бесшовный 2х диапазонный wi-fi в квартире

Обсуждение на тему выбора оборудования
blow_treez
Сообщения: 8
Зарегистрирован: 26 мар 2019, 14:27

KARaS'b писал(а): 17 апр 2019, 12:30 Т.е. интернета якобы нет, но трассировка при этом проходит? Я бы копал в сторону днса.
в капсмане из датапатч убрал локал форвардинг, проводные клиенты теперь не отваливаются от интернета, а КАПы не заводятся (беспроводные интерфейсы не активны)


Ca6ko
Сообщения: 1484
Зарегистрирован: 23 ноя 2018, 11:08
Откуда: Харкiв

blow_treez писал(а): 17 апр 2019, 09:46 так и поступил, CAPsMAN настроил, с бриджами не напутал, все работает)
но есть ... проблема: ... пропадает связь с интернетом, каждые 5-10 мин

Давайте плясать от печки. Сначала схему сети, потом конфиг.


1-е Правило WiFi - Везде где только можно откажитесь от WiFi!
2-е Правило WiFi -Устройство, которое пользователь не носит с собой постоянно, должно подключаться кабелем!!

Микротики есть разные: черные, белые, красные. Но все равно хочется над чем нибудь заморочится.
blow_treez
Сообщения: 8
Зарегистрирован: 26 мар 2019, 14:27

Ca6ko писал(а): 17 апр 2019, 23:50Давайте плясать от печки. Сначала схему сети, потом конфиг.
Схема: hap ac2 в ether1 он же WAN приходит провайдер (настройки по dhcp приходят автоматом), бридж ether2-ether5, поднят dhcp-сервер и CAPsMAN
кабелем подсоединен второй hap ac2 на нем только бридж lan портов, и получает настройки от CAPsMAN

есть несколько проводных клиентов на обоих устройствах и несколько wi-fi


mafijs
Сообщения: 533
Зарегистрирован: 03 сен 2017, 03:08
Откуда: Marienburga

blow_treez писал(а): 17 апр 2019, 21:29 а КАПы не заводятся (беспроводные интерфейсы не активны)
Всё правильно - не активны (серые) потому что управляется CAPsMan.


blow_treez
Сообщения: 8
Зарегистрирован: 26 мар 2019, 14:27

запустил пинг с микротика(1) с провайдером и с локального(2) одновременно
на 1 пинг шел нормально
на 2 как только пропал интернет на компе, подключенном к нему так же и пинг перестал долетать
периодически вылезало host not reachable 92.39.00.00 (внешний ип микротика(1))


Конфиг (1)

Код: Выделить всё

# apr/18/2019 17:53:30 by RouterOS 6.44.2
# software id = M73B-GTFA
#
# model = RBD52G-5HacD2HnD
# serial number = B4XXXX70094C
/caps-man channel
add band=2ghz-b/g/n control-channel-width=20mhz extension-channel=Ce \
    frequency=2412 name=channel1_24 tx-power=17
add band=2ghz-b/g/n control-channel-width=20mhz extension-channel=Ce \
    frequency=2437 name=channel6_24 tx-power=17
add band=2ghz-b/g/n control-channel-width=20mhz extension-channel=eC \
    frequency=2462 name=channel11_24 tx-power=17
add band=5ghz-n/ac control-channel-width=20mhz extension-channel=Ce \
    frequency=5180 name=channel36_5 tx-power=20
add band=5ghz-n/ac control-channel-width=20mhz extension-channel=Ce \
    frequency=5220 name=channel44_5 tx-power=20
/interface bridge
add admin-mac=74:XX:XX:XX:XX:XX arp=proxy-arp auto-mac=no name=bridge1
/interface ethernet
set [ find default-name=ether1 ] arp=proxy-arp loop-protect=on \
    loop-protect-disable-time=1m mac-address=XX:XX:XX:XX:XX:XX
set [ find default-name=ether2 ] loop-protect=on loop-protect-disable-time=1m
set [ find default-name=ether3 ] loop-protect=on loop-protect-disable-time=1m
set [ find default-name=ether4 ] loop-protect=on loop-protect-disable-time=1m
set [ find default-name=ether5 ] loop-protect=on loop-protect-disable-time=1m
/interface wireless
# managed by CAPsMAN
# channel: 2412/20-Ce/gn(17dBm), SSID: WIFI, CAPsMAN forwarding
set [ find default-name=wlan1 ] band=2ghz-onlyn default-authentication=no \
    distance=indoors max-station-count=25 mode=ap-bridge multicast-helper=\
    full preamble-mode=long ssid=WIFI wireless-protocol=802.11 wps-mode=\
    disabled
# managed by CAPsMAN
# channel: 5180/20-Ce/ac/P(20dBm), SSID: WIFI_5G, CAPsMAN forwarding
set [ find default-name=wlan2 ] band=5ghz-n/ac default-authentication=no \
    distance=indoors max-station-count=25 mode=ap-bridge preamble-mode=long \
    ssid=WIFI_5G wireless-protocol=802.11
/caps-man datapath
add bridge=bridge1 client-to-client-forwarding=yes name=datapath1
/caps-man security
add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm \
    name=security1 passphrase=password
/caps-man configuration
add channel=channel1_24 channel.band=2ghz-b/g/n country=russia3 datapath=\
    datapath1 guard-interval=long mode=ap multicast-helper=full name=cfg1_24 \
    rx-chains=0,1,2,3 security=security1 ssid=WIFI tx-chains=0,1,2,3
add channel=channel36_5 country=russia3 datapath=datapath1 guard-interval=\
    long mode=ap multicast-helper=full name=cfg1_5 rx-chains=0,1,2,3 \
    security=security1 ssid=WIFI_5G tx-chains=0,1,2,3
/caps-man interface
add channel=channel1_24 configuration=cfg1_24 datapath=datapath1 disabled=no \
    l2mtu=1600 mac-address=74:4D:28:1E:36:ED master-interface=none name=\
    cap1_24 radio-mac=74:4D:28:1E:36:ED radio-name=744D281E36ED security=\
    security1
add channel=channel36_5 configuration=cfg1_5 datapath=datapath1 disabled=no \
    l2mtu=1600 mac-address=74:4D:28:1E:36:EE master-interface=none name=\
    cap1_5 radio-mac=74:4D:28:1E:36:EE radio-name=744D281E36EE security=\
    security1
add channel=channel11_24 configuration=cfg1_24 datapath=datapath1 disabled=no \
    l2mtu=1600 mac-address=74:4D:28:1E:37:AB master-interface=none name=\
    cap2_24 radio-mac=74:4D:28:1E:37:AB radio-name=744D281E37AB security=\
    security1
add channel=channel44_5 configuration=cfg1_5 datapath=datapath1 disabled=no \
    l2mtu=1600 mac-address=74:4D:28:1E:37:AC master-interface=none name=\
    cap2_5 radio-mac=74:4D:28:1E:37:AC radio-name=744D281E37AC security=\
    security1
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" mode=\
    dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key=password \
    wpa2-pre-shared-key=password
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=dhcp ranges=192.168.1.10-192.168.1.254
/ip dhcp-server
add address-pool=dhcp authoritative=after-2sec-delay disabled=no interface=\
    bridge1 lease-time=3d name=dhcp1 src-address=192.168.1.1
/caps-man access-list
add action=accept allow-signal-out-of-range=10s disabled=no interface=all \
    signal-range=-79..120 ssid-regexp=""
add action=reject allow-signal-out-of-range=10s disabled=no interface=all \
    signal-range=-120..-80 ssid-regexp=""
/caps-man manager
set enabled=yes
/caps-man provisioning
add action=create-dynamic-enabled hw-supported-modes=gn master-configuration=\
    cfg1_24
add action=create-dynamic-enabled hw-supported-modes=an,ac \
    master-configuration=cfg1_5
/interface bridge port
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface detect-internet
set internet-interface-list=LAN lan-interface-list=LAN wan-interface-list=WAN
/interface list member
add interface=bridge1 list=LAN
add interface=ether1 list=WAN
/interface wireless access-list
add signal-range=-100..120 vlan-mode=no-tag
/interface wireless cap
# 
set bridge=bridge1 caps-man-addresses=127.0.0.1 enabled=yes interfaces=\
    wlan1,wlan2
/ip address
add address=192.168.1.1/24 comment=defconf interface=bridge1 network=\
    192.168.1.0
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=ether1
/ip dhcp-server lease
add address=192.168.1.251 client-id=1:74:4d:28:1e:37:a7 mac-address=\
    74:4D:28:1E:37:A7 server=dhcp1
/ip dhcp-server network
add address=192.168.1.0/24 dns-server=192.168.1.1 gateway=192.168.1.1 \
    netmask=24
/ip dns
set allow-remote-requests=yes cache-max-ttl=1d servers=8.8.8.8,8.8.4.4
/ip dns static
add address=192.168.1.1 name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=accept chain=forward in-interface=ether1 out-interface=ether1
add action=accept chain=input in-interface=ether1 src-address=192.168.1.0/24
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=forward protocol=icmp
add action=accept chain=input in-interface=ether1 protocol=udp src-port=53
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf:  drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
add action=drop chain=input comment="drop ssh brute forcers" dst-port=22 \
    protocol=tcp src-address-list=ssh_blacklist
add action=add-src-to-address-list address-list=ssh_blacklist \
    address-list-timeout=1w3d chain=input connection-state=new dst-port=22 \
    protocol=tcp src-address-list=ssh_stage3
add action=add-src-to-address-list address-list=ssh_stage3 \
    address-list-timeout=1m chain=input connection-state=new dst-port=22 \
    protocol=tcp src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_stage2 \
    address-list-timeout=1m chain=input connection-state=new dst-port=22 \
    protocol=tcp src-address-list=ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage1 \
    address-list-timeout=1m chain=input connection-state=new dst-port=22 \
    protocol=tcp
add action=drop chain=input comment="drop telnet brute forcers" dst-port=23 \
    protocol=tcp src-address-list=black_list
add action=add-src-to-address-list address-list=black_list \
    address-list-timeout=1d chain=input connection-state=new dst-port=23 \
    protocol=tcp src-address-list=telnet_stage3
add action=add-src-to-address-list address-list=telnet_stage3 \
    address-list-timeout=1m chain=input connection-state=new dst-port=23 \
    protocol=tcp src-address-list=telnet_stage2
add action=add-src-to-address-list address-list=telnet_stage2 \
    address-list-timeout=1m chain=input connection-state=new dst-port=23 \
    protocol=tcp src-address-list=telnet_stage1
add action=add-src-to-address-list address-list=telnet_stage1 \
    address-list-timeout=1m chain=input connection-state=new dst-port=23 \
    protocol=tcp
add action=drop chain=input comment="drop ftp brute forcers" dst-port=21 \
    protocol=tcp src-address-list=black_list
add action=add-src-to-address-list address-list=black_list \
    address-list-timeout=1d chain=input connection-state=new dst-port=21 \
    protocol=tcp src-address-list=ftp_stage3
add action=add-src-to-address-list address-list=ftp_stage3 \
    address-list-timeout=1m chain=input connection-state=new dst-port=21 \
    protocol=tcp src-address-list=ftp_stage2
add action=add-src-to-address-list address-list=ftp_stage2 \
    address-list-timeout=1m chain=input connection-state=new dst-port=21 \
    protocol=tcp src-address-list=ftp_stage1
add action=add-src-to-address-list address-list=ftp_stage1 \
    address-list-timeout=1m chain=input connection-state=new dst-port=21 \
    protocol=tcp
/ip firewall mangle
add action=mark-connection chain=prerouting connection-state=new dst-port=\
    9999 in-interface=ether1 new-connection-mark=allow_in passthrough=yes \
    protocol=tcp
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN
add action=redirect chain=dstnat dst-port=9999 in-interface=ether1 protocol=\
    tcp to-ports=80
/ip route
add disabled=yes distance=1 gateway=92.39.XX.1
/ip service
set telnet disabled=yes
set ftp disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=bridge1 type=internal
add interface=ether1 type=external
/system clock
set time-zone-name=Europe/Moscow
/system identity
set name=CAPsMAN_CAP1
/system ntp client
set enabled=yes primary-ntp=193.171.23.163 secondary-ntp=85.114.26.194
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
/tool netwatch
add disabled=yes down-script=\
    "/ip dhcp-client renew ether1-gateway\r\
    \n\r\
    \n:log info (\"dhcp renew\")" host=8.8.8.8 interval=15s

Конфиг(2)

Код: Выделить всё

# apr/18/2019 17:53:15 by RouterOS 6.44.2
# software id = CL47-9388
#
# model = RBD52G-5HacD2HnD
# serial number = B4XXXXA6917D
/interface bridge
add admin-mac=XX:XX:XX:XX:XX:XX auto-mac=no name=bridge1
/interface ethernet
set [ find default-name=ether1 ] arp=proxy-arp loop-protect=on \
    loop-protect-disable-time=1m
set [ find default-name=ether2 ] loop-protect=on loop-protect-disable-time=1m
set [ find default-name=ether3 ] loop-protect=on loop-protect-disable-time=1m
/interface wireless
# managed by CAPsMAN
# channel: 2462/20-eC/gn(17dBm), SSID: WIFI, CAPsMAN forwarding
set [ find default-name=wlan1 ] band=2ghz-onlyn frequency=2437 mode=\
    station-bridge ssid=WIFI
# managed by CAPsMAN
# channel: 5220/20-Ce/ac/P(20dBm), SSID: WIFI_5G, CAPsMAN forwarding
set [ find default-name=wlan2 ] band=5ghz-a/n/ac frequency=5260 mode=\
    station-bridge ssid=WIFI_5G
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/interface bridge port
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
add bridge=bridge1 interface=ether1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add interface=ether1 list=WAN
add interface=ether2 list=LAN
add interface=ether3 list=LAN
add interface=ether4 list=LAN
add interface=ether5 list=LAN
add interface=wlan1 list=LAN
/interface wireless access-list
add
/interface wireless cap
# 
set caps-man-addresses=192.168.1.1 discovery-interfaces=bridge1 enabled=yes \
    interfaces=wlan1,wlan2
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=bridge1
/ip dns
set allow-remote-requests=yes cache-max-ttl=1d
/ip dns static
add address=192.168.88.1 name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked disabled=yes
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid disabled=yes
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=forward protocol=icmp
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    disabled=yes ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    disabled=yes ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked disabled=yes
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid disabled=yes
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN
/system clock
set time-zone-name=Europe/Moscow
/system identity
set name=CAP2
/system ntp client
set enabled=yes primary-ntp=193.171.23.163 secondary-ntp=85.114.26.194
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN


Ответить