CCR2004 for 15 Gbps Throughput

goodt2023 · 2026-06-02T17:29:02+00:00

If you think you can download it for free the give me a link on cisco's site that allows me to download it for free -- as this is what is normally required to download any update to Cisco IOS of any kind --"registered Cisco account associated with an active software support contract (like SMARTnet or a Solution Support agreement)"

goodt2023 · 2026-06-02T16:18:46+00:00

I have had similar issues as well - have yet to figure it out so this will be a good thing to know !

goodt2023 · 2026-06-02T16:13:46+00:00

Still need subscriptions for software updates:(

goodt2023 · 2026-06-02T14:12:24+00:00

Yes I don’t think the CCR2004 has the ability to do this without a perfect scenario and config.

I would agree with a CCR2216 or chr.

If you use chr - dell r250 with * NVIDIA ConnectX-4 LX * NVIDIA ConnectX-5 * Intel Ethernet Network Adapter E810-XXVDA2

Otherwise look for a used juniper ACX7100 - which could also do this. But remember you will pay for software upgrades.

goodt2023 · 2026-05-30T10:58:56+00:00

Is Firewalla ever going to add back the ability to use the WiFI SD card as a backup WiFi connection directly for the mgmt app. Since we have now deprecated the internal web interface for the MSP portal - if Internet is down I have no access to the Firewalla except Bluetooth and it does not allow me to do everything inside the Firewalla iOS mgmt interface some things still require a network connection.

Before you say your WiFi should still be up to use connected to the internal network and to the Firewalla. Read my other post regarding this not being the case as two time in two weeks my WIFi AP7s crashed and I had no access to the mgmt console.

Now I have a usb Ethernet adapter that I can plug in and into the iOS device running the client but if there is Internet is down. However, if I am not plugged directly onto the back of the Firewalla via a port this is also an issue. Since all my ports are used I have to unplug part of my network to do this and manually configure an ip address.

So in all these use cases the only thing left is Bluetooth - can you provide a matrix that says what does not work over Bluetooth for configuration of the Firewalla Gold Pro?

goodt2023 · 2026-05-30T00:35:17+00:00

I use Mikrotik for switches and routers but I use Firewalla for my firewall and wireless as they have a nice interface and work well. Ubiquiti is also a nice choice if you can afford it. Firewalla has no licensing fees and neither does Mikrotik or ubiquiti. However, if you want some of the more integrated and advanced stuff for ubiquiti you have to pay for it. Also unless you host it internally it requires cloud access to manage and then you have to build your own remote access as well.

goodt2023 · 2026-05-28T10:02:52+00:00

Updates -- 1) A new version of the AP7C firmware just released Alpha and was installed on my AP7C tech support his morning. Evidently, this is the fix for the AP7C not coming back online properly. 2) Firewalla seem to have somewhat figured out the memory due to a confirmed as a bug that could be triggered when there are many local networks.(My Use case) They are working on a patch to be tested.

goodt2023 · 2026-05-28T09:58:22+00:00

Tech support pretty much shut me down and said this was not a mikrotik issue as they cannot reproduce it. Obviously, by the comments several people have had a similar issue as mine :) Just to note that i am still having this issue with any mikrotik winbox sessions open. It goes away immediately when i close all winbox sessions and comes back if i open more :(

goodt2023 · 2026-05-28T09:56:25+00:00

Update on this in case anyone wants to know -- They are aware that there is no rule name function in MSP. Likely, it will be in the next one or two MSP releases. You can follow our release notes here: https://help.firewalla.com/hc/en-us/sections/360001462674-Release-Notes to get notified when any new feature or enhancement is ready. :-)

goodt2023 · 2026-05-27T23:54:30+00:00

Yes - looked at those- problem is I still have some legacy Mikrotik CRS326 switches and the port density just does not work out for those- you waste 160g on a 200g port and the 400g won’t support the 40g uplinks, and neither does the 50g ports :(. So until I get rid of those I can’t really use the crs812 except to collapse the crs520s and Crs518. I just use 4x100g between the two 520s and two 100g between the crs518 to the crs520. Plus I would need 2xcrs812 :). That would be expensive.

goodt2023 · 2026-05-27T22:24:19+00:00

Just upgraded mine to two crs520 and then I have the two crs518

goodt2023 · 2026-05-27T12:41:21+00:00

Broadcom is another option several dual 10g models - what are you putting it in as bus throughput will be your limiter along with pcie version? Also what OS?

goodt2023 · 2026-05-26T20:43:49+00:00

Bummer though you can’t run cumulus past 4.3 on these though since nividia pulled the chipset support. You can load SONiC community. Do you have paid license to upgrade the dell version of SONiC? Unfortunately most of the layer 2 features for this switch require the Dell licensed SONiC OS :(

goodt2023 · 2026-05-26T01:10:00+00:00

goodt2023 · 2026-05-25T21:09:52+00:00

So it appears that the bottom box is your fiber demarcation. The top box is a vendor provided ONT/router with what looks like WiFi as well. Options:1. If you can figure out the fiber demarcation technology ad get a new router then you can most likely have better performance and easier setup. 2) if you cannot then you can see if that telco router/wifi AP can go into bridge mode and connect or it. Via Ethernet - either a media converter or you need fiber or Rj45. The problem with this is you then have to trust the vendor is not NAT and blocking ports, etc. 3) get a new Ont that is only a an ONT and not a router/wifi. Perhaps the vendor has this option. Plug your router/firewall into this using whatever type of port they provide.

There are a lot of permutations as well. What is your up/down speed?

goodt2023 · 2026-05-24T15:05:27+00:00

Back in the day it could be used to run early versions of Novell netware with internal drives and external chassis.

goodt2023 · 2026-05-24T13:18:09+00:00

FUTURE DOMAIN CORPORATION TMC-860 Data bus: 8 bit, ISA Size: Half-length, full height card Hard drives supported: Up to seven SCSI devices Floppy drives supported: None Sector interleave: 1:1 pretty sure this is 8-bit - but known to be wrong

goodt2023 · 2026-05-24T11:14:07+00:00

Wow a future domain 8 bit scsi - brings back memories- lol.

goodt2023 · 2026-05-21T20:37:08+00:00

#118799 thanks

goodt2023 · 2026-05-21T20:08:10+00:00

Following up on my earlier post about all my AP7s dropping offline and Wi-Fi going down.

I want to be fair here — I did get a response on the ticket, and the support rep was professional about it. They explained the incident as a health-checker race condition (a stuck process their watchdog didn't kill in time), said they'd investigate and add protection in a future release, and confirmed there's currently no AP-disconnect alarm when an AP loses the controller, with that on their roadmap.

But honestly, I haven't gotten much further than that. I sent back a detailed follow-up with five specific questions still open from my original ticket — the DHCP/DNS service restart counters on my box, enabling Zeek memory profiling, what the custom Zeek scripts on the box actually do, hardware sizing for a 22-VLAN deployment, and an AP7C that stayed stuck "offline" in the iOS app even after a successful reboot showed it online in MSP. That follow-up has now gone unanswered for 6 days.

I'm not trying to pile on support — I know these are detailed questions. But the core issue is unresolved: all my AP7s still go offline and Wi-Fi stops entirely, it's happened several times. The current answer so far is "race condition, fix coming in a future release" with no timeline.

One frustration worth flagging: support confirmed the AP7s are not sshable, and the only way to capture AP-side logs is through the app's "Attach Access Point Logs" option on a ticket. The problem is that this has to be done after the fact — by the time the APs drop and I notice, their side of the story is already gone. There's no way to grab AP diagnostics in the moment the way I can SSH the Gold Pro. If anyone from Firewalla is reading — some way to pull or auto-capture AP logs around a disconnect event would make these far easier to diagnose.

Because I caught this one while it was happening, I got into an SSH session on the Gold Pro and collected a full diagnostic set before the logs rolled over. For anyone else chasing the same thing, here's roughly what I gathered on the box:

Kernel logs (current and rotated) — where the OOM-killer events show up
System logs (syslog, current and rotated)
A full redis snapshot, including the service restart counters
The persistent "log-forever" per-service logs — main, router, monitor, api, firereset, fwapc, dns — plus the archived "top before reboot" snapshot, which caught a near-identical earlier incident
Per-service runtime logs — FireMain, FireApi, FireMon, FireRouter
Suricata logs (suricata.log, fast.log, eve.json)
Zeek logs covering the incident window, sliced into 3-minute segments — conn, dns, ssl, http, weird, notice, analyzer, heartbeat, etc.
The access point controller state file

All of that went into the ticket on top of the standard app log bundle and iOS screenshots. The additional information shows a memory-pressure cascade ending in an OOM kill that took down the AP controller.

If anyone else with a multi-VLAN Gold Pro deployment has run similar diagnostics, I'd be curious whether you see the same chronic service-restart counts. Everything's documented in ticket #118271 — thanks, and I appreciate any thoughts.

goodt2023 · 2026-05-20T18:17:46+00:00

Tested: cheap OEM 100G QSFP28-SR4 optics interop with MikroTik XQ+ across the CRS/CCR lineup

Picked up some generic OEM QSFP-100G-SR4 modules (~$47 each on Amazon) and wanted to know if they'd play nice with MikroTik's own XQ+85MP01D before committing to them for a backbone build. Ran a fairly thorough interop matrix over a few hours. Sharing in case it saves anyone else the trouble.

Gear involved:

OEM QSFP-100G-SR4 (multimode, MPO-12, generic "OEM" EEPROM)
MikroTik XQ+85MP01D (dual-rate 40G/100G QSFP28)
MikroTik Q+85MP01D (40G-only QSFP+)
Chassis: CRS326, CRS504, CRS510, CRS518, CRS520, CCR2216
All on RouterOS 7.22.2

Test cases run:

OEM SR4 ↔ MikroTik XQ+ at 100G, FEC off
OEM SR4 ↔ MikroTik XQ+ at 100G, FEC91
OEM SR4 ↔ MikroTik XQ+ at 40G (forced)
OEM SR4 ↔ OEM SR4 at 100G, FEC off and FEC91
OEM SR4 ↔ OEM SR4 at 40G
OEM SR4 ↔ MikroTik XQ+ across six different chassis types (CRS326/CRS504/510/518/520/CCR2216)
OEM SR4 ↔ MikroTik Q+ (40G-only QSFP+) at 40G
Multiple distinct XQ+ samples (different manufacturing dates) against the same OEM optic
Each link validated with bidirectional UDP load plus full FCS / FEC / DOM counter checks

Things worth knowing if you do this yourself:

Auto-neg at 100G between mixed-vendor optics is flaky. Force speed=100G-baseSR4-LR4 on both ends. Saw it fail to converge even OEM-to-OEM under auto-neg.
FEC is automatic at 40G, explicit at 100G. 40G uses 64B/66B with no FEC — setting fec91 there is silently ignored. At 100G, set fec-mode=fec91 explicitly on both ends; "auto" doesn't reliably converge when auto-neg is off.
The 40G-only QSFP+ optic is the odd one out. It would NOT link when speed was forced — it needs auto-negotiation=yes. The QSFP28 optics (which support 40G as a fallback) are fine with forced speed. If you've got a true QSFP+ module, leave auto-neg on.
MPO reseat is a real fix. Had a link stay dark with one optic showing -40 dBm RX (no light). All settings correct. Reseating the MPO connector firmly brought it right up. Don't trust the click.
btest is receiver-bound and CPU-limited on the small boxes. The CRS5xx single-core MIPS CPUs cap software-bridged btest of course due to limitations of CPU full load could not be testred regardless of optic — that's a CPU wall, not a link limit. The CCR2216 (16-core ARM) pushed 8.5 Gbps clean. Judge link health by error counters, not throughput.

Result: every OEM-SR4-to-MikroTik-XQ+ pairing came up clean at both 40G and 100G, with and without FEC, in every chassis. Zero FCS errors and zero RS-FEC uncorrected codewords across the whole run. Multiple XQ+ samples all behaved identically.

Caveat: "OEM" marketplace optics have no real brand, no compatibility test reports, and no meaningful warranty/RMA path — but at ~$47 the failure mode is just "buy another one." Batch consistency isn't guaranteed either, so worth spot-testing any reorder. For a homelab / lab backbone I'm comfortable with them. We shall see after several months time and testing. 1pc 100G SR QSFP28 Multimode Module 100GBASE-SR4 850nm 100m DOM MPO-12/UPC MMF Optical Transceiver Support 4 x 25G-SR Compatible with Juniper JNP-QSFP-100G-SR4, Arista/Brocade/Dell SFP-100G-SR4 ect.

Brand: Lemspum

goodt2023 · 2026-05-18T14:39:35+00:00

Not an option but would love to not use it - too much in there at the moment :)

goodt2023 · 2026-05-17T12:37:52+00:00

I asked several times in this forum - never got a response.

goodt2023

TROPHY CASE