ja osobne bohuzial nemam paru - dvaja klienti su zapojeni priamo do ethernetov na hexe ?
Vypadavaju v rovnaky cas obidva naraz ? eventualne ako casto vypadavaju, raz za hodinu, raz za den, tyzden ?
Aku verziu softu mas, co si uz skusal ? Ked si das pingy z capov na hex, vypadnu nejake v tom case, kedy mas capsmany odpojene ?
hex tento ? https://mikrotik.com/product/RB750Gr3 pouzivas poe ?
nejake ine zaujimave veci v logoch okolo tyhto vypadkov ?
Mikrotik - pre zaciatocnikov
-
mp3turbo
- Pokročilý používateľ
- Príspevky: 13209
- Dátum registrácie: St 27. Apr, 2011, 11:16
- Bydlisko: ta Blava, ňe ?
Re: Mikrotik - pre zaciatocnikov
Som matematik... Vzrusuju ma cisla, napriklad 8300 na otackomeri alebo 2,15 baru z kompresora a este aj 1-12-5-8-3-10-6-7-2-11-4-9.
Re: Mikrotik - pre zaciatocnikov
Cauko, tie ap- cka su zapojene priamo do hexu. A ano hex je to tento posledny. Vypadavanie je take zvlastne, ked sa to to zacne tak sa to opakuje cca kazdych 30-60 min. ROS je vsade posledný. Este pozriem ci v tom case ako sa prerusi spojenie s capsmanom nieco zmeni aj na DHCP. Napajane su klasicky zdrojom ktory je dodavany origo . Nie je tam ani switch. Co som hladal na forach tak nheco tam bolo ohladne RTSP na bridge. Tak skusim na tych Cap vypnut RTSP.
-
mp3turbo
- Pokročilý používateľ
- Príspevky: 13209
- Dátum registrácie: St 27. Apr, 2011, 11:16
- Bydlisko: ta Blava, ňe ?
Re: Mikrotik - pre zaciatocnikov
rapid spanning tree sa nemoze uplatnit v takejto priamej konfiguracii, tam by som problem nehladal.
bridge... jaaaaaaaj katastrofa tohoto sveta.
posledna verzia znamena 7.20.beta7 alebo 7.19.4 ?
v dhcp sprav adresy tych dvoch zariadeni statickymi (/ip dhcp-server lease ; print ; make-static polozkyktoretreba)
otestuj si konektivitu - preto som sa pytal na vypadavajuce pingy. Jedna vec je mat premerane kable (ako konkretne ? nejakym profi pristrojom alebo debilinou za 8 euro ktora ma osem diod a kazda svieti na jednu zilu kabla ?), druha vec je mat to realne funkcne. Uz som videl veci, ktore by ta nenapadli v najhorsom sne.
bridge... jaaaaaaaj katastrofa tohoto sveta.
posledna verzia znamena 7.20.beta7 alebo 7.19.4 ?
v dhcp sprav adresy tych dvoch zariadeni statickymi (/ip dhcp-server lease ; print ; make-static polozkyktoretreba)
otestuj si konektivitu - preto som sa pytal na vypadavajuce pingy. Jedna vec je mat premerane kable (ako konkretne ? nejakym profi pristrojom alebo debilinou za 8 euro ktora ma osem diod a kazda svieti na jednu zilu kabla ?), druha vec je mat to realne funkcne. Uz som videl veci, ktore by ta nenapadli v najhorsom sne.
Som matematik... Vzrusuju ma cisla, napriklad 8300 na otackomeri alebo 2,15 baru z kompresora a este aj 1-12-5-8-3-10-6-7-2-11-4-9.
Re: Mikrotik - pre zaciatocnikov
Verzia je 7.19.4. Ked pozeram log, tak v case toho vypadku tych apeciek sa nic na DHCP serveri neudeje, adresy sa im nemenia, respektive, dhcp server ich nijako v tej chvili neriesi, adresy maju stale platne. Ping som skusal prebehol bez straty. Strukturku som meral normalnym pristrojom , mera aj dlzku kabelaze , vie urcit aj vzdialenost nejakej poruchy , je to lepsi pristroj, konkretne nieco taketo https://www.conrad.sk/sk/p/trend-networ ... 67342.html. Dal som do priloh aj vypis z dneska .
Na prezeranie priložených súborov nemáte dostatočné oprávnenia.
-
mp3turbo
- Pokročilý používateľ
- Príspevky: 13209
- Dátum registrácie: St 27. Apr, 2011, 11:16
- Bydlisko: ta Blava, ňe ?
Re: Mikrotik - pre zaciatocnikov
z tohoto sa neda nic vidiet, obavam sa. DHCP server v takejto situacii nema co riesit - nevieme, ci padne L1, L2 alebo L3 vrstva, keby aj padlo to najhorsie, DHCP server predsa drzi adresu priradenu MAC klientovi nejaky cas a tvoje APcka sa za 30 sekund pripoja. Zo strany DHCP urcite nemame co riesit.
Asi sa bez exportu konfiguracie nezaobideme ( /export ) pripadne na zaciatok by mozno nezaskodili statistiky na ethernete - ak si pamatam dobre, malo by to byt /interface ethernet print stats
Nie je nieco zaujimave napisane na klientoch samotnych ?
nejake dalsie drobnosti, kedy to zacalo robit (lebo doteraz to nerobilo mesiace), bola nejaka zmena okolo toho datumu, atd, atd. chapes suvislosti ktore nemozeme nijako vylustit na dialku
erorr : nebolo to nahodou tak, ze ARMove zariadenia mohli mat len ARMovy Capsman ?
Asi sa bez exportu konfiguracie nezaobideme ( /export ) pripadne na zaciatok by mozno nezaskodili statistiky na ethernete - ak si pamatam dobre, malo by to byt /interface ethernet print stats
Nie je nieco zaujimave napisane na klientoch samotnych ?
nejake dalsie drobnosti, kedy to zacalo robit (lebo doteraz to nerobilo mesiace), bola nejaka zmena okolo toho datumu, atd, atd. chapes suvislosti ktore nemozeme nijako vylustit na dialku
erorr : nebolo to nahodou tak, ze ARMove zariadenia mohli mat len ARMovy Capsman ?
Som matematik... Vzrusuju ma cisla, napriklad 8300 na otackomeri alebo 2,15 baru z kompresora a este aj 1-12-5-8-3-10-6-7-2-11-4-9.
Re: Mikrotik - pre zaciatocnikov
Tak tu je export konfiguracie:model = E50UG
/interface bridge
add admin-mac=F4:1E:57:73:26:4C arp=proxy-arp auto-mac=no comment=defconf name=\
bridge
/interface wireguard
add comment=back-to-home-vpn listen-port=53006 mtu=1420 name=back-to-home-vpn
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wifi security
add authentication-types=wpa2-psk disabled=no ft=yes ft-over-ds=yes name=sec1
/interface wifi configuration
add country=Slovakia datapath.bridge=bridge disabled=no mode=ap name=cfg1 \
security=sec1 ssid=XXXX
/interface wifi
# operated by CAP F4:1E:57:AF:F9:E9%bridge, traffic processing on CAP
add configuration=cfg1 disabled=no name=AP_FILIP radio-mac=F4:1E:57:AF:F9:EF
# operated by CAP F4:1E:57:AF:F9:E9%bridge, traffic processing on CAP
add configuration=cfg1 disabled=no name=AP_FILIP2 radio-mac=F4:1E:57:AF:F9:EE
# operated by CAP F4:1E:57:AF:F6:4D%bridge, traffic processing on CAP
add configuration=cfg1 disabled=no name=AP_OBYVACKA radio-mac=F4:1E:57:AF:F6:53
# operated by CAP F4:1E:57:AF:F6:4D%bridge, traffic processing on CAP
add configuration=cfg1 disabled=no name=AP_OBYVACKA2 radio-mac=\
F4:1E:57:AF:F6:52
/ip pool
add name=default-dhcp ranges=192.168.10.10-192.168.10.254
/ip dhcp-server
add address-pool=default-dhcp interface=bridge lease-time=3h name=defconf
/disk settings
set auto-media-interface=bridge auto-media-sharing=yes auto-smb-sharing=yes
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge interface=dynamic
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/interface ovpn-server server
add mac-address=FE:8F:29:3F:3F:E6 name=ovpn-server1
/interface wifi capsman
set enabled=yes interfaces=bridge package-path="" require-peer-certificate=no \
upgrade-policy=suggest-same-version
/interface wifi provisioning
add action=create-enabled disabled=no master-configuration=cfg1 name-format=%I
/ip address
add address=192.168.10.1/24 comment=defconf interface=bridge network=\
192.168.10.0
add address=192.168.137.38/24 interface=ether1 network=192.168.137.0
/ip cloud
set back-to-home-vpn=enabled ddns-enabled=yes
/ip dhcp-client
add comment=defconf default-route-tables=main disabled=yes interface=ether1
/ip dhcp-server lease
add address=192.168.10.253 client-id=1:f4:1e:57:af:f6:4d mac-address=\
F4:1E:57:AF:F6:4D server=defconf
add address=192.168.10.249 client-id=1:f4:1e:57:af:f9:e9 mac-address=\
F4:1E:57:AF:F9:E9 server=defconf
add address=192.168.10.233 comment="Samsung Chladnicka" mac-address=\
BC:10:2F:7B:EE:0F server=defconf
add address=192.168.10.224 client-id=1:54:8c:81:14:49:11 comment=NVR_HIK \
mac-address=54:8C:81:14:49:11 server=defconf
/ip dhcp-server network
add address=192.168.10.0/24 comment=defconf dns-server=192.168.10.1,8.8.8.8 \
gateway=192.168.10.1
/ip dns
set allow-remote-requests=yes servers=192.168.137.1,185.98.208.2
/ip dns static
add address=192.168.10.1 comment=defconf name=router.lan type=A
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
"defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related hw-offload=yes
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=\
invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" \
connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=\
out,none out-interface-list=WAN
/ip ipsec profile
set [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.137.1 \
routing-table=main scope=30 suppress-hw-offload=no target-scope=10
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" \
dst-port=33434-33534 protocol=udp
add action=accept chain=input comment=\
"defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=\
udp src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 \
protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=\
ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=\
ipsec-esp
add action=accept chain=input comment=\
"defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment=\
"defconf: drop everything else not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=\
invalid
add action=drop chain=forward comment="defconf: drop packets with bad src ipv6" \
src-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: drop packets with bad dst ipv6" \
dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" \
hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=\
icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=500,4500 \
protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=\
ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=\
ipsec-esp
add action=accept chain=forward comment=\
"defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment=\
"defconf: drop everything else not coming from LAN" in-interface-list=!LAN
/system clock
set time-zone-name=Europe/Bratislava
/system identity
set name=Router_Rack
/system routerboard settings
set auto-upgrade=yes
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
/interface bridge
add admin-mac=F4:1E:57:73:26:4C arp=proxy-arp auto-mac=no comment=defconf name=\
bridge
/interface wireguard
add comment=back-to-home-vpn listen-port=53006 mtu=1420 name=back-to-home-vpn
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wifi security
add authentication-types=wpa2-psk disabled=no ft=yes ft-over-ds=yes name=sec1
/interface wifi configuration
add country=Slovakia datapath.bridge=bridge disabled=no mode=ap name=cfg1 \
security=sec1 ssid=XXXX
/interface wifi
# operated by CAP F4:1E:57:AF:F9:E9%bridge, traffic processing on CAP
add configuration=cfg1 disabled=no name=AP_FILIP radio-mac=F4:1E:57:AF:F9:EF
# operated by CAP F4:1E:57:AF:F9:E9%bridge, traffic processing on CAP
add configuration=cfg1 disabled=no name=AP_FILIP2 radio-mac=F4:1E:57:AF:F9:EE
# operated by CAP F4:1E:57:AF:F6:4D%bridge, traffic processing on CAP
add configuration=cfg1 disabled=no name=AP_OBYVACKA radio-mac=F4:1E:57:AF:F6:53
# operated by CAP F4:1E:57:AF:F6:4D%bridge, traffic processing on CAP
add configuration=cfg1 disabled=no name=AP_OBYVACKA2 radio-mac=\
F4:1E:57:AF:F6:52
/ip pool
add name=default-dhcp ranges=192.168.10.10-192.168.10.254
/ip dhcp-server
add address-pool=default-dhcp interface=bridge lease-time=3h name=defconf
/disk settings
set auto-media-interface=bridge auto-media-sharing=yes auto-smb-sharing=yes
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge interface=dynamic
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/interface ovpn-server server
add mac-address=FE:8F:29:3F:3F:E6 name=ovpn-server1
/interface wifi capsman
set enabled=yes interfaces=bridge package-path="" require-peer-certificate=no \
upgrade-policy=suggest-same-version
/interface wifi provisioning
add action=create-enabled disabled=no master-configuration=cfg1 name-format=%I
/ip address
add address=192.168.10.1/24 comment=defconf interface=bridge network=\
192.168.10.0
add address=192.168.137.38/24 interface=ether1 network=192.168.137.0
/ip cloud
set back-to-home-vpn=enabled ddns-enabled=yes
/ip dhcp-client
add comment=defconf default-route-tables=main disabled=yes interface=ether1
/ip dhcp-server lease
add address=192.168.10.253 client-id=1:f4:1e:57:af:f6:4d mac-address=\
F4:1E:57:AF:F6:4D server=defconf
add address=192.168.10.249 client-id=1:f4:1e:57:af:f9:e9 mac-address=\
F4:1E:57:AF:F9:E9 server=defconf
add address=192.168.10.233 comment="Samsung Chladnicka" mac-address=\
BC:10:2F:7B:EE:0F server=defconf
add address=192.168.10.224 client-id=1:54:8c:81:14:49:11 comment=NVR_HIK \
mac-address=54:8C:81:14:49:11 server=defconf
/ip dhcp-server network
add address=192.168.10.0/24 comment=defconf dns-server=192.168.10.1,8.8.8.8 \
gateway=192.168.10.1
/ip dns
set allow-remote-requests=yes servers=192.168.137.1,185.98.208.2
/ip dns static
add address=192.168.10.1 comment=defconf name=router.lan type=A
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
"defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related hw-offload=yes
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=\
invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" \
connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=\
out,none out-interface-list=WAN
/ip ipsec profile
set [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.137.1 \
routing-table=main scope=30 suppress-hw-offload=no target-scope=10
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" \
dst-port=33434-33534 protocol=udp
add action=accept chain=input comment=\
"defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=\
udp src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 \
protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=\
ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=\
ipsec-esp
add action=accept chain=input comment=\
"defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment=\
"defconf: drop everything else not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=\
invalid
add action=drop chain=forward comment="defconf: drop packets with bad src ipv6" \
src-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: drop packets with bad dst ipv6" \
dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" \
hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=\
icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=500,4500 \
protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=\
ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=\
ipsec-esp
add action=accept chain=forward comment=\
"defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment=\
"defconf: drop everything else not coming from LAN" in-interface-list=!LAN
/system clock
set time-zone-name=Europe/Bratislava
/system identity
set name=Router_Rack
/system routerboard settings
set auto-upgrade=yes
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
Naposledy upravil/-a Bono83 v Ne 10. Aug, 2025, 20:47, upravené celkom 1 krát.
Re: Mikrotik - pre zaciatocnikov
A tot je CAP: model = C52iG-5HaxD2HaxD
/interface bridge
add admin-mac=F4:1E:57:AF:F9:E9 auto-mac=no comment=defconf name=bridgeLocal
/interface wifi datapath
add bridge=bridgeLocal comment=defconf disabled=no name=capdp
/interface wifi
# managed by CAPsMAN F4:1E:57:73:26:4C%bridgeLocal, traffic processing on CAP
# mode: AP, SSID: XXXX, channel: 5680/ax/eCee/D
set [ find default-name=wifi1 ] configuration.manager=capsman datapath=capdp \
disabled=no
# managed by CAPsMAN F4:1E:57:73:26:4C%bridgeLocal, traffic processing on CAP
# mode: AP, SSID: XXXX, channel: 2452/ax/Ce
set [ find default-name=wifi2 ] configuration.manager=capsman datapath=capdp \
disabled=no
/interface bridge port
add bridge=bridgeLocal comment=defconf interface=ether1
add bridge=bridgeLocal comment=defconf interface=ether2
add bridge=bridgeLocal comment=defconf interface=ether3
add bridge=bridgeLocal comment=defconf interface=ether4
add bridge=bridgeLocal comment=defconf interface=ether5
/interface wifi cap
set discovery-interfaces=bridgeLocal enabled=yes slaves-datapath=capdp
/ip dhcp-client
add comment=defconf interface=bridgeLocal
/system clock
set time-zone-name=Europe/Bratislava
/system identity
/interface bridge
add admin-mac=F4:1E:57:AF:F9:E9 auto-mac=no comment=defconf name=bridgeLocal
/interface wifi datapath
add bridge=bridgeLocal comment=defconf disabled=no name=capdp
/interface wifi
# managed by CAPsMAN F4:1E:57:73:26:4C%bridgeLocal, traffic processing on CAP
# mode: AP, SSID: XXXX, channel: 5680/ax/eCee/D
set [ find default-name=wifi1 ] configuration.manager=capsman datapath=capdp \
disabled=no
# managed by CAPsMAN F4:1E:57:73:26:4C%bridgeLocal, traffic processing on CAP
# mode: AP, SSID: XXXX, channel: 2452/ax/Ce
set [ find default-name=wifi2 ] configuration.manager=capsman datapath=capdp \
disabled=no
/interface bridge port
add bridge=bridgeLocal comment=defconf interface=ether1
add bridge=bridgeLocal comment=defconf interface=ether2
add bridge=bridgeLocal comment=defconf interface=ether3
add bridge=bridgeLocal comment=defconf interface=ether4
add bridge=bridgeLocal comment=defconf interface=ether5
/interface wifi cap
set discovery-interfaces=bridgeLocal enabled=yes slaves-datapath=capdp
/ip dhcp-client
add comment=defconf interface=bridgeLocal
/system clock
set time-zone-name=Europe/Bratislava
/system identity
-
mp3turbo
- Pokročilý používateľ
- Príspevky: 13209
- Dátum registrácie: St 27. Apr, 2011, 11:16
- Bydlisko: ta Blava, ňe ?
Re: Mikrotik - pre zaciatocnikov
dopytla nemal som cas do tohoto hodinu kukat... preco pouzivas proxy-arp ? nejaky vyrazny dovod ?
" add bridge=bridge interface=dynamic " toto prida do bridžu aj wireguard interface ? strasne nenavidim vsetky interface prekrizene dohromady v takejto kucapace
nastav trosku dlhsie intervaly pre dhcp adresy na klientov, mas tam teraz tri hodiny a podla protokolu DHCP klient (co su v tomto pripade aj obidva tvoje wifi ax2) sa snazi tusim v 80% casu obnovit adresu a cert vie, aky bordel tam nastane na tych bridgeoch
/ip dhcp-server set lease-time=1w
klientov pichni na pevne IP adresy, kludne aj zarezervovanim DHCP leasov (/ip dhcp-server print, pouzit oči a potom make-static AX2(1)MAC a make-static AX2(2)MAC. Nech maju DHCPkom pridelenu pevnu adresu, ktora sa menit nebude.
skus na klientov pridat takyto skript :
================================
/system script
add dont-require-permissions=no name=pingac source="\
\n/ping 192.168.10.1 count=5\
\n\
\n"
================================
/system schedule add name=pingac on-event=pingac interval=30s
================================
spravi to, ze AX2 sa kazdych 30 sekund budu snazit 5x pingat Hex, cim sa urcite obnovia ARP zaznamy. Keby to nahodou prestalo padat, bola by sranda.
wireguard interface ti chodi k plnej spokojnosti ? Nevidim tam mangling paketov, zato mtu 1420 : nieco take ako Path MTU Discovery (PMTUD) nefunguje ani zdaleka dokonalo, tak sa pytam.
OVPN server zapnuty, nejake dalsie automaticke "cloud" vpnky, pouzivas ? Ked nie, nekompromisne vypnut. Rovnako aj IPv6.
Skusme takto na zaciatok. Bohuzial neviem priamo povedat, kde by mala byt chyba - nelubi sa mi toten onen proxy-arp rezim a hlavne nemam skusenosti s capsmanom, lebo ho nepouzivam.
" add bridge=bridge interface=dynamic " toto prida do bridžu aj wireguard interface ? strasne nenavidim vsetky interface prekrizene dohromady v takejto kucapace
nastav trosku dlhsie intervaly pre dhcp adresy na klientov, mas tam teraz tri hodiny a podla protokolu DHCP klient (co su v tomto pripade aj obidva tvoje wifi ax2) sa snazi tusim v 80% casu obnovit adresu a cert vie, aky bordel tam nastane na tych bridgeoch
/ip dhcp-server set lease-time=1w
klientov pichni na pevne IP adresy, kludne aj zarezervovanim DHCP leasov (/ip dhcp-server print, pouzit oči a potom make-static AX2(1)MAC a make-static AX2(2)MAC. Nech maju DHCPkom pridelenu pevnu adresu, ktora sa menit nebude.
skus na klientov pridat takyto skript :
================================
/system script
add dont-require-permissions=no name=pingac source="\
\n/ping 192.168.10.1 count=5\
\n\
\n"
================================
/system schedule add name=pingac on-event=pingac interval=30s
================================
spravi to, ze AX2 sa kazdych 30 sekund budu snazit 5x pingat Hex, cim sa urcite obnovia ARP zaznamy. Keby to nahodou prestalo padat, bola by sranda.
wireguard interface ti chodi k plnej spokojnosti ? Nevidim tam mangling paketov, zato mtu 1420 : nieco take ako Path MTU Discovery (PMTUD) nefunguje ani zdaleka dokonalo, tak sa pytam.
OVPN server zapnuty, nejake dalsie automaticke "cloud" vpnky, pouzivas ? Ked nie, nekompromisne vypnut. Rovnako aj IPv6.
Skusme takto na zaciatok. Bohuzial neviem priamo povedat, kde by mala byt chyba - nelubi sa mi toten onen proxy-arp rezim a hlavne nemam skusenosti s capsmanom, lebo ho nepouzivam.
Som matematik... Vzrusuju ma cisla, napriklad 8300 na otackomeri alebo 2,15 baru z kompresora a este aj 1-12-5-8-3-10-6-7-2-11-4-9.
Re: Mikrotik - pre zaciatocnikov
Proxy- arp pouzivam preto, lebo potom mi funguje prehladavanie siete cez WG,inak som to nevedel rozchodit. Myslim tym nejaky discovery tool. WG funguje ok, dokonca aj tam kde mam len mobilne pripojenie na internet, ziadne pevne adresy, ani porty. Pouzivam iba WG, ziadne ine VPN-ky. IPcky na oboch APckach mam napevno, teda na dhcp serveri mam nastavene static. Priznam sa ze preco je dynamic interface na bridge neviem, to skontrolujem. Ten skript skusim nastavit zajtra. Dakujem pekne zatial.
-
mp3turbo
- Pokročilý používateľ
- Príspevky: 13209
- Dátum registrácie: St 27. Apr, 2011, 11:16
- Bydlisko: ta Blava, ňe ?
Re: Mikrotik - pre zaciatocnikov
paci sa - ouch, tak prehladavanie siete. Mas na viacerych lokalitach 192.168.10.x adresy ?
ked nepouzivas ine vpnky, zrusit /interface ovpn-server server add mac-address=FE:8F:29:3F:3F:E6 name=ovpn-server1
ked nepouzivas ine vpnky, zrusit /interface ovpn-server server add mac-address=FE:8F:29:3F:3F:E6 name=ovpn-server1
Som matematik... Vzrusuju ma cisla, napriklad 8300 na otackomeri alebo 2,15 baru z kompresora a este aj 1-12-5-8-3-10-6-7-2-11-4-9.
Re: Mikrotik - pre zaciatocnikov
Na kazdej lokalite mam ine lokalne adresy. Ovpn server zrusim.