Непонятно откуда взявшийся STP

Обсуждение оборудования и его настройки
Ответить
Diman89
Сообщения: 4
Зарегистрирован: 15 мар 2014, 21:12

Приветствую.
Есть RouterBOARD 951G-2HnD.
В wireshark постоянно вижу такое:

Код: Выделить всё

345   3.189794000   Routerbo_cc:b9:ff   Spanning-tree-(for-bridges)_00   STP   60   RST. Root = 32768/0/d4:ca:6d:cc:b9:ff  Cost = 0  Port = 0x8005

Изображение
К микротику подключены 3 свича: DES 3810-28, DES 1210-52*2 (свичи между собой в транке, к самому микротику подключен 1210-52). На свичах STP выключен
 config

Код: Выделить всё

export compact
# mar/15/2014 22:17:35 by RouterOS 5.25
# software id = ****-****
#
/interface bridge
add l2mtu=1598 name=bridge-local
add name=bridge-guest
/interface ethernet
set 0 comment=WAN1 name=w_eth1_domru
set 1 comment=WAN2 name=w_eth2_rtcom
set 2 comment=LAN name=lan_eth3
set 3 master-port=lan_eth3 name=lan_eth4
/interface pppoe-client
add add-default-route=yes disabled=no interface=w_eth1_domru name=pppoe_domru \
    password=*** use-peer-dns=yes user=***
add disabled=no interface=w_eth2_rtcom name=pppoe_rtcom password=*** user=\
    ***
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk eap-methods=\
    passthrough wpa-pre-shared-key=12345678 wpa2-pre-shared-key=12345678
add authentication-types=wpa-psk,wpa2-psk eap-methods=passthrough \
    group-ciphers=tkip,aes-ccm management-protection=allowed mode=dynamic-keys \
    name=corp supplicant-identity="" unicast-ciphers=tkip,aes-ccm \
    wpa-pre-shared-key=*** wpa2-pre-shared-key=***
add authentication-types=wpa-psk,wpa2-psk eap-methods=passthrough \
    management-protection=allowed name=guest supplicant-identity=""
/interface wireless
set 0 adaptive-noise-immunity=ap-and-client-mode band=2ghz-b/g/n basic-rates-b=\
    "" channel-width=20/40mhz-ht-below country=russia disabled=no frequency=\
    2462 frequency-mode=superchannel ht-rxchains=0,1 ht-txchains=0,1 \
    hw-protection-mode=rts-cts l2mtu=2290 mode=ap-bridge name=\
    "***" periodic-calibration=enabled \
    periodic-calibration-interval=10 rate-set=configured security-profile=corp \
    ssid="***" supported-rates-b="" tx-power=14 tx-power-mode=\
    all-rates-fixed wireless-protocol=802.11
add default-forwarding=no mac-address=D6:CA:6D:BA:BE:FB master-interface=\
    "***" name="***" security-profile=guest ssid=\
    "***" wds-cost-range=0 wds-default-cost=0
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=1h rate-limit=\
    512k/512k shared-users=unlimited
/ip pool
add name=dhcp-local ranges=192.168.1.10-192.168.1.150
add name=dhcp-guest ranges=192.168.5.1-192.168.5.100
/ip dhcp-server
add address-pool=dhcp-local disabled=no interface=bridge-local lease-time=9h \
    name=dhcp_server
add address-pool=dhcp-guest interface=bridge-guest lease-time=3h name=\
    dhcp_guest
/system logging action
set 1 disk-lines-per-file=1000
/interface bridge port
add bridge=bridge-local interface=lan_eth3
add bridge=bridge-local interface="***"
add bridge=bridge-guest interface="***"
/interface pptp-server server
set authentication=pap,chap,mschap1,mschap2 default-profile=default enabled=yes
/ip address
add address=192.168.1.249/24 interface=lan_eth3
/ip dhcp-server lease
add address=192.168.1.149 always-broadcast=yes client-id=1:10:9a:dd:54:f5:19 \
    mac-address=10:9A:DD:54:F5:19 server=dhcp_server
add address=192.168.1.16 client-id=1:c8:9c:dc:bc:fc:9f mac-address=\
    C8:9C:DC:BC:FC:9F server=dhcp_server
add address=192.168.1.32 client-id=1:0:26:18:d4:e9:64 mac-address=\
    00:26:18:D4:E9:64 server=dhcp_server
add address=192.168.1.22 client-id=1:50:cc:f8:db:70:3e mac-address=\
    50:CC:F8:DB:70:3E server=dhcp_server
add address=192.168.1.12 client-id=1:38:ec:e4:4b:b7:e7 mac-address=\
    38:EC:E4:4B:B7:E7 server=dhcp_server
add address=192.168.1.51 client-id=1:0:25:90:dc:4c:2e mac-address=\
    00:25:90:DC:4C:2E server=dhcp_server
add address=192.168.1.11 client-id=1:0:26:18:a7:f:35 mac-address=\
    00:26:18:A7:0F:35 server=dhcp_server
add address=192.168.1.25 client-id=1:0:19:5b:5a:50:8d mac-address=\
    00:19:5B:5A:50:8D server=dhcp_server
add address=192.168.1.48 client-id=1:d8:50:e6:3e:1d:81 mac-address=\
    D8:50:E6:3E:1D:81 server=dhcp_server
add address=192.168.1.19 client-id=1:0:1d:60:48:df:e1 mac-address=\
    00:1D:60:48:DF:E1 server=dhcp_server
add address=192.168.1.49 client-id=1:bc:ee:7b:8d:cc:a5 mac-address=\
    BC:EE:7B:8D:CC:A5 server=dhcp_server
add address=192.168.1.20 client-id=1:0:23:54:ed:fa:62 mac-address=\
    00:23:54:ED:FA:62 server=dhcp_server
add address=192.168.1.28 always-broadcast=yes client-id=1:c8:9c:dc:bd:2:2e \
    mac-address=C8:9C:DC:BD:02:2E server=dhcp_server
add address=192.168.1.148 client-id=1:8:60:6e:69:c9:70 mac-address=\
    08:60:6E:69:C9:70 server=dhcp_server
add address=192.168.1.18 always-broadcast=yes client-id=1:50:46:5d:52:6a:eb \
    mac-address=50:46:5D:52:6A:EB server=dhcp_server
add address=192.168.1.36 always-broadcast=yes client-id=1:14:14:4b:b3:c3:eb \
    mac-address=14:14:4B:B3:C3:EB server=dhcp_server
add address=192.168.1.10 client-id=1:30:85:a9:91:7b:d9 mac-address=\
    30:85:A9:91:7B:D9 server=dhcp_server
add address=192.168.1.30 client-id=1:30:85:a9:91:7b:e4 mac-address=\
    30:85:A9:91:7B:E4 server=dhcp_server
add address=192.168.1.24 client-id=1:6c:f0:49:47:2d:ae mac-address=\
    6C:F0:49:47:2D:AE server=dhcp_server
add address=192.168.1.147 client-id=1:0:21:91:8a:b4:f2 mac-address=\
    00:21:91:8A:B4:F2 server=dhcp_server
add address=192.168.1.29 client-id=1:6c:f0:49:17:44:2f mac-address=\
    6C:F0:49:17:44:2F server=dhcp_server
add address=192.168.1.33 always-broadcast=yes client-id=1:e0:c9:7a:2f:48:71 \
    mac-address=E0:C9:7A:2F:48:71 server=dhcp_server
add address=192.168.1.50 always-broadcast=yes client-id=1:bc:ee:7b:88:a7:5 \
    mac-address=BC:EE:7B:88:A7:05 server=dhcp_server
add address=192.168.1.89 client-id=1:0:25:22:98:0:de mac-address=\
    00:25:22:98:00:DE server=dhcp_server
add address=192.168.1.76 client-id=1:e0:c9:7a:d5:3e:6f mac-address=\
    E0:C9:7A:D5:3E:6F server=dhcp_server
add address=192.168.1.94 client-id=1:0:1a:4d:31:49:e mac-address=\
    00:1A:4D:31:49:0E server=dhcp_server
add address=192.168.1.26 always-broadcast=yes client-id=1:10:bf:48:76:90:4c \
    mac-address=10:BF:48:76:90:4C server=dhcp_server
add address=192.168.1.39 client-id=1:0:1b:fc:93:76:4e mac-address=\
    00:1B:FC:93:76:4E server=dhcp_server
/ip dhcp-server network
add address=192.168.1.0/24 comment=LAN_DHCP gateway=192.168.1.249
/ip dns
set allow-remote-requests=yes servers=109.194.128.3,109.194.129.3
/ip firewall address-list
add address=81.19.104.0/24 list=kaspersky
add address=62.128.100.0/23 list=kaspersky
add address=27.111.185.128/27 list=kaspersky
add address=95.167.139.0/26 list=kaspersky
/ip firewall filter
add chain=forward comment=kodi-test disabled=yes
add chain=output comment=kodi-test
add chain=input comment=kodi-test disabled=yes
add chain=input comment=VPN dst-port=1723 protocol=tcp
add chain=input comment="Added by webbox" protocol=icmp
add chain=forward comment="allow established" connection-state=established \
    in-interface=w_eth1_domru
add chain=forward comment="allow established" connection-state=established \
    in-interface=w_eth2_rtcom
add chain=forward comment="allow related" connection-state=related \
    in-interface=w_eth1_domru
add chain=forward comment="allow related" connection-state=related \
    in-interface=w_eth2_rtcom
add action=reject chain=forward comment="reject new" connection-state=new \
    in-interface=w_eth1_domru
add action=reject chain=forward comment="reject new" connection-state=new \
    in-interface=w_eth2_rtcom
add action=drop chain=forward comment="drop invalid" connection-state=invalid \
    in-interface=w_eth1_domru
add action=drop chain=forward comment="drop invalid" connection-state=invalid \
    in-interface=w_eth2_rtcom
add chain=forward comment="allow established" connection-state=established \
    in-interface=pppoe_domru
add chain=forward comment="allow established" connection-state=established \
    in-interface=pppoe_rtcom
add chain=forward comment="allow related" connection-state=related \
    in-interface=pppoe_domru
add chain=forward comment="allow related" connection-state=related \
    in-interface=pppoe_rtcom
add action=reject chain=forward comment="reject new" connection-state=new \
    in-interface=pppoe_rtcom
add action=reject chain=forward comment="reject new" connection-state=new \
    in-interface=pppoe_domru
add action=drop chain=forward comment="drop invalid" connection-state=invalid \
    in-interface=pppoe_domru
add action=drop chain=forward comment="drop invalid" connection-state=invalid \
    in-interface=pppoe_rtcom
add chain=input comment="allow established" connection-state=established \
    in-interface=w_eth1_domru
add chain=input comment="allow established" connection-state=established \
    in-interface=w_eth2_rtcom
add chain=input comment="allow related" connection-state=related in-interface=\
    w_eth1_domru
add chain=input comment="allow related" connection-state=related in-interface=\
    w_eth2_rtcom
add action=reject chain=input comment="reject new" connection-state=new \
    in-interface=w_eth1_domru
add action=reject chain=input comment="reject new" connection-state=new \
    in-interface=w_eth2_rtcom
add action=drop chain=input comment="drop invalid" connection-state=invalid \
    in-interface=w_eth1_domru
add action=drop chain=input comment="drop invalid" connection-state=invalid \
    in-interface=w_eth2_rtcom
add chain=input comment="allow established" connection-state=established \
    in-interface=pppoe_domru
add chain=input comment="allow established" connection-state=established \
    in-interface=pppoe_rtcom
add chain=input comment="allow related" connection-state=related in-interface=\
    pppoe_domru
add chain=input comment="allow related" connection-state=related in-interface=\
    pppoe_rtcom
add action=reject chain=input comment="reject new" connection-state=new \
    in-interface=pppoe_domru
add action=reject chain=input comment="reject new" connection-state=new \
    in-interface=pppoe_rtcom
add action=drop chain=input comment="drop invalid" connection-state=invalid \
    in-interface=pppoe_domru
add action=drop chain=input comment="drop invalid" connection-state=invalid \
    in-interface=pppoe_rtcom
add chain=input comment="Added by webbox" connection-state=established \
    in-interface=pppoe_domru
add chain=input comment="Added by webbox" connection-state=established \
    in-interface=pppoe_rtcom
add chain=input comment="Added by webbox" connection-state=related \
    in-interface=pppoe_domru
add chain=input comment="Added by webbox" connection-state=related \
    in-interface=pppoe_rtcom
add action=drop chain=input comment="Added by webbox" in-interface=pppoe_domru
add action=drop chain=input comment="Added by webbox" in-interface=pppoe_rtcom
add action=jump chain=forward comment="Added by webbox" in-interface=\
    pppoe_domru jump-target=customer
add action=jump chain=forward comment="Added by webbox" in-interface=\
    pppoe_rtcom jump-target=customer
add chain=customer comment="Added by webbox" connection-state=established
add chain=customer comment="Added by webbox" connection-state=related
add action=drop chain=forward comment="deny K-6 inet MAC" dst-address-list=\
    !kaspersky src-mac-address=C8:9C:DC:BC:FC:9F
add action=log chain=forward comment="deny K-6 inet MAC" dst-address-list=\
    !kaspersky log-prefix=k6-drop-inet src-mac-address=C8:9C:DC:BC:FC:9F
add action=log chain=forward comment="deny unnamed inet MAC" disabled=yes \
    dst-address-list=!kaspersky log-prefix=unnamed src-mac-address=\
    38:EC:E4:4B:B7:E7
add action=drop chain=forward comment="deny unnamed inet MAC" dst-address-list=\
    !kaspersky src-mac-address=38:EC:E4:4B:B7:E7
add action=log chain=forward comment="deny unk inet MAC" disabled=yes \
    log-prefix=unk src-mac-address=50:CC:F8:DB:70:3E
add action=drop chain=forward comment="deny unk inet MAC" src-mac-address=\
    50:CC:F8:DB:70:3E
add action=drop chain=input comment="Drop WinBox Brute Forcers" dst-port=8291 \
    protocol=tcp src-address-list=winbox_blacklist
add action=add-src-to-address-list address-list=winbox_blacklist \
    address-list-timeout=1w3d chain=input connection-state=new dst-port=8291 \
    protocol=tcp src-address-list=winbox_stage3
add action=add-src-to-address-list address-list=winbox_stage3 \
    address-list-timeout=2m chain=input connection-state=new dst-port=8291 \
    protocol=tcp src-address-list=winbox_stage2
add action=add-src-to-address-list address-list=winbox_stage2 \
    address-list-timeout=2m chain=input connection-state=new dst-port=8291 \
    protocol=tcp src-address-list=winbox_stage1
add action=add-src-to-address-list address-list=winbox_stage1 \
    address-list-timeout=2m chain=input connection-state=new dst-port=8291 \
    protocol=tcp
add action=drop chain=input comment="drop ftp brute forcers" dst-port=21 \
    protocol=tcp src-address-list=ftp_blacklist
add chain=output content="530 Login incorrect" dst-limit=1/1m,9,dst-address/1m \
    protocol=tcp
add action=add-dst-to-address-list address-list=ftp_blacklist \
    address-list-timeout=3h chain=output content="530 Login incorrect" \
    protocol=tcp
add action=drop chain=input comment="drop ssh brute forcers" dst-port=22 \
    protocol=tcp src-address-list=ssh_blacklist
add action=add-src-to-address-list address-list=ssh_blacklist \
    address-list-timeout=1w3d chain=input connection-state=new dst-port=22 \
    protocol=tcp src-address-list=ssh_stage3
add action=add-src-to-address-list address-list=ssh_stage3 \
    address-list-timeout=1m chain=input connection-state=new dst-port=22 \
    protocol=tcp src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_stage2 \
    address-list-timeout=1m chain=input connection-state=new dst-port=22 \
    protocol=tcp src-address-list=ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage1 \
    address-list-timeout=1m chain=input connection-state=new dst-port=22 \
    protocol=tcp
add action=drop chain=customer comment="Added by webbox"
/ip firewall nat
add action=masquerade chain=srcnat comment="Added by webbox" out-interface=\
    pppoe_domru
add action=masquerade chain=srcnat out-interface=pppoe_rtcom
add action=masquerade chain=srcnat comment="Added by webbox" disabled=yes \
    out-interface=pppoe_rtcom
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" \
    disabled=yes
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
    disabled=yes src-address=192.168.10.0/24 to-addresses=0.0.0.0
add action=masquerade chain=srcnat comment=kodi-test disabled=yes \
    out-interface=bridge-local
/ip hotspot user
add name=admin
/ip neighbor discovery
set "***" disabled=yes
/ip route
add disabled=yes distance=1 gateway=pppoe_rtcom
add distance=1 dst-address=192.168.0.0/24 gateway=192.168.5.2
/ip service
set telnet disabled=yes
set ftp disabled=yes
set ssh disabled=yes
/ip smb shares
set [ find default=yes ] disabled=yes
/ip upnp
set allow-disable-external-interface=no enabled=yes
/ip upnp interfaces
add interface=w_eth1_domru type=internal
add interface=w_eth2_rtcom type=internal
add interface=lan_eth3 type=internal
add interface=lan_eth4 type=internal
add interface="***" type=internal
add interface=pppoe_domru type=external
/ppp secret
add local-address=192.168.5.1 name=*** password=*** remote-address=\
    192.168.5.2 service=pptp
/system clock manual
set time-zone=+04:00
/system leds
set 0 interface="***"
/system logging
set 0 action=disk
set 1 action=disk
set 2 action=disk
set 3 action=disk
add topics=e-mail
add topics=e-mail
/tool graphing interface
add store-on-disk=no
/tool sniffer
set filter-direction=any interface=bridge-local


Diman89
Сообщения: 4
Зарегистрирован: 15 мар 2014, 21:12

совсем никаких вариантов?


Diman89
Сообщения: 4
Зарегистрирован: 15 мар 2014, 21:12

этот форум - официальный саппорт? господа, че за игнор?
номер договора я предоставлю как только поставщики мне его предоставят


Аватара пользователя
podarok66
Модератор
Сообщения: 4355
Зарегистрирован: 11 фев 2012, 18:49
Откуда: МО

Diman89 писал(а):этот форум - официальный саппорт?

Это не официальный саппорт. Это на самом деле форум продавца. Официальный форум на http://www.mikrotik.com, здесь форум дистрибьютера.
Дистрибьютер должен Вас проконсультировать лишь в рамках общих начальных настроек. Индивидуальные настройки в обязанности дистрибьютера не входят. На все вопросы по багам и фичам, заданные на форуме дистрибьютера ответы даются в случае осведомленности отвечающего по данной проблеме. Дистрибьютер не разработчик и не может быть в курсе статистики по багам и фичам системы.
Вероятнее всего никто из тех, кто читал Вашу тему не сталкивался с подобными симптомами. Поэтому и нет ответов. Можете попробовать задать тот же самый вопрос на форуме разработчиков. Если же Вам принципиально нужен ответ именно от данного дистрибьютера, пишите по адресу support@mikrotik.ru


Мануалы изучил и нигде не ошибся? Фаервол отключил? Очереди погасил? Витая пара проверена? ... Тогда Netinstal'ом железку прошей и настрой ее заново. Что, все равно не фурычит? Тогда к нам. Если не подскажем, хоть посочувствуем...
Diman89
Сообщения: 4
Зарегистрирован: 15 мар 2014, 21:12

ок


Ответить