Решил заменить операторский терминал GPON на "собственный"
Приобрел MikroTik hex S и к нему GPON Stick Zyxel PMG3000-D20B. На стике установил SN от "операторского" терминала, оптический линк "поднялся" (статус О5), на микротик собрал все интерфейсы в bridge (eth1-5), кроме sfp1. Настроил статический IP на SFP интерфейс (провайдер предоставляет статику), в общем все работает и хорошо, НО при запуске speedtest (с ПК подключенного к порту eth1) картина следующая:
1. Download около 300Мб (это хорошо, т.к тариф 300мб)
2 Upload не поднимается выше 5мб (причем с любого порта)
Помогите, пожалуйста, разобраться, где и в чем проблема (может в микротике или его настройках, либо в самом stick)
P.S Экспорт настроек прилагается
Код: Выделить всё
[mikrot@KLN-RT-01] > export hide-sensitive
# 2024-02-23 17:10:38 by RouterOS 7.13.5
# software id = CK0A-1JWD
#
# model = RB760iGS
# serial number = E1F10E4FXXX
/interface bridge
add admin-mac=2C:C8:1B:54:44:23 auto-mac=no comment=LAN name=bridge port-cost-mode=short priority=0
/interface ethernet
set [ find default-name=sfp1 ] auto-negotiation=no comment=WAN mac-address=94:4A:0C:40:E3:9F
/interface gre
add allow-fast-path=no comment=KLN_to_NSK local-address=146.158.113.xx name=gre-tunnel1 remote-address=109.174.xx.27
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/ip pool
add name=dhcp ranges=10.10.12.10-10.10.12.254
/ip dhcp-server
add add-arp=yes address-pool=dhcp interface=bridge lease-time=3d name=LAN
/port
set 0 name=serial0
/interface bridge port
add bridge=bridge comment=defconf interface=ether2 internal-path-cost=10 path-cost=10
add bridge=bridge comment=defconf interface=ether3 internal-path-cost=10 path-cost=10
add bridge=bridge comment=defconf interface=ether4 internal-path-cost=10 path-cost=10
add bridge=bridge comment=defconf interface=ether5 internal-path-cost=10 path-cost=10
add bridge=bridge interface=ether1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/ipv6 settings
set accept-redirects=no accept-router-advertisements=no disable-ipv6=yes forward=no
/interface l2tp-server server
set authentication=mschap2
/interface list member
add interface=bridge list=LAN
add interface=sfp1 list=WAN
/interface ovpn-server server
set auth=sha256,sha512 certificate=DigiCertGlobalRootCA.crt.pem_0 cipher=aes256-cbc,aes256-gcm protocol=udp tls-version=only-1.2
/interface pptp-server server
# PPTP connections are considered unsafe, it is suggested to use a more modern VPN protocol instead
set authentication=mschap2
/interface sstp-server server
set authentication=mschap2 tls-version=only-1.2
/ip address
add address=10.10.12.1/24 interface=bridge network=10.10.12.0
add address=146.158.113.xx/28 interface=sfp1 network=146.158.113.xx
add address=10.10.1.2/24 interface=sfp1 network=10.10.1.0
add address=10.11.12.10/30 interface=gre-tunnel1 network=10.11.12.8
/ip dhcp-server network
add address=10.10.12.0/24 dns-server=1.1.1.1,1.0.0.1 gateway=10.10.12.1 netmask=24
/ip dns
set use-doh-server=https://1.1.1.1/dns-query verify-doh-cert=yes
/ip firewall address-list
add address=116.203.xx.169 comment=HETZNER list=Winbox
add address=79.104.xx.242 comment=RABOTA list=Winbox
add address=109.174.xx.27 comment="NSK HOME" list=Winbox
/ip firewall filter
add action=accept chain=input comment="Established / Related" connection-state=established,related
add action=accept chain=forward connection-state=established,related
add action=drop chain=input comment=Invalid connection-state=invalid
add action=drop chain=forward connection-state=invalid
add action=accept chain=input comment="Winbox Input" dst-port=8291 in-interface-list=WAN protocol=tcp src-address-list=Winbox
add action=accept chain=forward comment="Allow Forward to Hetzner" disabled=yes dst-address=192.168.1.0/24 src-address=10.0.0.0/24
add action=accept chain=forward disabled=yes dst-address=10.0.0.0/24 src-address=192.168.1.0/24
add action=accept chain=forward comment="Allow Forward to SRV1, SRV2" disabled=yes dst-address=10.10.1.0/24 src-address=10.10.20.0/24
add action=accept chain=forward disabled=yes dst-address=10.10.20.0/24 src-address=10.10.1.0/24
add action=accept chain=forward disabled=yes dst-address=10.10.2.0/24 src-address=10.10.20.0/24
add action=accept chain=forward disabled=yes dst-address=10.10.20.0/24 src-address=10.10.2.0/24
add action=drop chain=input comment=DROP in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat ipsec-policy=out,none out-interface-list=WAN
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=146.158.113.xx pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add disabled=no dst-address=10.10.10.0/24 gateway=10.11.12.9 routing-table=main suppress-hw-offload=no
add disabled=no dst-address=10.10.20.0/24 gateway=10.11.12.9 routing-table=main suppress-hw-offload=no
add disabled=no dst-address=10.10.30.0/24 gateway=10.11.12.9 routing-table=main suppress-hw-offload=no
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set www-ssl tls-version=only-1.2
set api disabled=yes
set winbox port=8291
set api-ssl disabled=yes tls-version=only-1.2
/ip smb
set allow-guests=no
/ip ssh
set host-key-size=4096
/ipv6 nd
set [ find default=yes ] disabled=yes
/system clock
set time-zone-name=Asia/Novosibirsk
/system console
set [ find ] disabled=yes
/system identity
set name=KLN-RT-01
/system note
set show-at-login=no
/tool bandwidth-server
set authenticate=no enabled=no
/tool mac-server
set allowed-interface-list=none
/tool mac-server mac-winbox
set allowed-interface-list=LAN
/tool mac-server ping
set enabled=no