Код: Выделить всё
@wlan2: disconnected, received deauth: sending station leaving (3)
Код: Выделить всё
@wlan2: disconnected, received deauth: sending station leaving (3)
Код: Выделить всё
[admin@MikroTik] > /export compact
# nov/24/2020 14:22:11 by RouterOS 6.47.7
# software id = Y37I-VGRS
#
# model = RB952Ui-5ac2nD
# serial number = BEE40BEFB90E
/interface bridge
add admin-mac=C4:AD:34:A1:2D:C8 auto-mac=no comment=defconf name=bridge
/interface wireless
set [ find default-name=wlan1 ] antenna-gain=0 band=2ghz-onlyn channel-width=\
20/40mhz-eC country=russia3 disabled=no distance=indoors frequency=2447 \
frequency-mode=manual-txpower installation=indoor mode=ap-bridge ssid=\
TheFire station-roaming=enabled wireless-protocol=802.11 wmm-support=\
enabled
set [ find default-name=wlan2 ] antenna-gain=0 band=5ghz-n/ac channel-width=\
20/40/80mhz-XXXX country=russia3 disabled=no distance=indoors frequency=\
5200 frequency-mode=manual-txpower installation=indoor mode=ap-bridge ssid=\
TheFire-5G station-roaming=enabled wireless-protocol=802.11 wmm-support=\
enabled
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk eap-methods="" \
group-key-update=1h mode=dynamic-keys supplicant-identity=MikroTik \
wpa-pre-shared-key=*********** wpa2-pre-shared-key=*************
add name=profile supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.254
add name=vpn ranges=192.168.89.2-192.168.89.255
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
/port
set 0 baud-rate=9600 data-bits=8 flow-control=none name=usb1 parity=none \
stop-bits=1
/interface ppp-client
add apn=internet name=ppp-out1 port=usb1
/ppp profile
set *FFFFFFFE local-address=192.168.89.1 remote-address=vpn
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,passw\
ord,web,sniff,sensitive,api,romon,dude,tikapp"
add name=ftp_user policy="ftp,read,write,!local,!telnet,!ssh,!reboot,!policy,!te\
st,!winbox,!password,!web,!sniff,!sensitive,!api,!romon,!dude,!tikapp"
add name=ftp_anonim policy="ftp,read,!local,!telnet,!ssh,!reboot,!write,!policy,\
!test,!winbox,!password,!web,!sniff,!sensitive,!api,!romon,!dude,!tikapp"
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge comment=defconf interface=wlan2
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface detect-internet
set detect-interface-list=all
/interface l2tp-server server
set enabled=yes ipsec-secret=************ use-ipsec=yes
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/interface pptp-server server
set enabled=yes
/interface sstp-server server
set default-profile=default-encryption enabled=yes
/interface wireless access-list
add comment=MIBOX interface=wlan2 mac-address=3C:BD:3E:74:23:11
add comment="Xiaomi redmi 5plus" interface=wlan2 mac-address=00:0A:F5:5F:72:5C
add comment=Samsung interface=wlan1 mac-address=2C:AE:2B:70:9A:DB
/ip address
add address=192.168.88.1/24 comment=defconf interface=ether2 network=\
192.168.88.0
/ip cloud
set ddns-enabled=yes
/ip cloud advanced
set use-local-address=yes
/ip dhcp-client
add comment=defconf disabled=no interface=ether1
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes servers=\
1.1.1.1,1.0.0.1,2606:4700:4700::1111,2606:4700:4700::1001
/ip dns static
add address=192.168.88.1 name=router.lan
/ip firewall filter
add action=accept chain=input comment="Dostup wibox wan" dst-port=8291 \
protocol=tcp
add action=accept chain=input comment="dostup k routeru po wan" dst-port=80 \
protocol=tcp
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=accept chain=input comment="allow IPsec NAT" dst-port=4500 protocol=\
udp
add action=accept chain=input comment="allow IKE" dst-port=500 protocol=udp
add action=accept chain=input comment="allow l2tp" dst-port=1701 protocol=udp
add action=accept chain=input comment="allow pptp" dst-port=1723 protocol=tcp
add action=accept chain=input comment="allow sstp" dst-port=443 protocol=tcp
add action=accept chain=input comment="wan to ftp" disabled=yes dst-port=21 \
in-interface=all-ethernet protocol=tcp
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=\
invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" \
connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=\
out,none out-interface-list=WAN
add action=masquerade chain=srcnat comment="masq. vpn traffic" src-address=\
192.168.89.0/24
add action=dst-nat chain=dstnat comment="add dnsconf" dst-port=53 protocol=tcp \
to-addresses=192.168.88.1 to-ports=53
add action=dst-nat chain=dstnat comment=adddnsconf dst-port=53 protocol=udp \
to-addresses=192.168.88.1 to-ports=53
/ip service
set telnet disabled=yes
set ssh disabled=yes
/ip smb
set domain=WORKGROUP
/ip smb shares
set [ find default=yes ] disabled=yes
add comment=flashka directory=/DATA/ name=DATA
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=bridge type=internal
add interface=ether1 type=external
/ipv6 address
add address=::c6ad:34ff:fea1:2dc8 comment="my add" eui-64=yes from-pool=\
ipv6-pool interface=bridge
/ipv6 dhcp-client
add add-default-route=yes comment="my add" interface=ether1 pool-name=ipv6-pool \
request=address,prefix use-peer-dns=no
/ipv6 firewall filter
add action=drop chain=input connection-state=invalid
add action=accept chain=input connection-state=established,related \
in-interface=ether1
add action=accept chain=forward connection-state=established,related \
in-interface=ether1 out-interface=bridge
add action=accept chain=input protocol=icmpv6
add action=accept chain=forward protocol=icmpv6
add action=accept chain=input dst-port=546 in-interface=ether1 protocol=udp
add action=accept chain=forward in-interface=bridge out-interface=ether1
add action=drop chain=input
add action=drop chain=forward
/ppp secret
add name=vpn password=*************
/system clock
set time-zone-autodetect=no time-zone-name=Europe/Moscow
/system leds
set 0 interface=ether1
set 1 interface=ether2
set 2 interface=ether3
set 3 interface=ether4
set 4 interface=ether5
/system ntp client
set enabled=yes server-dns-names=time.cloudflare.com
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
[admin@MikroTik] >
1. не могу найти в где это через интерфейс где отключить.