Имеются 7 точек hap ac2. Версия RouterOS на каждой 6.43.10. Схема сети: шлюз на убунте, на ней поднят опенвпн сервер и две сетевых карты(одна для интернета, другая для локальной сети) подключен в гигабитный свич, в него же подключены все 7 точек. Шлюз является dhcp сервером. Точки подключены через фирменные инжекторы Mikrotik. Площадь офиса около 1000м^2. Точки расставлены равномерно повсему помещению, с контролером capsman(он же является точкой доступа) примерно в центре. Расстояние между точками в пределах 10-20м. Стены - стекло и гипсокартон, есть пара несущих бетонных, но там клиентов нету. Точки установлены на потолке типа "Армстронг". Здание новое, эфир не захламлен. Периодически отваливаются клиенты. Клиенты самые разные: ноутбуки леново, макбуки, айфоны, самсунги, сяоми и т.д., большой зоопарк. Отваливаются они с разной периодичностью. Могут раз в два дня один ноутбук, а может пару раз в день 5-6 клиентов. При чем когда смотрю в Registration Table, то там аптайм большой, то есть, это не клиенты отваливаются, а пропадает интернет соединение. С чем это может быть связано? В логах ни ошибок ни предупреждений никаких нету.
Конфиг контроллера capsman:
Код: Выделить всё
# jun/27/2019 13:13:44 by RouterOS 6.43.10
# software id = X3CU-S1VF
#
# model = RBD52G-5HacD2HnD
# serial number = A6470A9C322A
/caps-man channel
add band=2ghz-onlyn control-channel-width=20mhz extension-channel=XX name=\
channel1 tx-power=20
add band=5ghz-a/n/ac control-channel-width=20mhz extension-channel=Ce \
frequency=5200 name=channel2 tx-power=20
add band=2ghz-onlyn control-channel-width=20mhz extension-channel=disabled \
frequency=2412 name=ch_1_2412 tx-power=20
add band=2ghz-onlyn control-channel-width=20mhz extension-channel=disabled \
frequency=2437 name=ch_6_2437 tx-power=20
add band=2ghz-onlyn control-channel-width=20mhz extension-channel=disabled \
frequency=2417 name=ch_2_2417 tx-power=20
add band=2ghz-onlyn control-channel-width=20mhz extension-channel=disabled \
frequency=2462 name=ch_11_2462 tx-power=20
/interface bridge
add admin-mac=74:4D:28:4F:53:DC auto-mac=no comment=defconf name=bridge
/caps-man interface
add disabled=no l2mtu=1600 mac-address=74:4D:28:4F:57:61 master-interface=none \
name=cap5 radio-mac=74:4D:28:4F:57:61 radio-name=744D284F5761
/caps-man datapath
add bridge=bridge client-to-client-forwarding=yes local-forwarding=yes name=\
datapath1
add bridge=bridge client-to-client-forwarding=yes local-forwarding=yes name=\
datapath2
/caps-man security
add authentication-types=wpa2-psk encryption=aes-ccm,tkip group-encryption=\
aes-ccm group-key-update=1h name=security1 passphrase=
add authentication-types=wpa2-psk encryption=aes-ccm,tkip group-encryption=\
aes-ccm group-key-update=1h name=security2 passphrase=
/caps-man configuration
add channel=channel1 datapath=datapath1 mode=ap name=cfg1 rx-chains=0,1,2 \
security=security1 ssid=Hosts tx-chains=0,1,2
add channel=channel2 datapath=datapath2 mode=ap name=cfg2 rx-chains=0,1,2 \
security=security2 ssid=Hosts_5GHz tx-chains=0,1,2
add channel=ch_1_2412 country=serbia datapath=datapath1 mode=ap name=cfg_1_2412 \
rx-chains=0,1,2 security=security1 ssid=Hosts tx-chains=0,1,2
add channel=ch_6_2437 country=serbia datapath=datapath1 mode=ap name=cfg_6_2437 \
rx-chains=0,1,2 security=security1 ssid=Hosts tx-chains=0,1,2
add channel=ch_2_2417 country=serbia datapath=datapath1 mode=ap name=cfg_2_2417 \
rx-chains=0,1,2 security=security1 ssid=Hosts tx-chains=0,1,2
add channel=ch_11_2462 country=serbia datapath=datapath1 mode=ap name=\
cfg_11_2462 rx-chains=0,1,2 security=security1 ssid=Hosts tx-chains=0,1,2
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa-psk,wpa2-psk eap-methods="" management-protection=\
allowed mode=dynamic-keys name=wpa2-connect supplicant-identity="" \
wpa-pre-shared-key= wpa2-pre-shared-key=
/interface wireless
# managed by CAPsMAN
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \
distance=indoors frequency=auto mode=ap-bridge security-profile=\
wpa2-connect ssid=MikroTik-test wireless-protocol=802.11
# managed by CAPsMAN
# channel: 5200/20-Ce/ac(17dBm), SSID: Hosts_5GHz, local forwarding
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=20/40/80mhz-XXXX \
disabled=no distance=indoors frequency=auto mode=ap-bridge \
security-profile=wpa2-connect ssid=MikroTiktest-5GHz wireless-protocol=\
802.11
/interface wireless nstreme
# managed by CAPsMAN
set wlan1 enable-polling=no
# managed by CAPsMAN
# channel: 5200/20-Ce/ac(17dBm), SSID: Hosts_5GHz, local forwarding
set wlan2 enable-polling=no
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=dhcp ranges=10.0.0.10-10.0.0.254
/ip dhcp-server
add address-pool=dhcp interface=bridge lease-time=1h name=defconf
/caps-man access-list
add action=reject allow-signal-out-of-range=5s disabled=no signal-range=\
-120..-85 ssid-regexp=""
/caps-man manager
set enabled=yes
/caps-man provisioning
add action=create-dynamic-enabled disabled=yes master-configuration=cfg_2_2417 \
name-format=prefix name-prefix=cap2.4GHz_2ch_ radio-mac=74:4D:28:6D:75:82
add action=create-enabled disabled=yes master-configuration=cfg_6_2437 \
name-format=prefix name-prefix=cap2.4GHz_6ch_ radio-mac=74:4D:28:6D:75:D5
add action=create-dynamic-enabled disabled=yes master-configuration=cfg_11_2462 \
name-format=prefix name-prefix=cap2.4GHz_11ch_ radio-mac=74:4D:28:6D:75:A8
add action=create-dynamic-enabled hw-supported-modes=gn master-configuration=\
cfg1
add action=create-dynamic-enabled hw-supported-modes=ac,an \
master-configuration=cfg2
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge comment=defconf interface=wlan2
add bridge=bridge interface=ether1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=ether1 list=WAN
add interface=ether2 list=LAN
add interface=ether3 list=LAN
add interface=ether4 list=LAN
add interface=ether5 list=LAN
add interface=wlan2 list=LAN
add interface=wlan1 list=LAN
/interface wireless cap
#
set caps-man-addresses=127.0.0.1 discovery-interfaces=bridge enabled=yes \
interfaces=wlan1,wlan2
/ip address
add address=10.10.10.100/24 comment=defconf interface=ether2 network=10.10.10.0
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid interface=ether1
add dhcp-options=hostname,clientid interface=bridge
/ip dhcp-server network
add address=10.0.0.0/24 comment=defconf gateway=10.0.0.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=8.8.8.8
/ip dns static
add address=10.10.10.100 name=router.lan
/ip firewall filter
add action=accept chain=input dst-port=8291 protocol=tcp
add action=accept chain=input comment=UnblockCapsman dst-address-type=local \
src-address-type=local
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=\
invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=\
out,none out-interface-list=WAN
/ip route
add distance=1 gateway=10.10.10.1
/system clock
set time-zone-name=Europe/Amsterdam
/system identity
set name=10.10.10.100/24
/system logging
add disabled=yes topics=caps
add topics=wireless,debug
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
Конфиг точки:
Код: Выделить всё
# jun/27/2019 13:17:05 by RouterOS 6.43.10
# software id = IDEH-MSAX
#
# model = RBD52G-5HacD2HnD
# serial number = B4A00AD2E800
/interface bridge
add admin-mac=74:4D:28:6D:75:7E auto-mac=no comment=defconf name=bridge
/interface wireless
# managed by CAPsMAN
# channel: 2412/20-Ce/gn(20dBm), SSID: Hosts local forwarding
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \
disabled=no distance=indoors frequency=auto mode=ap-bridge ssid=\
MikroTik-6D7582 wireless-protocol=802.11
# managed by CAPsMAN
# channel: 5200/20-Ce/ac(17dBm), SSID: Hosts_5GHz, local forwarding
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=20/40/80mhz-XXXX \
disabled=no distance=indoors frequency=auto mode=ap-bridge ssid=\
MikroTik-6D7583 wireless-protocol=802.11
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=dhcp ranges=10.0.5.10-10.0.5.254
/ip dhcp-server
add address-pool=dhcp interface=bridge name=defconf
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge comment=defconf interface=wlan2
add bridge=bridge interface=ether1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=ether1 list=WAN
add interface=ether2 list=LAN
add interface=ether3 list=LAN
add interface=ether4 list=LAN
add interface=ether5 list=LAN
add interface=wlan2 list=LAN
add interface=wlan1 list=LAN
/interface wireless cap
#
set bridge=bridge discovery-interfaces=bridge enabled=yes interfaces=\
wlan1,wlan2
/ip address
add address=10.10.10.105/24 comment=defconf interface=ether2 network=10.10.10.0
/ip dhcp-client
add dhcp-options=hostname,clientid interface=ether1
add dhcp-options=hostname,clientid interface=bridge
/ip dhcp-server network
add address=10.0.5.0/24 comment=defconf gateway=10.0.5.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=8.8.8.8
/ip dns static
add address=10.10.10.105 name=router.lan
/ip firewall filter
add action=accept chain=input dst-port=8291 protocol=tcp
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=\
invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=\
out,none out-interface-list=WAN
/ip route
add distance=1 gateway=10.10.10.1
/system clock
set time-zone-name=Europe/Amsterdam
/system identity
set name=10.10.10.105/24
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
Код: Выделить всё
12:55:58 caps,info 38:53:9C:5D:5D:B1@cap7 disconnected, registered to other interface
12:57:17 caps,info 38:53:9C:5D:5D:B1@cap7 connected, signal strength -45
12:57:17 caps,info 38:53:9C:5D:5D:B1@cap42 disconnected, registered to other interface
12:57:20 caps,info F4:60:E2:95:B1:62@cap4 connected, signal strength -59
12:57:20 caps,info F4:60:E2:95:B1:62@cap42 disconnected, registered to other interface
12:57:33 caps,info F4:60:E2:95:B1:62@cap7 connected, signal strength -57
12:57:33 caps,info F4:60:E2:95:B1:62@cap4 disconnected, registered to other interface
12:57:50 caps,info F4:60:E2:95:B1:62@cap2 connected, signal strength -47
12:57:50 caps,info F4:60:E2:95:B1:62@cap7 disconnected, registered to other interface
13:00:49 caps,info F8:6F:C1:D4:45:A4@cap12 connected, signal strength -73
13:01:07 caps,info B4:B6:76:26:07:78@cap44 connected, signal strength -64
13:01:34 caps,info B4:B6:76:26:07:78@cap44 disconnected, received deauth: unspecified (1)
13:02:32 caps,info D4:6D:6D:E0:44:3A@cap45 disconnected, received deauth: sending station leaving (3)
13:03:49 caps,info F8:6F:C1:D4:45:A4@cap45 connected, signal strength -68
13:03:49 caps,info F8:6F:C1:D4:45:A4@cap12 disconnected, registered to other interface
13:04:02 caps,info F8:6F:C1:D4:45:A4@cap10 connected, signal strength -72
13:04:02 caps,info F8:6F:C1:D4:45:A4@cap45 disconnected, registered to other interface
13:04:26 caps,info F8:6F:C1:D4:45:A4@cap47 connected, signal strength -76
13:04:26 caps,info F8:6F:C1:D4:45:A4@cap10 disconnected, registered to other interface
13:08:19 caps,info 08:F4:AB:ED:6C:17@cap47 connected, signal strength -82
13:08:25 caps,info 08:F4:AB:ED:6C:17@cap47 disconnected, 4-way handshake timeout
13:08:25 caps,info 08:F4:AB:ED:6C:17@cap44 rejected, forbidden by access-list
13:09:33 caps,info 80:C5:F2:1E:68:2F@cap42 disconnected, received deauth: sending station leaving (3)
13:10:49 caps,info D4:6D:6D:E0:44:3A@cap44 connected, signal strength -45
13:11:01 caps,info 80:C5:F2:1E:68:2F@cap42 connected, signal strength -60
13:11:05 caps,info 60:30:D4:2A:35:D9@cap44 connected, signal strength -53
13:11:05 caps,info 60:30:D4:2A:35:D9@cap47 disconnected, registered to other interface
13:12:21 caps,info FC:2A:9C:6D:ED:DF@cap44 connected, signal strength -63
13:12:27 caps,info FC:2A:9C:6D:ED:DF@cap44 disconnected, 4-way handshake timeout
13:12:31 caps,info FC:2A:9C:6D:ED:DF@cap47 connected, signal strength -70
13:12:37 caps,info FC:2A:9C:6D:ED:DF@cap47 disconnected, 4-way handshake timeout
13:12:41 caps,info FC:2A:9C:6D:ED:DF@cap47 connected, signal strength -63
13:12:47 caps,info FC:2A:9C:6D:ED:DF@cap47 disconnected, 4-way handshake timeout
13:13:36 system,info,account user logged in from 10.10.10.22 via telnet
13:13:46 smb,info created new share: pub
13:14:28 caps,info F4:60:E2:95:B1:62@cap7 connected, signal strength -57
13:14:28 caps,info F4:60:E2:95:B1:62@cap2 disconnected, registered to other interface
13:14:30 caps,info F4:60:E2:95:B1:62@cap42 connected, signal strength -59
13:14:30 caps,info F4:60:E2:95:B1:62@cap7 disconnected, registered to other interface
13:14:33 caps,info F4:60:E2:95:B1:62@cap4 connected, signal strength -60
13:14:33 caps,info F4:60:E2:95:B1:62@cap42 disconnected, registered to other interface
13:14:37 caps,info F4:60:E2:95:B1:62@cap42 connected, signal strength -69
13:14:37 caps,info F4:60:E2:95:B1:62@cap4 disconnected, registered to other interface
13:14:39 caps,info F4:60:E2:95:B1:62@cap4 connected, signal strength -43
13:14:39 caps,info F4:60:E2:95:B1:62@cap42 disconnected, registered to other interface
13:17:08 caps,info F4:96:34:BA:58:D8@cap7 connected, signal strength -61
13:17:16 caps,info 60:30:D4:2A:35:D9@cap45 connected, signal strength -49
13:17:16 caps,info 60:30:D4:2A:35:D9@cap44 disconnected, registered to other interface
13:17:17 caps,info F8:A2:D6:BB:7E:27@cap11 connected, signal strength -52
13:18:14 caps,info 08:F4:AB:ED:6C:17@cap12 connected, signal strength -64
13:18:20 caps,info 08:F4:AB:ED:6C:17@cap12 disconnected, 4-way handshake timeout
13:18:20 caps,info 08:F4:AB:ED:6C:17@cap47 connected, signal strength -82
13:18:26 caps,info 08:F4:AB:ED:6C:17@cap47 disconnected, 4-way handshake timeout
13:18:27 caps,info B4:B6:76:26:07:78@cap44 connected, signal strength -54
13:18:34 caps,info 08:F4:AB:ED:6C:17@cap12 connected, signal strength -74
13:18:40 caps,info 08:F4:AB:ED:6C:17@cap12 disconnected, 4-way handshake timeout
13:18:40 caps,info 08:F4:AB:ED:6C:17@cap47 rejected, forbidden by access-list
13:18:47 caps,info B4:B6:76:26:07:78@cap44 disconnected, received deauth: unspecified (1)
13:19:11 caps,info 08:F4:AB:ED:6C:17@cap12 connected, signal strength -69
13:19:17 caps,info 08:F4:AB:ED:6C:17@cap12 disconnected, 4-way handshake timeout
13:19:17 caps,info 08:F4:AB:ED:6C:17@cap47 rejected, forbidden by access-list
13:19:31 caps,info 60:30:D4:2A:35:D9@cap44 connected, signal strength -52
13:19:31 caps,info 60:30:D4:2A:35:D9@cap45 disconnected, registered to other interface
13:19:42 caps,info 08:F4:AB:ED:6C:17@cap12 connected, signal strength -71
13:19:48 caps,info 08:F4:AB:ED:6C:17@cap12 disconnected, 4-way handshake timeout
13:19:48 caps,info 08:F4:AB:ED:6C:17@cap47 rejected, forbidden by access-list
13:19:50 caps,info 08:F4:AB:ED:6C:17@cap12 connected, signal strength -70
13:19:56 caps,info 08:F4:AB:ED:6C:17@cap12 disconnected, 4-way handshake timeout
13:19:57 caps,info 08:F4:AB:ED:6C:17@cap47 rejected, forbidden by access-list
13:20:02 caps,info 08:F4:AB:ED:6C:17@cap12 connected, signal strength -73
13:20:08 caps,info 08:F4:AB:ED:6C:17@cap12 disconnected, 4-way handshake timeout
13:20:09 caps,info 08:F4:AB:ED:6C:17@cap47 rejected, forbidden by access-list
13:20:45 caps,info 60:30:D4:2A:35:D9@cap47 connected, signal strength -59
13:20:45 caps,info 60:30:D4:2A:35:D9@cap44 disconnected, registered to other interface
13:23:10 system,info,account user logged out from 10.10.10.22 via telnet
13:23:12 system,info,account user logged in from 10.10.10.22 via telnet