951G как свитч

Тема в разделе "Коммутация", создана пользователем fANSER, 9 апр 2019.

  1. fANSER

    fANSER Новый участник

    Здравствуйте! Проблема такая, 951G все порты ввел в один Bridge, все правила Firewall и NAT пустые. Не работает Multicast IPTV и WakeOnLan, на тупом свитче все работало. Подскажите пожалуйста, где что нажать? :)Спасибо
     
  2. Илья Князев

    Илья Князев Администратор Команда форума

    А Wireless при этом тоже в бридже? Он мультикаст очень сильно не любит.
     
  3. fANSER

    fANSER Новый участник

    Да в бридже, но IPTV по проводному соединению проверяю. Как на wifi запретить мультикаст?
     
  4. Илья Князев

    Илья Князев Администратор Команда форума

    Попробуйте включить IGMP Snooping
    /interface bridge set bridge1 igmp-snooping=yes

    Если не поможет копайте в направлении /bridge filter
     
  5. fANSER

    fANSER Новый участник

    Я пробовал с галкой и без. Не работает, а что там в фильтрах примерно должно быть?
     
  6. Илья Князев

    Илья Князев Администратор Команда форума

    Версия RouterOS какая?
     
  7. fANSER

    fANSER Новый участник

    6.44.2
     
  8. Илья Князев

    Илья Князев Администратор Команда форума

    Wireless в бридже?
     
  9. fANSER

    fANSER Новый участник

    Да, но мне надо по кабелю чтобы работал iptv и wakeonlan
     
  10. Илья Князев

    Илья Князев Администратор Команда форума

    попробуйте убрать Wireless из бриджа или, хотя бы отфильтруйте мультикаст идущий на этот интерфейс
    Проверьте работает ли WoL непосредственно с роутера (команда /tool wol )
     
  11. fANSER

    fANSER Новый участник

    Убрал WLAN с бриджа, IPTV не заработал. WOL с микротика тоже не работает
     
  12. Илья Князев

    Илья Князев Администратор Команда форума

    Что-то странное.
    Дайте конфиг, вдруг чего увижу...
     
    dronclub нравится это.
  13. fANSER

    fANSER Новый участник

    Код:
    # sep/05/2019 22:55:40 by RouterOS 6.45.5
    # software id =
    #
    # model = RBD52G-5HacD2HnD
    # serial number =
    /caps-man channel
    add band=2ghz-onlyn control-channel-width=20mhz name=channel1 tx-power=30
    add band=5ghz-a/n/ac control-channel-width=20mhz name=channel2 tx-power=30
    /caps-man datapath
    add client-to-client-forwarding=yes local-forwarding=yes name=datapath1
    /interface bridge
    add admin-mac=auto-mac=no comment=defconf igmp-snooping=yes name=bridge
    /interface ethernet
    set [ find default-name=ether1 ] speed=100Mbps
    set [ find default-name=ether2 ] speed=100Mbps
    set [ find default-name=ether3 ] speed=100Mbps
    set [ find default-name=ether4 ] speed=100Mbps
    set [ find default-name=ether5 ] speed=100Mbps
    /interface l2tp-client
    add allow=mschap2 connect-to= disabled=no name=l2tp-out1 password= user=ppp1-super
    /interface wireless
    # managed by CAPsMAN
    # channel: 2452/20-Ce/gn(20dBm), SSID: , local forwarding
    set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce disabled=no distance=indoors frequency=auto mode=\
        ap-bridge ssid=BADRNET wireless-protocol=802.11
    # managed by CAPsMAN
    # channel: 5180/20-Ceee/ac/P(20dBm), SSID: , local forwarding
    set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=20/40/80mhz-Ceee disabled=no distance=indoors frequency=auto \
        mode=ap-bridge ssid= wireless-protocol=802.11
    /caps-man security
    add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm name=security1 passphrase=
    /caps-man configuration
    add channel=channel1 country=russia3 datapath=datapath1 distance=indoors hw-protection-mode=cts-to-self installation=indoor \
        mode=ap name= rx-chains=0,1,2 security=security1 ssid= tx-chains=0,1,2
    add channel=channel2 country=russia3 datapath=datapath1 distance=indoors hw-protection-mode=cts-to-self installation=indoor \
        mode=ap name= rx-chains=0,1,2 security=security1 ssid= tx-chains=0,1,2
    /interface list
    add comment=defconf name=WAN
    add comment=defconf name=LAN
    /interface wireless security-profiles
    set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=dynamic-keys supplicant-identity=MikroTik \
        wpa-pre-shared-key=12345678badr wpa2-pre-shared-key=
    /ip hotspot profile
    set [ find default=yes ] html-directory=flash/hotspot
    /ip pool
    add name=dhcp ranges=192.168.0.10-192.168.0.254
    /ip dhcp-server
    add address-pool=dhcp disabled=no interface=bridge name=defconf
    /caps-man access-list
    add action=accept allow-signal-out-of-range=10s disabled=no interface=any signal-range=-85..120 ssid-regexp=""
    /caps-man manager
    set enabled=yes
    /caps-man provisioning
    add action=create-dynamic-enabled hw-supported-modes=b,gn master-configuration=
    add action=create-dynamic-enabled hw-supported-modes=an,ac master-configuration=
    /interface bridge port
    add bridge=bridge comment=defconf interface=ether2
    add bridge=bridge comment=defconf interface=ether3
    add bridge=bridge comment=defconf interface=ether1
    add bridge=bridge comment=defconf interface=ether5
    add bridge=bridge comment=defconf interface=wlan1
    add bridge=bridge comment=defconf interface=wlan2
    /ip neighbor discovery-settings
    set discover-interface-list=LAN
    /interface l2tp-server server
    set authentication=mschap2 enabled=yes
    /interface list member
    add comment=defconf interface=bridge list=LAN
    add comment=defconf interface=ether1 list=WAN
    /interface wireless cap
    #
    set caps-man-addresses=192.168.0.1 enabled=yes interfaces=wlan2,wlan1
    /ip address
    add address=192.168.0.1/24 comment=defconf interface=bridge network=192.168.0.0
    /ip dhcp-client
    add comment=defconf dhcp-options=hostname,clientid disabled=no interface=ether4
    /ip dhcp-server lease
    add address=192.168.0.13 mac-address=34:CE:00:8A:D0:55 server=defconf
    add address=192.168.0.14 mac-address=78:11:DC:56:EE:96 server=defconf
    add address=192.168.0.23 mac-address=B8:27:EB:CB:17:E5 server=defconf
    add address=192.168.0.11 mac-address=78:11:DC:03:F9:32 server=defconf
    add address=192.168.0.57 client-id=1:1c:1b:d:5d:44:6f mac-address=1C:1B:0D:5D:44:6F server=defconf
    add address=192.168.0.50 mac-address=7C:49:EB:A2:C6:7A server=defconf
    add address=192.168.0.12 mac-address=28:6C:07:BC:8A:DE server=defconf
    add address=192.168.0.18 mac-address=00:15:5D:00:14:02 server=defconf
    add address=192.168.0.24 mac-address=10:27:BE:11:89:D7 server=defconf
    add address=192.168.0.39 client-id=1:cc:b1:1a:18:28:a mac-address=CC:B1:1A:18:28:0A server=defconf
    add address=192.168.0.25 client-id=1:4c:5e:c:22:79:d mac-address=4C:5E:0C:22:79:0D server=defconf
    add address=192.168.0.19 client-id=1:f4:f5:db:a:5e:d6 mac-address=F4:F5:DB:0A:5E:D6 server=defconf
    add address=192.168.0.21 client-id=1:44:8a:5b:2b:c5:44 mac-address=44:8A:5B:2B:C5:44 server=defconf
    add address=192.168.0.17 client-id=1:30:7:4d:40:78:3f mac-address=30:07:4D:40:78:3F server=defconf
    add address=192.168.0.20 client-id=1:a4:50:46:d6:c:8b mac-address=A4:50:46:D6:0C:8B server=defconf
    add address=192.168.0.16 client-id=1:68:5b:35:94:bf:e0 mac-address=68:5B:35:94:BF:E0 server=defconf
    add address=192.168.0.27 client-id=1:50:e5:49:5a:8c:82 mac-address=50:E5:49:5A:8C:82 server=defconf
    add address=192.168.0.30 client-id=1:f0:76:6f:77:1c:7a mac-address=F0:76:6F:77:1C:7A server=defconf
    add address=192.168.0.26 mac-address=5C:CF:7F:95:E5:0A server=defconf
    /ip dhcp-server network
    add address=192.168.0.0/24 comment=defconf gateway=192.168.0.1 netmask=24
    /ip dns
    set allow-remote-requests=yes
    /ip dns static
    add address=192.168.0.1 name=router.lan
    /ip firewall filter
    add action=accept chain=input connection-state=established,related in-interface=ether4
    add action=accept chain=forward connection-state=established,related in-interface=ether4
    add action=accept chain=forward dst-port=3389 in-interface=ether4 protocol=tcp
    add action=accept chain=input in-interface=ether4 protocol=igmp
    add action=accept chain=input dst-port=8291 in-interface=ether4 protocol=tcp
    add action=accept chain=forward dst-port=5160 in-interface=ether4 protocol=udp src-address=37.192.212.127
    add action=accept chain=forward in-interface=ether4 protocol=udp
    add action=accept chain=input dst-port=1701 in-interface=ether4 protocol=udp
    add action=accept chain=forward dst-port=1234 in-interface=ether4 protocol=udp
    add action=accept chain=input dst-port=1234 in-interface=ether4 protocol=udp
    add action=accept chain=forward in-interface=ether4 port=8123 protocol=tcp
    add action=drop chain=forward connection-state=invalid in-interface=ether4
    add action=drop chain=input in-interface=ether4
    add action=drop chain=forward in-interface=ether4 out-interface=!ether4
    add action=drop chain=forward in-interface=ether4
    /ip firewall nat
    add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface=ether4
    add action=dst-nat chain=dstnat in-interface=ether4 port=8123 protocol=tcp to-addresses=192.168.0.23
    add action=dst-nat chain=dstnat dst-port=5160 in-interface=ether4 protocol=udp to-addresses=192.168.0.3 to-ports=5160
    add action=dst-nat chain=dstnat dst-port=7777 in-interface=ether4 protocol=tcp to-addresses=192.168.0.57 to-ports=3389
    /ip route
    add distance=1 dst-address=192.168.88.0/24 gateway=l2tp-out1 pref-src=192.168.0.1
    /ip service
    set telnet disabled=yes
    set ftp disabled=yes
    set www disabled=yes port=8080
    set ssh disabled=yes
    set api disabled=yes
    set api-ssl disabled=yes
    /ip ssh
    set forwarding-enabled=remote
    /routing igmp-proxy
    set quick-leave=yes
    /routing igmp-proxy interface
    add alternative-subnets=0.0.0.0/0 interface=ether4 upstream=yes
    add interface=bridge
    /system clock
    set time-zone-name=Europe/Moscow
    /tool mac-server
    set allowed-interface-list=LAN
    /tool mac-server mac-winbox
    set allowed-interface-list=LAN
    
     
  14. fANSER

    fANSER Новый участник

    Код:
    # sep/05/2019 22:58:32 by RouterOS 6.45.5
    # software id =
    #
    # model = 951G-2HnD
    # serial number =
    /interface bridge
    add admin-mac= auto-mac=no comment=defconf name=bridge
    /interface wireless
    # managed by CAPsMAN
    # channel: 2452/20-Ce/gn(20dBm), SSID: , local forwarding
    set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \
        disabled=no distance=indoors frequency=auto mode=ap-bridge ssid=\
        MikroTik-227911 wireless-protocol=802.11
    /interface list
    add comment=defconf name=WAN
    add comment=defconf name=LAN
    /interface wireless security-profiles
    set [ find default=yes ] supplicant-identity=MikroTik
    /ip pool
    add name=default-dhcp ranges=192.168.88.10-192.168.88.254
    /ip dhcp-server
    add address-pool=default-dhcp interface=ether2 name=defconf
    /interface bridge port
    add bridge=bridge interface=ether2
    add bridge=bridge interface=ether3
    add bridge=bridge interface=ether4
    add bridge=bridge interface=ether5
    add bridge=bridge interface=wlan1
    add bridge=bridge interface=ether1
    /ip neighbor discovery-settings
    set discover-interface-list=LAN
    /interface list member
    add comment=defconf interface=ether1 list=WAN
    add interface=ether2 list=LAN
    add interface=ether3 list=LAN
    add interface=ether4 list=LAN
    add interface=ether5 list=LAN
    add interface=wlan1 list=LAN
    /interface wireless cap
    #
    set caps-man-addresses=192.168.0.1 enabled=yes interfaces=wlan1
    /ip address
    add address=192.168.88.1/24 comment=defconf disabled=yes interface=bridge \
        network=192.168.88.0
    /ip dhcp-client
    add comment=defconf dhcp-options=hostname,clientid disabled=no interface=bridge
    /ip dhcp-server network
    add address=0.0.0.0/24 comment=defconf gateway=0.0.0.0 netmask=24
    /ip dns
    set allow-remote-requests=yes
    /ip dns static
    add address=192.168.88.1 name=router.lan
    /ip firewall service-port
    set ftp disabled=yes
    set tftp disabled=yes
    set irc disabled=yes
    set h323 disabled=yes
    set sip disabled=yes
    set pptp disabled=yes
    set udplite disabled=yes
    set dccp disabled=yes
    set sctp disabled=yes
    /ip service
    set telnet disabled=yes
    set ftp disabled=yes
    set www disabled=yes
    set ssh disabled=yes
    set api disabled=yes
    set api-ssl disabled=yes
    /ip ssh
    set forwarding-enabled=remote
    /system clock
    set time-zone-name=Europe/Moscow
    /system leds
    add leds=user-led type=off
    /tool mac-server
    set allowed-interface-list=LAN
    /tool mac-server mac-winbox
    set allowed-interface-list=LAN
    /tool sniffer
    set filter-ip-protocol=igmp
    
    Сейчас Wireless через capsman
     
    Последнее редактирование: 5 сен 2019
  15. Илья Князев

    Илья Князев Администратор Команда форума

    Не вижу ошибок.