Well, there's a problem.
problem
A. The Internet measurement site takes a normal download speed of 470M to 500M, but upload speed is only 0.3M to 1M.
My network diagram is "inter vlan image: inter vlan." Please look at the image.
** Structure vlan **
MGMT-VLAN = 200.168.10.0/24 [ VLAN - IDS = 100 ]
SUPERMICRO-VLAN = 200.168.20.0/24 [ VLAN - IDS = 20 ]
IBM-VLAN = 200.168.30.0/24 [ VLAN - IDS = 30 ]
A. Router's eth 1 is a WAN port that receives a DHCP address from the ISP company.
B. eth2 on the router and LAN1 on the switch are trunk ports.
C. ROUTER eth 3 - eth 13 = vlan 100 MGMT,
SWITCH LAN2-4 = vlan 100 MGMT,
LAN 5 - LAN 8, LAN13,LAN14 = VLAN 20 SUPERMICRO,
LAN 9 - LAN 12, LAN15, 16LAN, 17 = VLAN 30 IBM VLAN
ROUTER configure
Code: Select all
##########
# Naming #
##########
# name the device being configured
[cskisa@Router] >/system identity set name=”Router”
#################
# VLAN OverView #
#################
# 100 = MGMT VLAN [ 200.168.10.0/24 ]
# 20 = SUPERMICRO VLAN [ 200.168.20.0/24 ]
# 30 = IBM VLAN [ 200.168.30.0/24 ]
##########
# Bridge #
##########
# Create one bridge, set VLAN mode off while we configure
[cskisa@Router] >/interface bridge add name=BR1 protocol-mode=none vlan-filtering=no
###############
# Trunk Ports #
###############
# ingress behavior
[cskisa@Router] >/interface bridge port
# Purple Trunk. Leave pvid set to default of 1
[cskisa@Router] >/interface bridge port add bridge=BR1 interface=eth2
[cskisa@Router] >/interface bridge port add bridge=BR1 interface=eth3
[cskisa@Router] >/interface bridge port add bridge=BR1 interface=eth4
[cskisa@Router] >/interface bridge port add bridge=BR1 interface=eth5
[cskisa@Router] >/interface bridge port add bridge=BR1 interface=eth6
[cskisa@Router] >/interface bridge port add bridge=BR1 interface=eth7
[cskisa@Router] >/interface bridge port add bridge=BR1 interface=eth8
[cskisa@Router] >/interface bridge port add bridge=BR1 interface=eth9
[cskisa@Router] >/interface bridge port add bridge=BR1 interface=eth10
[cskisa@Router] >/interface bridge port add bridge=BR1 interface=eth11
[cskisa@Router] >/interface bridge port add bridge=BR1 interface=eth12
[cskisa@Router] >/interface bridge port add bridge=BR1 interface=eth13
# egress behavior
[cskisa@Router] >/interface bridge vlan
# Purple Trunk. These need IP Service [ L3 ], so add Bridge as member
[cskisa@Router] >/interface bridge vlan add bridge=BR1 tagged=BR1,eth2 vlan-ids=20
[cskisa@Router] >/interface bridge vlan add bridge=BR1 tagged=BR1,eth2 vlan-ids=30
[cskisa@Router] >/interface bridge vlan add bridge=BR1 tagged=BR1,eth2,eth3,eth4,eth5,eth6,eth7,eth8,eth9,eth10,eth11,eth12,eth13 vlan-ids=100
###########################
# IP Addressing & Routing #
###########################
# LAN facing router’s IP address on the MGMT-VLAN
[cskisa@Router] >/interface vlan add interface=BR1 name=MGMT-VLAN vlan-id=100
[cskisa@Router] >/ip address add address=200.168.10.1/24 interface=MGMT-VLAN
# DNS server [ QUAD9 DNS ] ,set to cache for LAN
[cskisa@Router] >/ip dns set allow-remote-requests=yes servers=”9.9.9.9”
# ISP to eth interface DHCP setup
[cskisa@Router] >/ip dhcp-client add interface=eth1
# eth1 DHCP Client enable
[cskisa@Router] >/ip dhcp-client enable 0
# SUPERMICRO VLAN interface creation, IP assignment, and DHCP service
[cskisa@Router] >/interface vlan add interface=BR1 name=SUPERMICRO-VLAN vlan-id=20
[cskisa@Router] >/ip address add interface=SUPERMICRO-VLAN address=200.168.20.1/24
[cskisa@Router] >/ip pool add name=SUPERMICRO-POOL ranges=200.168.20.2-200.168.20.254
[cskisa@Router] >/ip dhcp-server add address-pool=SUPERMICRO-POOL interface=SUPERMICRO-VLAN name=SUPERMICRO-DHCP disabled=no
[cskisa@Router] >/ip dhcp-server network add address=200.168.20.0/24 dns-server=200.168.10.1 gateway=200.168.20.1
# IBM VLAN interface creation, IP assignment, and DHCP service
[cskisa@Router] >/interface vlan add interface=BR1 name=IBM-VLAN vlan-id=30
[cskisa@Router] >/ip address add interface=IBM-VLAN address=200.168.30.1/24
[cskisa@Router] >/ip pool add name=IBM-POOL ranges=200.168.30.2-200.168.30.254
[cskisa@Router] >/ip dhcp-server add address-pool=IBM-POOL interface=IBM-VLAN name=IBM-DHCP disabled=no
[cskisa@Router] >/ip dhcp-server network add address=200.168.30.0/24 dns-server=200.168.10.1 gateway=200.168.30.1
# Create a DHCP instance for MGMT-VLAN. Convenience feature for an admin.
[cskisa@Router] >/ip pool add name=MGMT-POOL ranges=200.168.10.10-200.168.10.254
[cskisa@Router] >/ip dhcp-server add address-pool=MGMT-POOL interface=MGMT-VLAN name=MGMT-DHCP disabled=no
[cskisa@Router] >/ip dhcp-server network add address=200.168.10.0/24 dns-server=200.168.10.1 gateway=200.168.10.1
########################################################################
# Firewalling & NAT rule #
# A good firewall for WAN, Up to you about how you want LAN to behave. #
########################################################################
# Use Mikrotik’s “list” feature for easy rule matchmaking.
[cskisa@Router] >/interface list add name=WAN
[cskisa@Router] >/interface list add name=VLAN
[cskisa@Router] >/interface list add name=MGMT
[cskisa@Router] >/interface list member add interface=eth1 list=WAN
[cskisa@Router] >/interface list member add interface=MGMT-VLAN list=VLAN
[cskisa@Router] >/interface list member add interface=SUPERMICRO-VLAN list=VLAN
[cskisa@Router] >/interface list member add interface=IBM-VLAN list=VLAN
[cskisa@Router] >/interface list member add interface=MGMT-VLAN list=MGMT
###############
# INPUT CHAIN #
###############
# VLAN aware firewall. Order is important.
[cskisa@Router] >/ip firewall filter
[cskisa@Router] >/ip firewall filter add chain=input action=accept connection-state=established,related comment=”Allow Estab & Related”
# Allow VLANs to access router services like DNS, Winbox, Naturally, you SHOULD make it more granular.
[cskisa@Router] >/ip firewall filter add chain=input action=accept in-interface-list=VLAN comment=”Allow VLAN”
# Allow MGMT-VLAN full access to the device for Winbox, etc.
[cskisa@Router] >/ip firewall filter add chain=input action=accept in-interface-list=MGMT comment=”Allow MGMT-VLAN Full Access”
[cskisa@Router] >/ip firewall filter add chain=input action=drop comment=”Drop”
# Add rules for VLANs to allow DNS services
[cskisa@Router] >/ip firewall filter add chain=input action=accept in-interface-list=VLAN dst-port=53 protocol=udp connection-state=new
[cskisa@Router] >/ip firewall filter add chain=input action=accept in-interface-list=VLAN dst-port=53 protocol=tcp connection-state=new
# FTP,SSH,Telnet Block access to a drop attacks.
[cskisa@Router] >/ip firewall filter add chain=input action=drop comment=”Drop FTP,SSH,Telnet from inbound” dst-port=21,22,23,137,139,445 protocol=tcp
#################
# FORWARD CHAIN #
#################
[cskisa@Router] >/ip firewall filter add chain=forward action=accept connection-state=established,related comment=”Allow Estab & Related”
# Allow all VLANs to access the Internet only, Not each other
[cskisa@Router] >/ip firewall filter add chain=forward action=accept connection-state=new in-interface-list=VLAN out-interface-list=WAN comment=”VLAN Internet Access only”
[cskisa@Router] >/ip firewall filter add chain=forward action=drop comment=”Drop”
#######
# NAT #
#######
[cskisa@Router] >/ip firewall nat add chain=srcnat action=masquerade out-interface-list=WAN comment=”Default masquerade”
#################
# VLAN Security #
#################
[cskisa@Router] >/interface bridge port set bridge=BR1 interface=eth2 ingress-filtering=yes frame-types=admit-only-vlan-tagged
[cskisa@Router] >/interface bridge port set bridge=BR1 interface=eth3 pvid=100 ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged
[cskisa@Router] >/interface bridge port set bridge=BR1 interface=eth4 pvid=100 ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged
[cskisa@Router] >/interface bridge port set bridge=BR1 interface=eth5 pvid=100 ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged
[cskisa@Router] >/interface bridge port set bridge=BR1 interface=eth6 pvid=100 ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged
[cskisa@Router] >/interface bridge port set bridge=BR1 interface=eth7 pvid=100 ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged
[cskisa@Router] >/interface bridge port set bridge=BR1 interface=eth8 pvid=100 ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged
[cskisa@Router] >/interface bridge port set bridge=BR1 interface=eth9 pvid=100 ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged
[cskisa@Router] >/interface bridge port set bridge=BR1 interface=eth10 pvid=100 ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged
[cskisa@Router] >/interface bridge port set bridge=BR1 interface=eth11 pvid=100 ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged
[cskisa@Router] >/interface bridge port set bridge=BR1 interface=eth12 pvid=100 ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged
[cskisa@Router] >/interface bridge port set bridge=BR1 interface=eth13 pvid=100 ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged
#######################
# MAC Server Settings #
#######################
# Ensure only visibility and availability from MGMT-VLAN, the MGMT network
[cskisa@Router] >/ip neighbor discovery-settings set discover-interface-list=MGMT
[cskisa@Router] >/tool mac-server mac-winbox set allowed-interface-list=MGMT
[cskisa@Router] >/tool mac-server set allowed-interface-list=MGMT
#####################
# Turn on VLAN mode #
#####################
[cskisa@Router] >/interface bridge set BR1 vlan-filtering=yesSwitch configure
Code: Select all
##########
# Naming #
##########
# name the device being configured
[cskisa@Switch] >/system identity set name=”Switch”
###############
# INPUT CHAIN #
###############
# firewall. Order is important.
[cskisa@Switch] >/ip firewall filter
# FTP,SSH,Telnet Block access to a drop attacks.
[cskisa@Switch] >/ip firewall filter add chain=input action=input comment=”Drop,SSH,Telnet from inbound” dst-port=21,22,23,137,139,445 protocol=tcp
###############
# DNS Setting #
###############
[cskisa@Switch] >/ip dns set allow-remote-requests=yes servers=”9.9.9.9”
#################
# VLAN OverView #
#################
# 100 = MGMT VLAN [ 200.168.10.0/24 ]
# 20 = SUPERMICRO VLAN [ 200.168.20.0/24 ]
# 30 = IBM VLAN [ 200.168.30.0/24 ]
##########
# Bridge #
##########
# create one bridge, set VLAN mode off while we configure
[cskisa@Switch] >/interface bridge add name=BR1 protocol-mode=none vlan-filtering=no
###############
# ACCESS Port #
###############
# ingress behavior
[cskisa@Switch] >/interface bridge port
# MGMT VLAN
[cskisa@Switch] >/interface bridge port add bridge=BR1 interface=LAN2 pvid=100
[cskisa@Switch] >/interface bridge port add bridge=BR1 interface=LAN3 pvid=100
[cskisa@Switch] >/interface bridge port add bridge=BR1 interface=LAN4 pvid=100
# SUPERMICRO VLAN
[cskisa@Switch] >/interface bridge port add bridge=BR1 interface=LAN5 pvid=20
[cskisa@Switch] >/interface bridge port add bridge=BR1 interface=LAN6 pvid=20
[cskisa@Switch] >/interface bridge port add bridge=BR1 interface=LAN7 pvid=20
[cskisa@Switch] >/interface bridge port add bridge=BR1 interface=LAN8 pvid=20
[cskisa@Switch] >/interface bridge port add bridge=BR1 interface=LAN13 pvid=20
[cskisa@Switch] >/interface bridge port add bridge=BR1 interface=LAN14 pvid=20
# IBM VLAN
[cskisa@Switch] >/interface bridge port add bridge=BR1 interface=LAN9 pvid=30
[cskisa@Switch] >/interface bridge port add bridge=BR1 interface=LAN10 pvid=30
[cskisa@Switch] >/interface bridge port add bridge=BR1 interface=LAN11 pvid=30
[cskisa@Switch] >/interface bridge port add bridge=BR1 interface=LAN12 pvid=30
[cskisa@Switch] >/interface bridge port add bridge=BR1 interface=LAN15 pvid=30
[cskisa@Switch] >/interface bridge port add bridge=BR1 interface=LAN16 pvid=30
[cskisa@Switch] >/interface bridge port add bridge=BR1 interface=LAN17 pvid=30
# engress behavior
[cskisa@Switch] >/interface bridge vlan
# IBM, SUPERMICRO VLAN
[cskisa@Switch] >/interface bridge vlan add bridge=BR1 untagged=LAN5,LAN6,LAN7,LAN8,LAN13,LAN14 vlan-ids=20
[cskisa@Switch] >/interface bridge vlan add bridge=BR1 untagged=LAN9,LAN10,LAN11,LAN12,LAN15,LAN16 vlan-ids=30
[cskisa@Switch] >/interface bridge vlan add bridge=BR1 untagged=LAN2,LAN3,LAN4 vlan-ids=100
###############
# Trunk Ports #
###############
# egress behavior
[cskisa@Switch] >/interface bridge port
# Purple Trunk. Leave pvid set to default of 1
[cskisa@Switch] >/interface bridge port add bridge=BR1 interface=LAN1
# engress behavior
[cskisa@Switch] >/interface bridge vlan
# Purple Trunk. L2 switching only, Bridge not needed as tagged member [ except MGMT-VLAN ]
[cskisa@Switch] >/interface bridge vlan set bridge=BR1 tagged=BR1,LAN1 untagged=LAN5,LAN6,LAN7,LAN8,LAN13,LAN14 vlan-ids=20
[cskisa@Switch] >/interface bridge vlan set bridge=BR1 tagged=BR1,LAN1 untagged=LAN9,LAN10,LAN11,LAN12,LAN15,LAN16,LAN17 vlan-ids=30
[cskisa@Switch] >/interface bridge vlan set bridge=BR1 tagged=BR1,LAN1 untagged=LAN2,LAN3,LAN4 vlan-ids=100
###########################
# IP Addressing & Routing #
###########################
# LAN facing Switch’s IP address on a MGMT-LAN
[cskisa@Switch] >/interface vlan qdd interface=BR1 name=MGMT-VLAN vlan-id=100
[cskisa@Switch] >/ip address add address=200.168.10.2/24 interface=MGMT-VLAN
# The Router’s IP this switch will use
[cskisa@Switch] >/ip route add distance=1 gateway=200.168.10.1
#################
# VLAN Security #
#################
# Only allow ingress packets without tags on ACCESS ports
[cskisa@Switch] >/interface bridge port set bridge=BR1 interface=LAN2 pvid=100 ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged
[cskisa@Switch] >/interface bridge port set bridge=BR1 interface=LAN3 pvid=100 ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged
[cskisa@Switch] >/interface bridge port set bridge=BR1 interface=LAN4 pvid=100 ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged
[cskisa@Switch] >/interface bridge port set bridge=BR1 interface=LAN5 pvid=20 ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged
[cskisa@Switch] >/interface bridge port set bridge=BR1 interface=LAN6 pvid=20 ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged
[cskisa@Switch] >/interface bridge port set bridge=BR1 interface=LAN7 pvid=20 ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged
[cskisa@Switch] >/interface bridge port set bridge=BR1 interface=LAN8 pvid=20 ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged
[cskisa@Switch] >/interface bridge port set bridge=BR1 interface=LAN13 pvid=20 ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged
[cskisa@Switch] >/interface bridge port set bridge=BR1 interface=LAN14 pvid=20 ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged
[cskisa@Switch] >/interface bridge port set bridge=BR1 interface=LAN9 pvid=30 ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged
[cskisa@Switch] >/interface bridge port set bridge=BR1 interface=LAN10 pvid=30 ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged
[cskisa@Switch] >/interface bridge port set bridge=BR1 interface=LAN11 pvid=30 ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged
[cskisa@Switch] >/interface bridge port set bridge=BR1 interface=LAN12 pvid=30 ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged
[cskisa@Switch] >/interface bridge port set bridge=BR1 interface=LAN15 pvid=30 ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged
[cskisa@Switch] >/interface bridge port set bridge=BR1 interface=LAN16 pvid=30 ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged
[cskisa@Switch] >/interface bridge port set bridge=BR1 interface=LAN17 pvid=30 ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged
# Only allow ingress packets With tags on Trunk Ports
[cskisa@Switch] >/interface bridge port set bridge=BR1 interface=LAN1 ingress-filtering=yes frame-types=admit-only-vlan-tagged
#######################
# MAC Server Settings #
#######################
# Ensure only visibility and availability from MGMT-VLAN, the MGMT network
[cskisa@Switch] >/interface list add name=MGMT
[cskisa@Switch] >/interface list member add interface=MGMT-VLAN list=MGMT
[cskisa@Switch] >/ip neighbor discovery-settings set discover-interface-list=MGMT
[cskisa@Switch] >/tool mac-server mac-winbox set allowed-interface-list=MGMT
[cskisa@Switch] >/tool mac-server set allowed-interface-list=MGMT
#####################
# Turn on VLAN mode #
#####################
[cskisa@Switch] >/interface bridge set BR1 vlan-filtering=yesA. Ping is successful from Google dns [8.8.8.8 ] and Quad 9 DNS [9.9.9 ].
B. The Internet is also good.
C. But I can feel the Internet bumbling when I not set up the Quick Set.
I think this is a problem before "FAST TRACK" was established. I have not set up MTU yet
Help me get the upload speed.
