ERL-PoE Performance Issues - Is it me ??

Hi There

I have a ERL-PoE which appears to have been working well for me but my ISP has now upgraded me to a 200Mbps cable package but I'm licky if I ever get over 110Mbps.

If I plug a laptop directly into the cable modem I can achive speeds of around the 200Mbps limit (using speedtest.net) but as soon as I'm behind the ERL I drop back down to about 100Mbps.

I have a 24 port switch in the ETH1 port on the ERL behind which is my network but I've disconnected this and put the laptop directly into ETH1 to eliminate any network services that might take bandwidth - I still only get 100Mbps (or there abouts).

Can anyone suggest what might be going on ?

I've switched on Hardware offloading but it's made no odds. - I'm on the latest firmware for my unit.

Any help appreciated - Brian

Config is;

firewall {
all-ping enable
broadcast-ping disable
group {
address-group AllowedGSHosts {
address 192.168.yyyy.40
address 192.168.yyyy.53
address 192.168.yyyy.92
address 192.168.yyyy.100
address 192.168.yyyy.2
address 192.168.yyyy.46
address 192.168.yyyy.156
address 192.168.yyyy.139
address 192.168.yyyy.4
address 192.168.yyyy.39
address 192.168.yyyy.28
description "Hosts allowed on this network"
}
network-group GSSubnet {
description "GS Subnet"
network 192.168.yyyy.0/24
}
network-group LocalSubnet {
description "My Local Subnet"
network 192.168.xxx.0/24
}
}
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
name WAN_IN {
default-action drop
description "WAN to Internal"
rule 1 {
action accept
description "Allow GS VPN"
destination {
group {
network-group LocalSubnet
}
}
ipsec {
match-ipsec
}
log disable
protocol all
source {
group {
address-group AllowedGSHosts
}
}
state {
established enable
invalid disable
new enable
related enable
}
}
rule 2 {
action accept
state {
established enable
related enable
}
}
rule 3 {
action drop
state {
invalid enable
}
}
}
name WAN_LOCAL {
default-action drop
description "WAN to Router"
rule 1 {
action accept
description "Allow GS VPN"
destination {
group {
network-group LocalSubnet
}
}
ipsec {
match-ipsec
}
log disable
protocol all
source {
group {
address-group AllowedGSHosts
}
}
state {
established enable
invalid disable
new enable
related enable
}
}
rule 2 {
action accept
state {
established enable
related enable
}
}
rule 3 {
action drop
state {
invalid enable
}
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}
interfaces {
bridge br0 {
address 192.168.xxx.254/24
aging 300
bridged-conntrack disable
hello-time 2
max-age 20
priority 0
promiscuous enable
stp false
}
ethernet eth0 {
address dhcp
description CableISP
duplex auto
firewall {
in {
name WAN_IN
}
local {
name WAN_LOCAL
}
}
poe {
output off
}
speed auto
}
ethernet eth1 {
bridge-group {
bridge br0
}
description MainLAN
duplex auto
ip {
}
poe {
output off
}
speed auto
}
ethernet eth2 {
description eth2
duplex auto
poe {
output off
}
speed auto
}
ethernet eth3 {
description aircam
duplex auto
poe {
output off
}
speed auto
}
ethernet eth4 {
description UniFiAP
duplex auto
ip {
}
poe {
output 24v
}
speed auto
}
loopback lo {
}
switch switch0 {
bridge-group {
bridge br0
}
mtu 1500
switch-port {
interface eth2 {
}
interface eth3 {
}
interface eth4 {
}
vlan-aware disable
}
}
}
port-forward {
auto-firewall enable
hairpin-nat enable
lan-interface br0
rule 1 {
description "BT to Paddy"
forward-to {
address 192.168.xxx.5
}
original-port 33203
protocol tcp_udp
}
wan-interface eth0
}
service {
dns {
forwarding {
cache-size 1000
listen-on eth1
listen-on switch0
name-server 8.8.8.8
name-server 8.8.4.4
}
}
gui {
http-port 80
https-port 443
older-ciphers enable
}
mdns {
reflector
}
nat {
rule 5001 {
description "exclude ipsec local to remote"
destination {
group {
network-group GSSubnet
}
}
exclude
log disable
outbound-interface eth0
protocol all
source {
group {
network-group LocalSubnet
}
}
type masquerade
}
rule 5002 {
log disable
outbound-interface eth0
protocol all
type masquerade
}
}
ssh {
port xxxx
protocol-version v2
}
}
system {
domain-name xxxxxxxx.local
host-name EdgeRouter
login {
user xxxxxxxxx {
authentication {
encrypted-password xxxxxx
plaintext-password ""
}
full-name "xxxxxxxxxxx"
level admin
}
}
name-server 8.8.8.8
name-server 8.8.4.4
ntp {
server 0.ubnt.pool.ntp.org {
}
server 1.ubnt.pool.ntp.org {
}
server 2.ubnt.pool.ntp.org {
}
server 3.ubnt.pool.ntp.org {
}
}
offload {
hwnat disable
ipv4 {
forwarding enable
gre enable
pppoe enable
}
}
options {
reboot-on-panic true
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
time-zone Europe/London
}
vpn {
ipsec {
auto-firewall-nat-exclude disable
esp-group FOO0 {
compression disable
lifetime 3600
mode tunnel
pfs enable
proposal 1 {
encryption 3des
hash md5
}
}
ike-group FOO0 {
ikev2-reauth no
key-exchange ikev1
lifetime 28800
proposal 1 {
dh-group 2
encryption 3des
hash md5
}
}
ipsec-interfaces {
interface eth0
}
nat-networks {
allowed-network 0.0.0.0/0 {
}
}
nat-traversal enable
site-to-site {
peer aaaa.bbbb.cccc.dddd {
authentication {
mode pre-shared-secret
pre-shared-secret zzzzzzzzzzzzzzzz
}
connection-type initiate
description "Link to GS"
ike-group FOO0
ikev2-reauth inherit
local-address any
tunnel 1 {
allow-nat-networks disable
allow-public-networks disable
esp-group FOO0
local {
prefix 192.168.xxxx.0/24
}
remote {
prefix 192.168.yyyy.0/24
}
}
}
}
}
}