130 Мб\с, хотя заявленная производительность в разы выше. Со стороны провайдера оптика воткнута в такой-же SFP.
Я что-то не достроил\перестроил? Задача получить, как минимум скорость 300|300 Мб\с.
Код: Выделить всё
[Dragon_Knight@MikroTik RB2011UiAS-RM] > export
# mar/06/2014 19:11:23 by RouterOS 6.10
# software id = 1THB-D0RS
#
/interface bridge
add arp=proxy-arp l2mtu=1598 name=LAN-BRIDGE
/interface ethernet
set [ find default-name=ether1 ] name=GLAN-1
set [ find default-name=ether2 ] name=GLAN-2
set [ find default-name=ether3 ] name=GLAN-3
set [ find default-name=ether4 ] name=GLAN-4
set [ find default-name=ether5 ] name=GLAN-5
set [ find default-name=ether6 ] name=LAN-6
set [ find default-name=ether7 ] name=LAN-7
set [ find default-name=ether8 ] name=LAN-8
set [ find default-name=ether9 ] name=LAN-9
set [ find default-name=ether10 ] name=LAN-10 poe-out=off
set [ find default-name=sfp1 ] arp=disabled name=SFP
/ip neighbor discovery
set SFP discover=no
/ip pool
add name=POOL-LAN ranges=10.0.0.100-10.0.0.199
add name=POOL-PPTP ranges=10.0.0.200-10.0.0.209
add name=POOL-L2TP ranges=10.0.0.210-10.0.0.219
/ip dhcp-server
add add-arp=yes address-pool=POOL-LAN always-broadcast=yes disabled=no interface=LAN-BRIDGE lease-time=1w name=DHCP-LAN
/port
set 0 name=serial0
/ppp profile
add change-tcp-mss=yes name=PPPoE-ISP only-one=yes use-compression=yes use-encryption=yes use-mpls=no use-vj-compression=yes
add bridge=LAN-BRIDGE change-tcp-mss=yes local-address=10.0.0.2 name=PPTP-SERVER only-one=no remote-address=POOL-PPTP use-compression=yes use-encryption=required use-mpls=no use-vj-compression=yes
add bridge=LAN-BRIDGE change-tcp-mss=yes local-address=10.0.0.2 name=L2TP-SERVER only-one=no remote-address=POOL-L2TP use-compression=yes use-encryption=required use-mpls=no use-vj-compression=yes
/interface pppoe-client
add ac-name="" add-default-route=yes allow=pap,chap,mschap1,mschap2 default-route-distance=1 dial-on-demand=no disabled=no interface=SFP keepalive-timeout=60 max-mru=1492 max-mtu=1492 mrru=disabled name=WAN-PPPoE password=*** profile=PPPoE-ISP service-name="" use-peer-dns=yes user=****
/queue simple
add burst-limit=5M/5M burst-threshold=1M/1M burst-time=2s/2s limit-at=3M/3M max-limit=3M/3M name="Neighbor: Andrey" queue=ethernet-default/ethernet-default target=10.0.0.100/32 total-queue=ethernet-default
add burst-limit=5M/5M burst-threshold=1M/1M burst-time=2s/2s limit-at=3M/3M max-limit=3M/3M name="Neighbor: Ferdinand" queue=ethernet-default/ethernet-default target=10.0.0.101/32 total-queue=ethernet-default
/interface bridge port
add bridge=LAN-BRIDGE interface=GLAN-1
add bridge=LAN-BRIDGE interface=GLAN-2
add bridge=LAN-BRIDGE interface=GLAN-3
add bridge=LAN-BRIDGE interface=GLAN-4
add bridge=LAN-BRIDGE interface=GLAN-5
add bridge=LAN-BRIDGE interface=LAN-6
add bridge=LAN-BRIDGE interface=LAN-7
add bridge=LAN-BRIDGE interface=LAN-8
add bridge=LAN-BRIDGE interface=LAN-9
add bridge=LAN-BRIDGE interface=LAN-10
/interface l2tp-server server
set default-profile=L2TP-SERVER enabled=yes
/interface pptp-server server
set default-profile=PPTP-SERVER enabled=yes
/ip address
add address=10.0.0.1/24 interface=LAN-BRIDGE network=10.0.0.0
/ip dhcp-server network
add address=10.0.0.0/24 dns-server=10.0.0.1 gateway=10.0.0.1 netmask=24
/ip dns
set allow-remote-requests=yes cache-size=5120KiB
/ip firewall connection tracking
set enabled=yes
/ip settings
set tcp-syncookies=yes
/ip firewall filter
add action=drop chain=input comment="Drop invalid connections" connection-state=invalid
add action=drop chain=forward comment="Drop invalid connections" connection-state=invalid
add action=drop chain=forward comment="Deny for 4GAME" disabled=yes dst-address-list=IP_4GAME random=1 time=1h28m19s-10h28m19s,sun,mon,tue,wed,thu,fri,sat
add action=drop chain=forward comment="Deny for 4GAME" disabled=yes random=1 src-address-list=IP_4GAME time=1h28m19s-10h28m19s,sun,mon,tue,wed,thu,fri,sat
add action=drop chain=input comment="\C1\EB\EE\F7\E8\EC \E4\EE\F1\F2\F3\EF \EA DNS" dst-port=53 in-interface=WAN-PPPoE protocol=udp
add action=drop chain=input comment="\C1\EB\EE\F7\E8\EC \E4\EE\F1\F2\F3\EF \EA DNS" dst-port=53 in-interface=WAN-PPPoE protocol=tcp
add action=jump chain=forward comment="[OFF|ON] SYN Flood protect" connection-state=new jump-target=SYN-Protect protocol=tcp tcp-flags=syn
add chain=SYN-Protect comment="SYN Flood protect" connection-state=new limit=400,5 protocol=tcp tcp-flags=syn
add action=drop chain=SYN-Protect comment="SYN Flood protect" connection-state=new protocol=tcp tcp-flags=syn
add action=drop chain=forward comment="HTTP(S) DoS protect" src-address-list="DoS-HTTP(S)"
add action=add-src-to-address-list address-list="DoS-HTTP(S)" chain=forward comment="HTTP DoS detect" connection-limit=32,32 dst-port=80 in-interface=WAN-PPPoE protocol=tcp
add action=add-src-to-address-list address-list="DoS-HTTP(S)" chain=forward comment="HTTPS DoS detect" connection-limit=32,32 dst-port=443 in-interface=WAN-PPPoE protocol=tcp
add action=drop chain=forward comment="\C4\F0\EE\EF\E0\E5\EC \F2\F0\E0\F4\E8\EA \F1 !DHCP-Lease" in-interface=LAN-BRIDGE src-address-list=!DHCP-Lease
add action=drop chain=forward comment="\C4\F0\EE\EF\E0\E5\EC \F2\F0\E0\F4\E8\EA \F1 !DHCP-Lease" dst-address-list=!DHCP-Lease in-interface=WAN-PPPoE
add chain=forward comment="Allow all for all (in)" in-interface=LAN-BRIDGE
add chain=forward comment="Allow all for all (out)" out-interface=LAN-BRIDGE
add action=log chain=forward comment="LOG Drop all" log-prefix=drop
add action=drop chain=forward comment="Drop all"
/ip firewall nat
add action=masquerade chain=srcnat out-interface=WAN-PPPoE
add action=masquerade chain=srcnat out-interface=LAN-BRIDGE src-address=10.0.0.5
add action=masquerade chain=srcnat out-interface=LAN-BRIDGE src-address=10.0.0.11
add action=masquerade chain=srcnat out-interface=LAN-BRIDGE src-address=10.0.0.12
add action=masquerade chain=srcnat out-interface=LAN-BRIDGE src-address=10.0.0.13
add action=masquerade chain=srcnat out-interface=LAN-BRIDGE src-address=10.0.0.20-10.0.0.254
add action=dst-nat chain=dstnat comment="To FTP Server" dst-address=***.***.***.*** dst-port=21 protocol=tcp to-addresses=10.0.0.10 to-ports=21
add action=dst-nat chain=dstnat comment="To HTTP Server" dst-address=***.***.***.*** dst-port=80 protocol=tcp to-addresses=10.0.0.10 to-ports=80
add action=dst-nat chain=dstnat comment="To HTTPS Server" dst-address=***.***.***.*** dst-port=443 protocol=tcp to-addresses=10.0.0.10 to-ports=443
add action=dst-nat chain=dstnat comment="To Icecast2 Server" dst-address=***.***.***.*** dst-port=8000 protocol=tcp to-addresses=10.0.0.11 to-ports=8000
add action=dst-nat chain=dstnat comment="To Minecraft (HTTP) Server" dst-address=***.***.***.*** dst-port=8080 protocol=tcp to-addresses=10.0.0.11 to-ports=80
add action=dst-nat chain=dstnat comment="To Minecraft (MAP) Server" dst-address=***.***.***.*** dst-port=8123 protocol=tcp to-addresses=10.0.0.11 to-ports=8123
add action=dst-nat chain=dstnat comment="To Minecraft Server" dst-address=***.***.***.*** dst-port=25565 protocol=tcp to-addresses=10.0.0.11 to-ports=25565
add action=dst-nat chain=dstnat comment="Teamspeak3 Server => INPUT/OUTPUT (voice)" dst-address=***.***.***.*** dst-port=9987 protocol=udp to-addresses=10.0.0.11 to-ports=9987
add action=dst-nat chain=dstnat comment="Teamspeak3 Server => INPUT/OUTPUT (serverquery)" dst-address=***.***.***.*** dst-port=10011 protocol=tcp to-addresses=10.0.0.11 to-ports=10011
add action=dst-nat chain=dstnat comment="Teamspeak3 Server => INPUT/OUTPUT (ftp)" dst-address=***.***.***.*** dst-port=30033 protocol=tcp to-addresses=10.0.0.11 to-ports=30033
add action=dst-nat chain=dstnat comment="To RadioServer, FTP" dst-address=***.***.***.*** dst-port=10021 protocol=tcp to-addresses=10.0.0.12 to-ports=21
add action=dst-nat chain=dstnat comment="To Terraria Server" dst-address=***.***.***.*** dst-port=7799 protocol=tcp to-addresses=10.0.0.14 to-ports=7799
add action=dst-nat chain=dstnat comment="To PtokaX Server" dst-address=***.***.***.*** dst-port=411 protocol=tcp to-addresses=10.0.0.14 to-ports=411
add action=dst-nat chain=dstnat comment="To PtokaX Server" dst-address=***.***.***.*** dst-port=1209 protocol=tcp to-addresses=10.0.0.14 to-ports=1209
add action=dst-nat chain=dstnat comment="To GTA SA:MP Server" dst-address=***.***.***.*** dst-port=7777 protocol=udp to-addresses=10.0.0.20 to-ports=7777
add action=dst-nat chain=dstnat comment=EchoLink dst-address=***.***.***.*** dst-port=5198 protocol=udp to-addresses=10.0.0.20 to-ports=5198
add action=dst-nat chain=dstnat comment=EchoLink dst-address=***.***.***.*** dst-port=5199 protocol=udp to-addresses=10.0.0.20 to-ports=5199
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www address=10.0.0.0/24 port=12345
set ssh disabled=yes
set api disabled=yes
set winbox address=10.0.0.0/24
set api-ssl disabled=yes
/ip upnp
set allow-disable-external-interface=no enabled=yes
/ip upnp interfaces
add interface=WAN-PPPoE type=external
add interface=LAN-BRIDGE type=internal
/lcd
set color-scheme=light default-screen=stats-all enabled=no touch-screen=disabled
/lcd interface
add interface=SFP
add interface=GLAN-1
add interface=GLAN-2
add interface=GLAN-3
add interface=GLAN-4
add interface=GLAN-5
add interface=LAN-6
add interface=LAN-7
add interface=LAN-8
add interface=LAN-9
add interface=LAN-10
/lcd interface pages
add interfaces=SFP,GLAN-1,GLAN-2,GLAN-3,GLAN-4,GLAN-5,LAN-6,LAN-7,LAN-8,LAN-9,LAN-10
/snmp
set enabled=yes trap-community=public
/system clock
set time-zone-name=Europe/Moscow
/system identity
set name="MikroTik RB2011UiAS-RM"
/system ntp client
set enabled=yes mode=unicast primary-ntp=85.114.26.194
/system routerboard settings
set boot-delay=1s boot-device=nand-only cpu-frequency=750MHz enter-setup-on=delete-key