Wi-Fi сеть выделена на RB3011 отдельно, имеет свою адресацию и свой dhcp-пул и с помощью влан прокидывается на управляемые коммутаторы CSS326, на которых в свою очередь на нужных портах прописан vlan id и стоит режим strict. В итоге я получаю WiFi сеть на отдельных портах CSS. Я настроил на RB3011 CAPSMAN контроллер и таким образом подключил свою старую ТД к нему. Тут всё хорошо, всё работает так, как и предполагалось. А вот две новые точки видят контроллер только в том случае, если они подключаются в общую сеть, а не в выделенные для них порты с помощью VLAN. То есть если точка подключается к порту для WiFi, то в dhcp-leases видно что она получает адрес 192.168.3.хх, но она напрочь отказывается видеть capsman контроллер. Если же её сунуть в обычный порт, то она получает адрес 192.168.1.хх успешно регистрируется на контроллере и раздаёт спокойно клиентам адреса вида 192.168.3.хх. Причём моя старая точка доступа, такой же модели (только чёрная), спокойно видит контроллер из сети 192.168.3.0 и вполне понятно работает. Как это понимать?
На всякий случай
Код: Выделить всё
[admin@General Router] > /export
# jun/04/2020 15:31:54 by RouterOS 6.46.6
# software id = 41RT-HEXY
#
# model = RouterBOARD 3011UiAS
# serial number = 8EED09BA21AC
/caps-man channel
add band=2ghz-b/g/n control-channel-width=20mhz extension-channel=disabled frequency=2412,2437,2462 name=channel24 tx-power=22
/interface bridge
add fast-forward=no name=bridge-OFFICE
add comment=VIDEo fast-forward=no name=bridge-VIDEO vlan-filtering=yes
add comment=Wi-Fi fast-forward=no name=bridge-WiFi vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] comment="WAN in provider" name=eth1-WAN speed=100Mbps
set [ find default-name=ether2 ] comment="office port" name=ether2-OFFICE speed=100Mbps
set [ find default-name=ether3 ] comment="office port" name=ether3-OFFICE speed=100Mbps
set [ find default-name=ether4 ] comment="combined office + video mac port" name=ether4-SCLAD speed=100Mbps
set [ find default-name=ether5 ] comment="combined office + video mac port" name=ether5-SCLAD speed=100Mbps
set [ find default-name=ether6 ] comment="video lanport" name=ether6-VIDEO speed=100Mbps
set [ find default-name=ether7 ] comment="video lan port" name=ether7-VIDEO speed=100Mbps
set [ find default-name=ether8 ] comment="video lan port" name=ether8-VIDEO speed=100Mbps
set [ find default-name=ether9 ] comment="wi-fi other connections" name=ether9-WIFI speed=100Mbps
set [ find default-name=ether10 ] comment="control management port" speed=100Mbps
set [ find default-name=sfp1 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full comment=\
"trunk for general switch" name=sfp1-TRUNK
/interface vlan
add interface=sfp1-TRUNK name=vlan1-VIDEO vlan-id=102
add interface=sfp1-TRUNK name=vlan2-WiFi vlan-id=103
/caps-man datapath
add bridge=bridge-WiFi local-forwarding=no name=datapath1
/caps-man security
add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm name=KADRIN passphrase=121661555
/caps-man configuration
add channel=channel24 datapath=datapath1 mode=ap name=cfg1 rx-chains=0,1,2,3 security=KADRIN ssid=KADRIN tx-chains=0,1,2,3
/interface ethernet switch port
set 5 default-vlan-id=0
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=pool1-OFFICE ranges=192.168.1.20-192.168.1.90
add name=pool2-VIDEO ranges=192.168.2.100-192.168.2.150
add name=pool3-WiFi ranges=192.168.3.20-192.168.3.150
add name=pool-test ranges=192.168.4.70-192.168.4.230
/ip dhcp-server
add address-pool=pool2-VIDEO disabled=no interface=bridge-VIDEO lease-time=8h10m name=DHCP-VIDEO
add address-pool=pool3-WiFi disabled=no interface=bridge-WiFi name=DHCP-WiFi
add address-pool=pool1-OFFICE disabled=no interface=bridge-OFFICE lease-time=8h10m name=DHCP-OFFICE
/user group
set full policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,dude,tikapp
/caps-man manager
set enabled=yes
/caps-man provisioning
add action=create-dynamic-enabled hw-supported-modes=b,g,gn master-configuration=cfg1 name-format=identity name-prefix=24W
/interface bridge port
add disabled=yes interface=ether2-OFFICE pvid=101
add disabled=yes interface=ether3-OFFICE pvid=101
add disabled=yes interface=ether4-SCLAD pvid=101
add bridge=bridge-OFFICE interface=ether5-SCLAD pvid=101
add bridge=bridge-VIDEO interface=ether6-VIDEO pvid=102
add bridge=bridge-VIDEO interface=ether7-VIDEO pvid=102
add bridge=bridge-VIDEO interface=ether8-VIDEO pvid=102
add bridge=bridge-WiFi interface=ether9-WIFI
add bridge=bridge-OFFICE interface=ether10
add bridge=bridge-OFFICE interface=sfp1-TRUNK
add bridge=bridge-VIDEO interface=vlan1-VIDEO
add bridge=bridge-WiFi interface=vlan2-WiFi
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add interface=eth1-WAN list=WAN
add list=LAN
add interface=bridge-VIDEO list=LAN
add interface=ether10 list=LAN
add interface=bridge-OFFICE list=LAN
/ip address
add address=91.244.114.227/24 interface=eth1-WAN network=91.244.114.0
add address=192.168.2.1/24 interface=bridge-VIDEO network=192.168.2.0
add address=192.168.3.1/24 interface=bridge-WiFi network=192.168.3.0
add address=192.168.1.1/24 interface=bridge-OFFICE network=192.168.1.0
/ip dhcp-server lease
add address=192.168.1.101 client-id=1:e0:d5:5e:7:f0:16 mac-address=E0:D5:5E:07:F0:16 server=DHCP-OFFICE
add address=192.168.1.110 client-id=1:cc:2d:e0:c0:4e:4a mac-address=CC:2D:E0:C0:4E:4A server=DHCP-OFFICE
add address=192.168.1.100 mac-address=00:40:AD:9D:72:BA server=DHCP-OFFICE
add address=192.168.1.150 allow-dual-stack-queue=no mac-address=F4:81:39:E6:E7:C6 server=DHCP-OFFICE
add address=192.168.1.125 mac-address=F4:A9:97:D5:70:51 server=DHCP-OFFICE
add address=192.168.1.102 client-id=1:0:a:3c:25:69:e1 mac-address=00:0A:3C:25:69:E1 server=DHCP-OFFICE
add address=192.168.1.105 client-id=1:d0:bb:80:2a:38:cd mac-address=D0:BB:80:2A:38:CD server=DHCP-OFFICE
add address=192.168.1.111 client-id=1:74:4d:28:8f:b6:37 mac-address=74:4D:28:8F:B6:37 server=DHCP-OFFICE
add address=192.168.1.106 client-id=1:40:b0:76:9:16:f1 mac-address=40:B0:76:09:16:F1 server=DHCP-OFFICE
add address=192.168.1.103 client-id=1:40:8d:5c:8c:ea:b5 mac-address=40:8D:5C:8C:EA:B5 server=DHCP-OFFICE
add address=192.168.1.104 client-id=1:2c:4d:54:67:9d:95 mac-address=2C:4D:54:67:9D:95 server=DHCP-OFFICE
add address=192.168.1.199 client-id=1:b8:70:f4:89:ca:c5 mac-address=B8:70:F4:89:CA:C5 server=DHCP-OFFICE
/ip dhcp-server network
add address=192.168.1.0/24 comment="\CE\F4\E8\F1. \CE\F1\ED\EE\E2\ED\E0\FF \F1\E5\F2\FC" dns-server=192.168.1.1 gateway=192.168.1.1 \
netmask=24
add address=192.168.2.0/24 comment="\D1\E5\F2\FC \E2\E8\E4\E5\EE\ED\E0\E1\EB\FE\E4\E5\ED\E8\FF" dns-server=192.168.2.1 netmask=24
add address=192.168.3.0/24 comment="WiFi \F1\E5\F2\FC" dns-server=192.168.3.1 gateway=192.168.3.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=91.244.112.6,8.8.8.8,8.8.4.4,77.88.8.8,77.88.8.1
/ip firewall filter
add action=accept chain=input protocol=icmp
add action=accept chain=forward protocol=icmp
add action=accept chain=input connection-state=established
add action=accept chain=forward connection-state=established
add action=accept chain=input connection-state=related
add action=accept chain=forward connection-state=related
add action=accept chain=forward in-interface=!eth1-WAN out-interface=eth1-WAN
add chain=input comment="Allow DNS request" in-interface=eth1-WAN protocol=udp src-address=91.244.112.6 src-port=53
add chain=input comment="Allow DNS request" in-interface=eth1-WAN protocol=udp src-address=8.8.8.8 src-port=53
add chain=input comment="Allow DNS request" in-interface=eth1-WAN protocol=udp src-address=8.8.4.4 src-port=53
add chain=input comment="Allow DNS request" in-interface=eth1-WAN protocol=udp src-address=77.88.8.8 src-port=53
add chain=input comment="Allow DNS request" in-interface=eth1-WAN protocol=udp src-address=77.88.8.1 src-port=53
add chain=input comment="Allow DNS from etherX" dst-port=53 in-interface=!eth1-WAN protocol=udp
add action=accept chain=forward in-interface=eth1-WAN out-interface=eth1-WAN
add action=drop chain=input connection-state=invalid connection-type=""
add action=drop chain=forward connection-state=invalid
add action=drop chain=input in-interface=eth1-WAN
/ip firewall nat
add action=netmap chain=dstnat comment=OpenVPN dst-port=1194 in-interface=eth1-WAN protocol=udp to-addresses=192.168.1.1
1194
add action=netmap chain=dstnat comment=OpenSSH dst-port=2205 in-interface=eth1-WAN protocol=tcp to-addresses=192.168.1.1
2205
add action=netmap chain=dstnat dst-port=80 in-interface=eth1-WAN protocol=tcp to-addresses=192.168.1.102 to-ports=80
add action=masquerade chain=srcnat comment=defconf:masquerade ipsec-policy=out,none out-interface-list=WAN src-address=1
add action=masquerade chain=srcnat comment="masquerade WiFi" src-address=192.168.3.0/24
/ip route
add check-gateway=ping distance=1 gateway=91.244.114.1
/ip route rule
add action=unreachable dst-address=192.168.1.0/24 src-address=192.168.2.0/24
add action=unreachable dst-address=192.168.2.0/24 src-address=192.168.1.0/24
add action=unreachable dst-address=192.168.2.0/24 src-address=192.168.3.0/24
add action=unreachable dst-address=192.168.3.0/24 src-address=192.168.2.0/24
add action=unreachable dst-address=192.168.1.0/24 src-address=192.168.3.0/24
add action=unreachable dst-address=192.168.3.0/24 src-address=192.168.1.0/24
/ip service
set ftp disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ip ssh
set allow-none-crypto=yes forwarding-enabled=remote
/system clock
set time-zone-name=Asia/Barnaul
/system identity
set name="General Router"
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
/tool sniffer
set filter-interface=bridge-OFFICE filter-port=dns
Код: Выделить всё
# jun/04/2020 15:35:35 by RouterOS 6.46.6
# software id = QU06-2UFN
#
# model = RouterBOARD wAP 2nD r2
# serial number = 6D820A3CEABE
/interface bridge
add admin-mac=74:4D:28:BC:34:CF auto-mac=no comment=defconf name=bridgeLocal
/interface wireless
# managed by CAPsMAN
# channel: 2437/20/gn(20dBm), SSID: KADRIN, CAPsMAN forwarding
set [ find default-name=wlan1 ] ssid=MikroTik
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/interface bridge port
add bridge=bridgeLocal comment=defconf interface=ether1
/interface wireless cap
#
set bridge=bridgeLocal discovery-interfaces=bridgeLocal enabled=yes interfaces=\
wlan1
/ip dhcp-client
add comment=defconf disabled=no interface=bridgeLocal
/system clock
set time-zone-name=Asia/Barnaul
/system identity
set name=BUH
[admin@BUH] >
Код: Выделить всё
[admin@MASTER] > /export
# jun/04/2020 15:41:35 by RouterOS 6.46.6
# software id = SSHL-3LG6
#
# model = RouterBOARD wAP 2nD r2
# serial number = 6D840721A831
/interface bridge
add admin-mac=64:D1:54:18:71:73 auto-mac=no comment=defconf name=bridgeLocal
/interface wireless
# managed by CAPsMAN
# channel: 2412/20/gn(20dBm), SSID: KADRIN, CAPsMAN forwarding
set [ find default-name=wlan1 ] ssid=MikroTik
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/interface bridge port
add bridge=bridgeLocal comment=defconf interface=ether1
/interface wireless cap
#
set bridge=bridgeLocal discovery-interfaces=bridgeLocal enabled=yes interfaces=\
wlan1
/ip dhcp-client
add comment=defconf disabled=no interface=bridgeLocal
/system clock
set time-zone-name=Asia/Barnaul
/system identity
set name=MASTER
[admin@MASTER] >
Код: Выделить всё
[admin@General Router] /ip dhcp-server lease> print
Flags: X - disabled, R - radius, D - dynamic, B - blocked
# ADDRESS MAC-ADDRESS HOST-NAME SERVER RATE-LIMIT STATUS LAST-SEEN
0 192.168.1.101 E0:D5:5E:07:F0:16 SERVER2 DHCP-OFFICE bound 45m19s
1 192.168.1.110 CC:2D:E0:C0:4E:4A MikroTik DHCP-OFFICE bound 45m22s
2 192.168.1.100 00:40:AD:9D:72:BA clustercontroller DHCP-OFFICE bound 45m17s
3 192.168.1.150 F4:81:39:E6:E7:C6 DHCP-OFFICE bound 3h33m22s
4 192.168.1.125 F4:A9:97:D5:70:51 Canond57051 DHCP-OFFICE bound 3h31m4s
5 192.168.1.102 00:0A:3C:25:69:E1 VIDEO DHCP-OFFICE bound 45m20s
6 D 192.168.2.100 68:05:CA:8B:A7:2D VIDEO DHCP-VIDEO bound 45m21s
7 192.168.1.105 D0:BB:80:2A:38:CD SERGEYIGOR DHCP-OFFICE bound 18m
8 192.168.1.111 74:4D:28:8F:B6:37 MikroTik DHCP-OFFICE waiting 3w4d44m16s
9 192.168.1.106 40:B0:76:09:16:F1 ACE DHCP-OFFICE bound 26s
10 192.168.1.103 40:8D:5C:8C:EA:B5 BUH1 DHCP-OFFICE bound 1m18s
11 192.168.1.104 2C:4D:54:67:9D:95 MAIN DHCP-OFFICE bound 38m23s
12 192.168.1.199 B8:70:F4:89:CA:C5 \AD\AE\A2-\8F\8A DHCP-OFFICE waiting 1h14m42s
13 D 192.168.1.22 70:85:C2:2C:E7:8D MASTER1 DHCP-OFFICE bound 26m27s
14 D 192.168.1.77 08:00:27:0C:2E:0A \96\A5\E54 DHCP-OFFICE bound 4m11s
15 D 192.168.3.144 70:4D:7B:D4:38:B8 DHCP-WiFi bound 35s
16 D 192.168.1.24 70:85:C2:70:F8:A6 ALEXEY DHCP-OFFICE bound 11s
17 D 192.168.1.23 D8:CB:8A:E8:AB:7F PNNR DHCP-OFFICE bound 10s
18 D 192.168.3.24 40:B0:76:18:80:94 ASUS_Phone DHCP-WiFi bound 55s
19 D 192.168.1.25 70:85:C2:3C:DF:FB \80\A4\AC\A8\AD-\8... DHCP-OFFICE bound 4m1s
20 D 192.168.1.26 58:D5:6E:3F:59:06 OMNITEKII DHCP-OFFICE bound 31m9s
21 D 192.168.1.21 7C:D3:0A:24:58:1A MASCLAD DHCP-OFFICE bound 1h4m8s
22 D 192.168.1.20 00:21:97:02:2A:D7 User-\8F\8A DHCP-OFFICE bound 58s
23 D 192.168.3.26 20:DA:22:0D:B9:93 android-74e1093e35... DHCP-WiFi bound 4m3s
24 D 192.168.1.76 74:4D:28:BC:34:CF BUH DHCP-OFFICE bound 45m38s
*25 D 192.168.3.37 64:D1:54:18:71:73 MASTER DHCP-WiFi bound 37s
26 D 192.168.1.75 74:4D:28:BC:33:11 BUHALTERIA DHCP-OFFICE bound 34m59s
*27 D 192.168.1.74 64:D1:54:18:71:73 MASTER DHCP-OFFICE bound 46m6s
28 D 192.168.3.29 60:01:94:82:35:AF fr_fs DHCP-WiFi bound 4m2s
29 D 192.168.3.36 24:FB:65:B7:F2:F4 HONOR_View20-c990e... DHCP-WiFi bound 2m32s
30 D 192.168.3.49 8C:C5:E1:3D:D9:65 android-75bef621fd... DHCP-WiFi bound 56s
31 D 192.168.3.25 B0:EB:57:3E:BD:73 Honor_8C-5ca248e45... DHCP-WiFi bound 5m41s
32 D 192.168.3.23 6C:00:6B:D4:C2:5F Galaxy-A30 DHCP-WiFi bound 20s
33 D 192.168.3.30 30:07:4D:4A:24:7D Galaxy-S8 DHCP-WiFi bound 1m
34 D 192.168.3.28 AC:BD:70:FB:BF:B4 HONOR_10i-94d7729e... DHCP-WiFi bound 3s
35 D 192.168.3.31 04:BA:8D:B9:4F:90 Galaxy-A20 DHCP-WiFi bound 4m41s
36 D 192.168.3.40 18:F0:E4:0C:03:84 MiNote3-MiPhone DHCP-WiFi bound 35s
[admin@General Router] /ip dhcp-server lease>