wld Posted January 9, 2016 · Report post Добрый день. Есть два роутера. Основной с менеджером капсмана2 и л2тп билайна и.. второй. Между ними кабель не в первых портах. дхцп на втором отключен и находится в сети первого. При переключении устройства с основного роутера на второй пропадает интернет, но переключается быстро и локальная сеть при этом работает. Если пинговать что-то в локалке, например компьютер, подключенный по кабелю к первому роутеру, то можно ходить от точки к точке - вайфай переключается и пингуется без разрывов. Когда со второго роутера переключается на основной инет не пропадает, пока не вернешься в ту зону, где второй роутер вайфаем обеспечивает. Трасерт показывает первый роутер и все.. дальше никуда. Если вайфай выключить и сразу включить, то инет появится и от второго и от основного роутера. В чем может быть причина? Вставить ник Quote Ответить с цитированием Share this post Link to post Share on other sites More sharing options...
divxl Posted January 10, 2016 · Report post На втором роутере Eth порт и Wlan в бридж объединить надо, а вообще конфиги выкладывать надо. Вставить ник Quote Ответить с цитированием Share this post Link to post Share on other sites More sharing options...
divxl Posted January 10, 2016 · Report post Заходите в new terminal и вводите export compact, потом сюда вставьте. При настройке начальную конфигурацию сбрасывали? Вставить ник Quote Ответить с цитированием Share this post Link to post Share on other sites More sharing options...
wld Posted January 10, 2016 (edited) · Report post Начальная конфигурация только на втором. На основном много нужного. Основной export compact # jan/10/2016 23:50:42 by RouterOS 6.33.3 # software id = L69P-H2RJ # /caps-man channel add band=2ghz-b/g/n frequency=2412 name=channel1 tx-power=1 width=20 /interface bridge add admin-mac=D4:CA:6D:7C:D5:** auto-mac=no name=bridge-keyrusnet add admin-mac=4C:5E:0C:6E:14:** auto-mac=no name=bridge-local /interface wireless # managed by CAPsMAN # channel: 2412/20-Ce/gn(1dBm), SSID: MikroTik, local forwarding set [ find default-name=wlan1 ] band=2ghz-b/g/n disabled=no mode=ap-bridge name=wifi ssid=MikroTik tx-power=1 tx-power-mode=\ all-rates-fixed wireless-protocol=802.11 /interface ethernet set [ find default-name=ether1 ] name=ether1-gateway set [ find default-name=ether2 ] name=ether2-master-local set [ find default-name=ether3 ] master-port=ether2-master-local name=ether3-slave-local set [ find default-name=ether4 ] name=ether4-slave-local set [ find default-name=ether5 ] master-port=ether2-master-local name=ether5-slave-local /interface l2tp-server add name=l2tpDimon user=dimon /interface pptp-client add connect-to=80.109.**.** dial-on-demand=yes disabled=no max-mru=1400 max-mtu=1400 name=hlpdesk-pptp password=******* user=******* /ip neighbor discovery set ether1-gateway discover=no /interface vlan add interface=bridge-keyrusnet l2mtu=1594 name=local-keyrusnet vlan-id=1111 /caps-man datapath add bridge=bridge-local local-forwarding=yes name=datapath1 /caps-man security add authentication-types=wpa-psk,wpa2-psk encryption=aes-ccm,tkip group-encryption=aes-ccm name=security1 passphrase=********* /caps-man configuration add channel=channel1 datapath=datapath1 mode=ap name=cfg1 rx-chains=0,1,2 security=security1 ssid=MikroTik tx-chains=0,1,2 /caps-man interface # add arp=enabled channel=channel1 configuration=cfg1 datapath=datapath1 disabled=no l2mtu=1600 mac-address=4C:5E:0C:6E:14:** \ master-interface=none mtu=1500 name=cap2 radio-mac=4C:5E:0C:6E:14:** security=security1 security.authentication-types=\ wpa-psk,wpa2-psk security.encryption=aes-ccm,tkip security.group-encryption=aes-ccm security.passphrase=********* # add arp=enabled channel=channel1 configuration=cfg1 datapath=datapath1 disabled=no l2mtu=1600 mac-address=D4:CA:6D:F3:4F:** \ master-interface=none mtu=1500 name=cap3 radio-mac=D4:CA:6D:F3:4F:** security=security1 security.authentication-types=\ wpa-psk,wpa2-psk security.encryption=aes-ccm,tkip /interface wireless security-profiles set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key=***** \ wpa2-pre-shared-key=**** add authentication-types=wpa-psk,wpa2-psk eap-methods="" group-ciphers=tkip,aes-ccm management-protection=allowed mode=dynamic-keys \ name=beeline-29 supplicant-identity="" unicast-ciphers=tkip,aes-ccm wpa-pre-shared-key=*** wpa2-pre-shared-key=*** add authentication-types=wpa-psk,wpa2-psk eap-methods="" group-ciphers=tkip,aes-ccm management-protection=allowed mode=dynamic-keys \ name=mikrotik supplicant-identity="" unicast-ciphers=tkip,aes-ccm wpa-pre-shared-key=*** wpa2-pre-shared-key=*** add authentication-types=wpa-psk,wpa2-psk eap-methods="" name=wifi-freeeeee supplicant-identity="" /ip ipsec proposal set [ find default=yes ] enc-algorithms=aes-128-cbc /ip pool add name=dhcp ranges=192.168.111.10-192.168.111.254 add name=dhcp_pool1 ranges=192.168.200.2-192.168.200.30 add name=l2tp-clients ranges=192.168.9.18-192.168.9.118 /ip dhcp-server add address-pool=dhcp disabled=no interface=bridge-local lease-time=3d name=default /ppp profile add change-tcp-mss=no name=beeline remote-address=127.0.2.1 use-compression=no use-encryption=no add name=shurick use-encryption=required add name=l2tpDimon only-one=yes use-compression=yes use-encryption=yes add dns-server=192.168.111.1 local-address=192.168.111.1 name=l2tp-Clients-except-Dimon remote-address=l2tp-clients add name=pptp-clients /interface l2tp-client add connect-to=***.sn.mynetname.net disabled=no mrru=1600 name=L2TP-pb password=**** profile=default user=*** add connect-to=89.1**.4*.1** disabled=no max-mru=1460 max-mtu=1460 name=beeinet password=*** profile=beeline user=*** /routing ospf instance set [ find default=yes ] distribute-default=if-installed-as-type-1 metric-default=8 redistribute-static=as-type-1 router-id=0.0.0.20 /user group add name=ssh policy=ssh,test,!local,!telnet,!ftp,!reboot,!read,!write,!policy,!winbox,!password,!web,!sniff,!sensitive,!api /caps-man manager set enabled=yes /caps-man provisioning add action=create-dynamic-enabled master-configuration=cfg1 /interface bridge port add bridge=bridge-local interface=ether2-master-local add bridge=bridge-local interface=wifi add bridge=bridge-keyrusnet interface=ether1-gateway add bridge=bridge-local interface=cap2 add bridge=bridge-local interface=ether4-slave-local add bridge=bridge-local interface=cap3 /interface l2tp-server server set enabled=yes /interface pptp-server server set enabled=yes /interface wireless cap set bridge=bridge-local caps-man-addresses=192.168.111.1 enabled=yes interfaces=wifi /ip address add address=192.168.111.1/24 comment="default configuration" interface=bridge-local network=192.168.111.0 add address=172.10.10.6/30 disabled=yes network=172.10.10.4 add address=192.168.88.5/30 disabled=yes network=192.168.88.4 add address=10.221.21.21/21 interface=ether1-gateway network=10.221.16.0 /ip cloud set ddns-enabled=yes /ip dhcp-client add comment="default configuration" dhcp-options=hostname,clientid interface=ether1-gateway add default-route-distance=10 dhcp-options=hostname,clientid disabled=no interface=local-keyrusnet use-peer-dns=no use-peer-ntp=no /ip dhcp-server lease add address=192.168.111.111 client-id=1:0:19:d1:11:70:** comment=Komputer mac-address=00:19:D1:11:70:** server=default add address=192.168.111.103 comment=Fly mac-address=B8:B4:2E:33:24:** server=default add address=192.168.111.2 client-id=1:d4:ca:6d:f3:4f:** mac-address=D4:CA:6D:F3:4F:** server=default /ip dhcp-server network add address=192.168.111.0/24 comment="default configuration" dns-server=192.168.111.1 domain=home.zls gateway=192.168.111.1 /ip dns set allow-remote-requests=yes servers=213.234.192.8,8.8.8.8 /ip dns static add address=192.168.88.1 name=router add address=89.179.48.133 name=tp.internet.beeline.ru add address=89.179.48.136 name=tp.internet.beeline.ru add address=89.179.48.148 name=tp.internet.beeline.ru add address=89.179.48.149 name=tp.internet.beeline.ru /ip firewall filter add action=passthrough chain=output disabled=yes protocol=icmp add action=drop chain=forward comment="vk.com drop" content=vk.com disabled=yes in-interface=!l2tpDimon protocol=tcp add chain=input comment="default configuration" protocol=icmp add chain=input comment="default configuration" connection-state=established add chain=input comment="default configuration" connection-state=related add action=drop chain=input comment="default configuration" in-interface=bridge-keyrusnet add chain=forward comment="default configuration" connection-state=established add chain=forward comment="default configuration" connection-state=related add action=drop chain=forward comment="default configuration" connection-state=invalid add action=drop chain=input comment="drop telnet brute forcers" dst-port=23 protocol=tcp src-address-list=telnet_blacklist add action=add-src-to-address-list address-list=telnet_blacklist address-list-timeout=1d chain=input connection-state=new dst-port=23 \ protocol=tcp src-address-list=telnet_stage3 add action=add-src-to-address-list address-list=telnet_stage3 address-list-timeout=1m chain=input connection-state=new dst-port=23 \ protocol=tcp src-address-list=telnet_stage2 add action=add-src-to-address-list address-list=telnet_stage2 address-list-timeout=1m chain=input connection-state=new dst-port=23 \ protocol=tcp src-address-list=telnet_stage1 add action=add-src-to-address-list address-list=telnet_stage1 address-list-timeout=1m chain=input connection-state=new dst-port=23 \ protocol=tcp add action=jump chain=forward comment=anti-DDoS connection-state=new jump-target=block-ddos add action=drop chain=forward connection-state=new dst-address-list=ddosed src-address-list=ddoser add action=return chain=block-ddos dst-limit=50,50,src-and-dst-addresses/10s add action=add-dst-to-address-list address-list=ddosed address-list-timeout=10m chain=block-ddos add action=add-src-to-address-list address-list=ddoser address-list-timeout=10m chain=block-ddos add action=add-src-to-address-list address-list=ssh_blacklist address-list-timeout=1w3d chain=input connection-state=new dst-port=22 \ protocol=tcp src-address-list=ssh_stage3 add action=add-src-to-address-list address-list=ssh_stage3 address-list-timeout=1m chain=input connection-state=new dst-port=22 \ protocol=tcp src-address-list=ssh_stage2 add action=add-src-to-address-list address-list=ssh_stage2 address-list-timeout=1m chain=input connection-state=new dst-port=22 \ protocol=tcp src-address-list=ssh_stage1 add action=add-src-to-address-list address-list=ssh_stage1 address-list-timeout=1m chain=input connection-state=new dst-port=22 \ protocol=tcp add action=drop chain=forward comment="drop ssh brute downstream" dst-port=22 protocol=tcp src-address-list=ssh_blacklist add action=drop chain=input comment="drop Winbox brute forces" dst-port=8291 protocol=tcp src-address-list=winbox_black_list add action=add-src-to-address-list address-list=winbox_black_list address-list-timeout=1d chain=input connection-state=new dst-port=8291 \ protocol=tcp src-address-list=Winbox_stage3 add action=add-src-to-address-list address-list=Winbox_stage3 address-list-timeout=1m chain=input connection-state=new dst-port=8291 \ protocol=tcp src-address-list=Winbox_stage2 add action=add-src-to-address-list address-list=Winbox_stage2 address-list-timeout=1m chain=input connection-state=new dst-port=8291 \ protocol=tcp src-address-list=Winbox_stage1 add action=jump chain=forward comment=anti-DDoS connection-state=new jump-target=block-ddos add action=drop chain=forward connection-state=new dst-address-list=ddosed src-address-list=ddoser add action=return chain=block-ddos dst-limit=50,50,src-and-dst-addresses/10s add action=add-dst-to-address-list address-list=ddosed address-list-timeout=10m chain=block-ddos add action=add-src-to-address-list address-list=ddoser address-list-timeout=10m chain=block-ddos add action=drop chain=input comment="drop ssh brute forcers" dst-port=22 protocol=tcp src-address-list=ssh_blacklist add action=add-src-to-address-list address-list=ssh_blacklist address-list-timeout=1w3d chain=input connection-state=new dst-port=22 \ protocol=tcp src-address-list=ssh_stage3 add action=add-src-to-address-list address-list=ssh_stage3 address-list-timeout=1m chain=input connection-state=new dst-port=22 \ protocol=tcp src-address-list=ssh_stage2 add action=add-src-to-address-list address-list=ssh_stage2 address-list-timeout=1m chain=input connection-state=new dst-port=22 \ protocol=tcp src-address-list=ssh_stage1 add action=add-src-to-address-list address-list=ssh_stage1 address-list-timeout=1m chain=input connection-state=new dst-port=22 \ protocol=tcp add action=drop chain=forward comment="drop ssh brute downstream" dst-port=22 protocol=tcp src-address-list=ssh_blacklist add action=drop chain=input comment="drop Winbox brute forces" dst-port=8291 protocol=tcp src-address-list=winbox_black_list add action=add-src-to-address-list address-list=winbox_black_list address-list-timeout=1d chain=input connection-state=new dst-port=8291 \ protocol=tcp src-address-list=Winbox_stage3 add action=add-src-to-address-list address-list=Winbox_stage3 address-list-timeout=1m chain=input connection-state=new dst-port=8291 \ protocol=tcp src-address-list=Winbox_stage2 add action=add-src-to-address-list address-list=Winbox_stage2 address-list-timeout=1m chain=input connection-state=new dst-port=8291 \ protocol=tcp src-address-list=Winbox_stage1 add action=add-src-to-address-list address-list=Winbox_stage1 address-list-timeout=1m chain=input connection-state=new dst-port=8291 \ protocol=tcp add action=drop chain=input comment="\E1\EB\EE\EA \E2\F5\EE\E4\FF\F9\E8\F5 \E4\ED\F1 \E7\E0\EF\F0\EE\F1\EE\E2" dst-port=53 in-interface=\ beeinet protocol=udp /ip firewall mangle add action=change-mss chain=forward new-mss=1360 protocol=tcp tcp-flags=syn tcp-mss=1453-65535 /ip firewall nat add action=masquerade chain=srcnat comment="default configuration" add action=dst-nat chain=dstnat comment=hlpdesk dst-port=** in-interface=beeinet protocol=tcp to-addresses=85.21.**.** to-ports=** add action=dst-nat chain=dstnat comment=hlpdesk-local dst-port=** in-interface=all-ethernet protocol=tcp to-addresses=85.21.**.* \ to-ports=** add action=dst-nat chain=dstnat comment=**.corbina.net disabled=yes dst-port=** in-interface=beeinet protocol=tcp to-addresses=\ 78.107.**.** to-ports=** add action=dst-nat chain=dstnat disabled=yes dst-port=** in-interface=ether2-master-local protocol=tcp to-addresses=85.21.*.** \ to-ports=** add action=netmap chain=dstnat dst-port=** in-interface=beeinet protocol=tcp to-addresses=192.168.111.111 to-ports=** add action=netmap chain=dstnat dst-port=** in-interface=beeinet protocol=tcp to-addresses=192.168.111.111 to-ports=** /ip route add distance=1 gateway=beeinet add distance=1 dst-address=10.0.0.0/8 gateway=10.221.16.1 add distance=111 dst-address=10.10.0.0/16 gateway=192.168.**.** add comment=***.corbina.net distance=109 dst-address=78.107.**.**/32 gateway=192.168.**.** add check-gateway=ping comment=helpdesk distance=109 dst-address=85.21.**.**/32 gateway=192.168.**.** add distance=1 dst-address=85.21.**.**/32 gateway=10.221.16.1 add distance=1 dst-address=89.179.**.**/24 gateway=10.221.16.1 add distance=1 dst-address=172.10.**.**/32 gateway=*17 add distance=1 dst-address=192.168.85.0/24 gateway=L2TP-pb add distance=1 dst-address=192.168.88.0/24 gateway=192.168.88.6 add distance=1 dst-address=192.168.168.0/24 gateway=192.168.9.17 /ip service set telnet disabled=yes set ftp disabled=yes set www port=** /ip smb set allow-guests=no domain=WORKGROUP enabled=yes /ip smb shares set [ find default=yes ] disabled=yes add directory=/hdd30/**e name=** add directory=/hdd30/** name="**$" add directory=/hdd30/** name="**\$" /ip smb users add name=** password=** read-only=no add name=** password=** read-only=no /ppp secret add local-address=192.168.9.15 name=** password=** profile=** remote-address=192.168.9.16 service=pptp add local-address=192.168.111.1 name=** password=** remote-address=192.168.9.17 service=pptp add local-address=192.168.111.1 name=** password=** profile=l2tp-Clients-except-Dimon remote-address=192.168.9.18 \ service=pptp add local-address=172.11.1.1 name=*** password=*** remote-address=172.11.1.** service=l2tp add name=** password=** profile=l2tp-Clients-except-Dimon service=l2tp /queue simple add limit-at=1M/1M max-limit=1M/1M name=queue1 target=*12 /routing filter add action=discard chain=ospf-out prefix=8.8.8.8 add action=discard chain=ospf-out prefix=10.0.0.0/8 add action=discard chain=ospf-out prefix=89.179.**.**/24 /routing ospf interface add disabled=yes network-type=point-to-point use-bfd=yes add cost=15 disabled=yes interface=l2tpDimon network-type=point-to-point use-bfd=yes add network-type=broadcast priority=3 use-bfd=yes add network-type=broadcast use-bfd=yes /routing ospf network add area=backbone disabled=yes network=192.168.192.1/32 add area=backbone disabled=yes network=192.168.9.16/32 add area=backbone disabled=yes network=172.10.10.4/30 add area=backbone disabled=yes network=192.168.88.4/30 /system clock set time-zone-autodetect=no time-zone-name=Europe/Moscow /system identity set name=** /system leds set 0 interface=wifi /system logging add action=disk topics=l2tp,debug,!raw add disabled=yes topics=e-mail add disabled=yes topics=smb /system note /system scheduler /tool mac-server set [ find default=yes ] disabled=yes add interface=ether2-master-local add interface=ether3-slave-local add interface=ether4-slave-local add interface=ether5-slave-local add interface=wifi add interface=bridge-local /tool mac-server mac-winbox set [ find default=yes ] disabled=yes add interface=ether2-master-local add interface=ether3-slave-local add interface=ether4-slave-local add interface=ether5-slave-local add interface=wifi add interface=bridge-local /tool romon set enabled=yes /tool romon port add второй jan/11/2016 00:08:13 by RouterOS 6.33.3 # software id = IFHK-EW** # /interface bridge add admin-mac=D4:CA:6D:F3:4F:** auto-mac=no name=bridge-local /interface wireless # managed by CAPsMAN # channel: 2412/20-Ce/gn(1dBm), SSID: MikroTik, local forwarding set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce \ disabled=no distance=indoors frequency=auto mode=ap-bridge ssid=\ MikroTik-F34F4E wireless-protocol=802.11 /interface ethernet set [ find default-name=ether1 ] name=ether1-gateway set [ find default-name=ether2 ] name=ether2-master-local set [ find default-name=ether3 ] name=ether3-slave-local set [ find default-name=ether4 ] master-port=ether2-master-local name=\ ether4-slave-local /ip neighbor discovery set ether1-gateway discover=no /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik /ip pool add name=default-dhcp ranges=192.168.88.10-192.168.88.254 /caps-man manager set ca-certificate=auto certificate=auto /interface bridge port add bridge=bridge-local interface=ether2-master-local add bridge=bridge-local interface=wlan1 add bridge=bridge-local interface=ether3-slave-local /interface wireless cap set bridge=bridge-local caps-man-addresses=192.168.111.1 enabled=yes \ interfaces=wlan1 /ip dhcp-client add default-route-distance=0 dhcp-options=hostname,clientid disabled=no \ interface=ether3-slave-local /ip dhcp-server network add address=192.168.88.0/24 comment="default configuration" gateway=\ 192.168.88.1 /ip dns static add address=192.168.88.1 name=router /ip firewall filter add chain=input comment="default configuration" protocol=icmp add chain=input comment="default configuration" connection-state=\ established,related add action=drop chain=input comment="default configuration" in-interface=\ ether1-gateway add action=fasttrack-connection chain=forward comment=\ "default configuration" connection-state=established,related add chain=forward comment="default configuration" connection-state=\ established,related add action=drop chain=forward comment="default configuration" \ connection-state=invalid add action=drop chain=forward comment="default configuration" \ connection-nat-state=!dstnat connection-state=new in-interface=\ ether1-gateway /ip firewall nat add action=masquerade chain=srcnat comment="default configuration" \ out-interface=ether1-gateway /system clock set time-zone-name=Europe/Moscow /system identity set name=cap-1 /system routerboard settings set cpu-frequency=650MHz protected-routerboot=disabled /tool mac-server set [ find default=yes ] disabled=yes add interface=ether2-master-local add interface=ether3-slave-local add interface=ether4-slave-local add interface=wlan1 add interface=bridge-local /tool mac-server mac-winbox set [ find default=yes ] disabled=yes add interface=ether2-master-local add interface=ether3-slave-local add interface=ether4-slave-local add interface=wlan1 add interface=bridge-local Edited January 10, 2016 by wld Вставить ник Quote Ответить с цитированием Share this post Link to post Share on other sites More sharing options...
divxl Posted January 11, 2016 · Report post Начальная конфигурация только на втором. На основном много нужного. Сбросьте начальный конфиг и настройте с нуля вручную. Вставить ник Quote Ответить с цитированием Share this post Link to post Share on other sites More sharing options...
wld Posted March 25, 2016 · Report post Если вдруг кому интересно. Решилось все снятием галочки локал форвардинг в датапас. При локал форвардинге маршрутизация осуществляется роутерами, а при снятии этой галочки капсманом... Вставить ник Quote Ответить с цитированием Share this post Link to post Share on other sites More sharing options...