I've tried:
- Flow Control
- Pinning the interface speed to the 10G SR LR for the sfp on the uplink wan port
- Fast Track Rules
... all zero effect.
Oddly, also, this doesn't seem to affect wireless clients. Only wired ones. WTF?
Code: Select all
/interface bridge
add name=bridge1 port-cost-mode=short
/interface ethernet
set [ find default-name=sfp-sfpplus1 ] auto-negotiation=no rx-flow-control=on \
speed=10G-baseSR-LR tx-flow-control=on
/interface list
add name=WAN
add name=LAN
/interface wifi channel
add band=5ghz-ax disabled=no name="Hector Channels"
add band=2ghz-ax disabled=no name="Florry Channels" width=20mhz
/interface wifi datapath
add bridge=bridge1 disabled=no name="FDCP Datapath"
/interface wifi security
add authentication-types=wpa2-psk,wpa3-psk disable-pmkid=yes disabled=no ft=\
yes ft-over-ds=yes group-encryption=ccmp group-key-update=1h name=\
"FDCP Security" wps=disable
/interface wifi steering
add disabled=no name="Hector Steering" neighbor-group=dynamic-Hector-5518dcee \
rrm=yes wnm=yes
add disabled=no name="Florry Steering" neighbor-group=dynamic-Florry-5518dcee \
rrm=yes wnm=yes
/interface wifi configuration
add channel="Hector Channels" country="United States" datapath=\
"FDCP Datapath" disabled=no name="Hector 5GHz" security="FDCP Security" \
security.ft=yes .ft-over-ds=yes ssid=Hector steering="Hector Steering" \
tx-power=15
add channel="Florry Channels" datapath="FDCP Datapath" disabled=no name=\
"Florry 2GHz" security="FDCP Security" security.ft=yes .ft-over-ds=yes \
ssid=Florry steering="Florry Steering" tx-power=15
/ip pool
add name=dhcp_pool0 ranges=10.62.14.128-10.62.14.190
/ip dhcp-server
add address-pool=dhcp_pool0 interface=bridge1 lease-time=1w1d name=dhcp1
/ip smb users
set [ find default=yes ] disabled=yes
/port
set 0 name=serial0
/system logging action
add email-to=noc@nnix.com name=email target=email
/zerotier
set zt1 comment="ZeroTier Central controller - https://my.zerotier.com/" \
disabled=yes disabled=yes name=zt1 port=9993
/interface bridge port
add bridge=bridge1 comment="csw1 uplink" interface=sfp-sfpplus12 \
internal-path-cost=10 path-cost=10
add bridge=bridge1 comment="gets all the wifi interfaces" interface=dynamic
/ip firewall connection tracking
set udp-timeout=10s
/ip neighbor discovery-settings
set discover-interface-list=all lldp-med-net-policy-vlan=1
/ipv6 settings
set disable-ipv6=yes
/interface detect-internet
set detect-interface-list=all
/interface list member
add interface=sfp-sfpplus1 list=WAN
add interface=bridge1 list=LAN
/interface wifi capsman
set ca-certificate=auto enabled=yes interfaces=bridge1 package-path="" \
require-peer-certificate=no upgrade-policy=require-same-version
/interface wifi provisioning
add action=create-dynamic-enabled disabled=no master-configuration=\
"Hector 5GHz" radio-mac=48:A9:8A:CA:18:22
add action=create-dynamic-enabled disabled=no master-configuration=\
"Hector 5GHz" radio-mac=D4:01:C3:67:EA:76
add action=create-dynamic-enabled disabled=no master-configuration=\
"Florry 2GHz" radio-mac=48:A9:8A:CA:18:23
add action=create-dynamic-enabled disabled=no master-configuration=\
"Florry 2GHz" radio-mac=48:A9:8A:C7:94:81
add action=create-dynamic-enabled disabled=no master-configuration=\
"Florry 2GHz" radio-mac=D4:01:C3:67:EA:77
add action=create-dynamic-enabled disabled=no master-configuration=\
"Hector 5GHz" radio-mac=48:A9:8A:C7:94:80
add action=create-dynamic-enabled disabled=no master-configuration=\
"Florry 2GHz" radio-mac=F4:1E:57:04:B5:4C
add action=create-dynamic-enabled disabled=no master-configuration=\
"Hector 5GHz" radio-mac=F4:1E:57:04:B5:4D
/ip address
add address=10.62.14.1/24 comment="fernditch.com LAN range" interface=bridge1 \
network=10.62.14.0
/ip arp
add address=10.62.14.42 interface=bridge1 mac-address=98:06:3C:24:AB:C9
/ip cloud
set ddns-enabled=yes ddns-update-interval=20m
/ip dhcp-client
add interface=sfp-sfpplus1 use-peer-dns=no use-peer-ntp=no
/ip dhcp-server network
add address=10.62.14.0/24 dns-server=94.140.14.49,94.140.14.59 domain=\
fernditch.com gateway=10.62.14.1 ntp-server=10.62.14.1
/ip dns
set cache-size=4096KiB servers=94.140.14.49,94.140.14.59
/ip firewall filter
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related hw-offload=yes
add action=accept chain=forward connection-state=established,related
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN
/ip ipsec profile
set [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www address=10.0.0.0/8 disabled=yes
set ssh address=10.0.0.0/8
set api address=10.0.0.0/8 disabled=yes
set winbox address=10.0.0.0/8
set api-ssl address=10.0.0.0/8 disabled=yes
/ip smb shares
set [ find default=yes ] directory=/pub
/system clock
set time-zone-autodetect=no time-zone-name=America/New_York
/system identity
set name=rtr1
/system logging
add action=email topics=critical,warning,account
add topics=wireless
/system note
set show-at-login=no
/system ntp client
set enabled=yes
/system ntp server
set enabled=yes
/system ntp client servers
add address=0.pool.ntp.org
add address=1.pool.ntp.org
add address=2.pool.ntp.org
/system routerboard settings
set enter-setup-on=delete-key