Проблема в следующем: аутсорсеры настраивали бесшовный wi-fi (5 mikrotik RB2011UiAS-2HnD-IN), состоящий из 2 сетей - рабочей и гостевой. Настраивалось через CapSman. Всё работало хорошо, пока в один момент на гостевом wi-fi не пропал интернет. Основная сетка 172.16.0.0, гостевая 192.168.100.0
Может кто профессиональным взглядом увидит косяк. Спасибо
Конфиг ниже:
Код: Выделить всё
# apr/29/2017 00:32:34 by RouterOS 6.38
# software id = 43SA-LM26
#
/caps-man channel
add band=2ghz-b/g/n extension-channel=Ce frequency=2412 name=employees \
tx-power=20 width=20
add band=2ghz-b/g/n extension-channel=Ce frequency=2412 name=guest tx-power=20 \
width=20
/interface bridge
add admin-mac=*******E6 auto-mac=no comment=defconf name=bridge
/interface ethernet
set [ find default-name=ether2 ] name=ether2-master
set [ find default-name=ether3 ] master-port=ether2-master
set [ find default-name=ether4 ] master-port=ether2-master
set [ find default-name=ether5 ] master-port=ether2-master
set [ find default-name=ether6 ] name=ether6-master
set [ find default-name=ether7 ] master-port=ether6-master
set [ find default-name=ether8 ] master-port=ether6-master
set [ find default-name=ether9 ] master-port=ether6-master
set [ find default-name=ether10 ] master-port=ether6-master
/interface wireless
# managed by CAPsMAN
# channel: 2412/20-Ce/gn(20dBm), SSID: lq_work, local forwarding
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce \
disabled=no distance=indoors frequency=auto mode=ap-bridge ssid=lq_work \
wireless-protocol=802.11
/ip neighbor discovery
set ether1 discover=no
/interface vlan
add interface=bridge name=vlan2 vlan-id=2
/caps-man datapath
add bridge=bridge local-forwarding=yes name=datapath1
add bridge=bridge local-forwarding=yes name=datapath2 vlan-id=2 vlan-mode=\
use-service-tag
/caps-man security
add authentication-types=wpa2-psk encryption=aes-ccm,tkip group-encryption=\
aes-ccm name=lq_work passphrase=********
add authentication-types=wpa2-psk encryption=aes-ccm,tkip group-encryption=\
aes-ccm name=lq_guest passphrase=********
/caps-man configuration
add channel=employees channel.band=2ghz-b/g/n channel.extension-channel=Ce \
channel.frequency=2412 channel.tx-power=20 channel.width=20 datapath=\
datapath1 mode=ap name=lq_work rates.vht-basic-mcs="" \
rates.vht-supported-mcs="" rx-chains=0,1,2 security=lq_work ssid=lq_work \
tx-chains=0,1,2
add channel=quest channel.band=2ghz-b/g/n channel.extension-channel=Ce \
channel.frequency=2412 channel.tx-power=20 channel.width=20 datapath=\
datapath2 mode=ap name=lq_guest rates.vht-basic-mcs="" \
rates.vht-supported-mcs="" security=lq_guest ssid=lq_guest
/caps-man interface
add configuration=lq_work disabled=no l2mtu=1600 mac-address=*******EF \
master-interface=none name=cap9 radio-mac=*******EF \
rates.vht-basic-mcs="" rates.vht-supported-mcs=""
add channel=quest configuration=lq_guest datapath=datapath2 datapath.vlan-id=2 \
datapath.vlan-mode=use-tag disabled=no l2mtu=1600 mac-address=\
******EF master-interface=cap9 name=cap1 radio-mac=\
00:00:00:00:00:00 rates.vht-basic-mcs="" rates.vht-supported-mcs="" \
security=lq_guest
/ip pool
add name="pool vlan2" ranges=192.168.100.50-192.168.100.250
add name=dhcp_pool1 ranges=192.168.200.2-192.168.200.254
add name=dhcp_pool2 ranges=192.168.100.2-192.168.100.99
/ip dhcp-server
add add-arp=yes address-pool="pool vlan2" disabled=no interface=vlan2 name=\
server1
/caps-man manager
set enabled=yes
/caps-man provisioning
add action=create-dynamic-enabled master-configuration=lq_work \
slave-configurations=lq_guest
/interface bridge port
add bridge=bridge comment=defconf interface=ether2-master
add bridge=bridge comment=defconf interface=ether6-master
add bridge=bridge comment=defconf interface=sfp1
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge interface=ether1
add bridge=bridge interface=wlan19
/interface wireless cap
#
set bridge=bridge discovery-interfaces=bridge enabled=yes interfaces=wlan1
/ip address
add address=172.16.0.6/24 comment=defconf interface=bridge network=172.16.0.0
add address=192.168.100.1/24 interface=vlan2 network=192.168.100.0
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid interface=ether1
/ip dhcp-server network
add address=192.168.100.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=\
192.168.100.1 netmask=24
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 name=router
/ip firewall filter
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept established,related" \
connection-state=established,related
# in/out-interface matcher not possible when interface (ether1) is slave - use mas
er instead (bridge)
add action=drop chain=input comment="defconf: drop all from WAN" in-interface=\
ether1
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related" \
connection-state=established,related
add action=drop chain=forward comment="defconf: drop invalid" connection-state=\
invalid
# in/out-interface matcher not possible when interface (ether1) is slave - use mas
er instead (bridge)
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface=ether1
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" disabled=yes \
out-interface=ether1
/ip route rule
add action=unreachable dst-address=192.168.100.0/24 src-address=172.16.0.0/24
add action=unreachable dst-address=172.16.0.0/24 src-address=192.168.100.0/24
/system clock
set time-zone-name=Europe/Moscow
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=bridge
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=bridge