[Quick Review] Cân bằng tải 4 wan với Mikrotik RB750gr3

geminisongtu

New Member
Joined
Sep 27, 2017
Messages
423
Reaction score
2
ppptran said:
Thôi được rồi. Rảnh google vài từ nè. Ra rồi. Anh em test thử xem sao.
Cái này em có đọc hôm qua về cơ bản là như chạy MPI hay fastpath chia task ra. Mà ai xài os mới đc cập nhật rồi.
Trên forum mik có nói firewall rule nat càng nhiều thì high cpu thôi à
 

minhma

New Member
Joined
Sep 28, 2017
Messages
42
Reaction score
0
Các bác cho em hỏi mik hỗ trợ SFP nào chạy AON vnpt vậy? Em nghe nói mik chỉ chơi với sfp của mik thôi ko biết có đúng ko?

Em cám ơn nhiều
 

ppptran

New Member
Joined
May 11, 2018
Messages
981
Reaction score
2
geminisongtu said:
Cái này em có đọc hôm qua về cơ bản là như chạy MPI hay fastpath chia task ra. Mà ai xài os mới đc cập nhật rồi.
Trên forum mik có nói firewall rule nat càng nhiều thì high cpu thôi à. Nên có thể bạn ông baby xài rule ít thôi
Khi nào xài 1 line mà bị load cao thì dùng fast track
Chắc vậy quá. Nó chia core của CPU ra, coi bộ ngon. Thấy presentation 5ether chạy 500M throughput mà 8 mươi mấy là quá ổn luôn rồi.

Nói thật, nếu system mà đòi 500M throughput consistent thì nên lên CCR hay tệ lắm RB3 serie.

Thím nào thix thì tắt firewall rule đi là ổn. Mình thì để ON cho chắc. 1 mớ firewall rules.
 

ppptran

New Member
Joined
May 11, 2018
Messages
981
Reaction score
2
minhma said:
Các bác cho em hỏi mik hỗ trợ SFP nào chạy AON vnpt vậy? Em nghe nói mik chỉ chơi với sfp của mik thôi ko biết có đúng ko?
Em cám ơn nhiều
Ko có chuyện đó.

Đang AON Vnpt và Mikrotik đây. Chạy SFP direct luôn.

Có điều, phải là bandwith 1G mới uplink.

Tức là module SFP 1.25G. Tổng đài phải cấp port 1G trên switch trạm. Còn Mikrotik thì vào sfp interface -> ethernet > auto negotiation , mới có link , set cứng 1G éo được.

6.46 beta là fix vụ này cho RB4011 rồi.
 

ppptran

New Member
Joined
May 11, 2018
Messages
981
Reaction score
2
minhma said:
Các bác cho em hỏi mik hỗ trợ SFP nào chạy AON vnpt vậy? Em nghe nói mik chỉ chơi với sfp của mik thôi ko biết có đúng ko?
Em cám ơn nhiều
Ko có chuyện đó.

Đang AON Vnpt và Mikrotik đây. Chạy SFP direct luôn.

Có điều, phải là bandwith 1G mới uplink.

Tức là module SFP 1.25G. Tổng đài phải cấp port 1G trên switch trạm. Còn Mikrotik thì vào sfp interface -> ethernet > auto negotiation , mới có link , set cứng 1G éo được.

6.46 beta là fix vụ này cho RB4011 rồi.
 

BOT

Administrator
Joined
Apr 10, 2018
Messages
25,686
Reaction score
4
minhma said:
Các bác cho em hỏi mik hỗ trợ SFP nào chạy AON vnpt vậy? Em nghe nói mik chỉ chơi với sfp của mik thôi ko biết có đúng ko?
Em cám ơn nhiều
Ko có chuyện đó.

Đang AON Vnpt và Mikrotik đây. Chạy SFP direct luôn.

Có điều, phải là bandwith 1G mới uplink.

Tức là module SFP 1.25G. Tổng đài phải cấp port 1G trên switch trạm. Còn Mikrotik thì vào sfp interface -> ethernet > auto negotiation , mới có link , set cứng 1G éo được.

6.46 beta là fix vụ này cho RB4011 rồi.
 

manny1992003

New Member
Joined
Sep 29, 2017
Messages
233
Reaction score
1
Tìm lại được cái file backup, lúc trước làm xong mừng quá lưu lại 1 file xong bỏ mất. Mà trước giờ toàn xài cái File => Backup, giờ mới biết cái lệnh export.



Đây là cái khi speedtest 6xx Mbps nhưng CPU không tới 30%:




Code:

# model = RB750Gr3
/interface bridge
add auto-mac=yes comment="LAN Bridge (default)" \
name=bridge
/interface ethernet
set [ find default-name=ether1 ] comment=WAN name=WAN_Port_1
/interface vrrp
add interface=WAN_Port_1 name=vrrp1 version=2
add interface=WAN_Port_1 name=vrrp2 version=2 vrid=2
add interface=WAN_Port_1 name=vrrp3 version=2 vrid=3
add interface=WAN_Port_1 name=vrrp4 version=2 vrid=4
add interface=WAN_Port_1 name=vrrp5 version=2 vrid=5
/interface pppoe-client
add allow=pap,chap comment=PPP disabled=no interface=vrrp1 name=\
pppoe-out-WAN_Port_1-1 password=op_op user=ech_op
add allow=pap,chap disabled=no interface=vrrp2 name=pppoe-out-WAN_Port_1-2 \
password=op_op user=ech_op
add allow=pap,chap disabled=no interface=vrrp3 name=pppoe-out-WAN_Port_1-3 \
password=op_op user=ech_op
add allow=pap,chap disabled=no interface=vrrp4 name=pppoe-out-WAN_Port_1-4 \
password=op_op user=ech_op
add allow=pap,chap disabled=no interface=vrrp5 name=pppoe-out-WAN_Port_1-5 \
password=op_op user=ech_op
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=WAN_Port_1 list=WAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=ether2 network=\
192.168.88.0
add address=192.169.2.2/24 interface=vrrp2 network=192.169.2.0
add address=192.169.3.2/24 interface=vrrp3 network=192.169.3.0
add address=192.169.4.2/24 interface=vrrp4 network=192.169.4.0
add address=192.169.5.2/24 interface=vrrp5 network=192.169.5.0
add address=192.169.1.2/24 interface=vrrp1 network=192.169.1.0
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=\
WAN_Port_1
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set servers=1.1.1.1,8.8.8.8,208.67.222.222
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
"defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
/ip firewall mangle
add action=accept chain=prerouting in-interface=pppoe-out-WAN_Port_1-1
add action=accept chain=prerouting in-interface=pppoe-out-WAN_Port_1-2
add action=accept chain=prerouting in-interface=pppoe-out-WAN_Port_1-3
add action=accept chain=prerouting in-interface=pppoe-out-WAN_Port_1-4
add action=accept chain=prerouting in-interface=pppoe-out-WAN_Port_1-5
add action=mark-connection chain=prerouting dst-address-type=!local \
in-interface=bridge new-connection-mark=WAN_Port-1 passthrough=yes \
per-connection-classifier=both-addresses-and-ports:5/0
add action=mark-connection chain=prerouting dst-address-type=!local \
in-interface=bridge new-connection-mark=WAN_Port-2 passthrough=yes \
per-connection-classifier=both-addresses-and-ports:5/1
add action=mark-connection chain=prerouting dst-address-type=!local \
in-interface=bridge new-connection-mark=WAN_Port-3 passthrough=yes \
per-connection-classifier=both-addresses-and-ports:5/2
add action=mark-connection chain=prerouting dst-address-type=!local \
in-interface=bridge new-connection-mark=WAN_Port-4 passthrough=yes \
per-connection-classifier=both-addresses-and-ports:5/3
add action=mark-connection chain=prerouting dst-address-type=!local \
in-interface=bridge new-connection-mark=WAN_Port-5 passthrough=yes \
per-connection-classifier=both-addresses-and-ports:5/4
add action=mark-routing chain=prerouting connection-mark=WAN_Port-1 \
in-interface=bridge new-routing-mark=to-WAN_Port-1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN_Port-2 \
in-interface=bridge new-routing-mark=to-WAN_Port-2 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN_Port-3 \
in-interface=bridge new-routing-mark=to-WAN_Port-3 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN_Port-4 \
in-interface=bridge new-routing-mark=to-WAN_Port-4 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN_Port-5 \
in-interface=bridge new-routing-mark=to-WAN_Port-5 passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN
add action=masquerade chain=srcnat out-interface=pppoe-out-WAN_Port_1-1
add action=masquerade chain=srcnat out-interface=pppoe-out-WAN_Port_1-2
add action=masquerade chain=srcnat out-interface=pppoe-out-WAN_Port_1-3
add action=masquerade chain=srcnat out-interface=pppoe-out-WAN_Port_1-4
add action=masquerade chain=srcnat out-interface=pppoe-out-WAN_Port_1-5
/ip route
add check-gateway=ping distance=1 gateway=pppoe-out-WAN_Port_1-1 \
routing-mark=to-WAN_Port-1
add check-gateway=ping distance=1 gateway=pppoe-out-WAN_Port_1-2 \
routing-mark=to-WAN_Port-2
add check-gateway=ping distance=1 gateway=pppoe-out-WAN_Port_1-3 \
routing-mark=to-WAN_Port-3
add check-gateway=ping distance=1 gateway=pppoe-out-WAN_Port_1-4 \
routing-mark=to-WAN_Port-4
add check-gateway=ping distance=1 gateway=pppoe-out-WAN_Port_1-5 \
routing-mark=to-WAN_Port-5
add check-gateway=ping distance=1 gateway=pppoe-out-WAN_Port_1-1
add check-gateway=ping distance=2 gateway=pppoe-out-WAN_Port_1-2
add check-gateway=ping distance=3 gateway=pppoe-out-WAN_Port_1-3
add check-gateway=ping distance=4 gateway=pppoe-out-WAN_Port_1-4
add check-gateway=ping distance=5 gateway=pppoe-out-WAN_Port_1-5
/system clock
set time-zone-name=Asia/Ho_Chi_Minh
/system identity
set name=MikGroup
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN​
 

geminisongtu

New Member
Joined
Sep 27, 2017
Messages
423
Reaction score
2
manny1992003 said:
Tìm lại được cái file backup, lúc trước làm xong mừng quá lưu lại 1 file xong bỏ mất. Mà trước giờ toàn xài cái File => Backup, giờ mới biết cái lệnh export.

Đây là cái khi speedtest 6xx Mbps nhưng CPU không tới 30%:

Code: # model = RB750Gr3 /interface bridge add auto-mac=yes comment="LAN Bridge (default)" \ name=bridge /interface ethernet set [ find default-name=ether1 ] comment=WAN name=WAN_Port_1 /interface vrrp add interface=WAN_Port_1 name=vrrp1 version=2 add interface=WAN_Port_1 name=vrrp2 version=2 vrid=2 add interface=WAN_Port_1 name=vrrp3 version=2 vrid=3 add interface=WAN_Port_1 name=vrrp4 version=2 vrid=4 add interface=WAN_Port_1 name=vrrp5 version=2 vrid=5 /interface pppoe-client add allow=pap,chap comment=PPP disabled=no interface=vrrp1 name=\ pppoe-out-WAN_Port_1-1 password=op_op user=ech_op add allow=pap,chap disabled=no interface=vrrp2 name=pppoe-out-WAN_Port_1-2 \ password=op_op user=ech_op add allow=pap,chap disabled=no interface=vrrp3 name=pppoe-out-WAN_Port_1-3 \ password=op_op user=ech_op add allow=pap,chap disabled=no interface=vrrp4 name=pppoe-out-WAN_Port_1-4 \ password=op_op user=ech_op add allow=pap,chap disabled=no interface=vrrp5 name=pppoe-out-WAN_Port_1-5 \ password=op_op user=ech_op /interface list add comment=defconf name=WAN add comment=defconf name=LAN /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik /ip hotspot profile set [ find default=yes ] html-directory=flash/hotspot /ip pool add name=dhcp ranges=192.168.88.10-192.168.88.254 /ip dhcp-server add address-pool=dhcp disabled=no interface=bridge name=defconf /interface bridge port add bridge=bridge comment=defconf interface=ether2 add bridge=bridge comment=defconf interface=ether3 add bridge=bridge comment=defconf interface=ether4 add bridge=bridge comment=defconf interface=ether5 /ip neighbor discovery-settings set discover-interface-list=LAN /interface list member add comment=defconf interface=bridge list=LAN add comment=defconf interface=WAN_Port_1 list=WAN /ip address add address=192.168.88.1/24 comment=defconf interface=ether2 network=\ 192.168.88.0 add address=192.169.2.2/24 interface=vrrp2 network=192.169.2.0 add address=192.169.3.2/24 interface=vrrp3 network=192.169.3.0 add address=192.169.4.2/24 interface=vrrp4 network=192.169.4.0 add address=192.169.5.2/24 interface=vrrp5 network=192.169.5.0 add address=192.169.1.2/24 interface=vrrp1 network=192.169.1.0 /ip dhcp-client add comment=defconf dhcp-options=hostname,clientid disabled=no interface=\ WAN_Port_1 /ip dhcp-server network add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1 /ip dns set servers=1.1.1.1,8.8.8.8,208.67.222.222 /ip dns static add address=192.168.88.1 comment=defconf name=router.lan /ip firewall filter add action=accept chain=input comment=\ "defconf: accept established,related,untracked" connection-state=\ established,related,untracked add action=drop chain=input comment="defconf: drop invalid" connection-state=\ invalid add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp add action=accept chain=input comment=\ "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1 add action=drop chain=input comment="defconf: drop all not coming from LAN" \ in-interface-list=!LAN add action=accept chain=forward comment="defconf: accept in ipsec policy" \ ipsec-policy=in,ipsec add action=accept chain=forward comment="defconf: accept out ipsec policy" \ ipsec-policy=out,ipsec add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \ connection-state=established,related add action=accept chain=forward comment=\ "defconf: accept established,related, untracked" connection-state=\ established,related,untracked add action=drop chain=forward comment="defconf: drop invalid" \ connection-state=invalid add action=drop chain=forward comment=\ "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \ connection-state=new in-interface-list=WAN /ip firewall mangle add action=accept chain=prerouting in-interface=pppoe-out-WAN_Port_1-1 add action=accept chain=prerouting in-interface=pppoe-out-WAN_Port_1-2 add action=accept chain=prerouting in-interface=pppoe-out-WAN_Port_1-3 add action=accept chain=prerouting in-interface=pppoe-out-WAN_Port_1-4 add action=accept chain=prerouting in-interface=pppoe-out-WAN_Port_1-5 add action=mark-connection chain=prerouting dst-address-type=!local \ in-interface=bridge new-connection-mark=WAN_Port-1 passthrough=yes \ per-connection-classifier=both-addresses-and-ports:5/0 add action=mark-connection chain=prerouting dst-address-type=!local \ in-interface=bridge new-connection-mark=WAN_Port-2 passthrough=yes \ per-connection-classifier=both-addresses-and-ports:5/1 add action=mark-connection chain=prerouting dst-address-type=!local \ in-interface=bridge new-connection-mark=WAN_Port-3 passthrough=yes \ per-connection-classifier=both-addresses-and-ports:5/2 add action=mark-connection chain=prerouting dst-address-type=!local \ in-interface=bridge new-connection-mark=WAN_Port-4 passthrough=yes \ per-connection-classifier=both-addresses-and-ports:5/3 add action=mark-connection chain=prerouting dst-address-type=!local \ in-interface=bridge new-connection-mark=WAN_Port-5 passthrough=yes \ per-connection-classifier=both-addresses-and-ports:5/4 add action=mark-routing chain=prerouting connection-mark=WAN_Port-1 \ in-interface=bridge new-routing-mark=to-WAN_Port-1 passthrough=yes add action=mark-routing chain=prerouting connection-mark=WAN_Port-2 \ in-interface=bridge new-routing-mark=to-WAN_Port-2 passthrough=yes add action=mark-routing chain=prerouting connection-mark=WAN_Port-3 \ in-interface=bridge new-routing-mark=to-WAN_Port-3 passthrough=yes add action=mark-routing chain=prerouting connection-mark=WAN_Port-4 \ in-interface=bridge new-routing-mark=to-WAN_Port-4 passthrough=yes add action=mark-routing chain=prerouting connection-mark=WAN_Port-5 \ in-interface=bridge new-routing-mark=to-WAN_Port-5 passthrough=yes /ip firewall nat add action=masquerade chain=srcnat comment="defconf: masquerade" \ ipsec-policy=out,none out-interface-list=WAN add action=masquerade chain=srcnat out-interface=pppoe-out-WAN_Port_1-1 add action=masquerade chain=srcnat out-interface=pppoe-out-WAN_Port_1-2 add action=masquerade chain=srcnat out-interface=pppoe-out-WAN_Port_1-3 add action=masquerade chain=srcnat out-interface=pppoe-out-WAN_Port_1-4 add action=masquerade chain=srcnat out-interface=pppoe-out-WAN_Port_1-5 /ip route add check-gateway=ping distance=1 gateway=pppoe-out-WAN_Port_1-1 \ routing-mark=to-WAN_Port-1 add check-gateway=ping distance=1 gateway=pppoe-out-WAN_Port_1-2 \ routing-mark=to-WAN_Port-2 add check-gateway=ping distance=1 gateway=pppoe-out-WAN_Port_1-3 \ routing-mark=to-WAN_Port-3 add check-gateway=ping distance=1 gateway=pppoe-out-WAN_Port_1-4 \ routing-mark=to-WAN_Port-4 add check-gateway=ping distance=1 gateway=pppoe-out-WAN_Port_1-5 \ routing-mark=to-WAN_Port-5 add check-gateway=ping distance=1 gateway=pppoe-out-WAN_Port_1-1 add check-gateway=ping distance=2 gateway=pppoe-out-WAN_Port_1-2 add check-gateway=ping distance=3 gateway=pppoe-out-WAN_Port_1-3 add check-gateway=ping distance=4 gateway=pppoe-out-WAN_Port_1-4 add check-gateway=ping distance=5 gateway=pppoe-out-WAN_Port_1-5 /system clock set time-zone-name=Asia/Ho_Chi_Minh /system identity set name=MikGroup /tool mac-server set allowed-interface-list=LAN /tool mac-server mac-winbox set allowed-interface-list=LAN
Trong đó có cái rule fasttrack đó, nó làm giảm cpu used. Trên mik bảo xung đột với load balancing mà bác làm thấy giảm thì quá ngon
 

babyangelhp

New Member
Joined
Apr 13, 2018
Messages
429
Reaction score
0
manny1992003 said:
Tìm lại được cái file backup, lúc trước làm xong mừng quá lưu lại 1 file xong bỏ mất. Mà trước giờ toàn xài cái File => Backup, giờ mới biết cái lệnh export.

Đây là cái khi speedtest 6xx Mbps nhưng CPU không tới 30%:

Code: # model = RB750Gr3 /interface bridge add auto-mac=yes comment="LAN Bridge (default)" \ name=bridge /interface ethernet set [ find default-name=ether1 ] comment=WAN name=WAN_Port_1 /interface vrrp add interface=WAN_Port_1 name=vrrp1 version=2 add interface=WAN_Port_1 name=vrrp2 version=2 vrid=2 add interface=WAN_Port_1 name=vrrp3 version=2 vrid=3 add interface=WAN_Port_1 name=vrrp4 version=2 vrid=4 add interface=WAN_Port_1 name=vrrp5 version=2 vrid=5 /interface pppoe-client add allow=pap,chap comment=PPP disabled=no interface=vrrp1 name=\ pppoe-out-WAN_Port_1-1 password=op_op user=ech_op add allow=pap,chap disabled=no interface=vrrp2 name=pppoe-out-WAN_Port_1-2 \ password=op_op user=ech_op add allow=pap,chap disabled=no interface=vrrp3 name=pppoe-out-WAN_Port_1-3 \ password=op_op user=ech_op add allow=pap,chap disabled=no interface=vrrp4 name=pppoe-out-WAN_Port_1-4 \ password=op_op user=ech_op add allow=pap,chap disabled=no interface=vrrp5 name=pppoe-out-WAN_Port_1-5 \ password=op_op user=ech_op /interface list add comment=defconf name=WAN add comment=defconf name=LAN /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik /ip hotspot profile set [ find default=yes ] html-directory=flash/hotspot /ip pool add name=dhcp ranges=192.168.88.10-192.168.88.254 /ip dhcp-server add address-pool=dhcp disabled=no interface=bridge name=defconf /interface bridge port add bridge=bridge comment=defconf interface=ether2 add bridge=bridge comment=defconf interface=ether3 add bridge=bridge comment=defconf interface=ether4 add bridge=bridge comment=defconf interface=ether5 /ip neighbor discovery-settings set discover-interface-list=LAN /interface list member add comment=defconf interface=bridge list=LAN add comment=defconf interface=WAN_Port_1 list=WAN /ip address add address=192.168.88.1/24 comment=defconf interface=ether2 network=\ 192.168.88.0 add address=192.169.2.2/24 interface=vrrp2 network=192.169.2.0 add address=192.169.3.2/24 interface=vrrp3 network=192.169.3.0 add address=192.169.4.2/24 interface=vrrp4 network=192.169.4.0 add address=192.169.5.2/24 interface=vrrp5 network=192.169.5.0 add address=192.169.1.2/24 interface=vrrp1 network=192.169.1.0 /ip dhcp-client add comment=defconf dhcp-options=hostname,clientid disabled=no interface=\ WAN_Port_1 /ip dhcp-server network add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1 /ip dns set servers=1.1.1.1,8.8.8.8,208.67.222.222 /ip dns static add address=192.168.88.1 comment=defconf name=router.lan /ip firewall filter add action=accept chain=input comment=\ "defconf: accept established,related,untracked" connection-state=\ established,related,untracked add action=drop chain=input comment="defconf: drop invalid" connection-state=\ invalid add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp add action=accept chain=input comment=\ "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1 add action=drop chain=input comment="defconf: drop all not coming from LAN" \ in-interface-list=!LAN add action=accept chain=forward comment="defconf: accept in ipsec policy" \ ipsec-policy=in,ipsec add action=accept chain=forward comment="defconf: accept out ipsec policy" \ ipsec-policy=out,ipsec add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \ connection-state=established,related add action=accept chain=forward comment=\ "defconf: accept established,related, untracked" connection-state=\ established,related,untracked add action=drop chain=forward comment="defconf: drop invalid" \ connection-state=invalid add action=drop chain=forward comment=\ "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \ connection-state=new in-interface-list=WAN /ip firewall mangle add action=accept chain=prerouting in-interface=pppoe-out-WAN_Port_1-1 add action=accept chain=prerouting in-interface=pppoe-out-WAN_Port_1-2 add action=accept chain=prerouting in-interface=pppoe-out-WAN_Port_1-3 add action=accept chain=prerouting in-interface=pppoe-out-WAN_Port_1-4 add action=accept chain=prerouting in-interface=pppoe-out-WAN_Port_1-5 add action=mark-connection chain=prerouting dst-address-type=!local \ in-interface=bridge new-connection-mark=WAN_Port-1 passthrough=yes \ per-connection-classifier=both-addresses-and-ports:5/0 add action=mark-connection chain=prerouting dst-address-type=!local \ in-interface=bridge new-connection-mark=WAN_Port-2 passthrough=yes \ per-connection-classifier=both-addresses-and-ports:5/1 add action=mark-connection chain=prerouting dst-address-type=!local \ in-interface=bridge new-connection-mark=WAN_Port-3 passthrough=yes \ per-connection-classifier=both-addresses-and-ports:5/2 add action=mark-connection chain=prerouting dst-address-type=!local \ in-interface=bridge new-connection-mark=WAN_Port-4 passthrough=yes \ per-connection-classifier=both-addresses-and-ports:5/3 add action=mark-connection chain=prerouting dst-address-type=!local \ in-interface=bridge new-connection-mark=WAN_Port-5 passthrough=yes \ per-connection-classifier=both-addresses-and-ports:5/4 add action=mark-routing chain=prerouting connection-mark=WAN_Port-1 \ in-interface=bridge new-routing-mark=to-WAN_Port-1 passthrough=yes add action=mark-routing chain=prerouting connection-mark=WAN_Port-2 \ in-interface=bridge new-routing-mark=to-WAN_Port-2 passthrough=yes add action=mark-routing chain=prerouting connection-mark=WAN_Port-3 \ in-interface=bridge new-routing-mark=to-WAN_Port-3 passthrough=yes add action=mark-routing chain=prerouting connection-mark=WAN_Port-4 \ in-interface=bridge new-routing-mark=to-WAN_Port-4 passthrough=yes add action=mark-routing chain=prerouting connection-mark=WAN_Port-5 \ in-interface=bridge new-routing-mark=to-WAN_Port-5 passthrough=yes /ip firewall nat add action=masquerade chain=srcnat comment="defconf: masquerade" \ ipsec-policy=out,none out-interface-list=WAN add action=masquerade chain=srcnat out-interface=pppoe-out-WAN_Port_1-1 add action=masquerade chain=srcnat out-interface=pppoe-out-WAN_Port_1-2 add action=masquerade chain=srcnat out-interface=pppoe-out-WAN_Port_1-3 add action=masquerade chain=srcnat out-interface=pppoe-out-WAN_Port_1-4 add action=masquerade chain=srcnat out-interface=pppoe-out-WAN_Port_1-5 /ip route add check-gateway=ping distance=1 gateway=pppoe-out-WAN_Port_1-1 \ routing-mark=to-WAN_Port-1 add check-gateway=ping distance=1 gateway=pppoe-out-WAN_Port_1-2 \ routing-mark=to-WAN_Port-2 add check-gateway=ping distance=1 gateway=pppoe-out-WAN_Port_1-3 \ routing-mark=to-WAN_Port-3 add check-gateway=ping distance=1 gateway=pppoe-out-WAN_Port_1-4 \ routing-mark=to-WAN_Port-4 add check-gateway=ping distance=1 gateway=pppoe-out-WAN_Port_1-5 \ routing-mark=to-WAN_Port-5 add check-gateway=ping distance=1 gateway=pppoe-out-WAN_Port_1-1 add check-gateway=ping distance=2 gateway=pppoe-out-WAN_Port_1-2 add check-gateway=ping distance=3 gateway=pppoe-out-WAN_Port_1-3 add check-gateway=ping distance=4 gateway=pppoe-out-WAN_Port_1-4 add check-gateway=ping distance=5 gateway=pppoe-out-WAN_Port_1-5 /system clock set time-zone-name=Asia/Ho_Chi_Minh /system identity set name=MikGroup /tool mac-server set allowed-interface-list=LAN /tool mac-server mac-winbox set allowed-interface-list=LAN
Vãi thím, lệnh export có j đâu. Export file=tên file
 

babyangelhp

New Member
Joined
Apr 13, 2018
Messages
429
Reaction score
0
manny1992003 said:
Tìm lại được cái file backup, lúc trước làm xong mừng quá lưu lại 1 file xong bỏ mất. Mà trước giờ toàn xài cái File => Backup, giờ mới biết cái lệnh export.

Đây là cái khi speedtest 6xx Mbps nhưng CPU không tới 30%:

Code: # model = RB750Gr3 /interface bridge add auto-mac=yes comment="LAN Bridge (default)" \ name=bridge /interface ethernet set [ find default-name=ether1 ] comment=WAN name=WAN_Port_1 /interface vrrp add interface=WAN_Port_1 name=vrrp1 version=2 add interface=WAN_Port_1 name=vrrp2 version=2 vrid=2 add interface=WAN_Port_1 name=vrrp3 version=2 vrid=3 add interface=WAN_Port_1 name=vrrp4 version=2 vrid=4 add interface=WAN_Port_1 name=vrrp5 version=2 vrid=5 /interface pppoe-client add allow=pap,chap comment=PPP disabled=no interface=vrrp1 name=\ pppoe-out-WAN_Port_1-1 password=op_op user=ech_op add allow=pap,chap disabled=no interface=vrrp2 name=pppoe-out-WAN_Port_1-2 \ password=op_op user=ech_op add allow=pap,chap disabled=no interface=vrrp3 name=pppoe-out-WAN_Port_1-3 \ password=op_op user=ech_op add allow=pap,chap disabled=no interface=vrrp4 name=pppoe-out-WAN_Port_1-4 \ password=op_op user=ech_op add allow=pap,chap disabled=no interface=vrrp5 name=pppoe-out-WAN_Port_1-5 \ password=op_op user=ech_op /interface list add comment=defconf name=WAN add comment=defconf name=LAN /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik /ip hotspot profile set [ find default=yes ] html-directory=flash/hotspot /ip pool add name=dhcp ranges=192.168.88.10-192.168.88.254 /ip dhcp-server add address-pool=dhcp disabled=no interface=bridge name=defconf /interface bridge port add bridge=bridge comment=defconf interface=ether2 add bridge=bridge comment=defconf interface=ether3 add bridge=bridge comment=defconf interface=ether4 add bridge=bridge comment=defconf interface=ether5 /ip neighbor discovery-settings set discover-interface-list=LAN /interface list member add comment=defconf interface=bridge list=LAN add comment=defconf interface=WAN_Port_1 list=WAN /ip address add address=192.168.88.1/24 comment=defconf interface=ether2 network=\ 192.168.88.0 add address=192.169.2.2/24 interface=vrrp2 network=192.169.2.0 add address=192.169.3.2/24 interface=vrrp3 network=192.169.3.0 add address=192.169.4.2/24 interface=vrrp4 network=192.169.4.0 add address=192.169.5.2/24 interface=vrrp5 network=192.169.5.0 add address=192.169.1.2/24 interface=vrrp1 network=192.169.1.0 /ip dhcp-client add comment=defconf dhcp-options=hostname,clientid disabled=no interface=\ WAN_Port_1 /ip dhcp-server network add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1 /ip dns set servers=1.1.1.1,8.8.8.8,208.67.222.222 /ip dns static add address=192.168.88.1 comment=defconf name=router.lan /ip firewall filter add action=accept chain=input comment=\ "defconf: accept established,related,untracked" connection-state=\ established,related,untracked add action=drop chain=input comment="defconf: drop invalid" connection-state=\ invalid add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp add action=accept chain=input comment=\ "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1 add action=drop chain=input comment="defconf: drop all not coming from LAN" \ in-interface-list=!LAN add action=accept chain=forward comment="defconf: accept in ipsec policy" \ ipsec-policy=in,ipsec add action=accept chain=forward comment="defconf: accept out ipsec policy" \ ipsec-policy=out,ipsec add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \ connection-state=established,related add action=accept chain=forward comment=\ "defconf: accept established,related, untracked" connection-state=\ established,related,untracked add action=drop chain=forward comment="defconf: drop invalid" \ connection-state=invalid add action=drop chain=forward comment=\ "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \ connection-state=new in-interface-list=WAN /ip firewall mangle add action=accept chain=prerouting in-interface=pppoe-out-WAN_Port_1-1 add action=accept chain=prerouting in-interface=pppoe-out-WAN_Port_1-2 add action=accept chain=prerouting in-interface=pppoe-out-WAN_Port_1-3 add action=accept chain=prerouting in-interface=pppoe-out-WAN_Port_1-4 add action=accept chain=prerouting in-interface=pppoe-out-WAN_Port_1-5 add action=mark-connection chain=prerouting dst-address-type=!local \ in-interface=bridge new-connection-mark=WAN_Port-1 passthrough=yes \ per-connection-classifier=both-addresses-and-ports:5/0 add action=mark-connection chain=prerouting dst-address-type=!local \ in-interface=bridge new-connection-mark=WAN_Port-2 passthrough=yes \ per-connection-classifier=both-addresses-and-ports:5/1 add action=mark-connection chain=prerouting dst-address-type=!local \ in-interface=bridge new-connection-mark=WAN_Port-3 passthrough=yes \ per-connection-classifier=both-addresses-and-ports:5/2 add action=mark-connection chain=prerouting dst-address-type=!local \ in-interface=bridge new-connection-mark=WAN_Port-4 passthrough=yes \ per-connection-classifier=both-addresses-and-ports:5/3 add action=mark-connection chain=prerouting dst-address-type=!local \ in-interface=bridge new-connection-mark=WAN_Port-5 passthrough=yes \ per-connection-classifier=both-addresses-and-ports:5/4 add action=mark-routing chain=prerouting connection-mark=WAN_Port-1 \ in-interface=bridge new-routing-mark=to-WAN_Port-1 passthrough=yes add action=mark-routing chain=prerouting connection-mark=WAN_Port-2 \ in-interface=bridge new-routing-mark=to-WAN_Port-2 passthrough=yes add action=mark-routing chain=prerouting connection-mark=WAN_Port-3 \ in-interface=bridge new-routing-mark=to-WAN_Port-3 passthrough=yes add action=mark-routing chain=prerouting connection-mark=WAN_Port-4 \ in-interface=bridge new-routing-mark=to-WAN_Port-4 passthrough=yes add action=mark-routing chain=prerouting connection-mark=WAN_Port-5 \ in-interface=bridge new-routing-mark=to-WAN_Port-5 passthrough=yes /ip firewall nat add action=masquerade chain=srcnat comment="defconf: masquerade" \ ipsec-policy=out,none out-interface-list=WAN add action=masquerade chain=srcnat out-interface=pppoe-out-WAN_Port_1-1 add action=masquerade chain=srcnat out-interface=pppoe-out-WAN_Port_1-2 add action=masquerade chain=srcnat out-interface=pppoe-out-WAN_Port_1-3 add action=masquerade chain=srcnat out-interface=pppoe-out-WAN_Port_1-4 add action=masquerade chain=srcnat out-interface=pppoe-out-WAN_Port_1-5 /ip route add check-gateway=ping distance=1 gateway=pppoe-out-WAN_Port_1-1 \ routing-mark=to-WAN_Port-1 add check-gateway=ping distance=1 gateway=pppoe-out-WAN_Port_1-2 \ routing-mark=to-WAN_Port-2 add check-gateway=ping distance=1 gateway=pppoe-out-WAN_Port_1-3 \ routing-mark=to-WAN_Port-3 add check-gateway=ping distance=1 gateway=pppoe-out-WAN_Port_1-4 \ routing-mark=to-WAN_Port-4 add check-gateway=ping distance=1 gateway=pppoe-out-WAN_Port_1-5 \ routing-mark=to-WAN_Port-5 add check-gateway=ping distance=1 gateway=pppoe-out-WAN_Port_1-1 add check-gateway=ping distance=2 gateway=pppoe-out-WAN_Port_1-2 add check-gateway=ping distance=3 gateway=pppoe-out-WAN_Port_1-3 add check-gateway=ping distance=4 gateway=pppoe-out-WAN_Port_1-4 add check-gateway=ping distance=5 gateway=pppoe-out-WAN_Port_1-5 /system clock set time-zone-name=Asia/Ho_Chi_Minh /system identity set name=MikGroup /tool mac-server set allowed-interface-list=LAN /tool mac-server mac-winbox set allowed-interface-list=LAN
Vãi thím, lệnh export có j đâu. Export file=tên file
 
Top