Hello,
Merci pour vos réponses
J'ai refait quelques tests avec le fasttrack:
1. Connexion Livebox -> MAC directement : (up/down : 500Mbps)
2. Connexion Livebox -> Mikrotik -> MAC (bridge): (up: 200Mbps, down: 500Mbps)
3. Connexion TP-Link MC220L -> Mikrotik -> MAC avec config vlan832 etc... : (up/down: 130Mbps)
Je vous joins ma config si jamais vous trouvez quelque chose qui ne convient pas, mais j'avoue qu'excepter les performance du hAP AC, je ne vois pas ce qui pourrait coincer.
Encore merci pour l'aide
# sep/16/2022 22:07:38 by RouterOS 7.5
# software id = TELN-P324
#
# model = RB962UiGS-5HacT2HnT
# serial number = BEC80A92DF99
/interface bridge
add name=br-wan
add name=bridgePrivate protocol-mode=none
add name=bridgePublic
/interface ethernet
set [ find default-name=ether1 ] advertise=1000M-full name=ether1_WAN
set [ find default-name=ether2 ] name=ether2_swDesk
set [ find default-name=ether3 ] name=ether3_swTV
set [ find default-name=ether4 ] advertise=1000M-half,1000M-full disabled=yes
set [ find default-name=ether5 ] disabled=yes
set [ find default-name=sfp1 ] advertise=1000M-full,2500M-full,5000M-full disabled=yes loop-protect-send-interval=1s \
rx-flow-control=auto tx-flow-control=auto
/interface vlan
add comment="Internet ONT" interface=ether1_WAN loop-protect-disable-time=0s loop-protect-send-interval=1s name=vlan832-internet \
vlan-id=832
/interface list
add name=WAN
add name=LANPrivate
add name=LANPublic
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa2-psk mode=dynamic-keys name=private supplicant-identity=MikroTik
add authentication-types=wpa2-psk mode=dynamic-keys name=public supplicant-identity=MikroTik
/interface wireless
set [ find default-name=wlan1 ] antenna-gain=0 band=2ghz-b/g/n channel-width=20/40mhz-XX country="united states" disabled=no \
distance=indoors frequency=auto frequency-mode=superchannel hide-ssid=yes installation=indoor mode=ap-bridge name=\
wifiPrivate2Ghz security-profile=private ssid=MT-PRIVATE wireless-protocol=802.11
set [ find default-name=wlan2 ] antenna-gain=0 band=5ghz-a/n/ac channel-width=20/40/80mhz-XXXX country="united states" disabled=\
no distance=indoors frequency=auto frequency-mode=superchannel hide-ssid=yes installation=indoor mode=ap-bridge name=\
wifiPrivate5Ghz security-profile=private ssid=MT-PRIVATE wireless-protocol=802.11
/ip dhcp-client option
add code=60 name=vendor-class-identifier value=0x736167656d
add code=77 name=userclass value=0x2b46535644534c5f6c697665626f782e496e7465726e65742e73XXXXXXXXXXXXXXXXXXXXXXXXX
add code=90 name=authsend value=0x00000000000000000000001a090000055801XXXXXXXXXXXXXXXXXXXXXXXXXXX
/ip pool
add name=poolPrivate ranges=192.168.10.10-192.168.10.254
add name=poolPublic ranges=192.168.20.10-192.168.20.254
/ip dhcp-server
add address-pool=poolPrivate interface=bridgePrivate name=dhcpPrivate
add address-pool=poolPublic interface=bridgePublic name=dhcpPublic
/queue interface
set ether1_WAN queue=ethernet-default
set ether2_swDesk queue=ethernet-default
set ether3_swTV queue=ethernet-default
set sfp1 queue=ethernet-default
/interface wireless
add disabled=no mac-address=76:4D:28:CA:84:97 master-interface=wifiPrivate2Ghz name=wifiPublic2Ghz security-profile=public ssid=\
MT wds-default-bridge=*9 wps-mode=disabled
add disabled=no mac-address=76:4D:28:CA:84:96 master-interface=wifiPrivate5Ghz name=wifiPublic5Ghz security-profile=public ssid=\
MT wds-default-bridge=*9 wps-mode=disabled
/interface bridge filter
add action=set-priority chain=output dst-port=67 ip-protocol=udp log=yes log-prefix="Set CoS6 on DHCP request" mac-protocol=ip \
new-priority=6 out-interface=vlan832-internet passthrough=yes
/interface bridge port
add bridge=bridgePrivate interface=ether2_swDesk
add bridge=bridgePublic interface=ether3_swTV
add bridge=bridgePrivate interface=wifiPrivate2Ghz
add bridge=bridgePrivate interface=wifiPrivate5Ghz
add bridge=bridgePublic interface=wifiPublic2Ghz
add bridge=bridgePublic interface=wifiPublic5Ghz
add bridge=br-wan interface=vlan832-internet
/interface bridge settings
set use-ip-firewall-for-vlan=yes
/ip neighbor discovery-settings
set discover-interface-list=LANPrivate
/interface list member
add interface=bridgePrivate list=LANPrivate
add interface=br-wan list=WAN
add interface=bridgePublic list=LANPublic
/ip address
add address=192.168.10.1/24 interface=bridgePrivate network=192.168.10.0
add address=192.168.20.1/24 interface=bridgePublic network=192.168.20.0
add address=192.168.1.15/24 interface=sfp1 network=192.168.1.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add dhcp-options=hostname,clientid,authsend,userclass,vendor-class-identifier interface=br-wan
/ip dhcp-server lease
add address=192.168.10.100 client-id=1:18:65:71:eb:c1:22 mac-address=18:65:71:EB:C1:22 server=dhcpPrivate
add address=192.168.10.101 client-id=1:0:e0:4c:68:1:56 mac-address=00:E0:4C:68:01:56 server=dhcpPrivate
add address=192.168.20.250 client-id=1:b0:5c:da:ae:22:e mac-address=B0:5C:DA:AE:22:0E server=dhcpPublic
/ip dhcp-server network
add address=192.168.10.0/24 dns-server=8.8.8.8,8.8.8.4 gateway=192.168.10.1
add address=192.168.20.0/24 dns-server=8.8.8.8,8.8.8.4 gateway=192.168.20.1
add address=192.168.88.0/24 comment=defconf dns-server=192.168.88.1 gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall address-list
add address=192.168.10.2-192.168.10.254 list=LANPrivate
add address=192.168.20.2-192.168.20.254 list=LANPublic
/ip firewall filter
add action=fasttrack-connection chain=forward comment="fasttrack established/related" connection-state=established,related \
hw-offload=yes
add action=accept chain=forward comment="accept established/related" connection-state=established,related
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=input comment="defconf: drop all not coming from LANPrivate" in-interface-list=!LANPrivate
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=\
new in-interface-list=WAN
add action=reject chain=forward comment="Public LAN can't contact Private LAN" dst-address-list=LANPrivate reject-with=\
icmp-network-unreachable src-address-list=LANPublic
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set www-ssl certificate=WebFig disabled=no
set api disabled=yes
set winbox disabled=yes
set api-ssl disabled=yes
/ip ssh
set host-key-size=4096
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" port=33434-33534 protocol=udp
add action=accept chain=input comment="defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=udp src-address=\
fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=ipsec-esp
add action=accept chain=input comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment="defconf: drop everything else not coming from LAN" in-interface-list=!LANPrivate
add action=accept chain=forward comment="defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=ipsec-esp
add action=accept chain=forward comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment="defconf: drop everything else not coming from LAN" in-interface-list=!LANPrivate
/system identity
set name=MT-HOME
/system leds settings
set all-leds-off=after-1min
/tool mac-server
set allowed-interface-list=LANPrivate
/tool mac-server mac-winbox
set allowed-interface-list=LANPrivate