Имеется:
5 cAP ac
2 wAP ac
hEX S в виде мастер маршрутизатора.
Настроен CAPsMAN с двумя сетями Wi-Fi (гостевая и домашняя).
Сначала (около года назад) были настроены 3 cAP ac и две wAP ac. На днях решил добавить еще две cAP ac, но они некорректно заработали.
Решил сбросить все настройки и сделал бэкап. Настройки в hEX S особо не менял. Затем сбросил настройки без дефолтной конфигурации, чтобы точки доступа появились в винбоксе, а не только через Wi-Fi. В итоге в cAP ac настроил только режим работы точки (перевел в режим CAP), ну и включил CAPsMAN в wireless интерфейсе. После этого точка доступа работала без нареканий. Но как только перезагружаю оборудование, cAP ac постоянно перезагружается. Что может быть? Хочу отметить, что настройки годовалой давности в wAP AC не менял.
Вот конфиги hEX S, cAP ac и wAP ac:
hEX S
Код: Выделить всё
MMM MMM KKK TTTTTTTTTTT KKK
MMMM MMMM KKK TTTTTTTTTTT KKK
MMM MMMM MMM III KKK KKK RRRRRR OOOOOO TTT III KKK KKK
MMM MM MMM III KKKKK RRR RRR OOO OOO TTT III KKKKK
MMM MMM III KKK KKK RRRRRR OOO OOO TTT III KKK KKK
MMM MMM III KKK KKK RRR RRR OOOOOO TTT III KKK KKK
MikroTik RouterOS 6.49.2 (c) 1999-2021 http://www.mikrotik.com/
[?] Gives the list of available commands
command [?] Gives help on the command and list of arguments
[Tab] Completes the command/word. If the input is ambiguous,
a second [Tab] gives possible options
/ Move up to base level
.. Move up one level
/command Use command at the base level
[admin@MikroTik hEX S Master] > /export compact
# model = RB760iGS
/caps-man channel
add band=2ghz-g/n control-channel-width=20mhz frequency=2437 name=2.4 tx-power=20
add band=5ghz-n/ac frequency=5220 name=5 tx-power=20
add band=2ghz-g/n control-channel-width=20mhz frequency=2462 name="2.4 guest" tx-power=20
add band=5ghz-n/ac frequency=5240 name="5 guest" tx-power=20
/interface bridge
add admin-mac=C4:AW:34:H4:CD:3S auto-mac=no name=bridge
add name="bridge guest"
/caps-man datapath
add bridge=bridge client-to-client-forwarding=yes name=datapath
add bridge="bridge guest" client-to-client-forwarding=yes name="datapath guest"
/caps-man security
add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm name=security \
passphrase=P@sh@2906
add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm name=\
"security guest" passphrase=Besplatno
/caps-man configuration
add channel=2.4 datapath=datapath mode=ap name="Wi-Fi 2.4" rx-chains=0,1,2,3 security=\
security ssid="CAPsMAN 2.4" tx-chains=0,1,2,3
add channel=5 datapath=datapath mode=ap name="Wi-Fi 5" rx-chains=0,1,2,3 security=security \
ssid="CAPsMAN 5" tx-chains=0,1,2,3
add channel="2.4 guest" datapath="datapath guest" mode=ap name="Wi-Fi 2.4 guest" rx-chains=\
0,1,2,3 security="security guest" ssid="CAPsMAN Guest 2.4" tx-chains=0,1,2,3
add channel="5 guest" datapath="datapath guest" name="Wi-Fi 5 guest" rx-chains=0,1,2,3 \
security="security guest" ssid="CAPsMAN Guest 5" tx-chains=0,1,2,3
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.254
add name=dhcp_pool1 ranges=192.168.10.2-192.168.10.254
add name=vpn ranges=192.168.89.2-192.168.89.255
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=Defconf
add address-pool=dhcp_pool1 disabled=no interface="bridge guest" name=Guest
/ppp profile
set *FFFFFFFE local-address=192.168.89.1 remote-address=vpn
/queue type
add kind=pcq name="queue guest download" pcq-classifier=dst-address pcq-dst-address6-mask=64 \
pcq-rate=5M pcq-src-address6-mask=64
add kind=pcq name="queue guest upload" pcq-classifier=src-address pcq-dst-address6-mask=64 \
pcq-rate=5M pcq-src-address6-mask=64
/queue simple
add max-limit=5M/5M name="queue guest" queue="queue guest upload/queue guest download" \
target=192.168.10.0/24
/caps-man access-list
add action=reject allow-signal-out-of-range=10s disabled=no signal-range=-120..-80 \
ssid-regexp=""
/caps-man manager
set ca-certificate=auto certificate=auto enabled=yes upgrade-policy=suggest-same-version
/caps-man provisioning
add action=create-dynamic-enabled hw-supported-modes=gn master-configuration="Wi-Fi 2.4" \
slave-configurations="Wi-Fi 2.4 guest"
add action=create-dynamic-enabled hw-supported-modes=an master-configuration="Wi-Fi 5" \
slave-configurations="Wi-Fi 5 guest"
add action=create-dynamic-enabled hw-supported-modes=ac master-configuration="Wi-Fi 5" \
slave-configurations="Wi-Fi 5 guest"
/interface bridge filter
add action=drop chain=output out-interface=cap1 packet-type=multicast
add action=drop chain=output out-interface=cap2 packet-type=multicast
add action=drop chain=output out-interface=cap3 packet-type=multicast
add action=drop chain=output out-interface=cap4 packet-type=multicast
/interface bridge port
add bridge=bridge interface=ether2
add bridge=bridge interface=ether3
add bridge=bridge interface=ether4
add bridge=bridge interface=ether5
add bridge=bridge interface=sfp1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface detect-internet
set detect-interface-list=all
/interface l2tp-server server
set enabled=yes use-ipsec=yes
/interface list member
add interface=bridge list=LAN
add interface=ether1 list=WAN
/interface pptp-server server
set enabled=yes
/ip address
add address=192.168.88.1/24 interface=bridge network=192.168.88.0
add address=192.168.10.1/24 interface="bridge guest" network=192.168.10.0
/ip cloud
set ddns-enabled=yes update-time=no
/ip dhcp-client
add disabled=no interface=ether1
/ip dhcp-server network
add address=192.168.10.0/24 dns-server=8.8.4.4,8.8.8.8 gateway=192.168.10.1
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment=CAPsMAN dst-address-type=local src-address-type=local
add action=accept chain=input comment="defconf: accept established,related,untracked" \
connection-state=established,related,untracked
add action=accept chain=forward comment=IPTV in-interface=ether1 protocol=udp
add action=accept chain=forward comment=IPTV in-interface=ether1 protocol=igmp
add action=accept chain=input comment="allow IPsec NAT" dst-port=4500 protocol=udp
add action=accept chain=input comment="allow IKE" dst-port=500 protocol=udp
add action=accept chain=input comment="allow l2tp" dst-port=1701 protocol=udp
add action=accept chain=input comment="allow pptp" dst-port=1723 protocol=tcp
add action=accept chain=input comment="allow sstp" dst-port=443 protocol=tcp
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" \
dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=\
in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=\
out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=\
established,related src-address=192.168.0.0/24
add action=accept chain=forward comment="defconf: accept established,related, untracked" \
connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" \
connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none \
out-interface-list=WAN
add action=masquerade chain=srcnat dst-address=192.168.88.217 out-interface=ether1 \
out-interface-list=WAN src-address=192.168.88.217
add action=netmap chain=dstnat dst-port=34567 in-interface=ether1 protocol=tcp to-addresses=\
192.168.88.217 to-ports=34567
add action=masquerade chain=srcnat comment="masq. vpn traffic" src-address=192.168.89.0/24
/ip route rule
add action=drop dst-address=192.168.10.0/24 src-address=192.168.88.0/24
add action=drop dst-address=192.168.88.0/24 src-address=192.168.10.0/24
/ip service
set www port=8080
set www-ssl disabled=no
/ppp secret
add name=vpn
/routing igmp-proxy interface
add
add alternative-subnets=0.0.0.0/0 disabled=yes interface=ether1 upstream=yes
/system clock
set time-zone-autodetect=no time-zone-name=Europe/Moscow
/system identity
set name="MikroTik hEX S Master"
/system ntp client
set enabled=yes primary-ntp=91.203.126.55 secondary-ntp=91.203.16.3
/system scheduler
add disabled=yes interval=3d name="Reboot every 3 days" on-event="/system reboot" policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=dec/30/2020 \
start-time=00:00:00
/system watchdog
set watchdog-timer=no
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
[admin@MikroTik hEX S Master] >
# model = RBcAPGi-5acD2nD
/interface bridge
add name=bridge1
/interface wireless
# managed by CAPsMAN
set [ find default-name=wlan1 ] ssid=MikroTik
# managed by CAPsMAN
set [ find default-name=wlan2 ] ssid=MikroTik
/interface ethernet
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/interface bridge port
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=wlan2
add bridge=bridge1 interface=wlan1
/interface list member
add interface=ether1 list=WAN
add interface=ether2 list=LAN
add interface=wlan2 list=LAN
add interface=wlan1 list=LAN
/interface wireless cap
#
set bridge=bridge1 discovery-interfaces=bridge1 enabled=yes interfaces=\
wlan1,wlan2
/ip dhcp-client
add disabled=no interface=bridge1
/system clock
set time-zone-name=Europe/Moscow
/system identity
set name="MikroTik cAP ac 1 Floor"
[admin@MikroTik cAP ac 1 Floor] > [/code]
wAP ac
Код: Выделить всё
# model = RBwAPG-5HacT2HnD
/interface bridge
add name=bridge1
/interface wireless
# managed by CAPsMAN
# channel: 2437/20-Ce/gn(18dBm), SSID: CAPsMAN 2.4, CAPsMAN forwarding
set [ find default-name=wlan1 ] ssid=MikroTik
# managed by CAPsMAN
# channel: 5220/20-eeCe/ac/P(18dBm), SSID: CAPsMAN 5, CAPsMAN forwarding
set [ find default-name=wlan2 ] ssid=MikroTik
/interface ethernet
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/interface bridge port
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=wlan2
add bridge=bridge1 interface=wlan1
/interface list member
add interface=ether1 list=WAN
add interface=wlan2 list=LAN
add interface=wlan1 list=LAN
/interface wireless cap
#
set bridge=bridge1 discovery-interfaces=bridge1 enabled=yes interfaces=\
wlan1,wlan2
/ip dhcp-client
add disabled=no interface=bridge1
/system clock
set time-zone-name=Europe/Moscow
/system identity
set name="MikroTik wAP ac Front Yard"
system,error,critical router was rebooted without proper shutdown
system,error,critical router rebooted without proper shutdown, probably power outage.