Проблема в том, что периодический пропадает wifi на некоторых компьютерах, но так, что комп остается подключенным к сети, а вот не одна вкладка не грузится, и через какое то время оно может само исправиться, я вот хочу разобраться в чем проблема. В Log нет никаких ошибков и тд.
Все настраивал не только я, пришел уже на работающее оборудование с одним Cap'ом.
L2TP настроен до серверной и других офисов.
Это оборудование
Это главный микротик, на котором настроен CapsMan:
Код: Выделить всё
# apr/25/2024 15:13:05 by RouterOS 6.49.10
# software id = BCUN-0M0C
#
# model = RBD52G-5HacD2HnD
# serial number = B4A40A8FF82C
/caps-man channel
add band=2ghz-onlyn control-channel-width=20mhz extension-channel=disabled \
name=2G tx-power=21
add band=5ghz-a/n/ac control-channel-width=20mhz extension-channel=disabled \
name=channel5 skip-dfs-channels=yes tx-power=23
/interface bridge
add admin-mac=74:4D:28:BB:D9:5B auto-mac=no comment=defconf name=bridge
/interface ethernet
set [ find default-name=ether1 ] comment=wan
set [ find default-name=ether2 ] comment=commytator
set [ find default-name=ether3 ] comment=proizvodstvo loop-protect=off
set [ find default-name=ether4 ] comment="1 floor"
set [ find default-name=ether5 ] comment=camers
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1 name=pppoe-out1 \
password=*** user=***
/interface l2tp-server
add name="L2TP Server for Spam" user=spam
add name="L2TP server for AlexMikrotik" user=alex
/interface wireless
# managed by CAPsMAN
# channel: 2412/20/gn(20dBm), SSID: HQ, local forwarding
set [ find default-name=wlan1 ] antenna-gain=0 band=2ghz-b/g/n channel-width=\
20/40mhz-XX country=no_country_set disabled=no distance=indoors \
frequency=auto frequency-mode=manual-txpower installation=indoor mode=\
ap-bridge ssid=MikroTik-BBD95F station-roaming=enabled wireless-protocol=\
802.11
# managed by CAPsMAN
# channel: 5160/20/ac/P(20dBm), SSID: HQ 5G, local forwarding
set [ find default-name=wlan2 ] antenna-gain=0 band=5ghz-a/n/ac \
channel-width=20/40/80mhz-XXXX country=no_country_set disabled=no \
distance=indoors frequency=auto frequency-mode=manual-txpower \
installation=indoor mode=ap-bridge ssid=MikroTik-BBD960 station-roaming=\
enabled wireless-protocol=802.11
/caps-man datapath
add bridge=bridge client-to-client-forwarding=yes local-forwarding=yes name=\
datapath1
/caps-man security
add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm \
group-key-update=40m name=security1 passphrase=hqoffice
/caps-man configuration
add channel=2G country=russia4 datapath=datapath1 distance=indoors \
installation=indoor mode=ap multicast-helper=full name=2gconfig \
rx-chains=0,1,2,3 security=security1 ssid=HQ tx-chains=0,1,2,3
add channel=channel5 country=russia4 datapath=datapath1 distance=indoors \
installation=indoor mode=ap multicast-helper=full name=5config rx-chains=\
0,1,2,3 security=security1 ssid="HQ 5G" tx-chains=0,1,2,3
/caps-man interface
add configuration=5config disabled=no l2mtu=1600 mac-address=\
C4:AD:34:54:90:7F master-interface=none name=cap42 radio-mac=\
C4:AD:34:54:90:7F radio-name=C4AD3454907F
add configuration=2gconfig disabled=no l2mtu=1600 mac-address=\
C4:AD:34:54:90:7E master-interface=none name=cap43 radio-mac=\
C4:AD:34:54:90:7E radio-name=C4AD3454907E
add configuration=5config disabled=no l2mtu=1600 mac-address=\
08:55:31:C2:0F:2D master-interface=none name=cap44 radio-mac=\
08:55:31:C2:0F:2D radio-name=085531C20F2D
add configuration=2gconfig disabled=no l2mtu=1600 mac-address=\
08:55:31:C2:0F:2E master-interface=none name=cap45 radio-mac=\
08:55:31:C2:0F:2E radio-name=085531C20F2E
add configuration=2gconfig disabled=no l2mtu=1600 mac-address=\
48:8F:5A:A2:E0:A6 master-interface=none name=cap46 radio-mac=\
48:8F:5A:A2:E0:A6 radio-name=488F5AA2E0A6
add configuration=5config disabled=yes mac-address=48:A9:8A:6A:92:70 \
master-interface=none name=cap47 radio-mac=48:A9:8A:6A:92:70 radio-name=\
48A98A6A9270
add configuration=2gconfig disabled=yes mac-address=48:A9:8A:6A:92:71 \
master-interface=none name=cap48 radio-mac=48:A9:8A:6A:92:71 radio-name=\
48A98A6A9271
add configuration=5config disabled=no l2mtu=1600 mac-address=\
18:FD:74:3C:65:BB master-interface=none name=cap49 radio-mac=\
18:FD:74:3C:65:BB radio-name=18FD743C65BB
add configuration=2gconfig disabled=no l2mtu=1600 mac-address=\
18:FD:74:3C:65:BA master-interface=none name=cap50 radio-mac=\
18:FD:74:3C:65:BA radio-name=18FD743C65BA
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge lease-time=50m name=\
defconf
/ppp profile
set *0 only-one=no
set *FFFFFFFE only-one=no use-compression=no use-mpls=no
/queue type
add kind=pcq name=pcq-download-25M pcq-classifier=dst-address pcq-rate=25M
add kind=pcq name=pcq-upload-25M pcq-classifier=src-address pcq-rate=25M
/queue simple
add max-limit=5M/5M name=queue1 queue=default/default-small target=ether5
add disabled=yes max-limit=45M/45M name=queue-limit-25M queue=\
pcq-upload-25M/pcq-download-25M target=192.168.88.0/24
/snmp community
set [ find default=yes ] addresses=188.***.**.27/32 disabled=yes
add addresses=0.0.0.0/0 name=MCLk8GTqc3u5
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
sword,web,sniff,sensitive,api,romon,dude,tikapp"
/caps-man access-list
add action=accept allow-signal-out-of-range=10s disabled=no signal-range=\
-79..120 ssid-regexp=""
add action=reject allow-signal-out-of-range=10s disabled=no signal-range=\
-120..-80 ssid-regexp=""
/caps-man manager
set enabled=yes package-path=./
/caps-man manager interface
add disabled=no forbid=yes interface=pppoe-out1
/caps-man provisioning
add action=create-enabled hw-supported-modes=gn master-configuration=2gconfig \
name-prefix=2G-%I
add action=create-enabled hw-supported-modes=an master-configuration=5config \
name-prefix=5G-%I
add action=create-enabled disabled=yes hw-supported-modes=ac name-format=\
prefix-identity name-prefix=5ghz-ac-%I
add action=create-enabled disabled=yes hw-supported-modes=an name-format=\
prefix-identity name-prefix=5ghz-an-%I
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge comment=defconf interface=wlan2
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface l2tp-server server
set authentication=mschap2 enabled=yes
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
add interface=pppoe-out1 list=WAN
/interface wireless cap
#
set bridge=bridge caps-man-addresses=192.168.88.1 discovery-interfaces=bridge \
enabled=yes interfaces=wlan1,wlan2
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=\
192.168.88.0
/ip dhcp-client
add comment=defconf interface=ether1
/ip dhcp-server lease
add address=192.168.88.252 client-id=1:48:8f:5a:a2:e0:a4 comment="AP SKLAD" \
mac-address=48:8F:5A:A2:E0:A4 server=defconf
add address=192.168.88.78 client-id=1:d0:37:45:6c:cf:3c mac-address=\
D0:37:45:6C:CF:3C server=defconf
add address=192.168.88.77 client-id=1:d0:37:45:61:1f:88 mac-address=\
D0:37:45:61:1F:88 server=defconf
add address=192.168.88.22 client-id=1:8:ed:ed:90:99:f6 comment=\
"\CA\E0\EC\E5\F0\E0 \EF\F0\EE\E8\E7\E2\EE\E4\F1\F2\E2\EE" mac-address=\
08:ED:ED:90:99:F6 server=defconf
add address=192.168.88.11 client-id=1:40:f4:13:42:9c:29 comment=\
"\CA\E0\EC\E5\F0\E0 RVI \F1\EA\EB\E0\E4" mac-address=40:F4:13:42:9C:29 \
server=defconf
add address=192.168.88.10 client-id=1:8:ed:ed:90:99:93 comment=\
"\CA\E0\EC\E5\F0\E0 1 \F6\E5\F5" mac-address=08:ED:ED:90:99:93 server=\
defconf
add address=192.168.88.240 comment="\EF\F0\E8\ED\F2\E5\F0 1 \FD\F2\E0\E6" \
mac-address=10:98:C3:DA:C0:0C server=defconf
add address=192.168.88.55 client-id=1:8:55:31:8f:81:32 mac-address=\
08:55:31:8F:81:32 server=defconf
add address=192.168.88.52 client-id=1:d8:5e:d3:9a:31:1f mac-address=\
D8:5E:D3:9A:31:1F server=defconf
add address=192.168.88.64 client-id=1:30:9c:23:e8:5d:ab comment=\
"\CF\F0\EE\E8\E2\E7\EE\E4\F1\F2\E2\E5\ED\ED\E0\FF 1\F1" mac-address=\
30:9C:23:E8:5D:AB server=defconf
add address=192.168.88.65 client-id=1:24:32:ae:53:c8:52 comment=\
"\D0\E5\E3\E8\F1\F2\F0\E0\F2\EE\F0\EE \ED\EE\E2\FB\E9" mac-address=\
24:32:AE:53:C8:52 server=defconf
add address=192.168.88.25 client-id=1:8:ed:ed:90:9a:6b comment=\
"\CA\E0\EC\E5\F0\E0 \F3\EB\E8\F6\E0" mac-address=08:ED:ED:90:9A:6B \
server=defconf
add address=192.168.88.62 client-id=1:d0:37:45:69:a1:9f comment=\
"\C0\F0\F2\B8\EC" mac-address=D0:37:45:69:A1:9F server=defconf
add address=192.168.88.83 client-id=1:40:ac:bf:49:29:25 comment=\
"\CA\E0\EC\E5\F0\E0 \F1\EA\EB\E0\E4 \E8\ED\F1\F2\F0\F3\EC\E5\ED\F2\EE\E2" \
mac-address=40:AC:BF:49:29:25 server=defconf
add address=192.168.88.82 client-id=1:40:ac:bf:49:15:ac comment=\
"\CA\E0\EC\E5\F0\E0 \F1\EA\EB\E0\E4" mac-address=40:AC:BF:49:15:AC \
server=defconf
add address=192.168.88.16 client-id=1:38:d5:7a:d:25:a6 comment=\
"\CF\F0\E8\ED\F2\E5\F0 \CC\D4\D3 \EF\F0\EE\E8\E7\E2\EE\E4\F1\F2\E2\EE" \
mac-address=38:D5:7A:0D:25:A6 server=defconf
add address=192.168.88.58 client-id=1:74:56:3c:cf:3e:81 comment="\EA\EE\EC\EF \
\ED\E0 \EF\F0\EE\E8\E7\E2\EE\E4\F1\F2\E2\E5 \EF\EE\E4\EA\EB\FE\F7\E5\ED\ED\
\FB\E9 \EA \E0\ED\E2\E8\E7\F3" mac-address=74:56:3C:CF:3E:81 server=\
defconf
add address=192.168.88.12 comment=Anviz mac-address=00:22:CA:02:46:64 server=\
defconf
add address=192.168.88.59 client-id=1:78:24:af:3a:ed:9 comment=\
"\EA\EE\EC\EF \F1\EA\EB\E0\E4 + \EF\F0\E8\ED\F2\E5\F0" mac-address=\
78:24:AF:3A:ED:09 server=defconf
add address=192.168.88.111 client-id=1:8:55:31:c2:f:29 mac-address=\
08:55:31:C2:0F:29 server=defconf
add address=192.168.88.162 client-id=1:d0:bf:9c:37:2:71 comment=\
"\EF\F0\E8\ED\F2\E5\F0 2 \FD\F2\E0\E6" mac-address=D0:BF:9C:37:02:71 \
server=defconf
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set servers=8.8.8.8,1.0.0.1
/ip dns static
add address=192.168.88.1 name=router.lan
add address=192.168.77.254 name=1C-SERVER-BUH
/ip firewall filter
add action=accept chain=input comment=UnblockCapsman dst-address-type=local \
src-address-type=local
add action=accept chain=input comment="allow zabbix" dst-port=161 protocol=\
udp src-address=77.222.43.106 src-port=""
add action=accept chain=icmp protocol=icmp src-address=77.222.43.106
add action=accept chain=input dst-address-type=local src-address-type=local
add action=accept chain=input dst-port=2204,56465 protocol=tcp
add action=accept chain=input dst-port=1701,1199 protocol=udp
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related disabled=yes
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
/ip firewall nat
add action=netmap chain=dstnat dst-port=161 in-interface=all-ethernet \
protocol=udp to-addresses=192.168.88.76 to-ports=161
add action=dst-nat chain=dstnat dst-port=10050 in-interface=all-ethernet \
port="" protocol=udp src-port=10051 to-addresses=192.168.88.76 to-ports=\
10050
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN
add action=masquerade chain=srcnat disabled=yes out-interface=*1D
/ip route
add comment="Route to Spam" distance=1 dst-address=192.168.1.0/24 gateway=\
172.16.30.6 pref-src=192.168.88.1
add comment="Route to AlexMicrotik" distance=1 dst-address=192.168.66.0/24 \
gateway=172.16.30.8 pref-src=192.168.88.1
add distance=1 dst-address=192.168.77.0/24 gateway=172.16.30.2 pref-src=\
192.168.88.1
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www port=8081
set ssh disabled=yes
set api disabled=yes
set winbox port=56465
set api-ssl disabled=yes
/ppp secret
add local-address=172.16.30.1 name=buheg password=*** profile=\
default-encryption remote-address=172.16.30.2 service=l2tp
add local-address=172.16.30.3 name=prodeg password=*** profile=\
default-encryption remote-address=172.16.30.4 service=l2tp
add local-address=172.16.30.5 name=spam password=*** profile=\
default-encryption remote-address=172.16.30.6 service=l2tp
add local-address=172.16.30.7 name=alex password=*** profile=\
default-encryption remote-address=172.16.30.8 service=l2tp
/snmp
set enabled=yes location=office trap-community=****** trap-generators=\
"" trap-version=2
/system clock
set time-zone-name=Europe/Saratov
/system identity
set name="Router Main 1 floor"
/system package update
set channel=long-term
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
/tool romon port
add disabled=no forbid=yes interface=ether1
Код: Выделить всё
# apr/25/2024 15:21:43 by RouterOS 6.49.10
# software id = PWK2-NNU4
#
# model = RBD52G-5HacD2HnD
# serial number = BEEB0BB08180
/interface bridge
add admin-mac=C4:AD:34:54:90:7A auto-mac=no comment=defconf name=bridge
/interface wireless
# managed by CAPsMAN
# channel: 2412/20/gn(17dBm), SSID: HQ, local forwarding
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \
disabled=no distance=indoors frequency=auto installation=indoor mode=\
ap-bridge ssid=MikroTik-54907E wireless-protocol=802.11
# managed by CAPsMAN
# channel: 5240/20/ac/P(17dBm), SSID: HQ 5G, local forwarding
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=\
20/40/80mhz-XXXX disabled=no distance=indoors frequency=auto \
installation=indoor mode=ap-bridge ssid=MikroTik-54907F \
wireless-protocol=802.11
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=default-dhcp interface=ether2 name=defconf
/interface bridge filter
add action=drop chain=input dst-port=68 in-interface=ether1 ip-protocol=udp \
mac-protocol=ip
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge comment=defconf interface=wlan2
add bridge=bridge interface=ether1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=ether1 list=WAN
add interface=ether2 list=LAN
add interface=ether3 list=LAN
add interface=ether4 list=LAN
add interface=ether5 list=LAN
add interface=wlan2 list=LAN
add interface=wlan1 list=LAN
/interface wireless cap
#
set caps-man-addresses=192.168.88.1 enabled=yes interfaces=wlan2,wlan1
/ip address
add address=192.168.88.220/24 interface=ether2 network=192.168.88.0
/ip dhcp-client
add comment=defconf interface=bridge
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf dns-server=192.168.88.1 gateway=\
192.168.88.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=192.168.88.1
/ip dns static
add address=192.168.88.220 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
"defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" disabled=yes \
ipsec-policy=out,none out-interface-list=WAN
/ip route
add distance=1 gateway=192.168.88.1
/system clock
set time-zone-name=Europe/Saratov
/system identity
set name="Router 2 floor"
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN