1
Dynamische V-LANs für Wifi (Capsman) und LAN auf Mikrotik mit RADIUS
Hallo ...
ich benötige mal Eure Hilfe bei dem oben genannten Thema dass ich nicht final zum Laufen bekomme.
Habe nach der Anleitung gearbeitet >> Dynamische VLAN Zuweisung für WLAN (u. LAN) Clients mit Mikrotik
Hardware / Layout wie folgt >>
INTERNET <-> OPNSENSE <-> CRS354-48P [CAPSMAN] <-> 4x CAP XL
Status ist - dass ich mich egal was im RADIUS hinterlegt ist, über die APs anmelden kann,
und dann im V-LAN-1 lande - dort aber trotz IP/DNS/GATEWAY nicht ins Internet komme.
Zum einen ist wohl das RADIUS/AUTH-Setup nicht korrekt, und zum anderen komme
ich wohl nicht durch zur OPNSENSE ... was grundsätzlich vom Switch aus funktioniert,
denn ich konnte das ROS updaten ...
Vielen Dank für Eure Hilfe !!!
CONFIG >>
ich benötige mal Eure Hilfe bei dem oben genannten Thema dass ich nicht final zum Laufen bekomme.
Habe nach der Anleitung gearbeitet >> Dynamische VLAN Zuweisung für WLAN (u. LAN) Clients mit Mikrotik
Hardware / Layout wie folgt >>
INTERNET <-> OPNSENSE <-> CRS354-48P [CAPSMAN] <-> 4x CAP XL
Status ist - dass ich mich egal was im RADIUS hinterlegt ist, über die APs anmelden kann,
und dann im V-LAN-1 lande - dort aber trotz IP/DNS/GATEWAY nicht ins Internet komme.
Zum einen ist wohl das RADIUS/AUTH-Setup nicht korrekt, und zum anderen komme
ich wohl nicht durch zur OPNSENSE ... was grundsätzlich vom Switch aus funktioniert,
denn ich konnte das ROS updaten ...
Vielen Dank für Eure Hilfe !!!
CONFIG >>
# 2024-08-19 21:41:04 by RouterOS 7.15.3
# software id = M4DD-K394
#
# model = CRS354-48P-4S+2Q+
# serial number = F3160F97580C
/caps-man channel
add band=2ghz-g/n control-channel-width=20mhz extension-channel=disabled \
frequency=2412 name=2ghz-CH3
add band=2ghz-g/n control-channel-width=20mhz extension-channel=disabled \
frequency=2432 name=2ghz-CH5
add band=2ghz-g/n control-channel-width=20mhz extension-channel=disabled \
frequency=2452 name=2ghz-CH7
add band=2ghz-g/n control-channel-width=20mhz extension-channel=disabled \
frequency=2472 name=2ghz-CH9
/interface bridge
add igmp-snooping=yes ingress-filtering=no name=bridge port-cost-mode=short \
vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] name=01-Kitchen-01
set [ find default-name=ether2 ] name=02-Kitchen-02
set [ find default-name=ether3 ] name=03-Maja-Office-01
set [ find default-name=ether4 ] name=04-Maja-Office-04
set [ find default-name=ether5 ] name=05-Aisle-01
set [ find default-name=ether6 ] name=06-Aisle-02
set [ find default-name=ether7 ] name=07-Lenn-01
set [ find default-name=ether8 ] name=08-Lenn-02
set [ find default-name=ether9 ] name=09-Tuuli-01
set [ find default-name=ether10 ] name=10-Tuuli-02
set [ find default-name=ether11 ] name=11-Ralf-Office-01
set [ find default-name=ether12 ] name=12-Ralf-Office-02
set [ find default-name=ether13 ] name=13-Master-Bedroom-01
set [ find default-name=ether14 ] name=14-Master-Bedroom-02
set [ find default-name=ether15 ] name=15-Dining-01
set [ find default-name=ether16 ] name=16-Dining-02
set [ find default-name=ether17 ] name=17-Living-01
set [ find default-name=ether18 ] name=18-Living-02
set [ find default-name=ether19 ] name=19-Front-Door
set [ find default-name=ether20 ] name=20-1stFloor-Tablet
set [ find default-name=ether21 ] name=21-Kitchen-Tablet
set [ find default-name=ether22 ] name=22-HWR-Heating
set [ find default-name=ether23 ] name=23-Garden-House-01
set [ find default-name=ether24 ] name=24-Garden-House-02
set [ find default-name=ether25 ] name=25-Garden-House-03
set [ find default-name=ether26 ] name=26-Garden-House-04
set [ find default-name=ether27 ] name=27-Garden-House-05
set [ find default-name=ether34 ] name=34-CapsMan-01
set [ find default-name=ether48 ] name=48-Uplink-Opnsens
/caps-man interface
add disabled=no l2mtu=1600 mac-address=18:FD:74:92:79:E3 master-interface=\
none name=cap2 radio-mac=18:FD:74:92:79:E3 radio-name=18FD749279E3
add disabled=no l2mtu=1600 mac-address=18:FD:74:92:7E:9F master-interface=\
none name=cap4 radio-mac=18:FD:74:92:7E:9F radio-name=18FD74927E9F
add disabled=no l2mtu=1600 mac-address=18:FD:74:94:F2:33 master-interface=\
none name=cap6 radio-mac=18:FD:74:94:F2:33 radio-name=18FD7494F233
add disabled=no l2mtu=1600 mac-address=18:FD:74:92:76:B1 master-interface=\
none name=cap8 radio-mac=18:FD:74:92:76:B1 radio-name=18FD749276B1
/interface vlan
add interface=bridge name=vlan1 vlan-id=1
add interface=bridge name=vlan10-Server vlan-id=10
add interface=bridge name=vlan20-Private vlan-id=20
add interface=bridge name=vlan30-Guest vlan-id=30
add interface=bridge name=vlan40-IoT vlan-id=40
/caps-man datapath
add bridge=bridge local-forwarding=yes name=datapath1
/caps-man configuration
add country=germany datapath=datapath1 mode=ap multicast-helper=full name=\
dynamic-VLANs ssid=HONEYPOT
/caps-man security
add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm \
group-key-update=1h name=WPA2
/caps-man interface
add channel=2ghz-CH3 configuration=dynamic-VLANs datapath=datapath1 disabled=\
no l2mtu=1600 mac-address=18:FD:74:92:79:E2 master-interface=none name=\
cap1 radio-mac=18:FD:74:92:79:E2 radio-name=18FD749279E2 security=WPA2
add channel=2ghz-CH5 channel.frequency=2432 configuration=dynamic-VLANs \
datapath=datapath1 disabled=no l2mtu=1600 mac-address=18:FD:74:92:7E:9E \
master-interface=none name=cap3 radio-mac=18:FD:74:92:7E:9E radio-name=\
18FD74927E9E security=WPA2
add channel=2ghz-CH7 configuration=dynamic-VLANs datapath=datapath1 disabled=\
no l2mtu=1600 mac-address=18:FD:74:94:F2:32 master-interface=none name=\
cap5 radio-mac=18:FD:74:94:F2:32 radio-name=18FD7494F232 security=WPA2
add channel=2ghz-CH9 channel.frequency=2472 configuration=dynamic-VLANs \
datapath=datapath1 disabled=no l2mtu=1600 mac-address=18:FD:74:92:76:B0 \
master-interface=none name=cap7 radio-mac=18:FD:74:92:76:B0 radio-name=\
18FD749276B0 security=WPA2
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=vlan1-pool ranges=192.168.1.100-192.168.1.200
add name=vlan10-pool ranges=192.168.10.100-192.168.10.200
add name=vlan20-pool ranges=192.168.20.100-192.168.20.200
add name=vlan30-pool ranges=192.168.30.100-192.168.30.200
add name=vlan40-pool ranges=192.168.40.100-192.168.40.200
/ip dhcp-server
add address-pool=vlan1-pool interface=vlan1 lease-script="# DNS TTL to set for\
\_DNS entries\r\
\n:local dnsttl \"00:15:00\";\r\
\n\r\
\n###\r\
\n# Script entry point\r\
\n#\r\
\n# Expected environment variables:\r\
\n# leaseBound 1 = lease bound, 0 = lease removed\r\
\n# leaseServerName Name of DHCP server\r\
\n# leaseActIP IP address of DHCP client\r\
\n# leaseActMAC MAC address of DHCP client\r\
\n###\r\
\n\r\
\n:local scriptName \"dhcp2dns\"\r\
\n:do {\r\
\n :local scriptObj [:parse [/system script get \$scriptName source]]\r\
\n \$scriptObj leaseBound=\$leaseBound leaseServerName=\$leaseServerName \
leaseActIP=\$leaseActIP leaseActMAC=\$leaseActMAC\r\
\n} on-error={ :log warning \"DHCP server '\$leaseServerName' lease script\
\_error\" };\r\
\n\r\
\n# \"a.b.c.d\" -> \"a-b-c-d\" for IP addresses used as replacement for mi\
ssing host names\r\
\n:local ip2Host do=\\\r\
\n{\r\
\n :local outStr\r\
\n :for i from=0 to=([:len \$inStr] - 1) do=\\\r\
\n {\r\
\n :local tmp [:pick \$inStr \$i];\r\
\n :if (\$tmp =\".\") do=\\\r\
\n {\r\
\n :set tmp \"-\"\r\
\n }\r\
\n :set outStr (\$outStr . \$tmp)\r\
\n }\r\
\n :return \$outStr\r\
\n}\r\
\n\r\
\n:local mapHostName do={\r\
\n# param: name\r\
\n# max length = 63\r\
\n# allowed chars a-z,0-9,-\r\
\n :local allowedChars \"abcdefghijklmnopqrstuvwxyz0123456789-\";\r\
\n :local numChars [:len \$name];\r\
\n :if (\$numChars > 63) do={:set numChars 63};\r\
\n :local result \"\";\r\
\n\r\
\n :for i from=0 to=(\$numChars - 1) do={\r\
\n :local char [:pick \$name \$i];\r\
\n :if ([:find \$allowedChars \$char] < 0) do={:set char \"-\"};\r\
\n :set result (\$result . \$char);\r\
\n }\r\
\n :return \$result;\r\
\n}\r\
\n\r\
\n:local lowerCase do={\r\
\n# param: entry\r\
\n :local lower \"abcdefghijklmnopqrstuvwxyz\";\r\
\n :local upper \"ABCDEFGHIJKLMNOPQRSTUVWXYZ\";\r\
\n :local result \"\";\r\
\n :for i from=0 to=([:len \$entry] - 1) do={\r\
\n :local char [:pick \$entry \$i];\r\
\n :local pos [:find \$upper \$char];\r\
\n :if (\$pos > -1) do={:set char [:pick \$lower \$pos]};\r\
\n :set result (\$result . \$char);\r\
\n }\r\
\n :return \$result;\r\
\n}\r\
\n\r\
\n:local token \"\$leaseServerName-\$leaseActMAC\";\r\
\n:local LogPrefix \"DHCP2DNS (\$leaseServerName)\"\r\
\n\r\
\n:if ( [ :len \$leaseActIP ] <= 0 ) do=\\\r\
\n{\r\
\n :log error \"\$LogPrefix: empty lease address\"\r\
\n :error \"empty lease address\"\r\
\n}\r\
\n\r\
\n:if ( \$leaseBound = 1 ) do=\\\r\
\n{\r\
\n # new DHCP lease added\r\
\n /ip dhcp-server\r\
\n #:local dnsttl [ get [ find name=\$leaseServerName ] lease-time ]\r\
\n network\r\
\n :local domain [ get [ find \$leaseActIP in address ] domain ]\r\
\n #:log info \"\$LogPrefix: DNS domain is \$domain\"\r\
\n\r\
\n :local hostname [/ip dhcp-server lease get [:pick [find mac-address=\$\
leaseActMAC and server=\$leaseServerName] 0] value-name=host-name]\r\
\n #:log info \"\$LogPrefix: DHCP hostname is \$hostname\"\r\
\n\r\
\n #Hostname cleanup\r\
\n :if ( [ :len \$hostname ] <= 0 ) do=\\\r\
\n {\r\
\n :set hostname [ \$ip2Host inStr=\$leaseActIP ]\r\
\n :log info \"\$LogPrefix: Empty hostname for '\$leaseActIP', using ge\
nerated host name '\$hostname'\"\r\
\n }\r\
\n :set hostname [\$lowerCase entry=\$hostname]\r\
\n :set hostname [\$mapHostName name=\$hostname]\r\
\n #:log info \"\$LogPrefix: Clean hostname for FQDN is \$hostname\";\r\
\n\r\
\n :if ( [ :len \$domain ] <= 0 ) do=\\\r\
\n {\r\
\n :log warning \"\$LogPrefix: Empty domainname for '\$leaseActIP', can\
not create static DNS name\"\r\
\n :error \"Empty domainname for '\$leaseActIP'\"\r\
\n }\r\
\n\r\
\n :local fqdn (\$hostname . \".\" . \$domain)\r\
\n #:log info \"\$LogPrefix: FQDN for DNS is \$fqdn\"\r\
\n\r\
\n :if ([/ip dhcp-server lease get [:pick [find mac-address=\$leaseActM\
AC and server=\$leaseServerName] 0] ]) do={\r\
\n # :log info message=\"\$LogPrefix: \$leaseActMAC -> \$hostname\"\r\
\n :do {\r\
\n /ip dns static add address=\$leaseActIP name=\$fqdn ttl=\$dnsttl\
\_comment=\$token;\r\
\n } on-error={:log error message=\"\$LogPrefix: Failure during dns r\
egistration of \$fqdn with \$leaseActIP\"}\r\
\n }\r\
\n\r\
\n} else={\r\
\n# DHCP lease removed\r\
\n /ip dns static remove [find comment=\$token];\r\
\n} " name=dhcp-vlan1
add address-pool=vlan10-pool interface=vlan10-Server lease-script="# DNS TTL t\
o set for DNS entries\r\
\n:local dnsttl \"00:15:00\";\r\
\n\r\
\n###\r\
\n# Script entry point\r\
\n#\r\
\n# Expected environment variables:\r\
\n# leaseBound 1 = lease bound, 0 = lease removed\r\
\n# leaseServerName Name of DHCP server\r\
\n# leaseActIP IP address of DHCP client\r\
\n# leaseActMAC MAC address of DHCP client\r\
\n###\r\
\n\r\
\n:local scriptName \"dhcp2dns\"\r\
\n:do {\r\
\n :local scriptObj [:parse [/system script get \$scriptName source]]\r\
\n \$scriptObj leaseBound=\$leaseBound leaseServerName=\$leaseServerName \
leaseActIP=\$leaseActIP leaseActMAC=\$leaseActMAC\r\
\n} on-error={ :log warning \"DHCP server '\$leaseServerName' lease script\
\_error\" };\r\
\n\r\
\n# \"a.b.c.d\" -> \"a-b-c-d\" for IP addresses used as replacement for mi\
ssing host names\r\
\n:local ip2Host do=\\\r\
\n{\r\
\n :local outStr\r\
\n :for i from=0 to=([:len \$inStr] - 1) do=\\\r\
\n {\r\
\n :local tmp [:pick \$inStr \$i];\r\
\n :if (\$tmp =\".\") do=\\\r\
\n {\r\
\n :set tmp \"-\"\r\
\n }\r\
\n :set outStr (\$outStr . \$tmp)\r\
\n }\r\
\n :return \$outStr\r\
\n}\r\
\n\r\
\n:local mapHostName do={\r\
\n# param: name\r\
\n# max length = 63\r\
\n# allowed chars a-z,0-9,-\r\
\n :local allowedChars \"abcdefghijklmnopqrstuvwxyz0123456789-\";\r\
\n :local numChars [:len \$name];\r\
\n :if (\$numChars > 63) do={:set numChars 63};\r\
\n :local result \"\";\r\
\n\r\
\n :for i from=0 to=(\$numChars - 1) do={\r\
\n :local char [:pick \$name \$i];\r\
\n :if ([:find \$allowedChars \$char] < 0) do={:set char \"-\"};\r\
\n :set result (\$result . \$char);\r\
\n }\r\
\n :return \$result;\r\
\n}\r\
\n\r\
\n:local lowerCase do={\r\
\n# param: entry\r\
\n :local lower \"abcdefghijklmnopqrstuvwxyz\";\r\
\n :local upper \"ABCDEFGHIJKLMNOPQRSTUVWXYZ\";\r\
\n :local result \"\";\r\
\n :for i from=0 to=([:len \$entry] - 1) do={\r\
\n :local char [:pick \$entry \$i];\r\
\n :local pos [:find \$upper \$char];\r\
\n :if (\$pos > -1) do={:set char [:pick \$lower \$pos]};\r\
\n :set result (\$result . \$char);\r\
\n }\r\
\n :return \$result;\r\
\n}\r\
\n\r\
\n:local token \"\$leaseServerName-\$leaseActMAC\";\r\
\n:local LogPrefix \"DHCP2DNS (\$leaseServerName)\"\r\
\n\r\
\n:if ( [ :len \$leaseActIP ] <= 0 ) do=\\\r\
\n{\r\
\n :log error \"\$LogPrefix: empty lease address\"\r\
\n :error \"empty lease address\"\r\
\n}\r\
\n\r\
\n:if ( \$leaseBound = 1 ) do=\\\r\
\n{\r\
\n # new DHCP lease added\r\
\n /ip dhcp-server\r\
\n #:local dnsttl [ get [ find name=\$leaseServerName ] lease-time ]\r\
\n network\r\
\n :local domain [ get [ find \$leaseActIP in address ] domain ]\r\
\n #:log info \"\$LogPrefix: DNS domain is \$domain\"\r\
\n\r\
\n :local hostname [/ip dhcp-server lease get [:pick [find mac-address=\$\
leaseActMAC and server=\$leaseServerName] 0] value-name=host-name]\r\
\n #:log info \"\$LogPrefix: DHCP hostname is \$hostname\"\r\
\n\r\
\n #Hostname cleanup\r\
\n :if ( [ :len \$hostname ] <= 0 ) do=\\\r\
\n {\r\
\n :set hostname [ \$ip2Host inStr=\$leaseActIP ]\r\
\n :log info \"\$LogPrefix: Empty hostname for '\$leaseActIP', using ge\
nerated host name '\$hostname'\"\r\
\n }\r\
\n :set hostname [\$lowerCase entry=\$hostname]\r\
\n :set hostname [\$mapHostName name=\$hostname]\r\
\n #:log info \"\$LogPrefix: Clean hostname for FQDN is \$hostname\";\r\
\n\r\
\n :if ( [ :len \$domain ] <= 0 ) do=\\\r\
\n {\r\
\n :log warning \"\$LogPrefix: Empty domainname for '\$leaseActIP', can\
not create static DNS name\"\r\
\n :error \"Empty domainname for '\$leaseActIP'\"\r\
\n }\r\
\n\r\
\n :local fqdn (\$hostname . \".\" . \$domain)\r\
\n #:log info \"\$LogPrefix: FQDN for DNS is \$fqdn\"\r\
\n\r\
\n :if ([/ip dhcp-server lease get [:pick [find mac-address=\$leaseActM\
AC and server=\$leaseServerName] 0] ]) do={\r\
\n # :log info message=\"\$LogPrefix: \$leaseActMAC -> \$hostname\"\r\
\n :do {\r\
\n /ip dns static add address=\$leaseActIP name=\$fqdn ttl=\$dnsttl\
\_comment=\$token;\r\
\n } on-error={:log error message=\"\$LogPrefix: Failure during dns r\
egistration of \$fqdn with \$leaseActIP\"}\r\
\n }\r\
\n\r\
\n} else={\r\
\n# DHCP lease removed\r\
\n /ip dns static remove [find comment=\$token];\r\
\n} " name=dhcp-vlan10
add address-pool=vlan20-pool interface=vlan20-Private lease-script="# DNS TTL \
to set for DNS entries\r\
\n:local dnsttl \"00:15:00\";\r\
\n\r\
\n###\r\
\n# Script entry point\r\
\n#\r\
\n# Expected environment variables:\r\
\n# leaseBound 1 = lease bound, 0 = lease removed\r\
\n# leaseServerName Name of DHCP server\r\
\n# leaseActIP IP address of DHCP client\r\
\n# leaseActMAC MAC address of DHCP client\r\
\n###\r\
\n\r\
\n:local scriptName \"dhcp2dns\"\r\
\n:do {\r\
\n :local scriptObj [:parse [/system script get \$scriptName source]]\r\
\n \$scriptObj leaseBound=\$leaseBound leaseServerName=\$leaseServerName \
leaseActIP=\$leaseActIP leaseActMAC=\$leaseActMAC\r\
\n} on-error={ :log warning \"DHCP server '\$leaseServerName' lease script\
\_error\" };\r\
\n\r\
\n# \"a.b.c.d\" -> \"a-b-c-d\" for IP addresses used as replacement for mi\
ssing host names\r\
\n:local ip2Host do=\\\r\
\n{\r\
\n :local outStr\r\
\n :for i from=0 to=([:len \$inStr] - 1) do=\\\r\
\n {\r\
\n :local tmp [:pick \$inStr \$i];\r\
\n :if (\$tmp =\".\") do=\\\r\
\n {\r\
\n :set tmp \"-\"\r\
\n }\r\
\n :set outStr (\$outStr . \$tmp)\r\
\n }\r\
\n :return \$outStr\r\
\n}\r\
\n\r\
\n:local mapHostName do={\r\
\n# param: name\r\
\n# max length = 63\r\
\n# allowed chars a-z,0-9,-\r\
\n :local allowedChars \"abcdefghijklmnopqrstuvwxyz0123456789-\";\r\
\n :local numChars [:len \$name];\r\
\n :if (\$numChars > 63) do={:set numChars 63};\r\
\n :local result \"\";\r\
\n\r\
\n :for i from=0 to=(\$numChars - 1) do={\r\
\n :local char [:pick \$name \$i];\r\
\n :if ([:find \$allowedChars \$char] < 0) do={:set char \"-\"};\r\
\n :set result (\$result . \$char);\r\
\n }\r\
\n :return \$result;\r\
\n}\r\
\n\r\
\n:local lowerCase do={\r\
\n# param: entry\r\
\n :local lower \"abcdefghijklmnopqrstuvwxyz\";\r\
\n :local upper \"ABCDEFGHIJKLMNOPQRSTUVWXYZ\";\r\
\n :local result \"\";\r\
\n :for i from=0 to=([:len \$entry] - 1) do={\r\
\n :local char [:pick \$entry \$i];\r\
\n :local pos [:find \$upper \$char];\r\
\n :if (\$pos > -1) do={:set char [:pick \$lower \$pos]};\r\
\n :set result (\$result . \$char);\r\
\n }\r\
\n :return \$result;\r\
\n}\r\
\n\r\
\n:local token \"\$leaseServerName-\$leaseActMAC\";\r\
\n:local LogPrefix \"DHCP2DNS (\$leaseServerName)\"\r\
\n\r\
\n:if ( [ :len \$leaseActIP ] <= 0 ) do=\\\r\
\n{\r\
\n :log error \"\$LogPrefix: empty lease address\"\r\
\n :error \"empty lease address\"\r\
\n}\r\
\n\r\
\n:if ( \$leaseBound = 1 ) do=\\\r\
\n{\r\
\n # new DHCP lease added\r\
\n /ip dhcp-server\r\
\n #:local dnsttl [ get [ find name=\$leaseServerName ] lease-time ]\r\
\n network\r\
\n :local domain [ get [ find \$leaseActIP in address ] domain ]\r\
\n #:log info \"\$LogPrefix: DNS domain is \$domain\"\r\
\n\r\
\n :local hostname [/ip dhcp-server lease get [:pick [find mac-address=\$\
leaseActMAC and server=\$leaseServerName] 0] value-name=host-name]\r\
\n #:log info \"\$LogPrefix: DHCP hostname is \$hostname\"\r\
\n\r\
\n #Hostname cleanup\r\
\n :if ( [ :len \$hostname ] <= 0 ) do=\\\r\
\n {\r\
\n :set hostname [ \$ip2Host inStr=\$leaseActIP ]\r\
\n :log info \"\$LogPrefix: Empty hostname for '\$leaseActIP', using ge\
nerated host name '\$hostname'\"\r\
\n }\r\
\n :set hostname [\$lowerCase entry=\$hostname]\r\
\n :set hostname [\$mapHostName name=\$hostname]\r\
\n #:log info \"\$LogPrefix: Clean hostname for FQDN is \$hostname\";\r\
\n\r\
\n :if ( [ :len \$domain ] <= 0 ) do=\\\r\
\n {\r\
\n :log warning \"\$LogPrefix: Empty domainname for '\$leaseActIP', can\
not create static DNS name\"\r\
\n :error \"Empty domainname for '\$leaseActIP'\"\r\
\n }\r\
\n\r\
\n :local fqdn (\$hostname . \".\" . \$domain)\r\
\n #:log info \"\$LogPrefix: FQDN for DNS is \$fqdn\"\r\
\n\r\
\n :if ([/ip dhcp-server lease get [:pick [find mac-address=\$leaseActM\
AC and server=\$leaseServerName] 0] ]) do={\r\
\n # :log info message=\"\$LogPrefix: \$leaseActMAC -> \$hostname\"\r\
\n :do {\r\
\n /ip dns static add address=\$leaseActIP name=\$fqdn ttl=\$dnsttl\
\_comment=\$token;\r\
\n } on-error={:log error message=\"\$LogPrefix: Failure during dns r\
egistration of \$fqdn with \$leaseActIP\"}\r\
\n }\r\
\n\r\
\n} else={\r\
\n# DHCP lease removed\r\
\n /ip dns static remove [find comment=\$token];\r\
\n} " name=dhcp-vlan20
add address-pool=vlan30-pool interface=vlan30-Guest lease-script="# DNS TTL to\
\_set for DNS entries\r\
\n:local dnsttl \"00:15:00\";\r\
\n\r\
\n###\r\
\n# Script entry point\r\
\n#\r\
\n# Expected environment variables:\r\
\n# leaseBound 1 = lease bound, 0 = lease removed\r\
\n# leaseServerName Name of DHCP server\r\
\n# leaseActIP IP address of DHCP client\r\
\n# leaseActMAC MAC address of DHCP client\r\
\n###\r\
\n\r\
\n:local scriptName \"dhcp2dns\"\r\
\n:do {\r\
\n :local scriptObj [:parse [/system script get \$scriptName source]]\r\
\n \$scriptObj leaseBound=\$leaseBound leaseServerName=\$leaseServerName \
leaseActIP=\$leaseActIP leaseActMAC=\$leaseActMAC\r\
\n} on-error={ :log warning \"DHCP server '\$leaseServerName' lease script\
\_error\" };\r\
\n\r\
\n# \"a.b.c.d\" -> \"a-b-c-d\" for IP addresses used as replacement for mi\
ssing host names\r\
\n:local ip2Host do=\\\r\
\n{\r\
\n :local outStr\r\
\n :for i from=0 to=([:len \$inStr] - 1) do=\\\r\
\n {\r\
\n :local tmp [:pick \$inStr \$i];\r\
\n :if (\$tmp =\".\") do=\\\r\
\n {\r\
\n :set tmp \"-\"\r\
\n }\r\
\n :set outStr (\$outStr . \$tmp)\r\
\n }\r\
\n :return \$outStr\r\
\n}\r\
\n\r\
\n:local mapHostName do={\r\
\n# param: name\r\
\n# max length = 63\r\
\n# allowed chars a-z,0-9,-\r\
\n :local allowedChars \"abcdefghijklmnopqrstuvwxyz0123456789-\";\r\
\n :local numChars [:len \$name];\r\
\n :if (\$numChars > 63) do={:set numChars 63};\r\
\n :local result \"\";\r\
\n\r\
\n :for i from=0 to=(\$numChars - 1) do={\r\
\n :local char [:pick \$name \$i];\r\
\n :if ([:find \$allowedChars \$char] < 0) do={:set char \"-\"};\r\
\n :set result (\$result . \$char);\r\
\n }\r\
\n :return \$result;\r\
\n}\r\
\n\r\
\n:local lowerCase do={\r\
\n# param: entry\r\
\n :local lower \"abcdefghijklmnopqrstuvwxyz\";\r\
\n :local upper \"ABCDEFGHIJKLMNOPQRSTUVWXYZ\";\r\
\n :local result \"\";\r\
\n :for i from=0 to=([:len \$entry] - 1) do={\r\
\n :local char [:pick \$entry \$i];\r\
\n :local pos [:find \$upper \$char];\r\
\n :if (\$pos > -1) do={:set char [:pick \$lower \$pos]};\r\
\n :set result (\$result . \$char);\r\
\n }\r\
\n :return \$result;\r\
\n}\r\
\n\r\
\n:local token \"\$leaseServerName-\$leaseActMAC\";\r\
\n:local LogPrefix \"DHCP2DNS (\$leaseServerName)\"\r\
\n\r\
\n:if ( [ :len \$leaseActIP ] <= 0 ) do=\\\r\
\n{\r\
\n :log error \"\$LogPrefix: empty lease address\"\r\
\n :error \"empty lease address\"\r\
\n}\r\
\n\r\
\n:if ( \$leaseBound = 1 ) do=\\\r\
\n{\r\
\n # new DHCP lease added\r\
\n /ip dhcp-server\r\
\n #:local dnsttl [ get [ find name=\$leaseServerName ] lease-time ]\r\
\n network\r\
\n :local domain [ get [ find \$leaseActIP in address ] domain ]\r\
\n #:log info \"\$LogPrefix: DNS domain is \$domain\"\r\
\n\r\
\n :local hostname [/ip dhcp-server lease get [:pick [find mac-address=\$\
leaseActMAC and server=\$leaseServerName] 0] value-name=host-name]\r\
\n #:log info \"\$LogPrefix: DHCP hostname is \$hostname\"\r\
\n\r\
\n #Hostname cleanup\r\
\n :if ( [ :len \$hostname ] <= 0 ) do=\\\r\
\n {\r\
\n :set hostname [ \$ip2Host inStr=\$leaseActIP ]\r\
\n :log info \"\$LogPrefix: Empty hostname for '\$leaseActIP', using ge\
nerated host name '\$hostname'\"\r\
\n }\r\
\n :set hostname [\$lowerCase entry=\$hostname]\r\
\n :set hostname [\$mapHostName name=\$hostname]\r\
\n #:log info \"\$LogPrefix: Clean hostname for FQDN is \$hostname\";\r\
\n\r\
\n :if ( [ :len \$domain ] <= 0 ) do=\\\r\
\n {\r\
\n :log warning \"\$LogPrefix: Empty domainname for '\$leaseActIP', can\
not create static DNS name\"\r\
\n :error \"Empty domainname for '\$leaseActIP'\"\r\
\n }\r\
\n\r\
\n :local fqdn (\$hostname . \".\" . \$domain)\r\
\n #:log info \"\$LogPrefix: FQDN for DNS is \$fqdn\"\r\
\n\r\
\n :if ([/ip dhcp-server lease get [:pick [find mac-address=\$leaseActM\
AC and server=\$leaseServerName] 0] ]) do={\r\
\n # :log info message=\"\$LogPrefix: \$leaseActMAC -> \$hostname\"\r\
\n :do {\r\
\n /ip dns static add address=\$leaseActIP name=\$fqdn ttl=\$dnsttl\
\_comment=\$token;\r\
\n } on-error={:log error message=\"\$LogPrefix: Failure during dns r\
egistration of \$fqdn with \$leaseActIP\"}\r\
\n }\r\
\n\r\
\n} else={\r\
\n# DHCP lease removed\r\
\n /ip dns static remove [find comment=\$token];\r\
\n} " name=dhcp-vlan30
add address-pool=vlan40-pool interface=vlan40-IoT lease-script="# DNS TTL to s\
et for DNS entries\r\
\n:local dnsttl \"00:15:00\";\r\
\n\r\
\n###\r\
\n# Script entry point\r\
\n#\r\
\n# Expected environment variables:\r\
\n# leaseBound 1 = lease bound, 0 = lease removed\r\
\n# leaseServerName Name of DHCP server\r\
\n# leaseActIP IP address of DHCP client\r\
\n# leaseActMAC MAC address of DHCP client\r\
\n###\r\
\n\r\
\n:local scriptName \"dhcp2dns\"\r\
\n:do {\r\
\n :local scriptObj [:parse [/system script get \$scriptName source]]\r\
\n \$scriptObj leaseBound=\$leaseBound leaseServerName=\$leaseServerName \
leaseActIP=\$leaseActIP leaseActMAC=\$leaseActMAC\r\
\n} on-error={ :log warning \"DHCP server '\$leaseServerName' lease script\
\_error\" };\r\
\n\r\
\n# \"a.b.c.d\" -> \"a-b-c-d\" for IP addresses used as replacement for mi\
ssing host names\r\
\n:local ip2Host do=\\\r\
\n{\r\
\n :local outStr\r\
\n :for i from=0 to=([:len \$inStr] - 1) do=\\\r\
\n {\r\
\n :local tmp [:pick \$inStr \$i];\r\
\n :if (\$tmp =\".\") do=\\\r\
\n {\r\
\n :set tmp \"-\"\r\
\n }\r\
\n :set outStr (\$outStr . \$tmp)\r\
\n }\r\
\n :return \$outStr\r\
\n}\r\
\n\r\
\n:local mapHostName do={\r\
\n# param: name\r\
\n# max length = 63\r\
\n# allowed chars a-z,0-9,-\r\
\n :local allowedChars \"abcdefghijklmnopqrstuvwxyz0123456789-\";\r\
\n :local numChars [:len \$name];\r\
\n :if (\$numChars > 63) do={:set numChars 63};\r\
\n :local result \"\";\r\
\n\r\
\n :for i from=0 to=(\$numChars - 1) do={\r\
\n :local char [:pick \$name \$i];\r\
\n :if ([:find \$allowedChars \$char] < 0) do={:set char \"-\"};\r\
\n :set result (\$result . \$char);\r\
\n }\r\
\n :return \$result;\r\
\n}\r\
\n\r\
\n:local lowerCase do={\r\
\n# param: entry\r\
\n :local lower \"abcdefghijklmnopqrstuvwxyz\";\r\
\n :local upper \"ABCDEFGHIJKLMNOPQRSTUVWXYZ\";\r\
\n :local result \"\";\r\
\n :for i from=0 to=([:len \$entry] - 1) do={\r\
\n :local char [:pick \$entry \$i];\r\
\n :local pos [:find \$upper \$char];\r\
\n :if (\$pos > -1) do={:set char [:pick \$lower \$pos]};\r\
\n :set result (\$result . \$char);\r\
\n }\r\
\n :return \$result;\r\
\n}\r\
\n\r\
\n:local token \"\$leaseServerName-\$leaseActMAC\";\r\
\n:local LogPrefix \"DHCP2DNS (\$leaseServerName)\"\r\
\n\r\
\n:if ( [ :len \$leaseActIP ] <= 0 ) do=\\\r\
\n{\r\
\n :log error \"\$LogPrefix: empty lease address\"\r\
\n :error \"empty lease address\"\r\
\n}\r\
\n\r\
\n:if ( \$leaseBound = 1 ) do=\\\r\
\n{\r\
\n # new DHCP lease added\r\
\n /ip dhcp-server\r\
\n #:local dnsttl [ get [ find name=\$leaseServerName ] lease-time ]\r\
\n network\r\
\n :local domain [ get [ find \$leaseActIP in address ] domain ]\r\
\n #:log info \"\$LogPrefix: DNS domain is \$domain\"\r\
\n\r\
\n :local hostname [/ip dhcp-server lease get [:pick [find mac-address=\$\
leaseActMAC and server=\$leaseServerName] 0] value-name=host-name]\r\
\n #:log info \"\$LogPrefix: DHCP hostname is \$hostname\"\r\
\n\r\
\n #Hostname cleanup\r\
\n :if ( [ :len \$hostname ] <= 0 ) do=\\\r\
\n {\r\
\n :set hostname [ \$ip2Host inStr=\$leaseActIP ]\r\
\n :log info \"\$LogPrefix: Empty hostname for '\$leaseActIP', using ge\
nerated host name '\$hostname'\"\r\
\n }\r\
\n :set hostname [\$lowerCase entry=\$hostname]\r\
\n :set hostname [\$mapHostName name=\$hostname]\r\
\n #:log info \"\$LogPrefix: Clean hostname for FQDN is \$hostname\";\r\
\n\r\
\n :if ( [ :len \$domain ] <= 0 ) do=\\\r\
\n {\r\
\n :log warning \"\$LogPrefix: Empty domainname for '\$leaseActIP', can\
not create static DNS name\"\r\
\n :error \"Empty domainname for '\$leaseActIP'\"\r\
\n }\r\
\n\r\
\n :local fqdn (\$hostname . \".\" . \$domain)\r\
\n #:log info \"\$LogPrefix: FQDN for DNS is \$fqdn\"\r\
\n\r\
\n :if ([/ip dhcp-server lease get [:pick [find mac-address=\$leaseActM\
AC and server=\$leaseServerName] 0] ]) do={\r\
\n # :log info message=\"\$LogPrefix: \$leaseActMAC -> \$hostname\"\r\
\n :do {\r\
\n /ip dns static add address=\$leaseActIP name=\$fqdn ttl=\$dnsttl\
\_comment=\$token;\r\
\n } on-error={:log error message=\"\$LogPrefix: Failure during dns r\
egistration of \$fqdn with \$leaseActIP\"}\r\
\n }\r\
\n\r\
\n} else={\r\
\n# DHCP lease removed\r\
\n /ip dns static remove [find comment=\$token];\r\
\n} " name=dhcp-vlan40
/port
set 0 name=serial0
/user-manager user
add name=ladmin
add attributes=Tunnel-Medium-Type:6,Tunnel-Type:13,Tunnel-Private-Group-ID:20 \
name=D2:67:63:73:61:12
add attributes=Tunnel-Medium-Type:6,Tunnel-Type:13,Tunnel-Private-Group-ID:20 \
name=50:B1:27:81:CC:05
/caps-man aaa
set called-format=mac mac-mode=as-username-and-password
/caps-man access-list
add action=query-radius allow-signal-out-of-range=10s disabled=no \
mac-address=00:00:00:00:00:00 ssid-regexp=""
/caps-man manager
set ca-certificate=auto certificate=auto enabled=yes
/interface bridge port
add bridge=bridge ingress-filtering=no interface=34-CapsMan-01 \
internal-path-cost=10 path-cost=10
add bridge=bridge ingress-filtering=no interface=12-Ralf-Office-02
add bridge=bridge ingress-filtering=no interface=16-Dining-02
add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged \
ingress-filtering=no interface=17-Living-01 pvid=20
add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged \
ingress-filtering=no interface=18-Living-02 pvid=20
add bridge=bridge ingress-filtering=no interface=24-Garden-House-02
/ip firewall connection tracking
set udp-timeout=10s
/interface bridge vlan
# vlan1 not a bridge port
add bridge=bridge tagged=bridge,vlan1 untagged=\
12-Ralf-Office-02,16-Dining-02,34-CapsMan-01,24-Garden-House-02 vlan-ids=\
1
# vlan10-Server not a bridge port
add bridge=bridge tagged="bridge,vlan10-Server,12-Ralf-Office-02,16-Dining-02,\
34-CapsMan-01,24-Garden-House-02" vlan-ids=10
# vlan20-Private not a bridge port
add bridge=bridge tagged="bridge,vlan20-Private,12-Ralf-Office-02,16-Dining-02\
,34-CapsMan-01,24-Garden-House-02" untagged=17-Living-01,18-Living-02 \
vlan-ids=20
# vlan30-Guest not a bridge port
add bridge=bridge tagged="bridge,vlan30-Guest,12-Ralf-Office-02,16-Dining-02,3\
4-CapsMan-01,24-Garden-House-02" vlan-ids=30
# vlan40-IoT not a bridge port
add bridge=bridge tagged="bridge,vlan40-IoT,12-Ralf-Office-02,16-Dining-02,34-\
CapsMan-01,24-Garden-House-02" vlan-ids=40
/interface list member
add interface=bridge list=LAN
add interface=vlan1 list=LAN
add interface=vlan10-Server list=LAN
add interface=vlan20-Private list=LAN
add interface=vlan30-Guest list=LAN
add interface=vlan40-IoT list=LAN
add interface=48-Uplink-Opnsens list=LAN
add interface=12-Ralf-Office-02 list=LAN
add interface=16-Dining-02 list=LAN
add interface=24-Garden-House-02 list=LAN
add interface=34-CapsMan-01 list=LAN
/ip address
add address=192.168.1.1/24 interface=vlan1 network=192.168.1.0
add address=192.168.10.1/24 interface=vlan10-Server network=192.168.10.0
add address=192.168.20.1/24 interface=vlan20-Private network=192.168.20.0
add address=192.168.30.1/24 interface=vlan30-Guest network=192.168.30.0
add address=192.168.40.1/24 interface=vlan40-IoT network=192.168.40.0
add address=192.168.0.11/24 interface=ether49 network=192.168.0.0
add address=10.99.1.1/24 interface=48-Uplink-Opnsens network=10.99.1.0
/ip dhcp-server network
add address=192.168.1.0/24 dns-server=192.168.1.1 gateway=192.168.1.1 \
netmask=24 ntp-server=10.99.1.254
add address=192.168.10.0/24 dns-server=192.168.10.1 gateway=192.168.10.1 \
netmask=24 ntp-server=10.99.1.254
add address=192.168.20.0/24 dns-server=192.168.20.1 gateway=192.168.20.1 \
netmask=24 ntp-server=10.99.1.254
add address=192.168.30.0/24 dns-server=192.168.30.1 gateway=192.168.30.1 \
netmask=24 ntp-server=10.99.1.254
add address=192.168.40.0/24 dns-server=192.168.40.1 gateway=192.168.40.1 \
netmask=24 ntp-server=10.99.1.254
/ip dns
set allow-remote-requests=yes servers=10.99.1.254,9.9.9.9,1.1.1.1
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=10.99.1.254 \
pref-src="" routing-table=main scope=30 suppress-hw-offload=no \
target-scope=10
/radius
add address=127.0.0.1 service=wireless,dot1x src-address=127.0.0.1
/radius incoming
set accept=yes
/system clock
set time-zone-name=Europe/Berlin
/system identity
set name=DC-RACK
/system note
set show-at-login=no
/system routerboard settings
set boot-os=router-os
/user-manager
set certificate=CAPsMAN-DC2C6EB2684C enabled=yes
/user-manager router
add address=127.0.0.1 name=Radius-Router
Share on Facebook
Share on Twitter
Share on Reddit
Share on LinkedinPlease also mark the comments that contributed to the solution of the article
Content-Key: 32847450851
Url: https://administrator.de/contentid/32847450851
Printed on: August 20, 2024 at 05:08 o'clock
1 Comment
