Перейти к содержимому
Калькуляторы

вопрос по капсману нет инета после переключения

Ответить

wld   

wld
Опубликовано · Жалоба

Добрый день. Есть два роутера. Основной с менеджером капсмана2 и л2тп билайна и.. второй. Между ними кабель не в первых портах. дхцп на втором отключен и находится в сети первого. При переключении устройства с основного роутера на второй пропадает интернет, но переключается быстро и локальная сеть при этом работает. Если пинговать что-то в локалке, например компьютер, подключенный по кабелю к первому роутеру, то можно ходить от точки к точке - вайфай переключается и пингуется без разрывов. Когда со второго роутера переключается на основной инет не пропадает, пока не вернешься в ту зону, где второй роутер вайфаем обеспечивает. Трасерт показывает первый роутер и все.. дальше никуда. Если вайфай выключить и сразу включить, то инет появится и от второго и от основного роутера. В чем может быть причина?

Поделиться сообщением

Ссылка на сообщение
Поделиться на других сайтах

divxl   

divxl
Опубликовано · Жалоба

На втором роутере Eth порт и Wlan в бридж объединить надо, а вообще конфиги выкладывать надо.

Поделиться сообщением

Ссылка на сообщение
Поделиться на других сайтах

divxl   

divxl
Опубликовано · Жалоба

Заходите в new terminal и вводите export compact, потом сюда вставьте.

 

При настройке начальную конфигурацию сбрасывали?

Поделиться сообщением

Ссылка на сообщение
Поделиться на других сайтах

wld   

wld
Опубликовано (изменено) · Жалоба

Начальная конфигурация только на втором. На основном много нужного.

 

Основной

 

export compact

# jan/10/2016 23:50:42 by RouterOS 6.33.3

# software id = L69P-H2RJ

#

/caps-man channel

add band=2ghz-b/g/n frequency=2412 name=channel1 tx-power=1 width=20

/interface bridge

add admin-mac=D4:CA:6D:7C:D5:** auto-mac=no name=bridge-keyrusnet

add admin-mac=4C:5E:0C:6E:14:** auto-mac=no name=bridge-local

/interface wireless

# managed by CAPsMAN

# channel: 2412/20-Ce/gn(1dBm), SSID: MikroTik, local forwarding

set [ find default-name=wlan1 ] band=2ghz-b/g/n disabled=no mode=ap-bridge name=wifi ssid=MikroTik tx-power=1 tx-power-mode=\

all-rates-fixed wireless-protocol=802.11

/interface ethernet

set [ find default-name=ether1 ] name=ether1-gateway

set [ find default-name=ether2 ] name=ether2-master-local

set [ find default-name=ether3 ] master-port=ether2-master-local name=ether3-slave-local

set [ find default-name=ether4 ] name=ether4-slave-local

set [ find default-name=ether5 ] master-port=ether2-master-local name=ether5-slave-local

/interface l2tp-server

add name=l2tpDimon user=dimon

/interface pptp-client

add connect-to=80.109.**.** dial-on-demand=yes disabled=no max-mru=1400 max-mtu=1400 name=hlpdesk-pptp password=******* user=*******

/ip neighbor discovery

set ether1-gateway discover=no

/interface vlan

add interface=bridge-keyrusnet l2mtu=1594 name=local-keyrusnet vlan-id=1111

/caps-man datapath

add bridge=bridge-local local-forwarding=yes name=datapath1

/caps-man security

add authentication-types=wpa-psk,wpa2-psk encryption=aes-ccm,tkip group-encryption=aes-ccm name=security1 passphrase=*********

/caps-man configuration

add channel=channel1 datapath=datapath1 mode=ap name=cfg1 rx-chains=0,1,2 security=security1 ssid=MikroTik tx-chains=0,1,2

/caps-man interface

#

add arp=enabled channel=channel1 configuration=cfg1 datapath=datapath1 disabled=no l2mtu=1600 mac-address=4C:5E:0C:6E:14:** \

master-interface=none mtu=1500 name=cap2 radio-mac=4C:5E:0C:6E:14:** security=security1 security.authentication-types=\

wpa-psk,wpa2-psk security.encryption=aes-ccm,tkip security.group-encryption=aes-ccm security.passphrase=*********

#

add arp=enabled channel=channel1 configuration=cfg1 datapath=datapath1 disabled=no l2mtu=1600 mac-address=D4:CA:6D:F3:4F:** \

master-interface=none mtu=1500 name=cap3 radio-mac=D4:CA:6D:F3:4F:** security=security1 security.authentication-types=\

wpa-psk,wpa2-psk security.encryption=aes-ccm,tkip

/interface wireless security-profiles

set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key=***** \

wpa2-pre-shared-key=****

add authentication-types=wpa-psk,wpa2-psk eap-methods="" group-ciphers=tkip,aes-ccm management-protection=allowed mode=dynamic-keys \

name=beeline-29 supplicant-identity="" unicast-ciphers=tkip,aes-ccm wpa-pre-shared-key=*** wpa2-pre-shared-key=***

add authentication-types=wpa-psk,wpa2-psk eap-methods="" group-ciphers=tkip,aes-ccm management-protection=allowed mode=dynamic-keys \

name=mikrotik supplicant-identity="" unicast-ciphers=tkip,aes-ccm wpa-pre-shared-key=*** wpa2-pre-shared-key=***

add authentication-types=wpa-psk,wpa2-psk eap-methods="" name=wifi-freeeeee supplicant-identity=""

/ip ipsec proposal

set [ find default=yes ] enc-algorithms=aes-128-cbc

/ip pool

add name=dhcp ranges=192.168.111.10-192.168.111.254

add name=dhcp_pool1 ranges=192.168.200.2-192.168.200.30

add name=l2tp-clients ranges=192.168.9.18-192.168.9.118

/ip dhcp-server

add address-pool=dhcp disabled=no interface=bridge-local lease-time=3d name=default

/ppp profile

add change-tcp-mss=no name=beeline remote-address=127.0.2.1 use-compression=no use-encryption=no

add name=shurick use-encryption=required

add name=l2tpDimon only-one=yes use-compression=yes use-encryption=yes

add dns-server=192.168.111.1 local-address=192.168.111.1 name=l2tp-Clients-except-Dimon remote-address=l2tp-clients

add name=pptp-clients

/interface l2tp-client

add connect-to=***.sn.mynetname.net disabled=no mrru=1600 name=L2TP-pb password=**** profile=default user=***

add connect-to=89.1**.4*.1** disabled=no max-mru=1460 max-mtu=1460 name=beeinet password=*** profile=beeline user=***

/routing ospf instance

set [ find default=yes ] distribute-default=if-installed-as-type-1 metric-default=8 redistribute-static=as-type-1 router-id=0.0.0.20

/user group

add name=ssh policy=ssh,test,!local,!telnet,!ftp,!reboot,!read,!write,!policy,!winbox,!password,!web,!sniff,!sensitive,!api

/caps-man manager

set enabled=yes

/caps-man provisioning

add action=create-dynamic-enabled master-configuration=cfg1

/interface bridge port

add bridge=bridge-local interface=ether2-master-local

add bridge=bridge-local interface=wifi

add bridge=bridge-keyrusnet interface=ether1-gateway

add bridge=bridge-local interface=cap2

add bridge=bridge-local interface=ether4-slave-local

add bridge=bridge-local interface=cap3

/interface l2tp-server server

set enabled=yes

/interface pptp-server server

set enabled=yes

/interface wireless cap

set bridge=bridge-local caps-man-addresses=192.168.111.1 enabled=yes interfaces=wifi

/ip address

add address=192.168.111.1/24 comment="default configuration" interface=bridge-local network=192.168.111.0

add address=172.10.10.6/30 disabled=yes network=172.10.10.4

add address=192.168.88.5/30 disabled=yes network=192.168.88.4

add address=10.221.21.21/21 interface=ether1-gateway network=10.221.16.0

/ip cloud

set ddns-enabled=yes

/ip dhcp-client

add comment="default configuration" dhcp-options=hostname,clientid interface=ether1-gateway

add default-route-distance=10 dhcp-options=hostname,clientid disabled=no interface=local-keyrusnet use-peer-dns=no use-peer-ntp=no

/ip dhcp-server lease

add address=192.168.111.111 client-id=1:0:19:d1:11:70:** comment=Komputer mac-address=00:19:D1:11:70:** server=default

add address=192.168.111.103 comment=Fly mac-address=B8:B4:2E:33:24:** server=default

add address=192.168.111.2 client-id=1:d4:ca:6d:f3:4f:** mac-address=D4:CA:6D:F3:4F:** server=default

/ip dhcp-server network

add address=192.168.111.0/24 comment="default configuration" dns-server=192.168.111.1 domain=home.zls gateway=192.168.111.1

/ip dns

set allow-remote-requests=yes servers=213.234.192.8,8.8.8.8

/ip dns static

add address=192.168.88.1 name=router

add address=89.179.48.133 name=tp.internet.beeline.ru

add address=89.179.48.136 name=tp.internet.beeline.ru

add address=89.179.48.148 name=tp.internet.beeline.ru

add address=89.179.48.149 name=tp.internet.beeline.ru

/ip firewall filter

add action=passthrough chain=output disabled=yes protocol=icmp

add action=drop chain=forward comment="vk.com drop" content=vk.com disabled=yes in-interface=!l2tpDimon protocol=tcp

add chain=input comment="default configuration" protocol=icmp

add chain=input comment="default configuration" connection-state=established

add chain=input comment="default configuration" connection-state=related

add action=drop chain=input comment="default configuration" in-interface=bridge-keyrusnet

add chain=forward comment="default configuration" connection-state=established

add chain=forward comment="default configuration" connection-state=related

add action=drop chain=forward comment="default configuration" connection-state=invalid

add action=drop chain=input comment="drop telnet brute forcers" dst-port=23 protocol=tcp src-address-list=telnet_blacklist

add action=add-src-to-address-list address-list=telnet_blacklist address-list-timeout=1d chain=input connection-state=new dst-port=23 \

protocol=tcp src-address-list=telnet_stage3

add action=add-src-to-address-list address-list=telnet_stage3 address-list-timeout=1m chain=input connection-state=new dst-port=23 \

protocol=tcp src-address-list=telnet_stage2

add action=add-src-to-address-list address-list=telnet_stage2 address-list-timeout=1m chain=input connection-state=new dst-port=23 \

protocol=tcp src-address-list=telnet_stage1

add action=add-src-to-address-list address-list=telnet_stage1 address-list-timeout=1m chain=input connection-state=new dst-port=23 \

protocol=tcp

add action=jump chain=forward comment=anti-DDoS connection-state=new jump-target=block-ddos

add action=drop chain=forward connection-state=new dst-address-list=ddosed src-address-list=ddoser

add action=return chain=block-ddos dst-limit=50,50,src-and-dst-addresses/10s

add action=add-dst-to-address-list address-list=ddosed address-list-timeout=10m chain=block-ddos

add action=add-src-to-address-list address-list=ddoser address-list-timeout=10m chain=block-ddos

add action=add-src-to-address-list address-list=ssh_blacklist address-list-timeout=1w3d chain=input connection-state=new dst-port=22 \

protocol=tcp src-address-list=ssh_stage3

add action=add-src-to-address-list address-list=ssh_stage3 address-list-timeout=1m chain=input connection-state=new dst-port=22 \

protocol=tcp src-address-list=ssh_stage2

add action=add-src-to-address-list address-list=ssh_stage2 address-list-timeout=1m chain=input connection-state=new dst-port=22 \

protocol=tcp src-address-list=ssh_stage1

add action=add-src-to-address-list address-list=ssh_stage1 address-list-timeout=1m chain=input connection-state=new dst-port=22 \

protocol=tcp

add action=drop chain=forward comment="drop ssh brute downstream" dst-port=22 protocol=tcp src-address-list=ssh_blacklist

add action=drop chain=input comment="drop Winbox brute forces" dst-port=8291 protocol=tcp src-address-list=winbox_black_list

add action=add-src-to-address-list address-list=winbox_black_list address-list-timeout=1d chain=input connection-state=new dst-port=8291 \

protocol=tcp src-address-list=Winbox_stage3

add action=add-src-to-address-list address-list=Winbox_stage3 address-list-timeout=1m chain=input connection-state=new dst-port=8291 \

protocol=tcp src-address-list=Winbox_stage2

add action=add-src-to-address-list address-list=Winbox_stage2 address-list-timeout=1m chain=input connection-state=new dst-port=8291 \

protocol=tcp src-address-list=Winbox_stage1

add action=jump chain=forward comment=anti-DDoS connection-state=new jump-target=block-ddos

add action=drop chain=forward connection-state=new dst-address-list=ddosed src-address-list=ddoser

add action=return chain=block-ddos dst-limit=50,50,src-and-dst-addresses/10s

add action=add-dst-to-address-list address-list=ddosed address-list-timeout=10m chain=block-ddos

add action=add-src-to-address-list address-list=ddoser address-list-timeout=10m chain=block-ddos

add action=drop chain=input comment="drop ssh brute forcers" dst-port=22 protocol=tcp src-address-list=ssh_blacklist

add action=add-src-to-address-list address-list=ssh_blacklist address-list-timeout=1w3d chain=input connection-state=new dst-port=22 \

protocol=tcp src-address-list=ssh_stage3

add action=add-src-to-address-list address-list=ssh_stage3 address-list-timeout=1m chain=input connection-state=new dst-port=22 \

protocol=tcp src-address-list=ssh_stage2

add action=add-src-to-address-list address-list=ssh_stage2 address-list-timeout=1m chain=input connection-state=new dst-port=22 \

protocol=tcp src-address-list=ssh_stage1

add action=add-src-to-address-list address-list=ssh_stage1 address-list-timeout=1m chain=input connection-state=new dst-port=22 \

protocol=tcp

add action=drop chain=forward comment="drop ssh brute downstream" dst-port=22 protocol=tcp src-address-list=ssh_blacklist

add action=drop chain=input comment="drop Winbox brute forces" dst-port=8291 protocol=tcp src-address-list=winbox_black_list

add action=add-src-to-address-list address-list=winbox_black_list address-list-timeout=1d chain=input connection-state=new dst-port=8291 \

protocol=tcp src-address-list=Winbox_stage3

add action=add-src-to-address-list address-list=Winbox_stage3 address-list-timeout=1m chain=input connection-state=new dst-port=8291 \

protocol=tcp src-address-list=Winbox_stage2

add action=add-src-to-address-list address-list=Winbox_stage2 address-list-timeout=1m chain=input connection-state=new dst-port=8291 \

protocol=tcp src-address-list=Winbox_stage1

add action=add-src-to-address-list address-list=Winbox_stage1 address-list-timeout=1m chain=input connection-state=new dst-port=8291 \

protocol=tcp

add action=drop chain=input comment="\E1\EB\EE\EA \E2\F5\EE\E4\FF\F9\E8\F5 \E4\ED\F1 \E7\E0\EF\F0\EE\F1\EE\E2" dst-port=53 in-interface=\

beeinet protocol=udp

/ip firewall mangle

add action=change-mss chain=forward new-mss=1360 protocol=tcp tcp-flags=syn tcp-mss=1453-65535

/ip firewall nat

add action=masquerade chain=srcnat comment="default configuration"

add action=dst-nat chain=dstnat comment=hlpdesk dst-port=** in-interface=beeinet protocol=tcp to-addresses=85.21.**.** to-ports=**

add action=dst-nat chain=dstnat comment=hlpdesk-local dst-port=** in-interface=all-ethernet protocol=tcp to-addresses=85.21.**.* \

to-ports=**

add action=dst-nat chain=dstnat comment=**.corbina.net disabled=yes dst-port=** in-interface=beeinet protocol=tcp to-addresses=\

78.107.**.** to-ports=**

add action=dst-nat chain=dstnat disabled=yes dst-port=** in-interface=ether2-master-local protocol=tcp to-addresses=85.21.*.** \

to-ports=**

add action=netmap chain=dstnat dst-port=** in-interface=beeinet protocol=tcp to-addresses=192.168.111.111 to-ports=**

add action=netmap chain=dstnat dst-port=** in-interface=beeinet protocol=tcp to-addresses=192.168.111.111 to-ports=**

/ip route

add distance=1 gateway=beeinet

add distance=1 dst-address=10.0.0.0/8 gateway=10.221.16.1

add distance=111 dst-address=10.10.0.0/16 gateway=192.168.**.**

add comment=***.corbina.net distance=109 dst-address=78.107.**.**/32 gateway=192.168.**.**

add check-gateway=ping comment=helpdesk distance=109 dst-address=85.21.**.**/32 gateway=192.168.**.**

add distance=1 dst-address=85.21.**.**/32 gateway=10.221.16.1

add distance=1 dst-address=89.179.**.**/24 gateway=10.221.16.1

add distance=1 dst-address=172.10.**.**/32 gateway=*17

add distance=1 dst-address=192.168.85.0/24 gateway=L2TP-pb

add distance=1 dst-address=192.168.88.0/24 gateway=192.168.88.6

add distance=1 dst-address=192.168.168.0/24 gateway=192.168.9.17

/ip service

set telnet disabled=yes

set ftp disabled=yes

set www port=**

/ip smb

set allow-guests=no domain=WORKGROUP enabled=yes

/ip smb shares

set [ find default=yes ] disabled=yes

add directory=/hdd30/**e name=**

add directory=/hdd30/** name="**$"

add directory=/hdd30/** name="**\$"

/ip smb users

add name=** password=** read-only=no

add name=** password=** read-only=no

/ppp secret

add local-address=192.168.9.15 name=** password=** profile=** remote-address=192.168.9.16 service=pptp

add local-address=192.168.111.1 name=** password=** remote-address=192.168.9.17 service=pptp

add local-address=192.168.111.1 name=** password=** profile=l2tp-Clients-except-Dimon remote-address=192.168.9.18 \

service=pptp

add local-address=172.11.1.1 name=*** password=*** remote-address=172.11.1.** service=l2tp

add name=** password=** profile=l2tp-Clients-except-Dimon service=l2tp

/queue simple

add limit-at=1M/1M max-limit=1M/1M name=queue1 target=*12

/routing filter

add action=discard chain=ospf-out prefix=8.8.8.8

add action=discard chain=ospf-out prefix=10.0.0.0/8

add action=discard chain=ospf-out prefix=89.179.**.**/24

/routing ospf interface

add disabled=yes network-type=point-to-point use-bfd=yes

add cost=15 disabled=yes interface=l2tpDimon network-type=point-to-point use-bfd=yes

add network-type=broadcast priority=3 use-bfd=yes

add network-type=broadcast use-bfd=yes

/routing ospf network

add area=backbone disabled=yes network=192.168.192.1/32

add area=backbone disabled=yes network=192.168.9.16/32

add area=backbone disabled=yes network=172.10.10.4/30

add area=backbone disabled=yes network=192.168.88.4/30

/system clock

set time-zone-autodetect=no time-zone-name=Europe/Moscow

/system identity

set name=**

/system leds

set 0 interface=wifi

/system logging

add action=disk topics=l2tp,debug,!raw

add disabled=yes topics=e-mail

add disabled=yes topics=smb

/system note

 

/system scheduler

 

 

 

/tool mac-server

set [ find default=yes ] disabled=yes

add interface=ether2-master-local

add interface=ether3-slave-local

add interface=ether4-slave-local

add interface=ether5-slave-local

add interface=wifi

add interface=bridge-local

/tool mac-server mac-winbox

set [ find default=yes ] disabled=yes

add interface=ether2-master-local

add interface=ether3-slave-local

add interface=ether4-slave-local

add interface=ether5-slave-local

add interface=wifi

add interface=bridge-local

/tool romon

set enabled=yes

/tool romon port

add

 

второй

 

jan/11/2016 00:08:13 by RouterOS 6.33.3

# software id = IFHK-EW**

#

/interface bridge

add admin-mac=D4:CA:6D:F3:4F:** auto-mac=no name=bridge-local

/interface wireless

# managed by CAPsMAN

# channel: 2412/20-Ce/gn(1dBm), SSID: MikroTik, local forwarding

set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce \

disabled=no distance=indoors frequency=auto mode=ap-bridge ssid=\

MikroTik-F34F4E wireless-protocol=802.11

/interface ethernet

set [ find default-name=ether1 ] name=ether1-gateway

set [ find default-name=ether2 ] name=ether2-master-local

set [ find default-name=ether3 ] name=ether3-slave-local

set [ find default-name=ether4 ] master-port=ether2-master-local name=\

ether4-slave-local

/ip neighbor discovery

set ether1-gateway discover=no

/interface wireless security-profiles

set [ find default=yes ] supplicant-identity=MikroTik

/ip pool

add name=default-dhcp ranges=192.168.88.10-192.168.88.254

/caps-man manager

set ca-certificate=auto certificate=auto

/interface bridge port

add bridge=bridge-local interface=ether2-master-local

add bridge=bridge-local interface=wlan1

add bridge=bridge-local interface=ether3-slave-local

/interface wireless cap

set bridge=bridge-local caps-man-addresses=192.168.111.1 enabled=yes \

interfaces=wlan1

/ip dhcp-client

add default-route-distance=0 dhcp-options=hostname,clientid disabled=no \

interface=ether3-slave-local

/ip dhcp-server network

add address=192.168.88.0/24 comment="default configuration" gateway=\

192.168.88.1

/ip dns static

add address=192.168.88.1 name=router

/ip firewall filter

add chain=input comment="default configuration" protocol=icmp

add chain=input comment="default configuration" connection-state=\

established,related

add action=drop chain=input comment="default configuration" in-interface=\

ether1-gateway

add action=fasttrack-connection chain=forward comment=\

"default configuration" connection-state=established,related

add chain=forward comment="default configuration" connection-state=\

established,related

add action=drop chain=forward comment="default configuration" \

connection-state=invalid

add action=drop chain=forward comment="default configuration" \

connection-nat-state=!dstnat connection-state=new in-interface=\

ether1-gateway

/ip firewall nat

add action=masquerade chain=srcnat comment="default configuration" \

out-interface=ether1-gateway

/system clock

set time-zone-name=Europe/Moscow

/system identity

set name=cap-1

/system routerboard settings

set cpu-frequency=650MHz protected-routerboot=disabled

/tool mac-server

set [ find default=yes ] disabled=yes

add interface=ether2-master-local

add interface=ether3-slave-local

add interface=ether4-slave-local

add interface=wlan1

add interface=bridge-local

/tool mac-server mac-winbox

set [ find default=yes ] disabled=yes

add interface=ether2-master-local

add interface=ether3-slave-local

add interface=ether4-slave-local

add interface=wlan1

add interface=bridge-local

Изменено пользователем wld

Поделиться сообщением

Ссылка на сообщение
Поделиться на других сайтах

divxl   

divxl
Опубликовано · Жалоба

Начальная конфигурация только на втором. На основном много нужного.

 

Сбросьте начальный конфиг и настройте с нуля вручную.

Поделиться сообщением

Ссылка на сообщение
Поделиться на других сайтах

wld   

wld
Опубликовано · Жалоба

Если вдруг кому интересно. Решилось все снятием галочки локал форвардинг в датапас. При локал форвардинге маршрутизация осуществляется роутерами, а при снятии этой галочки капсманом...

Поделиться сообщением

Ссылка на сообщение
Поделиться на других сайтах

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Гость
Ответить в тему...

×   Вставлено в виде отформатированного текста.   Вставить в виде обычного текста

  Разрешено не более 75 смайлов.

×   Ваша ссылка была автоматически встроена.   Отобразить как ссылку

×   Ваш предыдущий контент был восстановлен.   Очистить редактор

×   Вы не можете вставить изображения напрямую. Загрузите или вставьте изображения по ссылке.

×
Подписчики 0
Перейти к списку тем Mikrotik Wireless