Настройка 951G-2HnD mikrotik

Настройка компьютеров, модемов. и остального оборудования

Модератор: Lucky SB

Настройка 951G-2HnD mikrotik

Сообщение Adolfius » 16 апр 2018 08:09

Здравствуйте. Вообщем локализовал проблему обвала интернета частично. Переодические отваливатеся инет без ошибок в логах. Если вытащить кабель и вставить обратно, то инет появляться. Подключаюсь по IPOE.
Код: Выделить всё
# apr/16/2018 07:58:20 by RouterOS 6.40.5
# software id = B0XQ-2I5Y
#
# model = 951G-2HnD
# serial number = 46990224B241
/interface bridge
add admin-mac=D4:CA:6D:DD:99:D5 auto-mac=no comment=defconf name=bridge
/interface ethernet
set [ find default-name=ether2 ] name=ether2-master
set [ find default-name=ether3 ] master-port=ether2-master
set [ find default-name=ether4 ] master-port=ether2-master
set [ find default-name=ether5 ] master-port=ether2-master
/interface wireless
set [ find default-name=wlan1 ] adaptive-noise-immunity=ap-and-client-mode \
    antenna-gain=2 band=2ghz-b/g/n country=russia disabled=no distance=\
    indoors frequency=auto hw-protection-mode=rts-cts hw-retries=5 mode=\
    ap-bridge multicast-helper=disabled radio-name=MikroTik ssid=\
    MikroTik-DD99D9 tx-power=15 tx-power-mode=all-rates-fixed \
    wireless-protocol=802.11
/ip neighbor discovery
set ether1 discover=no
/interface wireless nstreme
set wlan1 enable-polling=no framer-policy=dynamic-size
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk eap-methods="" \
    management-protection=allowed mode=dynamic-keys supplicant-identity=\
    MikroTik wpa-pre-shared-key= wpa2-pre-shared-key=
/ip pool
add name=dhcp ranges=192.168.5.10-192.168.5.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
/interface bridge filter
# bad packet mark
add action=drop chain=output out-interface=wlan1 packet-mark="" packet-type=\
    multicast
/interface bridge port
add bridge=bridge comment=defconf interface=ether2-master
add bridge=bridge comment=defconf interface=wlan1
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=192.168.5.1/24 comment=defconf interface=ether2-master network=\
    192.168.5.0
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=\
    ether1
/ip dhcp-server network
add address=192.168.5.0/24 comment=defconf gateway=192.168.5.1 netmask=24
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 name=router.lan
/ip firewall filter
add action=accept chain=input comment=test protocol=udp
add action=accept chain=input in-interface=ether1 protocol=igmp
add action=accept chain=input dst-port=10000 protocol=udp
add action=accept chain=input protocol=icmp
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked disabled=yes
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid disabled=yes
add action=accept chain=input comment="defconf: accept ICMP" disabled=yes \
    protocol=icmp
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    disabled=yes in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    disabled=yes ipsec-policy=out,ipsec
add action=drop chain=forward comment=\
    "defconf:  drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new disabled=yes in-interface-list=WAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    disabled=yes ipsec-policy=in,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related disabled=yes
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked disabled=yes
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid disabled=yes
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN
add action=masquerade chain=srcnat out-interface=ether1
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
set udplite disabled=yes
set dccp disabled=yes
set sctp disabled=yes
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=bridge type=internal
add interface=ether1 type=external
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
add address=::224.0.0.0/100 comment="defconf: other" list=bad_ipv6
add address=::127.0.0.0/104 comment="defconf: other" list=bad_ipv6
add address=::/104 comment="defconf: other" list=bad_ipv6
add address=::255.0.0.0/104 comment="defconf: other" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=\
    icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" port=\
    33434-33534 protocol=udp
add action=accept chain=input comment=\
    "defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=\
    udp src-address=fe80::/16
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 \
    protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=\
    ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=\
    ipsec-esp
add action=accept chain=input comment=\
    "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment=\
    "defconf: drop everything else not coming from LAN" in-interface-list=\
    !LAN
add action=accept chain=forward comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
add action=drop chain=forward comment=\
    "defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" \
    hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=\
    icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=\
    500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=\
    ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=\
    ipsec-esp
add action=accept chain=forward comment=\
    "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment=\
    "defconf: drop everything else not coming from LAN" in-interface-list=\
    !LAN
/routing igmp-proxy interface
add alternative-subnets=235.0.0.0/8,192.168.0.0/16 interface=ether1 upstream=\
    yes
add interface=bridge
/system clock
set time-zone-name=Europe/Moscow
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=bridge
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=bridge
Adolfius
Наблюдатель
Наблюдатель
 
Сообщения: 10
Зарегистрирован:
30 июл 2014 17:24

Re: Настройка 951G-2HnD mikrotik

Сообщение Vit. » 14 май 2018 03:54

полет нормальный (есть немного эксперементального мусора в конфиге, пардон)
Код: Выделить всё
# may/14/2018 03:38:04 by RouterOS 6.43rc6
# software id = EQI4-MU5D
#
# model = 951G-2HnD
# serial number = 642E059048BF
/interface bridge
add admin-mac=E4:8D:8C:E3:70:22 auto-mac=no comment=Bridge fast-forward=no \
    name=bridge1
/interface ethernet
set [ find default-name=ether1 ] advertise=100M-full comment=GateWay
set [ find default-name=ether2 ] advertise=100M-full,1000M-full comment=Local \
    speed=1Gbps
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys \
    supplicant-identity=MikroTik wpa-pre-shared-key=*** \
    wpa2-pre-shared-key=***
add authentication-types=wpa-psk,wpa2-psk management-protection=allowed mode=\
    dynamic-keys name=R2D2 supplicant-identity=MikroTik wpa-pre-shared-key=\
    *** wpa2-pre-shared-key=***
/interface wireless
set [ find default-name=wlan1 ] adaptive-noise-immunity=ap-and-client-mode \
    band=2ghz-b/g/n basic-rates-b="" channel-width=20/40mhz-eC comment=Wlan \
    country=russia disabled=no distance=indoors frequency=2447 \
    frequency-mode=superchannel guard-interval=long mode=ap-bridge \
    multicast-helper=full preamble-mode=long security-profile=R2D2 ssid=R2D2 \
    supported-rates-b="" wireless-protocol=802.11 wmm-support=enabled
/interface wireless manual-tx-power-table
set wlan1 comment=Wlan
/interface wireless nstreme
set wlan1 comment=Wlan
/ip firewall layer7-protocol
add name=youtube regexp="^.+(youtube).*\$"
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-128-cbc
/ip pool
add name=dhcp ranges=192.168.1.2-192.168.1.16
/ip dhcp-server
add address-pool=dhcp authoritative=after-2sec-delay disabled=no interface=\
    bridge1 lease-time=3d name=dhcp1
/snmp community
set [ find default=yes ] addresses=0.0.0.0/0
/interface bridge port
add bridge=bridge1 interface=wlan1
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
/ip address
add address=192.168.1.1/24 comment=Local interface=ether2 network=192.168.1.0
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=ether1
/ip dhcp-server lease
add address=192.168.1.8 comment=Unix mac-address=E8:DE:27:01:96:FC server=\
    dhcp1
add address=192.168.1.7 comment=Server mac-address=9C:B6:54:04:54:98 server=\
    dhcp1
add address=192.168.1.2 always-broadcast=yes mac-address=20:68:9D:86:AD:02 \
    server=dhcp1
add address=192.168.1.3 comment="Lenovo A690" mac-address=80:CF:41:24:DC:3F \
    server=dhcp1
add address=192.168.1.4 mac-address=00:15:AF:54:E3:AF server=dhcp1
add address=192.168.1.5 comment=AsusO!Play mac-address=E0:B9:A5:DC:95:42 \
    server=dhcp1
add address=192.168.1.9 mac-address=A0:EC:80:FE:E8:59 server=dhcp1
add address=192.168.1.10 mac-address=4C:72:B9:D7:DC:71 server=dhcp1
add address=192.168.1.11 mac-address=00:1D:92:4C:CE:24 server=dhcp1
add address=192.168.1.6 mac-address=6C:B7:F4:77:0A:07 server=dhcp1
add address=192.168.1.12 comment="Doogee Titans2" mac-address=\
    00:08:22:B0:62:FC server=dhcp1
add address=192.168.1.13 client-id=1:0:27:15:8c:e0:f1 comment="Doogee X6" \
    mac-address=00:27:15:8C:E0:F1 server=dhcp1
add address=192.168.1.14 client-id=1:4:b1:67:b1:b5:5e comment=Redmi4X \
    mac-address=04:B1:67:B1:B5:5E server=dhcp1
add address=192.168.1.15 client-id=1:ac:b5:7d:4e:db:6b mac-address=\
    AC:B5:7D:4E:DB:6B server=dhcp1
add address=192.168.1.16 client-id=1:2c:60:c:e:40:51 mac-address=\
    2C:60:0C:0E:40:51 server=dhcp1
/ip dhcp-server network
add address=192.168.1.0/24 comment=Lan dns-server=\
    195.98.64.65,195.98.64.66,8.8.8.8 gateway=192.168.1.1
/ip firewall address-list
add address=www.youtube.com list=www.youtube.com
add address=192.168.1.8 list="block youtube"
add address=192.168.1.13 list="block youtube"
add address=www.m.youtube.com list=www.youtube.com
add address=192.168.1.12 comment="doogee titan 2" list="block youtube"
/ip firewall filter
add action=reject chain=forward comment="block youtube\
    \n" dst-address-list=www.youtube.com reject-with=icmp-network-unreachable \
    src-address-list="block youtube"
add action=accept chain=input protocol=icmp
add action=accept chain=forward protocol=icmp
add action=accept chain=input connection-state=established
add action=accept chain=forward connection-state=established
add action=accept chain=input connection-state=related
add action=accept chain=forward connection-state=related
add action=accept chain=forward dst-port=6881-6991 in-interface=ether1 \
    protocol=tcp
add action=accept chain=forward dst-port=6881-6991 in-interface=ether1 \
    protocol=tcp
add action=drop chain=input connection-state=invalid
add action=drop chain=forward connection-state=invalid
add action=drop chain=input in-interface=ether1
add action=accept chain=forward in-interface=!ether1 out-interface=ether1
add action=drop chain=forward
add action=drop chain=input comment="mark youtube packet" disabled=yes \
    packet-mark=youtube_packet
add action=drop chain=forward comment="mark youtube packet" disabled=yes \
    packet-mark=youtube_packet
/ip firewall mangle
add action=mark-connection chain=prerouting comment="mark connection" \
    connection-mark=no-mark disabled=yes dst-port=53 layer7-protocol=*1 \
    new-connection-mark=youtube_conn passthrough=yes protocol=udp \
    src-address=192.168.1.8
add action=mark-packet chain=prerouting comment="mart packet\
    \n" connection-mark=youtube_conn disabled=yes new-packet-mark=\
    youtube_packet passthrough=yes src-address=192.168.1.8
/ip firewall nat
add action=redirect chain=dstnat dst-address-list=www.youtube.com protocol=\
    tcp src-address-list="block youtube" to-ports=8080
add action=masquerade chain=srcnat out-interface=ether1
/ip proxy
set cache-administrator="" parent-proxy=0.0.0.0 src-address=0.0.0.0
/ip proxy access
add action=deny src-address=0.0.0.0/0
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www address=192.168.1.0/24
set ssh disabled=yes
set api disabled=yes
set winbox address=192.168.1.0/24
set api-ssl disabled=yes
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=bridge1 type=internal
add interface=ether1 type=external
/system clock
set time-zone-name=Europe/Moscow
/system leds
set 0 interface=wlan1
/system ntp client
set enabled=yes primary-ntp=193.171.23.163 secondary-ntp=85.114.26.194
/system package update
set channel=release-candidate
/system routerboard settings
set silent-boot=no
/tool bandwidth-server
set allocate-udp-ports-from=1000 authenticate=no max-sessions=1
/tool graphing resource
add allow-address=192.168.1.1/32
/tool sniffer
set filter-interface=all
/tool traffic-monitor
add disabled=yes interface=bridge1 name=bridge threshold=0 trigger=always
add disabled=yes interface=ether1 name=ehter1 threshold=0 trigger=always
add disabled=yes interface=ether2 name=ehter2 threshold=0 trigger=always
add disabled=yes interface=ether3 name=ehter3 threshold=0 trigger=always
add disabled=yes interface=wlan1 name=wlan threshold=0 trigger=always
Vit.

 
Сообщения: 3
Зарегистрирован:
14 янв 2015 00:04


Вернуться в Проблемы в настройке оборудования

Кто сейчас на конференции

Сейчас этот форум просматривают: нет зарегистрированных пользователей и гости: 1