Проблемы с Wifi на rb2011uas

Обсуждение оборудования и его настройки
Ответить
Slevin
Сообщения: 3
Зарегистрирован: 27 мар 2014, 19:40

Здравствуйте!

Помогите, пожалуйста, первый раз с подобным сталкиваюсь.

1. Суть проблемы.
Есть rb2011uas, раздаёт 2 подсети по wifi, назовём их wi1 и wi2. Пытаюсь подключиться в комнате, где стоит роутер(за 2 метра от него), всё хорошо, подключается в лёт, трафик бегает. Отношу девайс по прямой видимости на 7 метров, всё, ip не получает, в логах disconnected, group key exchange timeout, что, насколько я понимаю, говорит о несовместимости шифрования, но за 2-3 метра от роутера-то всё хорошо. Причём проблема возникла внезапно, не один месяц роутер работал без перезагруза, и тут на тебе.

2. Что было предпринято?
Поиск в гугле похожих ситуаций, перегруз роутера(всё что в моих силах, в настройки лезть без совета боюсь).

3. Конфигурация Микротика /export compact (убирайте в спойлеры, так же как и любые длинные тексты!)
 
# mar/27/2014 21:00:53 by RouterOS 6.0rc14
# software id = 6UIF-9WPJ
#
/certificate
set "vpn client" name="vpn client" trusted=yes
set "ca vpn" name="ca vpn" trusted=yes
set "ca vpn2" name="ca vpn2" trusted=yes
set vpn2_client name=vpn2_client trusted=yes
/interface bridge
add admin-mac=D4:CA:6D:8D:83:20 auto-mac=no l2mtu=1598 name=bridge-local \
protocol-mode=rstp
/interface ethernet
set 0 comment=WAN mtu=1480 name=ether1-gateway
set 5 name=ether6-master-local
set 6 master-port=ether6-master-local name=ether7-slave-local
set 7 master-port=ether6-master-local name=ether8-slave-local
set 8 master-port=ether6-master-local name=ether9-slave-local
set 9 master-port=ether6-master-local name=ether10-slave-local
set 10 disabled=yes name=sfp1-gateway speed=100Mbps
/interface l2tp-client
add allow=mschap1,mschap2 connect-to=XX.XX.XX.XX name=l2tp-out1 password=lsrv \
user=lsrv
/ip neighbor discovery
set ether1-gateway comment=WAN
/interface wireless security-profiles
add authentication-types=wpa-psk,wpa2-psk eap-methods=passthrough \
management-protection=allowed mode=dynamic-keys name=lsys \
supplicant-identity="" wpa-pre-shared-key=xxxxxx wpa2-pre-shared-key=\
xxxxxx
add authentication-types=wpa2-psk eap-methods=passthrough \
management-protection=allowed mode=dynamic-keys name=Wi2 \
supplicant-identity="" wpa2-pre-shared-key="yyyyyy"
/interface wireless
set 1 adaptive-noise-immunity=ap-and-client-mode antenna-gain=16 band=\
2ghz-b/g basic-rates-b="" country=russia disabled=no frequency=2452 \
frequency-mode=regulatory-domain ht-rxchains=0,1 ht-txchains=0,1 \
hw-protection-mode=rts-cts l2mtu=2290 mode=ap-bridge \
periodic-calibration=enabled security-profile=lsys ssid=Wi1 \
supported-rates-b="" tx-power-mode=all-rates-fixed wireless-protocol=\
802.11 wmm-support=enabled
/ip neighbor discovery
set wlan1 discover=no
/interface wireless
add disabled=no l2mtu=2290 mac-address=D6:CA:6D:8D:83:29 master-interface=\
wlan1 name=Wi2 security-profile=Wi2 ssid=Wi2 wds-cost-range=0 \
wds-default-cost=0
/ip neighbor discovery
set Wi2 discover=no
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m
/ip pool
add name=default-dhcp ranges=192.168.3.100-192.168.3.200
add name=dhcp_pool1 ranges=192.168.2.200-192.168.2.254
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=bridge-local name=default
add address-pool=dhcp_pool1 disabled=no interface=Wi2 lease-time=1d name=\
dhcp1
/port
set 0 name=serial0
/ppp profile
add change-tcp-mss=yes name=vpn use-compression=yes use-encryption=no \
use-mpls=yes use-vj-compression=yes
add name=vpn2 use-compression=yes use-encryption=no use-mpls=yes \
use-vj-compression=yes
/interface ovpn-client
add certificate="vpn client" cipher=aes256 connect-to=YY.YY.YY.YY \
disabled=yes mac-address=02:74:14:FE:71:5F max-mtu=1440 name=vpn \
password=office profile=vpn user=office
add certificate=vpn2_client cipher=aes256 connect-to=ZZ.ZZ.ZZ.ZZ \
mac-address=02:EA:BD:7B:40:89 name=vpn2 password=vpn2 port=2294 \
profile=vpn2 user=vpn2
/ip neighbor discovery
set vpn discover=no
/queue type
add kind=pcq name=pcq-download pcq-classifier=src-address \
pcq-dst-address6-mask=64 pcq-src-address6-mask=64
add kind=pcq name=pcq-upload pcq-classifier=dst-address \
pcq-dst-address6-mask=64 pcq-src-address6-mask=64
/queue tree
add burst-limit=5M burst-time=5m limit-at=1M max-limit=2M name=Download \
parent=bridge-local queue=default
add burst-limit=5M burst-time=5m limit-at=1M max-limit=2M name=Upload parent=\
ether1-gateway queue=default
add name=queue-down packet-mark=user-down parent=Download queue=pcq-download
add name=queue-up packet-mark=user-up parent=Upload queue=pcq-upload
/interface bridge port
add bridge=bridge-local interface=ether2
add bridge=bridge-local interface=ether3
add bridge=bridge-local interface=ether4
add bridge=bridge-local interface=ether5
add bridge=bridge-local interface=ether6-master-local
add bridge=bridge-local interface=wlan1
/interface wireless access-list
add authentication=no disabled=yes forwarding=no mac-address=\
18:87:96:16:6B:13 time=0s-1d,sun,mon,tue,wed,thu,fri,sat
add authentication=no disabled=yes forwarding=no mac-address=\
90:F6:52:B1:0E:D8
/ip address
add address=192.168.88.1/24 comment="default configuration" disabled=yes \
interface=bridge-local network=192.168.88.0
add address=192.168.3.1/24 comment="Computers Network" interface=bridge-local \
network=192.168.3.0
add address=192.168.2.1/24 interface=Wi2 network=192.168.2.0
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=ether1-gateway \
use-peer-dns=no use-peer-ntp=no
/ip dhcp-server lease
add address=192.168.3.9 comment="temp blochek" disabled=yes mac-address=\
00:01:2E:3B:A1:7A
/ip dhcp-server network
add address=192.168.2.0/24 dns-server=8.8.8.8 gateway=192.168.2.1
add address=192.168.3.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.3.1 \
netmask=24
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 name=router
/ip firewall filter
add chain=input comment="default configuration" protocol=icmp
add chain=input comment="default configuration" connection-state=established
add chain=input comment="default configuration" connection-state=related
add action=drop chain=input comment="default configuration" disabled=yes \
in-interface=sfp1-gateway
add action=drop chain=input comment="default configuration" in-interface=\
ether1-gateway
/ip firewall mangle
add action=mark-routing chain=prerouting disabled=yes new-routing-mark=aster \
src-address=192.168.3.12
add action=mark-routing chain=prerouting disabled=yes dst-address=YY.YY.YY.YY \
new-routing-mark=RDP
add action=mark-routing chain=prerouting comment="Mark dhcp-clients" \
new-routing-mark=dhcp-clients passthrough=no src-address=\
192.168.3.12-192.168.3.200
add action=change-mss chain=forward comment="Path MTU Discovery Black Hole" \
disabled=yes new-mss=1360 protocol=tcp tcp-flags=syn tcp-mss=1453-65535
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1-gateway routing-mark=\
RDP
add action=masquerade chain=srcnat comment="Internet over OVPN" \
out-interface=vpn2 src-address=192.168.3.0/24 to-addresses=10.0.3.8
add action=src-nat chain=srcnat disabled=yes protocol=tcp src-address=\
192.168.3.122 src-port=22 to-addresses=PP.PP.PP.PP to-ports=22
add action=masquerade chain=srcnat disabled=yes out-interface=vpn2 \
routing-mark=aster src-address=192.168.3.12
add action=masquerade chain=srcnat comment="Internet Without VPN" \
out-interface=ether1-gateway src-address=192.168.2.0/24
add action=masquerade chain=srcnat comment="Internet over vpn" disabled=\
yes out-interface=ether1-gateway src-address=192.168.3.0/24 to-addresses=\
CC.CC.CC.CC
/ip firewall service-port
set sip disabled=yes
/ip route
add distance=1 gateway=vpn2 routing-mark=aster
add check-gateway=ping distance=1 gateway=vpn2 routing-mark=dhcp-clients
add disabled=yes distance=2 gateway=vpn routing-mark=dhcp-clients
add distance=1 dst-address=172.17.0.0/24 gateway=vpn2
add distance=1 dst-address=172.17.1.0/24 gateway=vpn2
/ip service
set ssh port=222
/lcd
set current-interface=ether8-slave-local time-interval=hour
/system clock
set time-zone-name=Europe/vpn2
/system ntp client
set enabled=yes mode=unicast primary-ntp=195.43.74.123 secondary-ntp=\
130.133.1.10
/system scheduler
add disabled=yes interval=5m name=schedule1 on-event="interface ovpn-client di\
sable vpn\r\
\ninterface ovpn-client enable vpn" policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
start-date=dec/02/2013 start-time=15:23:35
/tool mac-server
add disabled=no interface=ether2
add disabled=no interface=ether3
add disabled=no interface=ether4
add disabled=no interface=ether5
add disabled=no interface=ether6-master-local
add disabled=no interface=ether7-slave-local
add disabled=no interface=ether8-slave-local
add disabled=no interface=ether9-slave-local
add disabled=no interface=wlan1
add disabled=no interface=bridge-local
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2
add interface=ether3
add interface=ether4
add interface=ether5
add interface=ether6-master-local
add interface=ether7-slave-local
add interface=ether8-slave-local
add interface=ether9-slave-local
add interface=wlan1
add interface=bridge-local
/tool traffic-monitor
add name=tmon1 threshold=0 traffic=received


4. С документацией FAQ, Manual и информацией на форуме ознакомлен, но ответа не нашел (да - ознакомлен, нет - не ознакомлен).
Ознакомлен, много не понял, ответа не нашёл.

Помогите, пожалуйста, возможно кто-то сталкивался. Ситуация в корне непонятна мне, как профану, в какую сторону смотреть? Заранее спасибо!


Slevin
Сообщения: 3
Зарегистрирован: 27 мар 2014, 19:40

Почему-то не вижу своего спойлера по пункту, вот без спойлера, если длинно, простите - удалю. У меня в комнате где микротик 3 девайса сейчас, телефон и 2 ноутбука, всё отлично, отхожу на 7 метров - data loss и ошибка ключа в логах. Забыл добавить wi2 отлично ловит везде.

/certificate
set "vpn client" name="vpn client" trusted=yes
set "ca vpn" name="ca vpn" trusted=yes
set "ca vpn2" name="ca vpn2" trusted=yes
set vpn2_client name=vpn2_client trusted=yes
/interface bridge
add admin-mac=D4:CA:6D:8D:83:20 auto-mac=no l2mtu=1598 name=bridge-local \
protocol-mode=rstp
/interface ethernet
set 0 comment=WAN mtu=1480 name=ether1-gateway
set 5 name=ether6-master-local
set 6 master-port=ether6-master-local name=ether7-slave-local
set 7 master-port=ether6-master-local name=ether8-slave-local
set 8 master-port=ether6-master-local name=ether9-slave-local
set 9 master-port=ether6-master-local name=ether10-slave-local
set 10 disabled=yes name=sfp1-gateway speed=100Mbps
/interface l2tp-client
add allow=mschap1,mschap2 connect-to=XX.XX.XX.XX name=l2tp-out1 password=lsrv \
user=lsrv
/ip neighbor discovery
set ether1-gateway comment=WAN
/interface wireless security-profiles
add authentication-types=wpa-psk,wpa2-psk eap-methods=passthrough \
management-protection=allowed mode=dynamic-keys name=lsys \
supplicant-identity="" wpa-pre-shared-key=xxxxxx wpa2-pre-shared-key=\
xxxxxx
add authentication-types=wpa2-psk eap-methods=passthrough \
management-protection=allowed mode=dynamic-keys name=Wi2 \
supplicant-identity="" wpa2-pre-shared-key="yyyyyy"
/interface wireless
set 1 adaptive-noise-immunity=ap-and-client-mode antenna-gain=16 band=\
2ghz-b/g basic-rates-b="" country=russia disabled=no frequency=2452 \
frequency-mode=regulatory-domain ht-rxchains=0,1 ht-txchains=0,1 \
hw-protection-mode=rts-cts l2mtu=2290 mode=ap-bridge \
periodic-calibration=enabled security-profile=lsys ssid=Wi1 \
supported-rates-b="" tx-power-mode=all-rates-fixed wireless-protocol=\
802.11 wmm-support=enabled
/ip neighbor discovery
set wlan1 discover=no
/interface wireless
add disabled=no l2mtu=2290 mac-address=D6:CA:6D:8D:83:29 master-interface=\
wlan1 name=Wi2 security-profile=Wi2 ssid=Wi2 wds-cost-range=0 \
wds-default-cost=0
/ip neighbor discovery
set Wi2 discover=no
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m
/ip pool
add name=default-dhcp ranges=192.168.3.100-192.168.3.200
add name=dhcp_pool1 ranges=192.168.2.200-192.168.2.254
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=bridge-local name=default
add address-pool=dhcp_pool1 disabled=no interface=Wi2 lease-time=1d name=\
dhcp1
/port
set 0 name=serial0
/ppp profile
add change-tcp-mss=yes name=vpn use-compression=yes use-encryption=no \
use-mpls=yes use-vj-compression=yes
add name=vpn2 use-compression=yes use-encryption=no use-mpls=yes \
use-vj-compression=yes
/interface ovpn-client
add certificate="vpn client" cipher=aes256 connect-to=YY.YY.YY.YY \
disabled=yes mac-address=02:74:14:FE:71:5F max-mtu=1440 name=vpn \
password=office profile=vpn user=office
add certificate=vpn2_client cipher=aes256 connect-to=ZZ.ZZ.ZZ.ZZ \
mac-address=02:EA:BD:7B:40:89 name=vpn2 password=vpn2 port=2294 \
profile=vpn2 user=vpn2
/ip neighbor discovery
set vpn discover=no
/queue type
add kind=pcq name=pcq-download pcq-classifier=src-address \
pcq-dst-address6-mask=64 pcq-src-address6-mask=64
add kind=pcq name=pcq-upload pcq-classifier=dst-address \
pcq-dst-address6-mask=64 pcq-src-address6-mask=64
/queue tree
add burst-limit=5M burst-time=5m limit-at=1M max-limit=2M name=Download \
parent=bridge-local queue=default
add burst-limit=5M burst-time=5m limit-at=1M max-limit=2M name=Upload parent=\
ether1-gateway queue=default
add name=queue-down packet-mark=user-down parent=Download queue=pcq-download
add name=queue-up packet-mark=user-up parent=Upload queue=pcq-upload
/interface bridge port
add bridge=bridge-local interface=ether2
add bridge=bridge-local interface=ether3
add bridge=bridge-local interface=ether4
add bridge=bridge-local interface=ether5
add bridge=bridge-local interface=ether6-master-local
add bridge=bridge-local interface=wlan1
/interface wireless access-list
add authentication=no disabled=yes forwarding=no mac-address=\
18:87:96:16:6B:13 time=0s-1d,sun,mon,tue,wed,thu,fri,sat
add authentication=no disabled=yes forwarding=no mac-address=\
90:F6:52:B1:0E:D8
/ip address
add address=192.168.88.1/24 comment="default configuration" disabled=yes \
interface=bridge-local network=192.168.88.0
add address=192.168.3.1/24 comment="Computers Network" interface=bridge-local \
network=192.168.3.0
add address=192.168.2.1/24 interface=Wi2 network=192.168.2.0
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=ether1-gateway \
use-peer-dns=no use-peer-ntp=no
/ip dhcp-server lease
add address=192.168.3.9 comment="temp blochek" disabled=yes mac-address=\
00:01:2E:3B:A1:7A
/ip dhcp-server network
add address=192.168.2.0/24 dns-server=8.8.8.8 gateway=192.168.2.1
add address=192.168.3.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.3.1 \
netmask=24
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 name=router
/ip firewall filter
add chain=input comment="default configuration" protocol=icmp
add chain=input comment="default configuration" connection-state=established
add chain=input comment="default configuration" connection-state=related
add action=drop chain=input comment="default configuration" disabled=yes \
in-interface=sfp1-gateway
add action=drop chain=input comment="default configuration" in-interface=\
ether1-gateway
/ip firewall mangle
add action=mark-routing chain=prerouting disabled=yes new-routing-mark=aster \
src-address=192.168.3.12
add action=mark-routing chain=prerouting disabled=yes dst-address=YY.YY.YY.YY \
new-routing-mark=RDP
add action=mark-routing chain=prerouting comment="Mark dhcp-clients" \
new-routing-mark=dhcp-clients passthrough=no src-address=\
192.168.3.12-192.168.3.200
add action=change-mss chain=forward comment="Path MTU Discovery Black Hole" \
disabled=yes new-mss=1360 protocol=tcp tcp-flags=syn tcp-mss=1453-65535
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1-gateway routing-mark=\
RDP
add action=masquerade chain=srcnat comment="Internet over OVPN" \
out-interface=vpn2 src-address=192.168.3.0/24 to-addresses=10.0.3.8
add action=src-nat chain=srcnat disabled=yes protocol=tcp src-address=\
192.168.3.122 src-port=22 to-addresses=PP.PP.PP.PP to-ports=22
add action=masquerade chain=srcnat disabled=yes out-interface=vpn2 \
routing-mark=aster src-address=192.168.3.12
add action=masquerade chain=srcnat comment="Internet Without VPN" \
out-interface=ether1-gateway src-address=192.168.2.0/24
add action=masquerade chain=srcnat comment="Internet over vpn" disabled=\
yes out-interface=ether1-gateway src-address=192.168.3.0/24 to-addresses=\
CC.CC.CC.CC
/ip firewall service-port
set sip disabled=yes
/ip route
add distance=1 gateway=vpn2 routing-mark=aster
add check-gateway=ping distance=1 gateway=vpn2 routing-mark=dhcp-clients
add disabled=yes distance=2 gateway=vpn routing-mark=dhcp-clients
add distance=1 dst-address=172.17.0.0/24 gateway=vpn2
add distance=1 dst-address=172.17.1.0/24 gateway=vpn2
/ip service
set ssh port=222
/lcd
set current-interface=ether8-slave-local time-interval=hour
/system clock
set time-zone-name=Europe/vpn2
/system ntp client
set enabled=yes mode=unicast primary-ntp=195.43.74.123 secondary-ntp=\
130.133.1.10
/system scheduler
add disabled=yes interval=5m name=schedule1 on-event="interface ovpn-client di\
sable vpn\r\
\ninterface ovpn-client enable vpn" policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
start-date=dec/02/2013 start-time=15:23:35
/tool mac-server
add disabled=no interface=ether2
add disabled=no interface=ether3
add disabled=no interface=ether4
add disabled=no interface=ether5
add disabled=no interface=ether6-master-local
add disabled=no interface=ether7-slave-local
add disabled=no interface=ether8-slave-local
add disabled=no interface=ether9-slave-local
add disabled=no interface=wlan1
add disabled=no interface=bridge-local
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2
add interface=ether3
add interface=ether4
add interface=ether5
add interface=ether6-master-local
add interface=ether7-slave-local
add interface=ether8-slave-local
add interface=ether9-slave-local
add interface=wlan1
add interface=bridge-local
/tool traffic-monitor
add name=tmon1 threshold=0 traffic=received


Slevin
Сообщения: 3
Зарегистрирован: 27 мар 2014, 19:40

Обнулил роутер, залил работоспособный конфиг(аналогичный вчерашнему running, ничего не менялось), не помогло. К Wi1 подключается только в радиусе 3х метров, через 7 метров не получает ip-адрес от dhcp. Wi2 работает более менее исправно, не считая что сила сигнала через 10 метров в 2 раза падает. Но адаптер-то там один, как такое может быть? Выручайте.


vqd
Модератор
Сообщения: 3605
Зарегистрирован: 26 сен 2013, 14:20
Откуда: НСК
Контактная информация:

Ну так поглядите чего в эфире творится. Может 2452 забита по самое не хочу


Есть интересная задача и бюджет? http://mikrotik.site
Ответить