Looking for help with some packet loss issue I am experience. I don't think I experienced it previously so it is a new issue.
Situation
- Getting <= 1% packet loss when pinging from devices (e.g. 192.168.1.100) to router IP (192.168.1.1)
- Tried isolating the problem and it seems to be happening on Interface port 2 - 5 (Port 1 is WAN); No packet loss on port 6-10
--- Troubleshooted by trying different devices with different cable on different ports to find commonality
Relevant Configuration Details
- Hardware: RB2011UiAS-2HnD-IN
- ether2 to ether10 is connected to bridge-local
- RouterOS 6.48.2
Stats
CPU Load: 10 - 20%
Tx/Rx Drops: 0
Tx/Rx Errors: 0
Troubleshooting steps
- restarted router
- updated to latest version
- detect-interface-list: none
- bridge protocol mode: rtsp
- does not seem to be load specific (packet loss does not increase/decrease with a speed test, etc.)
- Packet drop % does seem to vary (sometimes 5 packet in an hour vs 5 packet in a min; dont know what is causing it)
I am bit loss on how to further troubleshoot the issue. Any guidance is appreciated
Re: Packet Loss on Router Ping
Is this all based on the assumption of perfection and security of the cable and device used to ping?
You write all this, but simply put an /export on forum, instead to write what you suppose to have done,
for check for errors and control if you really have done on configuration what you have writed.
You write all this, but simply put an /export on forum, instead to write what you suppose to have done,
for check for errors and control if you really have done on configuration what you have writed.
Re: Packet Loss on Router Ping
To your first point, this is my logic to check that it is not a cable, device or switch issue.
See network diagram
PC-1 to Router (Port 3) - Packet loss
PC-2 to Router (Port 3) - Packet loss
PC-2 to PC-1 - No packet loss
PC-3 to Router (Port 2) - Packet loss
Raspberry Pi to Router (Port 4) - Packet loss
Raspberry Pi to Router (Port 6) - No Packet loss
I think it shouldnt be a problem with my devices or cables.
Here is my config:
See network diagram
PC-1 to Router (Port 3) - Packet loss
PC-2 to Router (Port 3) - Packet loss
PC-2 to PC-1 - No packet loss
PC-3 to Router (Port 2) - Packet loss
Raspberry Pi to Router (Port 4) - Packet loss
Raspberry Pi to Router (Port 6) - No Packet loss
I think it shouldnt be a problem with my devices or cables.
Here is my config:
Code: Select all
# may/17/2021 18:35:33 by RouterOS 6.48.2
# software id = 1G6Y-0ST1
#
# model = 2011UiAS-2HnD
# serial number = 4674041FXXXX
/interface bridge
add fast-forward=no mtu=1500 name=bridge-hotspot
add admin-mac=4C:5E:0C:40:XX:XX auto-mac=no fast-forward=no name=bridge-local
/interface ethernet
set [ find default-name=ether1 ] mac-address=F8:32:E4:BD:XX:XX name=ether1-gateway speed=100Mbps
set [ find default-name=ether2 ] speed=100Mbps
set [ find default-name=ether3 ] speed=100Mbps
set [ find default-name=ether4 ] speed=100Mbps
set [ find default-name=ether5 ] speed=100Mbps
set [ find default-name=ether6 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=ether6-master-local
set [ find default-name=ether7 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=ether7-slave-local
set [ find default-name=ether8 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=ether8-slave-local
set [ find default-name=ether9 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=ether9-slave-local
set [ find default-name=ether10 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=ether10-slave-local
/interface wireless
set [ find default-name=wlan1 ] antenna-gain=0 band=2ghz-onlyn channel-width=20/40mhz-Ce country=canada disabled=no distance=indoors frequency=2442 frequency-mode=manual-txpower mode=ap-bridge ssid=Main station-roaming=enabled wireless-protocol=802.11
/interface list
add exclude=dynamic name=discover
add name=mactel
add name=mac-winbox
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" mode=dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key=********* wpa2-pre-shared-key=*********
add authentication-types=wpa2-psk eap-methods="" management-protection=allowed mode=dynamic-keys name=hotspot supplicant-identity="" wpa-pre-shared-key=*********** wpa2-pre-shared-key=***********
/interface wireless
add disabled=no keepalive-frames=disabled mac-address=4E:5E:0C:40:XX:XX master-interface=wlan1 multicast-buffering=disabled name=wlan2 security-profile=hotspot ssid="Main Guest" station-roaming=enabled wds-cost-range=0 wds-default-cost=0
/ip ipsec proposal
set [ find default=yes ] auth-algorithms=sha256
/ip pool
add name=dhcp ranges=192.168.1.10-192.168.1.254
add name=dhcp_hotspot ranges=192.168.2.10-192.168.2.254
add name=dhcp_vpn ranges=1.1.1.253
/ip dhcp-server
add address-pool=dhcp authoritative=after-2sec-delay disabled=no interface=bridge-local lease-time=3d name=dhcp src-address=192.168.1.1
add address-pool=dhcp_hotspot authoritative=after-2sec-delay disabled=no interface=bridge-hotspot lease-time=1d name=dhcp_hotspot
/ppp profile
add dns-server=192.168.1.1,8.8.8.8 local-address=1.1.1.252 name=ovpn_profile remote-address=dhcp_vpn use-encryption=required
/interface ovpn-client
add certificate=someusername.vpn.somedomain.com cipher=aes256 connect-to=174.6.XXX.XXX disabled=yes mac-address=02:CD:DB:23:XX:XX name=ovpn-out1 password=somepasswordhere profile=ovpn_profile user=someusernamehere
/queue type
set 0 pfifo-limit=10000
/snmp community
set [ find default=yes ] addresses=0.0.0.0/0
/user group
add name=file-copy policy=ssh,ftp,write,sensitive,!local,!telnet,!reboot,!read,!policy,!test,!winbox,!password,!web,!sniff,!api,!romon,!dude,!tikapp
/interface bridge filter
add action=drop chain=forward in-interface=wlan2
add action=drop chain=forward out-interface=wlan2
/interface bridge port
add bridge=bridge-local interface=ether2
add bridge=bridge-local interface=ether3
add bridge=bridge-local interface=ether4
add bridge=bridge-local interface=ether5
add bridge=bridge-local interface=ether6-master-local
add bridge=bridge-local interface=wlan1
add bridge=bridge-hotspot interface=wlan2
add bridge=bridge-local interface=ether7-slave-local
add bridge=bridge-local interface=ether8-slave-local
add bridge=bridge-local interface=ether9-slave-local
add bridge=bridge-local interface=ether10-slave-local
/ip neighbor discovery-settings
set discover-interface-list=discover
/interface l2tp-server server
set authentication=mschap2 enabled=yes ipsec-secret=someipsecsecrethere max-mru=1500 max-mtu=1500 use-ipsec=required
/interface list member
add interface=sfp1 list=discover
add interface=ether2 list=discover
add interface=ether3 list=discover
add interface=ether4 list=discover
add interface=ether5 list=discover
add interface=ether6-master-local list=discover
add interface=ether7-slave-local list=discover
add interface=ether8-slave-local list=discover
add interface=ether9-slave-local list=discover
add interface=ether10-slave-local list=discover
add interface=wlan1 list=discover
add interface=wlan2 list=discover
add interface=bridge-hotspot list=discover
add list=discover
add interface=ovpn-out1 list=discover
add interface=bridge-local list=discover
add interface=ether2 list=mactel
add interface=ether3 list=mactel
add interface=ether2 list=mac-winbox
add interface=ether4 list=mactel
add interface=ether3 list=mac-winbox
add interface=ether5 list=mactel
add interface=ether4 list=mac-winbox
add interface=ether6-master-local list=mactel
add interface=ether5 list=mac-winbox
add interface=ether6-master-local list=mac-winbox
/interface ovpn-server server
set auth=sha1 certificate=fullchain.pem_0 cipher=aes192,aes256 default-profile=ovpn_profile keepalive-timeout=120 netmask=30
/interface sstp-server server
set authentication=mschap1,mschap2 certificate=sstp_server enabled=yes port=8443
/ip address
add address=192.168.1.1/24 interface=ether2 network=192.168.1.0
add address=192.168.2.1/24 interface=bridge-hotspot network=192.168.2.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add interface=wlan1
add disabled=no interface=ether1-gateway use-peer-dns=no
/ip dhcp-server lease
add address=192.168.1.102 client-id=1:c0:3f:d5:60:XX:XX mac-address=C0:3F:D5:60:XX:XX server=dhcp
add address=192.168.1.254 mac-address=9C:B6:54:18:XX:XX server=dhcp
add address=192.168.1.101 always-broadcast=yes client-id=1:3c:18:a0:2:XX:XX mac-address=3C:18:A0:02:XX:XX server=dhcp
add address=192.168.1.120 client-id=1:e0:3f:49:db:XX:XX mac-address=E0:3F:49:DB:XX:XX server=dhcp
add address=192.168.1.250 mac-address=54:BE:F7:0A:XX:XX server=dhcp
add address=192.168.1.100 always-broadcast=yes client-id=1:f8:32:e4:bd:XX:XX mac-address=F8:32:E4:BD:XX:XX server=dhcp
add address=192.168.1.103 client-id=1:1c:6f:65:33:XX:XX mac-address=1C:6F:65:33:XX:XX server=dhcp
add address=192.168.1.121 client-id=1:f8:63:3f:3f:XX:XX mac-address=F8:63:3F:3F:XX:XX server=dhcp
add address=192.168.1.123 client-id=1:0:21:5c:48:XX:XX mac-address=00:21:5C:48:XX:XX server=dhcp
add address=192.168.1.252 client-id=1:2c:aa:8e:c:XX:XX mac-address=2C:AA:8E:0C:XX:XX server=dhcp
add address=192.168.1.105 client-id=1:0:15:5d:24:XX:XX mac-address=00:15:5D:24:XX:XX server=dhcp
add address=192.168.1.251 client-id=1:b8:27:eb:57:XX:XX mac-address=B8:27:EB:57:XX:XX server=dhcp
add address=192.168.1.253 client-id=1:34:ce:0:d1:XX:XX mac-address=34:CE:00:D1:XX:XX server=dhcp
/ip dhcp-server network
add address=192.168.1.0/24 dns-server=192.168.1.1 domain=Ka gateway=192.168.1.1 netmask=24
add address=192.168.2.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.2.1
/ip dns
set allow-remote-requests=yes servers=1.1.1.1,8.8.8.8,8.8.4.4
/ip dns static
add address=192.168.1.100 name=PC-1.ka ttl=59m59s
add address=192.168.1.101 name=PC-2.ka
add address=192.168.1.103 name=PC-3.ka
add address=192.168.1.120 name=raspberrypi.ka
/ip firewall address-list
add address=444b0105****.sn.mynetname.net comment=444b0105****.sn.mynetname.net list=host_wkk
/ip firewall filter
add action=add-src-to-address-list address-list=port_8800 address-list-timeout=1m30s chain=input comment="port knocking" dst-port=8800 protocol=tcp
add action=add-src-to-address-list address-list=secure address-list-timeout=6h chain=input dst-port=80 protocol=tcp src-address-list=port_8800
add action=accept chain=input comment="VPN rules" dst-port=1701,500,4500 protocol=udp src-address-list=host_wkk
add action=accept chain=input log-prefix=firewall-info protocol=ipsec-esp src-address-list=host_wkk
add action=drop chain=input disabled=yes dst-port=1701,500,4500 protocol=udp
add action=accept chain=forward comment="Hotspot rules" in-interface=bridge-hotspot out-interface=ether1-gateway
add action=drop chain=input in-interface=bridge-hotspot
add action=drop chain=forward in-interface=bridge-hotspot
add action=drop chain=input dst-port=80,443 in-interface=ether1-gateway protocol=tcp
add action=accept chain=input dst-port=80,443 protocol=tcp
add action=accept chain=input comment="default configuration" protocol=icmp
add action=accept chain=input comment="default configuration" connection-state=established
add action=drop chain=input comment="default configuration" in-interface=ether1-gateway
add action=fasttrack-connection chain=forward connection-state=established,related
add action=accept chain=forward comment="default configuration" connection-state=established
add action=accept chain=forward comment="default configuration" connection-state=related
add action=drop chain=forward comment="default configuration" connection-state=invalid
add action=accept chain=unused-hs-chain
# in/out-interface matcher not possible when interface (wlan1) is slave - use master instead (bridge-local)
add action=accept chain=forward dst-address=142.34.0.0/16 in-interface=wlan1
/ip firewall mangle
add action=mark-routing chain=prerouting disabled=yes dst-address=142.34.102.5 new-routing-mark=main passthrough=yes src-address=192.168.1.101
add action=mark-routing chain=prerouting disabled=yes dst-address=142.34.239.5 new-routing-mark=main passthrough=yes src-address=192.168.1.101
add action=mark-routing chain=prerouting disabled=yes dst-address=142.34.241.28 new-routing-mark=main passthrough=no src-address=192.168.1.101
add action=mark-routing chain=prerouting disabled=yes dst-address=142.34.0.0/16 new-routing-mark=cas passthrough=yes src-address=192.168.1.101
add action=mark-routing chain=prerouting dst-address=10.200.191.0/24 new-routing-mark=cas passthrough=yes src-address=192.168.1.101
/ip firewall nat
# in/out-interface matcher not possible when interface (wlan1) is slave - use master instead (bridge-local)
add action=masquerade chain=srcnat out-interface=wlan1
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes to-addresses=0.0.0.0
add action=masquerade chain=srcnat comment="default configuration" out-interface=ether1-gateway
add action=masquerade chain=srcnat src-address=1.1.1.0/24
add action=dst-nat chain=dstnat dst-port=443 in-interface=ether1-gateway protocol=tcp to-addresses=192.168.1.251 to-ports=443
add action=dst-nat chain=dstnat dst-port=80 in-interface=ether1-gateway protocol=tcp to-addresses=192.168.1.251 to-ports=80
add action=dst-nat chain=dstnat dst-address=174.6.140.51 dst-port=443 in-interface=bridge-local protocol=tcp to-addresses=192.168.1.251 to-ports=443
add action=masquerade chain=srcnat dst-address=192.168.1.251 dst-port=443 out-interface=bridge-local protocol=tcp src-address=192.168.1.0/24
add action=dst-nat chain=dstnat dst-port=51820 protocol=udp to-addresses=192.168.1.251 to-ports=51820
/ip proxy
set cache-path=web-proxy1
/ip route
add distance=10 dst-address=10.200.0.0/16 gateway=192.168.1.251 routing-mark=cas
add distance=10 dst-address=142.34.0.0/16 gateway=192.168.1.251 routing-mark=cas
add distance=1 dst-address=192.168.3.0/24 gateway=172.16.1.2
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set www-ssl certificate=router.ka.chain.cert.pem_0 disabled=no
set api disabled=yes
set api-ssl disabled=yes
/ip ssh
set allow-none-crypto=yes forwarding-enabled=remote
/ip upnp
set allow-disable-external-interface=yes enabled=yes
/ip upnp interfaces
add interface=bridge-local type=internal
add interface=ether1-gateway type=external
/lcd interface pages
set 0 interfaces=sfp1,ether1-gateway,ether2,ether3,ether4,ether5,ether6-master-local,ether7-slave-local,ether8-slave-local,ether9-slave-local,ether10-slave-local
/ppp secret
add local-address=172.16.1.1 name=l2tptunnel password=somepasswordhere remote-address=172.16.1.2 service=l2tp
add name=somerusername password=somepasswordhere profile=ovpn_profile
/system clock
set time-zone-name=America/Vancouver
/system identity
set name=Ka
/system logging
set 3 action=memory
/system ntp client
set enabled=yes primary-ntp=216.228.192.69 secondary-ntp=69.36.227.90
/system scheduler
add interval=3h name=dyndns_update on-event="/system script run dyndns_update" policy=read,write,test,sensitive start-date=feb/09/2014 start-time=02:12:00
add disabled=yes interval=5m name=dns_dhcp_update on-event="/system script run dns_dhcp_update" policy=ftp,read,write,policy,test,password,sniff,sensitive start-date=feb/17/2015 start-time=22:37:04
add disabled=yes interval=1s name=log_ping on-event="/system script run log_ping" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=mar/18/2015 start-time=00:00:00
/system script
add dont-require-permissions=no name=dyndns_update owner=admin policy=read,write,test,sensitive source="/tool fetch url=\"http://bot.whatismyipaddress.com/\" mode=http dst-path=pubIP.txt;\
\n:local currentIP [/file get pubIP.txt contents]\
\n:log info \"Current Public IP is:\$currentIP\"\
\n:local url0 \"https://dynamicdns.park-your-domain.com/update\\\?host=home&domain=somedomain.com&password=****************************&ip=\$currentIP\"\
\n:local url1 \"https://dynamicdns.park-your-domain.com/update\\\?host=social&domain=somedomain.com&password=**********************************&ip=\$currentIP\"\
\n:local url2 \"https://dynamicdns.park-your-domain.com/update\\\?host=cloud&domain=somedomain.com&password=************************&ip=\$currentIP\"\
\n/tool fetch url=(\$url0) mode=https\
\n/tool fetch url=(\$url1) mode=https\
\n/tool fetch url=(\$url2) mode=https\
\n:log info \"DNS Updated!\""
add dont-require-permissions=no name=dns_dhcp_update owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive source=" :local zone \"ka\";\
\n :local ttl \"00:59:59\"\
\n :local hostname\
\n :local ip\
\n :local dnsip\
\n :local dhcpip\
\n :local dnsnode\
\n :local dhcpnode\
\n \
\n /ip dns static;\
\n :foreach i in=[find where name ~ (\".*\\\\.\".\$zone) ] do={\
\n :set hostname [ get \$i name ];\
\n :set hostname [ :pick \$hostname 0 ( [ :len \$hostname ] - ( [ :len \$zone ] + 1 ) ) ];\
\n /ip dhcp-server lease;\
\n :set dhcpnode [ find where host-name=\$hostname ];\
\n :if ( [ :len \$dhcpnode ] > 0) do={\
\n :log debug (\"Lease for \".\$hostname.\" still exists. Not deleting.\");\
\n } else={\
\n # there's no lease by that name. Maybe this mac has a static name.\
\n :local found false\
\n /system script environment\
\n :foreach n in=[ find where name ~ \"shost[0-9A-F]+\" ] do={\
\n :if ( [ get \$n value ] = \$hostname ) do={\
\n :set found true;\
\n }\
\n }\
\n\t /ip dns static;\
\n :if ( [ get \$i ttl ] != \$ttl ) do={\
\n :log debug (\"Hostname \".\$hostname.\" is static\");\
\n } else={\
\n :log info (\"Lease expired for \".\$hostname.\", deleting DNS entry.\");\
\n /ip dns static remove \$i;\
\n }\
\n }\
\n }\
\n \
\n /ip dhcp-server lease;\
\n :foreach i in=[find] do={\
\n :set hostname \"\"\
\n :local mac\
\n :set dhcpip [ get \$i address ];\
\n :set mac [ get \$i mac-address ];\
\n :while (\$mac ~ \":\") do={\
\n :local pos [ :find \$mac \":\" ];\
\n :set mac ( [ :pick \$mac 0 \$pos ] . [ :pick \$mac (\$pos + 1) 999 ] );\
\n };\
\n :foreach n in=[ /system script environment find where name=(\"shost\" . \$mac) ] do={\
\n :set hostname [ /system script environment get \$n value ];\
\n }\
\n :if ( [ :len \$hostname ] = 0) do={\
\n :set hostname [ get \$i host-name ];\
\n }\
\n :if ( [ :len \$hostname ] > 0) do={\
\n :set hostname ( \$hostname . \".\" . \$zone );\
\n /ip dns static;\
\n :set dnsnode [ find where name=\$hostname ];\
\n :if ( [ :len \$dnsnode ] > 0 ) do={\
\n # it exists. Is its IP the same\?\
\n :set dnsip [ get \$dnsnode address ];\
\n :if ( \$dnsip = \$dhcpip ) do={\
\n :log debug (\"DNS entry for \" . \$hostname . \" does not need updating.\");\
\n } else={\
\n :log info (\"Replacing DNS entry for \" . \$hostname);\
\n /ip dns static remove \$dnsnode;\
\n /ip dns static add name=\$hostname address=\$dhcpip ttl=\$ttl;\
\n }\
\n } else={\
\n # it doesn't exist. Add it\
\n :log info (\"Adding new DNS entry for \" . \$hostname);\
\n /ip dns static add name=\$hostname address=\$dhcpip ttl=\$ttl;\
\n }\
\n }\
\n }"
add dont-require-permissions=no name=log_ping owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=\
":local aptime\
\n:local re\
\n\
\n/tool flood-ping 8.8.8.8 count=1 do={\
\n :set aptime (\$\"avg-rtt\");\
\n :set re (\$received);\
\n}\
\n\
\n:log info \"google dns \$aptime , \$re\"\
\n\
\n:local aptime2\
\n:local re2\
\n\
\n/tool flood-ping 96.49.224.1 count=1 do={\
\n :set aptime2 (\$\"avg-rtt\");\
\n :set re2 (\$received);\
\n}\
\n\
\n:log info \"shaw \$aptime2 , \$re2\""
add dont-require-permissions=no name=import_vpn_certs owner=admin policy=write,sensitive source="/certificate import file-name=vpn_certificates/home.somedomain.com/fullchain.pem passphrase=\"\"\
\n/certificate import file-name=vpn_certificates/home.somedomain.com/privkey.pem passphrase=\"\""
add dont-require-permissions=no name=remove_vpn_certs owner=admin policy=write,sensitive source="/certificate remove fullchain.pem_0\
\n/certificate remove fullchain.pem_1"
/tool e-mail
set address=smtp.gmail.com from=system@somedomain.com password=somepasswordhere port=587 start-tls=yes user=system@somedomain.com
/tool graphing interface
add interface=ether1-gateway store-on-disk=no
add store-on-disk=no
add store-on-disk=no
/tool mac-server
set allowed-interface-list=mactel
/tool mac-server mac-winbox
set allowed-interface-list=mac-winbox
/tool sniffer
set filter-direction=rx filter-mac-address=B8:27:EB:57:XX:XX/FF:FF:FF:FF:XX:XXYou do not have the required permissions to view the files attached to this post.
Re: Packet Loss on Router Ping
First,
thanks for have spent your time to do the graph.
Info: Any operation between 1-5 port to 6-10 port, and vice-versa go trough the CPU
Only between 1-5 and sfp port internal 1G switch are used
Only between 6-10 port internal 100M switch are used
All services go trough CPU and on this model do not expect performance.
When you ping the router, you ping the CPU,
when you ping between pc, all passtrough the switch chip without using CPU.
1) The ehernet 1-5 are 1Gbps, but are (partially) set to 100Mbps
2) the ethernet 6-10 are 100Mbps but have forced negotiation for 1Gbps
3) On wifi antenna-gain set to 0, must be 4, and station-roaming is enabled
4) management-protection are allowed (must be disabled) on security profile of hotspot network
5) on wlan2 keepalive-frames must be enabled station-roaming must be disabled and the default value of wds-cost-range is 50-150 and default wds-default-cost 100
6) on both dhcp server are set authoritative after-2sec-delay, must be (if not wanted 2nd DHCP) "yes"
7) Those are REAL address and must not be used for Local LAN:
>>> pool dhcp_vpn ranges=1.1.1.253
>>> ppp profile local-address=1.1.1.252
>>> firewall filter src-address=1.1.1.0/24
8) Orphan, must be deleted:
/interface list member
>>> add list=discover
9) double work for same task???
/tool graphing interface
>>>add store-on-disk=no
>>>add store-on-disk=no
10) as export already say:
/ip firewall nat
# in/out-interface matcher not possible when interface (wlan1) is slave - use master instead (bridge-local)
add action=masquerade chain=srcnat out-interface=wlan1
and:
# in/out-interface matcher not possible when interface (wlan1) is slave - use master instead (bridge-local)
add action=accept chain=forward dst-address=142.34.0.0/16 in-interface=wlan1
thanks for have spent your time to do the graph.
Info: Any operation between 1-5 port to 6-10 port, and vice-versa go trough the CPU
Only between 1-5 and sfp port internal 1G switch are used
Only between 6-10 port internal 100M switch are used
All services go trough CPU and on this model do not expect performance.
When you ping the router, you ping the CPU,
when you ping between pc, all passtrough the switch chip without using CPU.
1) The ehernet 1-5 are 1Gbps, but are (partially) set to 100Mbps
2) the ethernet 6-10 are 100Mbps but have forced negotiation for 1Gbps
3) On wifi antenna-gain set to 0, must be 4, and station-roaming is enabled
4) management-protection are allowed (must be disabled) on security profile of hotspot network
5) on wlan2 keepalive-frames must be enabled station-roaming must be disabled and the default value of wds-cost-range is 50-150 and default wds-default-cost 100
6) on both dhcp server are set authoritative after-2sec-delay, must be (if not wanted 2nd DHCP) "yes"
7) Those are REAL address and must not be used for Local LAN:
>>> pool dhcp_vpn ranges=1.1.1.253
>>> ppp profile local-address=1.1.1.252
>>> firewall filter src-address=1.1.1.0/24
8) Orphan, must be deleted:
/interface list member
>>> add list=discover
9) double work for same task???
/tool graphing interface
>>>add store-on-disk=no
>>>add store-on-disk=no
10) as export already say:
/ip firewall nat
# in/out-interface matcher not possible when interface (wlan1) is slave - use master instead (bridge-local)
add action=masquerade chain=srcnat out-interface=wlan1
and:
# in/out-interface matcher not possible when interface (wlan1) is slave - use master instead (bridge-local)
add action=accept chain=forward dst-address=142.34.0.0/16 in-interface=wlan1
Re: Packet Loss on Router Ping
Thank you for the feedback on the config. I have made the changes and I am still seeing drop packets.
It definitely seems like any packet going to the Atheros chip on Port 1 - 5 is having packet drops in this case.
Are there any other config changes that might be able to resolve the issue? Or does this seem like a hardware issue?
It definitely seems like any packet going to the Atheros chip on Port 1 - 5 is having packet drops in this case.
Are there any other config changes that might be able to resolve the issue? Or does this seem like a hardware issue?
Re: Packet Loss on Router Ping
Usually I do not use stable because often are like beta quality.Thank you for the feedback on the config. I have made the changes and I am still seeing drop packets.
It definitely seems like any packet going to the Atheros chip on Port 1 - 5 is having packet drops in this case.
Are there any other config changes that might be able to resolve the issue? Or does this seem like a hardware issue?
I suggest you to use 6.47.9 and remember to update also BIOS/RouterBOOT on system/routerboard and reboot twice (After upgrade bios)
Re: Packet Loss on Router Ping
Did the downgrade back to 6.47.9 and updated RouterBOOt - still getting ping loss
Re: Packet Loss on Router Ping
You are right.>>>seems like any packet going to the Atheros chip on Port 1 - 5 is having packet drops in this case<<<
But at this point I can not help you because on my 2011 can't reproduce the problem.
Ask MikroTik support sending supout.rif
Re: Packet Loss on Router Ping
Thanks - I'll reach out to Mikrotik support
I am starting to think it is a hardware issue. I did a factory reset with a fresh install of v6.47.9 via Netinstall without any config changes and I still got packet loss.
Curious - I know that capacitors are a common issue. I checked the voltages on those are they are within 0.1v of the expected value. What is the tolerance of the capacitor? Are they bad?
Any other hardware issue that I should check for?
I am starting to think it is a hardware issue. I did a factory reset with a fresh install of v6.47.9 via Netinstall without any config changes and I still got packet loss.
Curious - I know that capacitors are a common issue. I checked the voltages on those are they are within 0.1v of the expected value. What is the tolerance of the capacitor? Are they bad?
Any other hardware issue that I should check for?
Re: Packet Loss on Router Ping
When capacitors are an issue, you won't find out by measuring DC voltage on them by a plain voltmeter. The role of the capacitors is to provide current when the adjacent chip suddenly needs more current during a short peak, which the long path on the circuit board blocks due to its inductance. So yes, it can be a capacitor issue, but unless you've got an oscilloscope and enough patience to measure the AC component of the voltage, it is probably easier to replace the capacitors straight away than to measure on them. How old is the device? What was the usual ambient temperature, was it operated in some closed cabinet or free on the table?Curious - I know that capacitors are a common issue. I checked the voltages on those are they are within 0.1v of the expected value. What is the tolerance of the capacitor? Are they bad?
Any other hardware issue that I should check for?
Re: Packet Loss on Router Ping
Ahh. I guess that's what I'll do.
It is sitting open in an open room on a table/shelf. System/Health reports temps of around 21C. Been using the router for 7 years.
Time to source some capacitors then.
It is sitting open in an open room on a table/shelf. System/Health reports temps of around 21C. Been using the router for 7 years.
Time to source some capacitors then.
Re: Packet Loss on Router Ping
Switched out the capacitors. Still getting packet loss.
Any other ideas as to where I should look?
Any other ideas as to where I should look?
-
-
CZFan
Forum Guru
- Posts: 2098
- Joined:
- Location: South Africa, Krugersdorp (Home town of Brad Binder)
- Contact:
Re: Packet Loss on Router Ping
To add to this extensive list of incorrect configs on your device, you also have ether 2 as a slave port of the bridge, but have IP config 192.168.1.0/24 directly on the slave port which can possibly be the issue. If ether 2 should be part of the bridge, then you should look at using Vlans in the bridgeFirst,
thanks for have spent your time to do the graph.
...
Re: Packet Loss on Router Ping
I made the changes for that already and it didnt make any difference - still getting packet loss.
I tried eliminating all config related issues through doing the factory reset and using the default config. The only change I made was disable wireless and change admin password.
I still get packet loss when connecting directly via one machine. Is it safe to conclude that it wouldnt be a config related issue in this case?
I tried eliminating all config related issues through doing the factory reset and using the default config. The only change I made was disable wireless and change admin password.
I still get packet loss when connecting directly via one machine. Is it safe to conclude that it wouldnt be a config related issue in this case?
-
-
CZFan
Forum Guru
- Posts: 2098
- Joined:
- Location: South Africa, Krugersdorp (Home town of Brad Binder)
- Contact:
Re: Packet Loss on Router Ping
Post current config after changes made
Re: Packet Loss on Router Ping
Thanks for all the help everyone. Quick update for folks interested.
I managed to get an exact model on the same version and firmware. Used the same configuration and there was no issue.
Seems like it is the hardware going bad.
Replaced with RB4011 and not having any issue now.
Thank you all!
I managed to get an exact model on the same version and firmware. Used the same configuration and there was no issue.
Seems like it is the hardware going bad.
Replaced with RB4011 and not having any issue now.
Thank you all!