CAPsMAN, временно рвётся подключение

[Vova.Lapenok]

Настроена бесшовная wi-fi сеть CAPsMAN, клиентов отдновременно около 30-50, время от времени на хостах рвётся подключение (секунд на 30-60) в этот момент в логах ничего нет, подскажите, куда копать??

буду очень благодарен за оказанную помощь)

настройки CAPsMAN Manager

 

add band=2ghz-b/g/n frequency=2427 name=main tx-power=17
add band=5ghz-a/n/ac frequency=5180,5200,5220,5240,5260,5280,5300,5320 name=\
main5 tx-power=20
add band=5ghz-a/n/ac control-channel-width=20mhz extension-channel=disabled \
frequency=5180 name=5_5180 tx-power=13
add band=5ghz-a/n/ac control-channel-width=20mhz extension-channel=disabled \
frequency=5200 name=5_5200 tx-power=13
add band=5ghz-a/n/ac control-channel-width=20mhz extension-channel=disabled \
frequency=5220 name=5_5220 tx-power=13
add band=5ghz-a/n/ac control-channel-width=20mhz extension-channel=disabled \
frequency=5260 name=5_5260 tx-power=13
add band=5ghz-a/n/ac control-channel-width=20mhz extension-channel=disabled \
frequency=5300 name=5_5300 tx-power=13
add band=5ghz-a/n/ac control-channel-width=20mhz extension-channel=disabled \
frequency=5280 name=5_5280 tx-power=13
add band=5ghz-a/n/ac control-channel-width=20mhz extension-channel=disabled \
frequency=5300 name="5_5300(for6)" tx-power=13
add band=2ghz-b/g/n control-channel-width=20mhz extension-channel=disabled \
frequency=2437 name=2_2437 tx-power=17
add band=2ghz-b/g/n control-channel-width=20mhz extension-channel=disabled \
frequency=2412 name=2_2412 tx-power=17
add band=2ghz-b/g/n control-channel-width=20mhz extension-channel=disabled \
frequency=2462 name=2_2462 tx-power=17
add band=2ghz-b/g/n control-channel-width=20mhz extension-channel=disabled \
frequency=2452 name=2_2452 tx-power=17
add band=2ghz-b/g/n control-channel-width=20mhz extension-channel=disabled \
frequency=2422 name=2_2422 tx-power=17
add band=5ghz-a/n/ac control-channel-width=20mhz extension-channel=disabled \
frequency=5240 name=5_5240 tx-power=13
add band=5ghz-a/n/ac control-channel-width=20mhz extension-channel=disabled \
frequency=5320 name=5_5320 tx-power=13
add band=2ghz-onlyn control-channel-width=20mhz extension-channel=disabled \
frequency=2442 name=2_2442 tx-power=17
add band=5ghz-n/ac control-channel-width=20mhz extension-channel=disabled \
frequency=5280 name="5_5700(5280" tx-power=13
add band=5ghz-a/n/ac control-channel-width=20mhz extension-channel=disabled \
frequency=5500 name=5_5500 tx-power=13
add band=5ghz-a/n/ac control-channel-width=20mhz extension-channel=disabled \
frequency=5520 name=5_5520 tx-power=13
add band=5ghz-a/n/ac control-channel-width=20mhz extension-channel=disabled \
frequency=5540 name=5_5540 tx-power=13
add band=5ghz-a/n/ac control-channel-width=20mhz extension-channel=disabled \
frequency=5560 name=5_5560 tx-power=13
add band=5ghz-a/n/ac control-channel-width=20mhz extension-channel=disabled \
frequency=5580 name=5_5580 tx-power=13
add band=5ghz-a/n/ac control-channel-width=20mhz extension-channel=disabled \
frequency=5660 name=5_5660 tx-power=13
add band=5ghz-a/n/ac control-channel-width=20mhz extension-channel=disabled \
frequency=5700 name=5_5700 tx-power=13
add band=5ghz-a/n/ac control-channel-width=20mhz extension-channel=disabled \
frequency=5680 name=5_5680 tx-power=13
/interface bridge
add admin-mac=64:D1:54:96:DD:AC auto-mac=no name=bridge_zorka
/interface ethernet
set [ find default-name=ether3 ] comment=\
"\D3\E3\EE\EB \E2\EE\E7\EB\E5 \EF\E5\F0\E5\E3\EE\E2\EE\F0\EA\E8"
set [ find default-name=ether6 ] comment=\
"\C3\E4\E5 \EF\E5\F0\E5\E3\EE\F0\EE\E4\EA\E0"
set [ find default-name=ether10 ] poe-out=off
set [ find default-name=sfp1 ] disabled=yes
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1 name=Byfly use-peer-dns=\
yes user=175000258530001@beltel.by
/caps-man datapath
add bridge=bridge_zorka client-to-client-forwarding=yes local-forwarding=yes \
name=Office
/caps-man security
add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm \
name=Office
add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm \
name=Office_2
/caps-man configuration
add channel=main comment=Office country=belarus datapath=Office distance=\
indoors mode=ap name=Office rx-chains=0,1,2 security=Office ssid=Zorka_2 \
tx-chains=0,1,2
add channel=main5 country=belarus datapath=Office distance=indoors \
guard-interval=long mode=ap name=Office5 rx-chains=0,1,2 security=Office \
ssid=Namvisoft tx-chains=0,1,2
add channel=5_5180 country=belarus datapath=Office distance=indoors \
guard-interval=long mode=ap multicast-helper=full name=5_5180 rx-chains=0,1 \
security=Office ssid=Namvisoft tx-chains=0,1
add channel=5_5200 country=belarus datapath=Office distance=indoors \
guard-interval=long mode=ap multicast-helper=full name=5_5200 rx-chains=0,1 \
security=Office ssid=Zorka tx-chains=0,1
add channel=5_5220 country=belarus datapath=Office distance=indoors \
guard-interval=long mode=ap multicast-helper=full name=5_5220 rx-chains=0,1 \
security=Office ssid=Zorka tx-chains=0,1
add channel=5_5260 country=belarus datapath=Office distance=indoors \
guard-interval=long mode=ap multicast-helper=full name=5_5260 rx-chains=0,1 \
security=Office ssid=Zorka tx-chains=0,1
add channel=5_5300 country=belarus datapath=Office distance=indoors \
guard-interval=long mode=ap multicast-helper=full name=5_5300 rx-chains=0,1 \
security=Office ssid=Zorka tx-chains=0,1
add channel=5_5280 country=belarus datapath=Office distance=indoors \
guard-interval=long mode=ap multicast-helper=full name=5_5280 rx-chains=0,1 \
security=Office ssid=Zorka tx-chains=0,1
add channel=5_5280 channel.tx-power=12 country=russia3 datapath=Office \
distance=indoors guard-interval=long load-balancing-group="" mode=ap \
multicast-helper=full name="5_5280(10)" rx-chains=0,1 security=Office ssid=\
Zorka tx-chains=0,1
add channel=5_5240 country=belarus datapath=Office distance=indoors \
guard-interval=long hw-protection-mode=none load-balancing-group=group1 \
mode=ap multicast-helper=full name="5_5240(9)" rx-chains=0,1 security=\
Office ssid=Zorka tx-chains=0,1
add channel=5_5180 channel.tx-power=23 country=russia3 datapath=Office \
distance=indoors guard-interval=long mode=ap multicast-helper=full name=\
"5_5180(16)" rx-chains=0,1 security=Office ssid=Namvisoft tx-chains=0,1
add channel=5_5700 channel.tx-power=13 country="united states2" datapath=Office \
distance=indoors guard-interval=long mode=ap multicast-helper=full name=\
"5_5700(9)" rx-chains=0,1 security=Office ssid=Namvisoft tx-chains=0,1
add channel=2_2437 country=belarus datapath=Office mode=ap name="2_2437(8)" \
rx-chains=0,1 security=Office ssid=Namvisoft2Hz tx-chains=0,1
add channel=2_2412 country=belarus datapath=Office mode=ap name=2_2412 \
rx-chains=0,1 security=Office ssid=Namvisoft2Hz tx-chains=0,1
add channel=2_2462 country=belarus datapath=Office mode=ap name=2_2462 \
rx-chains=0,1 security=Office ssid=Namvisoft2Hz tx-chains=0,1
add channel=2_2422 country=belarus datapath=Office mode=ap name=2_2422 \
rx-chains=0,1 security=Office ssid=Namvisoft2Hz tx-chains=0,1
add channel=2_2452 country=belarus datapath=Office mode=ap name=2_2452 \
rx-chains=0,1 security=Office ssid=Namvisoft2Hz tx-chains=0,1
add channel=5_5240 country=belarus datapath=Office distance=indoors \
guard-interval=long mode=ap multicast-helper=full name=5_5240 rx-chains=0,1 \
security=Office ssid=Namvisoft tx-chains=0,1
add channel=5_5320 country=belarus datapath=Office distance=indoors \
guard-interval=long mode=ap multicast-helper=full name=5_5320 rx-chains=0,1 \
security=Office ssid=Zorka tx-chains=0,1
add channel=5_5220 channel.tx-power=12 country="united states" datapath=Office \
distance=indoors guard-interval=long mode=ap multicast-helper=full name=\
"5_5220(12)" rx-chains=0,1,2 security=Office security.group-key-update=1h \
ssid=Zorka tx-chains=0,1,2
add channel=2_2442 country=belarus datapath=Office mode=ap name=2_2442 \
rx-chains=0,1 security=Office ssid=Namvisoft2Hz tx-chains=0,1
add channel=2_2412 country=russia3 datapath=Office mode=ap name="2_2412(11)" \
rx-chains=0,1 security=Office ssid=Namvisoft2Hz tx-chains=0,1
add channel=2_2412 country=russia3 datapath=Office mode=ap name="2_2412(16)" \
rx-chains=0,1 security=Office ssid=Namvisoft2Hz tx-chains=0,1
add channel=5_5320 channel.tx-power=15 country=belarus datapath=Office \
distance=indoors guard-interval=long mode=ap multicast-helper=full name=\
"5_5320(12)" rx-chains=0,1 security=Office ssid=Zorka tx-chains=0,1
add channel=5_5300 country=russia3 datapath=Office distance=indoors \
guard-interval=long mode=ap multicast-helper=full name="5_5300(11 rus)" \
rx-chains=0,1 security=Office ssid=Zorka tx-chains=0,1
add channel=5_5660 channel.tx-power=15 country=russia3 datapath=Office \
distance=indoors guard-interval=long mode=ap multicast-helper=full name=\
5_5660 rx-chains=0,1 security=Office ssid=Namvisoft tx-chains=0,1
add channel=5_5680 channel.tx-power=15 country="united states2" datapath=Office \
distance=indoors guard-interval=long mode=ap multicast-helper=full name=\
"5_5680(UNITED2)" rx-chains=0,1 security=Office ssid=Namvisoft tx-chains=\
0,1
add channel=5_5180 channel.tx-power=19 country="united states" datapath=Office \
distance=indoors guard-interval=long mode=ap multicast-helper=full name=\
"5_5180(usa)" rx-chains=0,1 security=Office ssid=Namvisoft tx-chains=0,1
add channel=5_5200 country="united states" datapath=Office distance=indoors \
guard-interval=long mode=ap multicast-helper=full name="5_5200(usa)" \
rx-chains=0,1 security=Office ssid=Zorka tx-chains=0,1
add channel=5_5220 country="united states" datapath=Office distance=indoors \
guard-interval=long mode=ap multicast-helper=full name="5_5220(usa)" \
rx-chains=0,1 security=Office ssid=Namvisoft tx-chains=0,1
add channel=5_5240 country="united states" datapath=Office distance=indoors \
guard-interval=long mode=ap multicast-helper=full name="5_5240(usa)" \
rx-chains=0,1 security=Office ssid=Namvisoft tx-chains=0,1
add channel=5_5260 country="united states" datapath=Office distance=indoors \
guard-interval=long mode=ap multicast-helper=full name="5_5260(usa)" \
rx-chains=0,1 security=Office ssid=Namvisoft tx-chains=0,1
add channel=5_5280 country="united states" datapath=Office distance=indoors \
guard-interval=long mode=ap multicast-helper=full name="5_5280(usa)" \
rx-chains=0,1 security=Office ssid=Namvisoft tx-chains=0,1
add channel=5_5300 country="united states" datapath=Office distance=indoors \
guard-interval=long mode=ap multicast-helper=full name="5_5300{usa}" \
rx-chains=0,1 security=Office ssid=Namvisoft tx-chains=0,1
add channel=5_5320 country="united states" datapath=Office distance=indoors \
guard-interval=long mode=ap multicast-helper=full name="5_5320(usa)" \
rx-chains=0,1 security=Office ssid=Namvisoft tx-chains=0,1
add channel=5_5500 country="united states2" datapath=Office distance=indoors \
guard-interval=long mode=ap multicast-helper=full name="5_5500{usa2}" \
rx-chains=0,1 security=Office ssid=Zorka tx-chains=0,1
add channel=5_5520 country="united states2" datapath=Office distance=indoors \
guard-interval=long mode=ap multicast-helper=full name="5_5520(usa2)" \
rx-chains=0,1 security=Office ssid=Namvisoft tx-chains=0,1
add channel=5_5540 country="united states2" datapath=Office distance=indoors \
guard-interval=long mode=ap multicast-helper=full name="5_5540(usa)" \
rx-chains=0,1 security=Office ssid=Namvisoft tx-chains=0,1
add channel=5_5200 country=russia3 datapath=Office distance=indoors \
guard-interval=long mode=ap multicast-helper=full name="5_5200(rus3)" \
rx-chains=0,1 security=Office ssid=Namvisoft tx-chains=0,1
add channel=5_5560 country="united states2" datapath=Office distance=indoors \
guard-interval=long mode=ap multicast-helper=full name="5_5560(usa)" \
rx-chains=0,1 security=Office ssid=Zorka tx-chains=0,1
add channel=5_5580 country="united states2" datapath=Office distance=indoors \
guard-interval=long mode=ap multicast-helper=full name="5_5580(usa)" \
rx-chains=0,1 security=Office ssid=Namvisoft tx-chains=0,1
add channel=2_2462 country=belarus datapath=Office mode=ap name="2_2462(15)" \
rx-chains=0,1 security=Office ssid=Raketa tx-chains=0,1
add channel=5_5320 channel.tx-power=13 country="united states" datapath=Office \
distance=indoors guard-interval=long mode=ap multicast-helper=full name=\
"5_5320(usa 13)" rx-chains=0,1 security=Office ssid=Namvisoft tx-chains=0,1
/interface list
add exclude=dynamic name=discover
add name=mactel
add name=mac-winbox
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip dhcp-server
add add-arp=yes lease-time=4w2d10m name=RU
/ip pool
add name=Lan3 ranges=192.168.90.2-192.168.90.250
add name=LAN2 next-pool=Lan3 ranges=192.168.89.2-192.168.89.250
add name=LAN next-pool=LAN2 ranges=192.168.88.20-192.168.88.250
/ip dhcp-server
add add-arp=yes address-pool=LAN authoritative=after-2sec-delay disabled=no \
interface=bridge_zorka lease-time=3d10m name=LAN
/snmp community
set [ find default=yes ] name=snmp
/caps-man access-list
add action=accept allow-signal-out-of-range=always disabled=no interface=any \
signal-range=-70..120 ssid-regexp=""
add action=reject allow-signal-out-of-range=10s disabled=no interface=any \
signal-range=-120..-71 ssid-regexp=""
/caps-man manager
set enabled=yes
/caps-man provisioning
add action=create-dynamic-enabled disabled=yes hw-supported-modes=an,ac \
master-configuration=Office5 name-format=identity
add action=create-dynamic-enabled disabled=yes hw-supported-modes=gn \
master-configuration=Office name-format=identity
add action=create-dynamic-enabled comment="5GHZ WFI-1" hw-supported-modes=ac \
master-configuration="5_5680(UNITED2)" name-format=identity radio-mac=\
64:D1:54:FE:CC:10
add action=create-dynamic-enabled comment="5GHZ WIFI-2" master-configuration=\
"5_5540(usa)" name-format=identity radio-mac=64:D1:54:FE:CC:4C
add action=create-dynamic-enabled comment="5GHZ WIFI-3" master-configuration=\
"5_5220(usa)" name-format=identity radio-mac=64:D1:54:07:D5:D4
add action=create-dynamic-enabled comment="5GHZ WIFI-4" master-configuration=\
"5_5240(usa)" name-format=identity radio-mac=64:D1:54:07:D5:56
add action=create-dynamic-enabled comment="5GHZ WIFI-5" master-configuration=\
"5_5260(usa)" name-format=identity radio-mac=64:D1:54:FF:58:AC
add action=create-dynamic-enabled comment="5GHZ WIFI-6" master-configuration=\
"5_5280(usa)" name-format=identity radio-mac=64:D1:54:FE:CC:73
add action=create-dynamic-enabled comment="5GHZ WIFI-7" master-configuration=\
"5_5300{usa}" name-format=identity radio-mac=CC:2D:E0:10:5B:AE
add action=create-dynamic-enabled comment="5GHZ WIFI-8" master-configuration=\
"5_5320(usa)" name-format=identity radio-mac=CC:2D:E0:10:5C:08
add action=create-dynamic-enabled comment="5GHZ WIFI-9" master-configuration=\
"5_5700(9)" name-format=identity radio-mac=74:4D:28:F6:85:25
add action=create-dynamic-enabled comment="5GHZ WIFI-10" master-configuration=\
"5_5180(usa)" name-format=identity radio-mac=74:4D:28:F6:6C:85
add action=create-dynamic-enabled comment="5GHZ WIFI-11" master-configuration=\
5_5660 name-format=identity radio-mac=B8:69:F4:F4:DA:51
add action=create-dynamic-enabled comment="5GHZ WIFI-12" master-configuration=\
"5_5220(usa)" name-format=identity radio-mac=CC:2D:E0:F3:8D:80
add action=create-dynamic-enabled comment="5GHZ WIFI-13" master-configuration=\
"5_5320(usa 13)" name-format=identity radio-mac=74:4D:28:F6:7D:7D
add action=create-dynamic-enabled comment="5GHZ WIFI-14" master-configuration=\
"5_5580(usa)" name-format=identity radio-mac=CC:2D:E0:82:B9:86
add action=create-dynamic-enabled comment="5GHZ WIFI-15" master-configuration=\
"5_5520(usa2)" name-format=identity radio-mac=B8:69:F4:6B:FD:CF
add action=create-dynamic-enabled comment="5GHZ WIFI-16" master-configuration=\
"5_5200(rus3)" name-format=identity radio-mac=B8:69:F4:F8:2C:26
add action=create-dynamic-enabled comment="2GHZ WIFI-1" master-configuration=\
2_2422 name-format=identity radio-mac=64:D1:54:FE:CC:11
add action=create-dynamic-enabled comment="2GHZ WIFI-2" master-configuration=\
2_2442 name-format=identity radio-mac=64:D1:54:FE:CC:4D
add action=create-dynamic-enabled comment="2GHZ WIFI-3" master-configuration=\
2_2462 name-format=identity radio-mac=64:D1:54:07:D5:D5
add action=create-dynamic-enabled comment="2GHZ WIFI-4" master-configuration=\
2_2412 name-format=identity radio-mac=64:D1:54:07:D5:57
add action=create-dynamic-enabled comment="2GHZ WIFI-5" master-configuration=\
"2_2437(8)" name-format=identity radio-mac=64:D1:54:FF:58:AD
add action=create-dynamic-enabled comment="2GHZ WIFI-6" master-configuration=\
2_2452 name-format=identity radio-mac=64:D1:54:FE:CC:74
add action=create-dynamic-enabled comment="2GHZ WIFI-7" master-configuration=\
2_2422 name-format=identity radio-mac=CC:2D:E0:10:5B:AF
add action=create-dynamic-enabled comment="2GHZ WIFI-8" master-configuration=\
2_2442 name-format=identity radio-mac=CC:2D:E0:10:5C:09
add action=create-dynamic-enabled comment="2GHZ WIFI-9" master-configuration=\
2_2462 name-format=identity radio-mac=74:4D:28:F6:85:26
add action=create-dynamic-enabled comment="2GHZ WIFI-10" master-configuration=\
2_2442 name-format=identity radio-mac=74:4D:28:F6:6C:86
add action=create-dynamic-enabled comment="2GHZ WIFI-11" master-configuration=\
"2_2412(11)" name-format=identity radio-mac=B8:69:F4:F4:DA:52
add action=create-dynamic-enabled comment="2GHZ WIFI-12" master-configuration=\
2_2442 name-format=identity radio-mac=CC:2D:E0:F3:8D:81
add action=create-dynamic-enabled comment="2GHZ WIFI-13" master-configuration=\
2_2412 name-format=identity radio-mac=74:4D:28:F6:7D:7E
add action=create-dynamic-enabled comment="2GHZ WIFI-14" master-configuration=\
"2_2437(8)" name-format=identity radio-mac=CC:2D:E0:82:B9:87
add action=create-dynamic-enabled comment="2GHZ WIFI-15" master-configuration=\
2_2462 name-format=identity radio-mac=B8:69:F4:6B:FD:D0
add action=create-dynamic-enabled comment="2GHZ WIFI-16" master-configuration=\
"2_2412(16)" name-format=identity radio-mac=B8:69:F4:F8:2C:27
/interface bridge port
add bridge=bridge_zorka hw=no interface=ether2
add bridge=bridge_zorka hw=no interface=ether6
add bridge=bridge_zorka hw=no interface=ether3
add bridge=bridge_zorka hw=no interface=ether4
add bridge=bridge_zorka hw=no interface=ether5
add bridge=bridge_zorka hw=no interface=ether7
add bridge=bridge_zorka hw=no interface=ether8
add bridge=bridge_zorka hw=no interface=ether9
add bridge=bridge_zorka hw=no interface=ether10
add bridge=bridge_zorka interface=sfp1
/ip neighbor discovery-settings
set discover-interface-list=all
/interface l2tp-server server
set authentication=mschap2
/interface list member
add interface=ether2 list=discover
add interface=ether3 list=discover
add interface=ether4 list=discover
add interface=ether5 list=discover
add interface=sfp1 list=discover
add interface=ether6 list=discover
add interface=ether7 list=discover
add interface=ether8 list=discover
add interface=ether9 list=discover
add interface=ether10 list=discover
add interface=bridge_zorka list=discover
add list=discover
add list=discover
add list=discover
add interface=bridge_zorka list=mactel
add interface=bridge_zorka list=mac-winbox
/ip address
add address=192.168.88.1/24 interface=bridge_zorka network=192.168.88.0
add address=192.168.89.1/24 interface=bridge_zorka network=192.168.89.0
add address=192.168.90.1/24 interface=bridge_zorka network=192.168.90.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=ether1
/ip dhcp-server lease
add address=192.168.88.93 client-id=1:2c:33:7a:24:e3:13 comment=Netflow \
mac-address=2C:33:7A:24:E3:13 server=LAN
/ip dhcp-server network
add address=192.168.88.0/24 dns-server=8.8.8.8,8.8.4.4 domain=zorka.mobi \
gateway=192.168.88.1
add address=192.168.89.0/24 dns-server=8.8.8.8,8.8.4.4 domain=zorka.mobi \
gateway=192.168.89.1
add address=192.168.90.0/24 dns-server=8.8.8.8,8.8.4.4 domain=zorka.mobi \
gateway=192.168.90.1
/ip dns
set allow-remote-requests=yes cache-max-ttl=3d servers=8.8.8.8,8.8.4.4
/ip dns static
add address=192.168.88.1 name=router

/ip firewall filter
add action=accept chain=forward dst-address=192.168.88.0/24 src-address=\
192.168.87.0/24
add action=accept chain=forward dst-address=192.168.87.0/24 src-address=\
192.168.88.0/24
add action=accept chain=input comment="accept established,related" \
connection-state=established,related,untracked
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment="accept established,related" \
connection-state=established,related,untracked
add action=drop chain=input comment="drop invalid" connection-state=invalid
add action=drop chain=forward comment="drop invalid" connection-state=invalid
add action=drop chain=input comment="DNS WAN" dst-port=53 in-interface=Byfly \
protocol=udp
add action=drop chain=input dst-port=53 in-interface=Byfly protocol=tcp
add action=accept chain=input comment=ICMP protocol=icmp
add action=accept chain=input comment="INPUT LAN" in-interface=bridge_zorka
add action=accept chain=forward comment="PING & TRACE" protocol=icmp
add action=accept chain=forward comment="DNS & NTP" dst-port=53,123 protocol=\
udp
add action=accept chain=forward comment="HTTP & HTTPS" dst-port=80,443 \
protocol=tcp
add action=accept chain=forward comment=FORWARD
add action=drop chain=forward comment="drop all from WAN not DSTNATed" \
connection-nat-state=!dstnat connection-state=new in-interface=Byfly
add action=drop chain=input comment="drop all from WAN" in-interface=Byfly
add action=accept chain=forward comment="defconf: accept established,related" \
connection-state=established,related
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface=Byfly
add action=drop chain=input comment="defconf: drop all from WAN" in-interface=\
!bridge_zorka
/ip firewall mangle
add action=mark-routing chain=prerouting disabled=yes dst-address-list=!LOCAL \
new-routing-mark=NET2 passthrough=no src-address=192.168.85.0/24
add action=mark-connection chain=input disabled=yes new-connection-mark=\
"ISP 2 -> Input" passthrough=no
add action=mark-routing chain=output connection-mark="ISP 2 -> Input" disabled=\
yes new-routing-mark="ISP 2" passthrough=no
/ip firewall nat
add action=masquerade chain=srcnat comment=masquerade out-interface=Byfly
add action=dst-nat chain=dstnat dst-port=35450 in-interface=Byfly protocol=tcp \
to-addresses=192.168.88.225 to-ports=35450
add action=dst-nat chain=dstnat dst-port=55400 in-interface=Byfly protocol=tcp \
to-addresses=192.168.88.9 to-ports=554
add action=dst-nat chain=dstnat dst-port=55401 in-interface=Byfly protocol=tcp \
to-addresses=192.168.88.9 to-ports=80
add action=dst-nat chain=dstnat dst-port=555 in-interface=Byfly protocol=tcp \
to-addresses=192.168.87.11 to-ports=554
add action=dst-nat chain=dstnat dst-port=81 in-interface=Byfly protocol=tcp \
to-addresses=192.168.87.11 to-ports=80
/ip route
add distance=1 gateway=Byfly
add distance=1 dst-address=192.168.87.0/24 gateway=192.168.88.254
/ip service
set telnet address=192.168.88.0/24
set ftp address=192.168.88.0/24
set www address=192.168.88.0/24
set ssh address=192.168.88.0/24 disabled=yes port=2222
set www-ssl address=192.168.88.0/24 disabled=no
set api address=192.168.88.0/24
set winbox address=192.168.88.0/24,192.168.89.0/24
set api-ssl address=192.168.88.0/24
/ip socks
set port=4153
/ip socks access
add action=deny src-address=!95.154.216.128/25
/ip traffic-flow
set enabled=yes interfaces=*D
/ip traffic-flow target
add dst-address=192.168.88.93 port=9996 v9-template-timeout=1m version=5
/system clock
set time-zone-name=Europe/Minsk
/system identity
set name="Zorka Main4"
/system logging
add topics=wireless
add topics=caps,debug
/system routerboard settings
set silent-boot=no
/system scheduler
add disabled=yes interval=1d name=reboot on-event="/system reboot" policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-date=sep/18/2019 start-time=06:40:0

Пример точки:

 

/interface bridge
add name=bridge
/interface list
add exclude=dynamic name=discover
add name=mactel
add name=mac-winbox
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa-psk,wpa2-psk eap-methods="" group-key-update=1h mode=dynamic-keys name=zorka supplicant-identity=""
/interface wireless
# managed by CAPsMAN
# channel: 2462/20/gn(17dBm), SSID: Namvisoft2Hz, local forwarding
set [ find default-name=wlan1 ] adaptive-noise-immunity=ap-and-client-mode band=2ghz-onlyg country="united states" disabled=no \
disconnect-timeout=15s distance=indoors frequency=auto hw-protection-mode=rts-cts mode=ap-bridge multicast-helper=disabled \
noise-floor-threshold=-92 security-profile=zorka ssid=Zorka tx-power=18 tx-power-mode=all-rates-fixed wireless-protocol=802.11 \
wmm-support=enabled wps-mode=push-button-virtual-only
# managed by CAPsMAN
# channel: 5220/20/ac(13dBm), SSID: Namvisoft, local forwarding
set [ find default-name=wlan2 ] adaptive-noise-immunity=ap-and-client-mode band=5ghz-a/n/ac channel-width=20/40mhz-Ce country=\
"united states" disabled=no distance=indoors frequency=auto max-station-count=80 mode=ap-bridge multicast-helper=disabled \
security-profile=zorka ssid=Zorka tx-power=18 tx-power-mode=all-rates-fixed wireless-protocol=802.11 wmm-support=enabled wps-mode=\
push-button-virtual-only
/interface wireless nstreme
# managed by CAPsMAN
# channel: 2462/20/gn(17dBm), SSID: Namvisoft2Hz, local forwarding
set wlan1 enable-polling=no
# managed by CAPsMAN
# channel: 5220/20/ac(13dBm), SSID: Namvisoft, local forwarding
set wlan2 enable-polling=no
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
/interface bridge port
add bridge=bridge hw=no interface=ether1
/ip neighbor discovery-settings
set discover-interface-list=discover
/interface list member
add list=discover
add list=discover
add interface=bridge list=discover
add interface=bridge list=mactel
add interface=bridge list=mac-winbox
/interface wireless cap
#
set bridge=bridge caps-man-addresses=192.168.88.1 enabled=yes interfaces=wlan1,wlan2
/ip address
add address=192.168.88.3/24 interface=bridge network=192.168.88.0
/ip cloud
set update-time=no
/ip dhcp-relay
add dhcp-server=192.168.88.1 interface=bridge name=relay1
/ip dhcp-server network
add comment=defconf gateway=0.0.0.0
/ip dns
set allow-remote-requests=yes servers=8.8.8.8
/ip dns static
add address=192.168.88.1 name=router
/ip firewall address-list
add address=192.168.88.0/24 list=192.168.88.x
/ip route
add distance=1 gateway=192.168.88.1
/ip service
set telnet address=192.168.88.0/24 disabled=yes
set ftp address=192.168.88.0/24 disabled=yes
set www address=192.168.88.0/24 disabled=yes
set ssh address=192.168.88.0/24 disabled=yes
set www-ssl address=192.168.88.0/24
set api address=192.168.88.0/24 disabled=yes
set api-ssl address=192.168.88.0/24 disabled=yes
/system clock
set time-zone-name=Europe/Minsk
/system identity
set name=WIFI-3
/system leds
set 0 interface=wlan1
set 1 interface=wlan2
/system ntp client
set primary-ntp=193.47.166.28 secondary-ntp=91.236.251.11
/system routerboard settings
set silent-boot=no
/system scheduler
add disabled=yes interval=1d name=reboot on-event="/system reboot" policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=sep/18/2019 start-time=06:50:00
/tool mac-server
set allowed-interface-list=mactel
/tool mac-server mac-winbox
set allowed-interface-list=mac-winbox

[mafijs]

подскажите, куда копать??

Для начала определись в "country"
Что там творится?

Код: Выделить всё

country=belarus
country=russia3
country="united states"
country="united states2"

[Ca6ko]

куда копать?

Сначала разобраться с настройкой сети у Вас DHCP раздает адреса из трех разных подсетей /24. Если есть такая проблема и нужна сеть из 700-800 хостов (в чем я сомневаюсь) то почему не используете одну сеть /22 ?

Дальше нужно правильно настроить WiFi сеть. Сейчас там какая-то каша с каналами.

Запомните азбуку Wifi 2.4 ГГц в 1999 году изобрели стандарт b и сделали сетку из 14 каналов
В 2003 году изобрели стандарт g и в сетке осталось только ТРИ канала 1, 6, 11, остальные для совместимости и поддержки b стандарта. Это если кратко на пальцах.