Здравствуйте! Имеются роутер и две точки доступа. Частитно по настройке читал тут. В итоге сеть работает со сбоями. Точки доступа настроил по статике. Клиенты подключаются, получая сетевые настройки, но иногда выход в интернет пропадает. Также по ip точки доступа недоступны через web, хотя пингуются. С чем может быть связана данная ситуация? Сохранил конфиг только роутера. На точки доступа не смог зайти по ip адресу через веб. Через winbox тоже не удалось. Пингуются, а зайти не могу на них. Спойлер: config.rsc # jan/23/2020 20:44:13 by RouterOS 6.46.1 # software id = AFTT-B7IA # # model = RBD52G-5HacD2HnD # serial number = BEEB0AE8CF12 /interface bridge add admin-mac=74:4D:28:F1:89:4D auto-mac=no comment=defconf name=bridge /interface wireless set [ find default-name=wlan1 ] antenna-gain=0 band=2ghz-b/g/n channel-width=\ 20/40mhz-XX country=russia disabled=no distance=indoors frequency=auto \ mode=ap-bridge ssid=Sergei wireless-protocol=802.11 wmm-support=enabled \ wps-mode=disabled set [ find default-name=wlan2 ] antenna-gain=0 band=5ghz-a/n/ac \ channel-width=20/40/80mhz-XXXX country=russia disabled=no distance=\ indoors frequency=auto mode=ap-bridge ssid=Serega wireless-protocol=\ 802.11 wmm-support=enabled wps-mode=disabled /interface list add comment=defconf name=WAN add comment=defconf name=LAN /interface wireless security-profiles set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys \ supplicant-identity=MikroTik wpa-pre-shared-key=18072002cfyz \ wpa2-pre-shared-key=18072002cfyz /ip hotspot profile set [ find default=yes ] html-directory=flash/hotspot /ip pool add name=dhcp ranges=192.168.88.10-192.168.88.254 /ip dhcp-server add address-pool=dhcp disabled=no interface=bridge name=defconf /interface bridge port add bridge=bridge comment=defconf interface=ether2 add bridge=bridge comment=defconf interface=ether3 add bridge=bridge comment=defconf interface=ether4 add bridge=bridge comment=defconf interface=ether5 add bridge=bridge comment=defconf interface=wlan1 add bridge=bridge comment=defconf interface=wlan2 /ip neighbor discovery-settings set discover-interface-list=LAN /interface list member add comment=defconf interface=bridge list=LAN add comment=defconf interface=ether1 list=WAN /ip address add address=192.168.88.1/24 comment=defconf interface=ether2 network=\ 192.168.88.0 add address=192.168.100.36/24 interface=ether1 network=192.168.100.0 /ip dhcp-client add comment=defconf interface=ether1 /ip dhcp-server network add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1 /ip dns set allow-remote-requests=yes servers=192.168.100.1,8.8.8.8 /ip dns static add address=192.168.88.1 name=router.lan /ip firewall filter add action=accept chain=input comment=\ "defconf: accept established,related,untracked" connection-state=\ established,related,untracked add action=drop chain=input comment="defconf: drop invalid" connection-state=\ invalid add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp add action=drop chain=input comment="defconf: drop all not coming from LAN" \ in-interface-list=!LAN add action=accept chain=forward comment="defconf: accept in ipsec policy" \ ipsec-policy=in,ipsec add action=accept chain=forward comment="defconf: accept out ipsec policy" \ ipsec-policy=out,ipsec add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \ connection-state=established,related add action=accept chain=forward comment=\ "defconf: accept established,related, untracked" connection-state=\ established,related,untracked add action=drop chain=forward comment="defconf: drop invalid" \ connection-state=invalid add action=drop chain=forward comment=\ "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \ connection-state=new in-interface-list=WAN /ip firewall nat add action=masquerade chain=srcnat comment="defconf: masquerade" \ ipsec-policy=out,none out-interface-list=WAN /ip route add distance=1 gateway=192.168.100.1 /ip service set telnet disabled=yes set ftp disabled=yes set ssh disabled=yes set api disabled=yes set api-ssl disabled=yes /system clock set time-zone-name=Europe/Moscow /tool mac-server set allowed-interface-list=LAN /tool mac-server mac-winbox set allowed-interface-list=LAN
Попытался настроить CAPsMan. wifi 5ghz отваливается через несколько минут работы. К wifi 2.4ghz вообще не подключиться. Спойлер: configRouter.rsc # feb/01/2020 08:08:12 by RouterOS 6.46.2 # software id = AFTT-B7IA # # model = RBD52G-5HacD2HnD # serial number = BEEB0AE8CF12 /caps-man channel add band=2ghz-b/g/n name=2.4G tx-power=17 add band=5ghz-a/n/ac name=5G tx-power=17 /interface bridge add admin-mac=74:4D:28:F1:89:4D auto-mac=no comment=defconf name=bridge /interface wireless # managed by CAPsMAN # channel: 2452/20-Ce/gn(14dBm), SSID: Sergei, CAPsMAN forwarding set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \ distance=indoors frequency=auto installation=indoor mode=ap-bridge ssid=\ MikroTik-F18951 wireless-protocol=802.11 # managed by CAPsMAN # channel: 5825/20-Ceee/ac(14dBm), SSID: Serega, CAPsMAN forwarding set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=\ 20/40/80mhz-XXXX distance=indoors frequency=auto installation=indoor \ mode=ap-bridge ssid=MikroTik-F18952 wireless-protocol=802.11 /caps-man datapath add bridge=bridge client-to-client-forwarding=yes name=datapath1 /caps-man security add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm \ group-key-update=1h name=security1 passphrase=18072002cfyz /caps-man configuration add channel=2.4G country=russia2 datapath=datapath1 distance=indoors \ guard-interval=long mode=ap name=cfg2.4G rx-chains=0,1,2,3 security=\ security1 ssid=Sergei tx-chains=0,1,2,3 add channel=5G country=russia2 datapath=datapath1 distance=indoors \ guard-interval=long mode=ap name=cfg5G rx-chains=0,1,2,3 security=\ security1 ssid=Serega tx-chains=0,1,2,3 /interface list add comment=defconf name=WAN add comment=defconf name=LAN /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik /ip hotspot profile set [ find default=yes ] html-directory=flash/hotspot /ip pool add name=dhcp ranges=192.168.88.10-192.168.88.254 /ip dhcp-server add address-pool=dhcp disabled=no interface=bridge name=defconf /caps-man access-list add action=accept allow-signal-out-of-range=10s disabled=no interface=all \ signal-range=-80..120 ssid-regexp="" add action=reject allow-signal-out-of-range=10s disabled=no interface=all \ signal-range=-120..-80 ssid-regexp="" /caps-man manager set enabled=yes /caps-man provisioning add action=create-dynamic-enabled hw-supported-modes=g,gn \ master-configuration=cfg2.4G add action=create-dynamic-enabled hw-supported-modes=an,ac \ master-configuration=cfg5G /interface bridge port add bridge=bridge comment=defconf interface=ether2 add bridge=bridge comment=defconf interface=ether3 add bridge=bridge comment=defconf interface=ether4 add bridge=bridge comment=defconf interface=ether5 add bridge=bridge comment=defconf interface=wlan1 add bridge=bridge comment=defconf interface=wlan2 /ip neighbor discovery-settings set discover-interface-list=LAN /interface list member add comment=defconf interface=bridge list=LAN add comment=defconf interface=ether1 list=WAN /interface wireless cap # set caps-man-addresses=127.0.0.1 enabled=yes interfaces=wlan1,wlan2 /ip address add address=192.168.88.1/24 comment=defconf interface=bridge network=\ 192.168.88.0 add address=192.168.100.36/24 interface=ether1 network=192.168.100.0 /ip dhcp-client add comment=defconf interface=ether1 /ip dhcp-server network add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1 /ip dns set allow-remote-requests=yes servers=192.168.100.1 /ip dns static add address=192.168.88.1 comment=defconf name=router.lan /ip firewall filter add action=accept chain=input comment=\ "defconf: accept established,related,untracked" connection-state=\ established,related,untracked add action=drop chain=input comment="defconf: drop invalid" connection-state=\ invalid add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp add action=accept chain=input comment=\ "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1 add action=drop chain=input comment="defconf: drop all not coming from LAN" \ in-interface-list=!LAN add action=accept chain=forward comment="defconf: accept in ipsec policy" \ ipsec-policy=in,ipsec add action=accept chain=forward comment="defconf: accept out ipsec policy" \ ipsec-policy=out,ipsec add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \ connection-state=established,related add action=accept chain=forward comment=\ "defconf: accept established,related, untracked" connection-state=\ established,related,untracked add action=drop chain=forward comment="defconf: drop invalid" \ connection-state=invalid add action=drop chain=forward comment=\ "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \ connection-state=new in-interface-list=WAN /ip firewall nat add action=masquerade chain=srcnat comment="defconf: masquerade" \ ipsec-policy=out,none out-interface-list=WAN /ip route add distance=1 gateway=192.168.100.1 /system clock set time-zone-name=Europe/Moscow /system identity set name=gw /tool mac-server set allowed-interface-list=LAN /tool mac-server mac-winbox set allowed-interface-list=LAN Спойлер: configAP.rsc # feb/01/2020 07:49:21 by RouterOS 6.46.2 # software id = 7NFB-4WA0 # # model = RBwAPG-5HacT2HnD # serial number = BED60BB84899 /interface bridge add name=bridge1 /interface wireless # managed by CAPsMAN # channel: 2452/20-Ce/gn(15dBm), SSID: Sergei, CAPsMAN forwarding set [ find default-name=wlan1 ] ssid=MikroTik # managed by CAPsMAN # channel: 5825/20-Ceee/ac(15dBm), SSID: Serega, CAPsMAN forwarding set [ find default-name=wlan2 ] ssid=MikroTik /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik /interface bridge port add bridge=bridge1 interface=all /interface wireless cap # set discovery-interfaces=bridge1 enabled=yes interfaces=wlan1,wlan2 /ip dhcp-client add disabled=no interface=bridge1 /ip service set telnet disabled=yes set ftp disabled=yes set api disabled=yes set api-ssl disabled=yes /system clock set time-zone-name=Europe/Moscow /system identity set name=ap-01
Почти в каждой теме про проблемы с капсманом написано исключить из бриджа интерфейсы wlan на всех САР Вы создаете петлю и срабатывает защита от петель посмотрите в логе.
