2
Mikrotik CAPsMAN 2
Hallo Mikrotik Spezialisten,
ich habe auf unserem ax3 capsman und teilweise Fast Roaming eingerichtet. Insgesamt funktioniert es nicht schlecht, allerdings bricht bei manchen Endgeräten ab und zu die WLAN-Verbindung für einige Sekunden oder sogar Minuten ab, auch beim Streaming, aber nicht bei allen Geräten (Apple TV´s funktionieren prima). Manchmal muss man dann auf dem iPhone das WLAN aus und wieder einschalten, sonst bleibt die Verbindung weg.
Da es auch noch ältere Endgeräte (z.B. iPad, EBook-Reader) gibt, musste ich zusätzlich ein virtuelles Wifi ohne Fast Roaming einrichten. Beim iPhone 11 hatte ich erlebt, dass es sich mit diesem Wifi automatisch verbunden hatte, obwohl ich es ignoriert hatte.
Ich hatte auch schon bei Wifi Security das "Groups Key Update" höher gesetzt, aber dann hatten die Apple Geräte immer wieder erneut nach dem WPA2 Schlüssel gefragt.
Der ax3 ist mit einem cAP ax und einem ax2 per Kabel verbunden. Beide werden als AP verwendet.
Hier ein Auszug aus dem ax3 Log:
/interface/wifi/registration-table/print:
ich habe auf unserem ax3 capsman und teilweise Fast Roaming eingerichtet. Insgesamt funktioniert es nicht schlecht, allerdings bricht bei manchen Endgeräten ab und zu die WLAN-Verbindung für einige Sekunden oder sogar Minuten ab, auch beim Streaming, aber nicht bei allen Geräten (Apple TV´s funktionieren prima). Manchmal muss man dann auf dem iPhone das WLAN aus und wieder einschalten, sonst bleibt die Verbindung weg.
Da es auch noch ältere Endgeräte (z.B. iPad, EBook-Reader) gibt, musste ich zusätzlich ein virtuelles Wifi ohne Fast Roaming einrichten. Beim iPhone 11 hatte ich erlebt, dass es sich mit diesem Wifi automatisch verbunden hatte, obwohl ich es ignoriert hatte.
Ich hatte auch schon bei Wifi Security das "Groups Key Update" höher gesetzt, aber dann hatten die Apple Geräte immer wieder erneut nach dem WPA2 Schlüssel gefragt.
Der ax3 ist mit einem cAP ax und einem ax2 per Kabel verbunden. Beide werden als AP verwendet.
Hier ein Auszug aus dem ax3 Log:
15:32:32 dhcp,info dhcp1 deassigned 10.10.100.79 for 08:3A:8D:93:6B:18 XS03-WX_321B71
15:32:32 dhcp,info dhcp1 assigned 10.10.100.79 for 08:3A:8D:93:6B:18 XS03-WX_321B71
15:32:32 script,info DHCP2DNS: removing static domain name(s) for address 10.10.100.79
15:32:32 system,info static dns entry removed by dhcp-lease/action:192 (/ip dns static remove *D2C)
15:32:32 script,info DHCP2DNS: registering static domain name XS03-WX-321B71.fasan.home.arpa for address 10.10.100.79 with ttl 1d00:00:00
15:32:32 system,info static dns entry added by dhcp-lease (*D36 = /ip dns static add address=10.10.100.79 comment=#DHCP disabled=no name=XS03-WX-321B71.fasan.home.arpa ttl=1d)
15:35:57 wireless,info AA:01:AC:D8:79:31@wifi1 [HOME 5 Ghz] disconnected, connection lost, signal strength -59
15:37:29 wireless,info 08:3A:8D:93:6B:18@MikroTik cAP ax-2 disconnected, connection lost, signal strength -38
15:37:36 wireless,info AA:01:AC:D8:79:31@MikroTik cAP ax- connected, signal strength -68
15:37:56 wireless,info AA:01:AC:D8:79:31@MikroTik cAP ax- roamed to AA:01:AC:D8:79:31@wifi2 [HOME 2.4 GHz], signal strength -69
15:38:33 wireless,info 3E:2D:9A:C7:53:9F@MikroTik cAP ax-5 roamed to 3E:2D:9A:C7:53:9F@wifi1 [HOME 5 Ghz], signal strength -70
15:38:38 wireless,info 3E:2D:9A:C7:53:9F@wifi1 [HOME 5 Ghz] roamed to 3E:2D:9A:C7:53:9F@MikroTik cAP ax-5, signal strength -64
15:38:59 wireless,info AA:01:AC:D8:79:31@wifi2 [HOME 2.4 GHz] roamed to AA:01:AC:D8:79:31@wifi1 [HOME 5 Ghz], signal strength -85
15:39:11 wireless,info AA:01:AC:D8:79:31@wifi1 [HOME 5 Ghz] roamed to AA:01:AC:D8:79:31@wifi2 [HOME 2.4 GHz], signal strength -66
15:40:11 wireless,info AA:01:AC:D8:79:31@wifi2 [HOME 2.4 GHz] roamed to AA:01:AC:D8:79:31@MikroTik cAP ax-, signal strength -75
15:40:21 wireless,info AA:01:AC:D8:79:31@MikroTik cAP ax- roamed to AA:01:AC:D8:79:31@MikroTik ax2-5, signal strength -89
15:40:51 wireless,info AA:01:AC:D8:79:31@MikroTik ax2-5 roamed to AA:01:AC:D8:79:31@wifi1 [HOME 5 Ghz], signal strength -70
15:40:59 wireless,info AA:01:AC:D8:79:31@wifi1 [HOME 5 Ghz] roamed to AA:01:AC:D8:79:31@wifi2 [HOME 2.4 GHz], signal strength -68
15:45:01 wireless,info AA:01:AC:D8:79:31@wifi2 [HOME 2.4 GHz] roamed to AA:01:AC:D8:79:31@wifi1 [HOME 5 Ghz], signal strength -64
15:47:56 wireless,info AA:01:AC:D8:79:31@wifi1 [HOME 5 Ghz] roamed to AA:01:AC:D8:79:31@wifi2 [HOME 2.4 GHz], signal strength -53
15:49:09 wireless,info AA:01:AC:D8:79:31@wifi2 [HOME 2.4 GHz] roamed to AA:01:AC:D8:79:31@MikroTik ax2-5, signal strength -43
15:53:29 wireless,info AA:01:AC:D8:79:31@MikroTik ax2-5 roamed to AA:01:AC:D8:79:31@MikroTik ax2-, signal strength -69
15:53:46 wireless,info AA:01:AC:D8:79:31@MikroTik ax2- roamed to AA:01:AC:D8:79:31@MikroTik ax2-5, signal strength -73
15:54:23 wireless,info AA:01:AC:D8:79:31@MikroTik ax2-5 roamed to AA:01:AC:D8:79:31@wifi2 [HOME 2.4 GHz], signal strength -65
15:54:55 wireless,info AA:01:AC:D8:79:31@wifi2 [HOME 2.4 GHz] roamed to AA:01:AC:D8:79:31@wifi1 [HOME 5 Ghz], signal strength -91
15:54:59 wireless,info AA:01:AC:D8:79:31@wifi1 [HOME 5 Ghz] roamed to AA:01:AC:D8:79:31@MikroTik cAP ax-, signal strength -61
15:56:05 wireless,info AA:01:AC:D8:79:31@MikroTik cAP ax- roamed to AA:01:AC:D8:79:31@wifi2 [HOME 2.4 GHz], signal strength -78
15:56:10 wireless,info AA:01:AC:D8:79:31@wifi2 [HOME 2.4 GHz] roamed to AA:01:AC:D8:79:31@MikroTik cAP ax-, signal strength -68
15:57:05 wireless,info AA:01:AC:D8:79:31@MikroTik cAP ax- roamed to AA:01:AC:D8:79:31@wifi2 [HOME 2.4 GHz], signal strength -47
15:57:52 wireless,info AA:01:AC:D8:79:31@wifi2 [HOME 2.4 GHz] roamed to AA:01:AC:D8:79:31@MikroTik cAP ax-5, signal strength -52
15:58:18 wireless,info AA:01:AC:D8:79:31@MikroTik cAP ax-5 roamed to AA:01:AC:D8:79:31@MikroTik cAP ax-, signal strength -60
16:02:57 wireless,info AA:01:AC:D8:79:31@MikroTik cAP ax- roamed to AA:01:AC:D8:79:31@MikroTik cAP ax-5, signal strength -48
16:05:22 wireless,info AA:01:AC:D8:79:31@MikroTik cAP ax-5 roamed to AA:01:AC:D8:79:31@MikroTik cAP ax-, signal strength -57
16:06:13 wireless,info AA:01:AC:D8:79:31@MikroTik cAP ax- roamed to AA:01:AC:D8:79:31@wifi2 [HOME 2.4 GHz], signal strength -61
16:06:26 wireless,info AA:01:AC:D8:79:31@wifi2 [HOME 2.4 GHz] roamed to AA:01:AC:D8:79:31@MikroTik cAP ax-5, signal strength -75
16:06:28 wireless,info AA:01:AC:D8:79:31@MikroTik cAP ax-5 roamed to AA:01:AC:D8:79:31@wifi2 [HOME 2.4 GHz], signal strength -79
16:06:35 wireless,info AA:01:AC:D8:79:31@wifi2 [HOME 2.4 GHz] roamed to AA:01:AC:D8:79:31@MikroTik ax2-5, signal strength -75
16:07:51 wireless,info AA:01:AC:D8:79:31@MikroTik ax2-5 roamed to AA:01:AC:D8:79:31@wifi2 [HOME 2.4 GHz], signal strength -74
16:07:55 wireless,info AA:01:AC:D8:79:31@wifi2 [HOME 2.4 GHz] roamed to AA:01:AC:D8:79:31@MikroTik ax2-5, signal strength -70
16:08:31 wireless,info AA:01:AC:D8:79:31@MikroTik ax2-5 roamed to AA:01:AC:D8:79:31@wifi2 [HOME 2.4 GHz], signal strength -75
16:08:35 wireless,info AA:01:AC:D8:79:31@wifi2 [HOME 2.4 GHz] roamed to AA:01:AC:D8:79:31@MikroTik ax2-5, signal strength -76
16:09:12 wireless,info AA:01:AC:D8:79:31@MikroTik ax2-5 roamed to AA:01:AC:D8:79:31@wifi2 [HOME 2.4 GHz], signal strength -72
16:09:30 wireless,info AA:01:AC:D8:79:31@wifi2 [HOME 2.4 GHz] roamed to AA:01:AC:D8:79:31@MikroTik cAP ax-5, signal strength -57
16:09:38 wireless,info AA:01:AC:D8:79:31@MikroTik cAP ax-5 roamed to AA:01:AC:D8:79:31@MikroTik cAP ax-, signal strength -60
16:11:39 wireless,info AA:01:AC:D8:79:31@MikroTik cAP ax- roamed to AA:01:AC:D8:79:31@wifi2 [HOME 2.4 GHz], signal strength -56
16:11:50 wireless,info AA:01:AC:D8:79:31@wifi2 [HOME 2.4 GHz] roamed to AA:01:AC:D8:79:31@MikroTik ax2-, signal strength -51
16:12:06 wireless,info AA:01:AC:D8:79:31@MikroTik ax2- roamed to AA:01:AC:D8:79:31@MikroTik ax2-5, signal strength -72
16:13:22 wireless,info AA:01:AC:D8:79:31@MikroTik ax2-5 roamed to AA:01:AC:D8:79:31@wifi2 [HOME 2.4 GHz], signal strength -59
16:13:42 wireless,info AA:01:AC:D8:79:31@wifi2 [HOME 2.4 GHz] roamed to AA:01:AC:D8:79:31@MikroTik cAP ax-, signal strength -48
16:14:49 wireless,info 3E:2D:9A:C7:53:9F@MikroTik cAP ax-5 roamed to 3E:2D:9A:C7:53:9F@wifi1 [HOME 5 Ghz], signal strength -75
16:14:55 wireless,info 3E:2D:9A:C7:53:9F@wifi1 [HOME 5 Ghz] roamed to 3E:2D:9A:C7:53:9F@MikroTik cAP ax-5, signal strength -72
16:15:10 wireless,info AA:01:AC:D8:79:31@MikroTik cAP ax- roamed to AA:01:AC:D8:79:31@wifi1 [HOME 5 Ghz], signal strength -77
16:15:15 wireless,info AA:01:AC:D8:79:31@wifi1 [HOME 5 Ghz] roamed to AA:01:AC:D8:79:31@wifi2 [HOME 2.4 GHz], signal strength -71
16:15:25 wireless,info AA:01:AC:D8:79:31@wifi2 [HOME 2.4 GHz] roamed to AA:01:AC:D8:79:31@MikroTik ax2-, signal strength -64
16:15:54 wireless,info AA:01:AC:D8:79:31@MikroTik ax2- roamed to AA:01:AC:D8:79:31@MikroTik ax2-5, signal strength -71
16:15:59 wireless,info AA:01:AC:D8:79:31@MikroTik ax2-5 roamed to AA:01:AC:D8:79:31@wifi2 [HOME 2.4 GHz], signal strength -64
16:16:20 wireless,info AA:01:AC:D8:79:31@wifi2 [HOME 2.4 GHz] roamed to AA:01:AC:D8:79:31@MikroTik cAP ax-5, signal strength -48
16:16:31 wireless,info AA:01:AC:D8:79:31@MikroTik cAP ax-5 roamed to AA:01:AC:D8:79:31@MikroTik cAP ax-, signal strength -60
16:17:06 wireless,info AA:01:AC:D8:79:31@MikroTik cAP ax- roamed to AA:01:AC:D8:79:31@wifi1 [HOME 5 Ghz], signal strength -59
16:17:12 wireless,info AA:01:AC:D8:79:31@wifi1 [HOME 5 Ghz] roamed to AA:01:AC:D8:79:31@MikroTik cAP ax-5, signal strength -78
16:17:13 wireless,info AA:01:AC:D8:79:31@MikroTik cAP ax-5 roamed to AA:01:AC:D8:79:31@MikroTik cAP ax-, signal strength -70
16:17:15 wireless,info AA:01:AC:D8:79:31@MikroTik cAP ax- roamed to AA:01:AC:D8:79:31@MikroTik ax2-, signal strength -80
16:19:04 wireless,info AA:01:AC:D8:79:31@MikroTik ax2- roamed to AA:01:AC:D8:79:31@wifi2 [HOME 2.4 GHz], signal strength -64
16:19:33 wireless,info AA:01:AC:D8:79:31@wifi2 [HOME 2.4 GHz] roamed to AA:01:AC:D8:79:31@MikroTik cAP ax-5, signal strength -70
16:19:37 wireless,info AA:01:AC:D8:79:31@MikroTik cAP ax-5 roamed to AA:01:AC:D8:79:31@MikroTik cAP ax-, signal strength -63
16:21:19 wireless,info AA:01:AC:D8:79:31@MikroTik cAP ax- roamed to AA:01:AC:D8:79:31@MikroTik ax2-, signal strength -56
16:23:58 wireless,info AA:01:AC:D8:79:31@MikroTik ax2- roamed to AA:01:AC:D8:79:31@MikroTik ax2-5, signal strength -77
16:24:06 wireless,info AA:01:AC:D8:79:31@MikroTik ax2-5 roamed to AA:01:AC:D8:79:31@wifi2 [HOME 2.4 GHz], signal strength -62
16:24:24 wireless,info AA:01:AC:D8:79:31@wifi2 [HOME 2.4 GHz] roamed to AA:01:AC:D8:79:31@wifi1 [HOME 5 Ghz], signal strength -89
16:24:28 wireless,info AA:01:AC:D8:79:31@wifi1 [HOME 5 Ghz] roamed to AA:01:AC:D8:79:31@MikroTik cAP ax-, signal strength -48
16:26:51 wireless,info AA:01:AC:D8:79:31@MikroTik cAP ax- roamed to AA:01:AC:D8:79:31@wifi1 [HOME 5 Ghz], signal strength -77
16:26:52 wireless,info AA:01:AC:D8:79:31@wifi1 [HOME 5 Ghz] roamed to AA:01:AC:D8:79:31@wifi2 [HOME 2.4 GHz], signal strength -70
16:26:59 wireless,info AA:01:AC:D8:79:31@wifi2 [HOME 2.4 GHz] roamed to AA:01:AC:D8:79:31@MikroTik ax2-5, signal strength -63
16:27:15 wireless,info AA:01:AC:D8:79:31@MikroTik ax2-5 roamed to AA:01:AC:D8:79:31@wifi2 [HOME 2.4 GHz], signal strength -72
16:27:38 wireless,info AA:01:AC:D8:79:31@wifi2 [HOME 2.4 GHz] roamed to AA:01:AC:D8:79:31@MikroTik cAP ax-, signal strength -52
16:28:57 wireless,info AA:01:AC:D8:79:31@MikroTik cAP ax- roamed to AA:01:AC:D8:79:31@wifi2 [HOME 2.4 GHz], signal strength -65
16:30:54 wireless,info 3E:2D:9A:C7:53:9F@MikroTik cAP ax-5 roamed to 3E:2D:9A:C7:53:9F@wifi1 [HOME 5 Ghz], signal strength -72
16:31:02 wireless,info 3E:2D:9A:C7:53:9F@wifi1 [HOME 5 Ghz] roamed to 3E:2D:9A:C7:53:9F@MikroTik cAP ax-5, signal strength -66
16:32:20 wireless,info 3E:2D:9A:C7:53:9F@MikroTik cAP ax-5 roamed to 3E:2D:9A:C7:53:9F@wifi1 [HOME 5 Ghz], signal strength -72
16:32:24 wireless,info 3E:2D:9A:C7:53:9F@wifi1 [HOME 5 Ghz] roamed to 3E:2D:9A:C7:53:9F@MikroTik cAP ax-5, signal strength -68
16:33:26 wireless,info 3E:2D:9A:C7:53:9F@MikroTik cAP ax-5 roamed to 3E:2D:9A:C7:53:9F@wifi1 [HOME 5 Ghz], signal strength -71
16:33:35 wireless,info 3E:2D:9A:C7:53:9F@wifi1 [HOME 5 Ghz] roamed to 3E:2D:9A:C7:53:9F@MikroTik cAP ax-5, signal strength -68
16:34:04 wireless,info 3E:2D:9A:C7:53:9F@MikroTik cAP ax-5 roamed to 3E:2D:9A:C7:53:9F@wifi1 [HOME 5 Ghz], signal strength -76
16:34:15 wireless,info 3E:2D:9A:C7:53:9F@wifi1 [HOME 5 Ghz] roamed to 3E:2D:9A:C7:53:9F@MikroTik cAP ax-5, signal strength -67
16:34:28 wireless,info 3E:2D:9A:C7:53:9F@MikroTik cAP ax-5 roamed to 3E:2D:9A:C7:53:9F@wifi1 [HOME 5 Ghz], signal strength -75
16:34:56 wireless,info 3E:2D:9A:C7:53:9F@wifi1 [HOME 5 Ghz] roamed to 3E:2D:9A:C7:53:9F@MikroTik cAP ax-5, signal strength -68
16:38:25 wireless,info 3E:2D:9A:C7:53:9F@MikroTik cAP ax-5 roamed to 3E:2D:9A:C7:53:9F@wifi1 [HOME 5 Ghz], signal strength -71
16:38:29 wireless,info 3E:2D:9A:C7:53:9F@wifi1 [HOME 5 Ghz] roamed to 3E:2D:9A:C7:53:9F@MikroTik cAP ax-5, signal strength -71
16:44:57 wireless,info AA:01:AC:D8:79:31@wifi2 [HOME 2.4 GHz] roamed to AA:01:AC:D8:79:31@wifi1 [HOME 5 Ghz], signal strength -63
16:46:37 wireless,info AA:01:AC:D8:79:31@wifi1 [HOME 5 Ghz] disconnected, connection lost, signal strength -64
16:49:40 wireless,info AA:01:AC:D8:79:31@wifi2 [HOME 2.4 GHz] connected, signal strength -39/interface/wifi/registration-table/print:
# INTERFACE SSID MAC-ADDRESS UPTIME SIGNAL
0 A wifi1 [HOME 5 Ghz] WLAN_Home C8:69:CD:5E:AB:32 4d10h57m4s -61
1 A wifi4 [TECHNIK 2.4 GHz] WLAN_Technic D4:F9:8D:02:08:74 4d10h56m51s -58
2 A wifi4 [TECHNIK 2.4 GHz] WLAN_Technic D4:F9:8D:01:32:F0 4d10h56m34s -71
3 A MikroTik cAP ax-2 WLAN_Technic DC:A6:32:2C:97:0F 4d10h56m13s -50
4 A MikroTik cAP ax- WLAN_Home 3C:6A:9D:17:6E:A8 2d17h50m11s -59
5 A MikroTik ax2-6 WLAN_Technic 24:4C:AB:01:5D:5C 2d5h35m6s -25
6 A MikroTik ax2-6 WLAN_Technic D4:F9:8D:02:32:34 1d19h13m51s -68
7 A MikroTik ax2-6 WLAN_Technic 40:4C:CA:C7:C8:8C 1d19h13m11s -44
8 A wifi4 [TECHNIK 2.4 GHz] WLAN_Technic EC:DA:3B:A8:7B:D8 23h4m45s -65
9 A wifi3 [TECHNIK 5GHz] WLAN_Technic 2C:F7:F1:1C:3E:5A 23h1m12s -64
10 A wifi1 [HOME 5 Ghz] WLAN_Home 96:EA:BC:29:C8:11 21h12m28s -69
11 A MikroTik ax2- WLAN_Home 6C:3C:7C:78:35:92 19h20m1s -65
12 A MikroTik cAP ax-5 WLAN_Home F0:B3:EC:1E:A7:9A 17h49m50s -67
13 A MikroTik cAP ax-2 WLAN_Technic 10:06:1C:16:70:84 15h59m21s -38
14 A MikroTik ax2- WLAN_Home 28:F0:76:0B:80:42 11h48m50s -49
15 A MikroTik cAP ax-2 WLAN_Technic B4:8A:0A:C0:98:BB 9h28m25s -46
16 A MikroTik cAP ax-3 WLAN_Noft 32:51:3D:B8:7D:04 4h24m33s -48
17 A MikroTik ax2- WLAN_Home 1E:65:E2:0D:DE:3A 22m47s -59
18 A MikroTik cAP ax-5 WLAN_Home 3E:2D:9A:C7:53:9F 6m16s -74
19 A MikroTik ax2-5 WLAN_Home AA:01:AC:D8:79:31 3m48s -63 # 2024-10-01 17:22:04 by RouterOS 7.16
# software id = IER4-IVFN
#
# model = C53UiG+5HPaxD2HPaxD
# serial number = HG809JAMHZ2
/interface bridge
add admin-mac=D4:01:C3:4E:8B:8F auto-mac=no comment=defconf name=bridge
/interface wireguard
add comment=back-to-home-vpn listen-port=30957 mtu=1420 name=back-to-home-vpn
/interface vlan
add interface=ether5 name=vlan7_telekom vlan-id=7
/interface pppoe-client
add add-default-route=yes allow=pap,chap,mschap2 disabled=no interface=vlan7_telekom name=pppoe-out1 use-peer-dns=yes user=xxxxxxxxxxxxxxxx
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wifi channel
add band=2ghz-ax disabled=no frequency=2412,2432,2462 name="channel2 [2.4 GHz]" width=20mhz
add band=5ghz-ax disabled=no frequency=5180,5200,5240 name="channel1 [5 GHz]" width=20/40/80mhz
/interface wifi datapath
add bridge=bridge disabled=no name="datapath1 [BRIDGE]"
/interface wifi security
add authentication-types=wpa2-psk disabled=no encryption=ccmp group-key-update=5m name="sec1 [HOME]" wps=disable
add authentication-types=wpa2-psk disabled=no encryption=ccmp group-key-update=5m name="sec2 [TECHNIC]" wps=disable
add authentication-types=wpa2-psk disabled=no encryption=ccmp group-key-update=5m name="sec3 [HOMEOFFICE]" wps=disable
/interface wifi configuration
add channel="channel1 [5 GHz]" country=Germany datapath="datapath1 [BRIDGE]" disabled=no mode=ap name="cfg1[HOME 5GHz]" security="sec1 [HOME]" security.ft=yes .ft-over-ds=yes ssid=WLAN_Home
add channel="channel2 [2.4 GHz]" country=Germany datapath="datapath1 [BRIDGE]" disabled=no mode=ap name="cfg2 [HOME 2.4 GHz]" security="sec1 [HOME]" security.ft=yes .ft-over-ds=yes ssid=\
WLAN_Home
add channel="channel1 [5 GHz]" country=Germany datapath="datapath1 [BRIDGE]" disabled=no mode=ap name="cfg3 [TECHNIC 5 GHz]" security="sec2 [TECHNIC]" security.ft=yes .ft-over-ds=yes ssid=\
WLAN_Technic
add channel="channel1 [5 GHz]" country=Germany datapath="datapath1 [BRIDGE]" disabled=no mode=ap name="cfg5 [HOMEOFFICE 5 GHz]" security="sec3 [HOMEOFFICE]" security.ft=yes .ft-over-ds=yes ssid=\
WLAN_Homeoffice
add channel="channel2 [2.4 GHz]" country=Germany datapath="datapath1 [BRIDGE]" disabled=no mode=ap name="cfg4 [TECHNIC 2.4 GHz]" security="sec2 [TECHNIC]" security.ft=yes .ft-over-ds=yes ssid=\
WLAN_Technic
add channel="channel2 [2.4 GHz]" country=Germany datapath="datapath1 [BRIDGE]" disabled=no mode=ap name="cfg6 [HOMEOFFICE 2.4 GHz]" security="sec3 [HOMEOFFICE]" security.ft=yes .ft-over-ds=yes ssid=\
WLAN_Homeoffice
add channel="channel1 [5 GHz]" country=Germany datapath="datapath1 [BRIDGE]" disabled=no mode=ap name="cfg7 [NOFT 5 Ghz]" security="sec1 [HOME]" ssid=WLAN_Noft
add channel="channel2 [2.4 GHz]" country=Germany datapath="datapath1 [BRIDGE]" disabled=no mode=ap name="cfg8 [NOFT 2.4 GHz]" security="sec1 [HOME]" ssid=WLAN_Noft
/interface wifi
set [ find default-name=wifi1 ] channel.frequency=5180,5200,5240 configuration="cfg1[HOME 5GHz]" configuration.mode=ap datapath="datapath1 [BRIDGE]" disabled=no name="wifi1 [HOME 5 Ghz]"
set [ find default-name=wifi2 ] configuration="cfg2 [HOME 2.4 GHz]" configuration.mode=ap datapath="datapath1 [BRIDGE]" disabled=no name="wifi2 [HOME 2.4 GHz]"
add channel.frequency=5180,5200,5240 configuration="cfg3 [TECHNIC 5 GHz]" configuration.mode=ap datapath="datapath1 [BRIDGE]" disabled=no mac-address=D6:01:C3:4E:8B:94 master-interface=\
"wifi1 [HOME 5 Ghz]" name="wifi3 [TECHNIK 5GHz]"
add configuration="cfg4 [TECHNIC 2.4 GHz]" configuration.mode=ap datapath="datapath1 [BRIDGE]" disabled=no mac-address=D6:01:C3:4E:8B:94 master-interface="wifi2 [HOME 2.4 GHz]" name=\
"wifi4 [TECHNIK 2.4 GHz]"
add channel.frequency=5180,5200,5240 configuration="cfg7 [NOFT 5 Ghz]" configuration.mode=ap disabled=no mac-address=D6:01:C3:4E:8B:95 master-interface="wifi1 [HOME 5 Ghz]" name=\
"wifi8 [HOME_NOFT 5 GHz]"
/ip pool
add name=default-dhcp ranges=10.10.10.100-10.10.100.254
add name=dhcp_pool1 ranges=10.10.100.2-10.10.100.254
/ip dhcp-server
add address-pool=dhcp_pool1 interface=bridge lease-script=":local DHCPtag\r\
\n:set DHCPtag \"#DHCP\"\r\
\n\r\
\n:if ( [ :len \$leaseActIP ] <= 0 ) do={ :error \"empty lease address\" }\r\
\n\r\
\n:if ( \$leaseBound = 1 ) do={\r\
\n :local ttl\r\
\n :local domain\r\
\n :local hostname\r\
\n :local dnsname\r\
\n :local fqdn\r\
\n :local leaseId\r\
\n :local comment\r\
\n :local devicename\r\
\n :local convert ({})\r\
\n :local validChars \"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890-\"\r\
\n\r\
\n /ip dhcp-server\r\
\n :set ttl [ get [ find name=\$leaseServerName ] lease-time ]\r\
\n network \r\
\n :set domain [ get [ find \$leaseActIP in address ] domain ]\r\
\n\r\
\n .. lease\r\
\n :set leaseId [ find address=\$leaseActIP ]\r\
\n\r\
\n # Check for multiple active leases for the same IP address. It's weird and it shouldn't be, but just in case.\r\
\n :if ( [ :len \$leaseId ] != 1) do={\r\
\n :log info \"DHCP2DNS: not registering domain name for address \$leaseActIP because of multiple active leases for \$leaseActIP\"\r\
\n :error \"multiple active leases for \$leaseActIP\"\r\
\n }\r\
\n\r\
\n :set hostname [ get \$leaseId host-name ]\r\
\n :set comment [ get \$leaseId comment ]\r\
\n /\r\
\n\r\
\n # Namen f\FCr Ger\E4t ermittlen\r\
\n :set devicename \$comment\r\
\n :if ( [ :len \$devicename ] <= 0 ) do={\r\
\n :set devicename \$hostname\r\
\n }\r\
\n\r\
\n # Ger\E4tenamen auf ung\FCltige Zeichen pr\FCfen\r\
\n :for validCharsIndex from=0 to=([:len \$validChars] - 1) do={\r\
\n :local validChar [:pick \$validChars \$validCharsIndex]\r\
\n :set (\$convert->(\$validChar)) (\$validChar)\r\
\n }\r\
\n :set (\$convert->(\"_\")) (\"-\")\r\
\n :set (\$convert->(\" \")) (\"-\")\r\
\n\r\
\n :for i from=0 to=([:len \$devicename] - 1) do={\r\
\n :local char [:pick \$devicename \$i]\r\
\n :local converted (\$convert->\"\$char\")\r\
\n :local convertedType [:typeof \$converted]\r\
\n\r\
\n :if (\$convertedType = \"str\") do={\r\
\n :set \$char \$converted\r\
\n } else={\r\
\n :set \$char \"\"\r\
\n }\r\
\n :set dnsname (\$dnsname.\$char)\r\
\n }\r\
\n\r\
\n # FQDN festlegen\r\
\n :if ( [ :len \$dnsname ] <= 0 ) do={\r\
\n :log error \"DHCP2DNS: not registering domain name for address \$leaseActIP because of empty lease host-name or comment\"\r\
\n :error \"empty lease host-name or comment\"\r\
\n }\r\
\n :if ( [ :len \$domain ] <= 0 ) do={\r\
\n :log error \"DHCP2DNS: not registering domain name for address \$leaseActIP because of empty network domain name\"\r\
\n :error \"empty network domain name\"\r\
\n }\r\
\n\r\
\n :set fqdn \"\$dnsname.\$domain\"\r\
\n\r\
\n /ip dns static\r\
\n :if ( [ :len [ find name=\$fqdn and address=\$leaseActIP and disabled=no ] ] = 0 ) do={\r\
\n :log info \"DHCP2DNS: registering static domain name \$fqdn for address \$leaseActIP with ttl \$ttl\"\r\
\n add address=\$leaseActIP name=\$fqdn ttl=\$ttl comment=\$DHCPtag disabled=no\r\
\n } else={\r\
\n :log error \"DHCP2DNS: not registering domain name \$fqdn for address \$leaseActIP because of existing active static DNS entry with this name or address\"\r\
\n }\r\
\n /\r\
\n} else={\r\
\n /ip dns static\r\
\n :local dnsDhcpId\r\
\n :set dnsDhcpId [ find address=\$leaseActIP and comment=\$DHCPtag ]\r\
\n\r\
\n :if ( [ :len \$dnsDhcpId ] > 0 ) do={\r\
\n :log info \"DHCP2DNS: removing static domain name(s) for address \$leaseActIP\"\r\
\n remove \$dnsDhcpId\r\
\n }\r\
\n /\r\
\n}" lease-time=1d name=dhcp1
/ppp profile
set *FFFFFFFE dns-server=10.10.100.1
/disk settings
set auto-media-interface=bridge auto-media-sharing=yes auto-smb-sharing=yes
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether1
add bridge=bridge interface=*15B point-to-point=no
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface l2tp-server server
set authentication=mschap2 default-profile=default use-ipsec=yes
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=pppoe-out1 list=WAN
/interface ovpn-server server
set auth=sha1,md5
/interface pptp-server server
# PPTP connections are considered unsafe, it is suggested to use a more modern VPN protocol instead
set authentication=mschap2
/interface wifi cap
set caps-man-addresses=127.0.0.1 discovery-interfaces=bridge
/interface wifi capsman
set enabled=yes package-path="" require-peer-certificate=no upgrade-policy=none
/interface wifi provisioning
add action=create-dynamic-enabled comment="cAP 5 GHz" disabled=no master-configuration="cfg1[HOME 5GHz]" name-format=%I- slave-configurations=\
"cfg3 [TECHNIC 5 GHz],cfg7 [NOFT 5 Ghz],cfg5 [HOMEOFFICE 5 GHz]" supported-bands=5ghz-ax
add action=create-dynamic-enabled comment="ax2, cAP 2.4 GHz" disabled=no master-configuration="cfg2 [HOME 2.4 GHz]" name-format=%I- slave-configurations=\
"cfg4 [TECHNIC 2.4 GHz],cfg8 [NOFT 2.4 GHz],cfg6 [HOMEOFFICE 2.4 GHz]" supported-bands=2ghz-ax
/ip address
add address=10.10.100.1/24 comment=defconf interface=bridge network=10.10.100.0
/ip cloud
set back-to-home-vpn=enabled ddns-enabled=yes ddns-update-interval=10m
/ip cloud back-to-home-users
add allow-lan=yes comment="iPhone 11" name="MikroTik ax3 | C53UiG+5HPaxD2HPaxD" private-key="xxxxxxxxxx" public-key="xxxxxxxxxxx"
/ip dhcp-server alert
add disabled=no interface=ether2
/ip dhcp-server lease
add address=10.10.100.239 comment=Telefon mac-address=58:9E:C6:36:4B:BB server=dhcp1
add address=10.10.100.208 client-id=1:d4:1:c3:b8:f8:a7 mac-address=D4:01:C3:B8:F8:A7 server=dhcp1
add address=10.10.100.221 client-id=1:dc:2c:6e:74:d3:9c mac-address=DC:2C:6E:74:D3:9C server=dhcp1
add address=10.10.100.202 client-id=1:d4:1:c3:8a:64:76 mac-address=D4:01:C3:8A:64:76 server=dhcp1
add address=10.10.100.201 client-id=1:d4:1:c3:7c:b7:b3 mac-address=D4:01:C3:7C:B7:B3 server=dhcp1
add address=10.10.100.192 client-id=1:dc:a6:32:f6:4a:47 comment="Controme Miniserver" mac-address=DC:A6:32:F6:4A:47 server=dhcp1
add address=10.10.100.199 client-id=1:90:b2:e7:3:8:1 comment="Controme Fu\DFbodenheizungs-Gateway" mac-address=90:B2:E7:03:08:01 server=dhcp1
add address=10.10.100.195 client-id=1:0:50:f4:36:f1:a7 comment="Lambda W\E4rmepumpe" mac-address=00:50:F4:36:F1:A7 server=dhcp1
add address=10.10.100.85 client-id=1:dc:a6:32:2c:97:f mac-address=DC:A6:32:2C:97:0F server=dhcp1
add address=10.10.100.84 comment=Eve-LightStrip mac-address=3C:6A:9D:17:6E:A8 server=dhcp1
add address=10.10.100.249 client-id=1:6c:3c:7c:78:35:92 comment="Canon Drucker" mac-address=6C:3C:7C:78:35:92 server=dhcp1
/ip dhcp-server network
add address=10.10.100.0/24 dns-server=10.10.100.1 domain=fasan.home.arpa gateway=10.10.100.1 netmask=24
/ip dns
set allow-remote-requests=yes cache-size=20480KiB
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan type=A
add address=10.10.100.195 comment=dhcp1-00:50:F4:36:F1:A7 name=10-10-100-195.fasan.home.arpa ttl=15m type=A
add address=10.10.100.250 comment=dhcp1-D4:F9:8D:02:32:34 name=espressif.fasan.home.arpa ttl=15m type=A
add address=10.10.100.240 comment=dhcp1-76:F2:ED:CE:FF:42 name=10-10-100-240.fasan.home.arpa ttl=15m type=A
add address=10.10.100.192 name=contromeminiserver.fasan.home.arpa type=A
add address=10.10.100.96 comment=dhcp1-BC:24:11:BF:3B:E2 name=seiferth-pdf.fasan.home.arpa ttl=15m type=A
add address=10.10.100.94 comment=dhcp1-02:8A:FD:A5:5F:32 name=homeassistant.fasan.home.arpa ttl=15m type=A
add address=10.10.100.239 comment=dhcp1-58:9E:C6:36:4B:BB name=s850a-go.fasan.home.arpa ttl=15m type=A
add address=10.10.100.243 comment=dhcp1-68:67:25:B3:0C:B8 name=hw51-1637.fasan.home.arpa ttl=15m type=A
add address=10.10.100.93 comment=dhcp1-68:B6:B3:A2:1F:40 name=ecoflow.fasan.home.arpa ttl=15m type=A
add address=10.10.100.245 comment=dhcp1-D4:F9:8D:01:32:F0 name=espressif.fasan.home.arpa ttl=15m type=A
add address=10.10.100.208 comment=dhcp1-D4:01:C3:B8:F8:A7 name=mikrotik-cap-ax.fasan.home.arpa ttl=15m type=A
add address=10.10.100.85 comment=dhcp1-DC:A6:32:2C:97:0F name=bathkiosk.fasan.home.arpa ttl=15m type=A
add address=10.10.100.251 comment=dhcp1-D4:F9:8D:02:08:74 name=espressif.fasan.home.arpa ttl=15m type=A
add address=10.10.100.84 comment=dhcp1-3C:6A:9D:17:6E:A8 name=-y------.fasan.home.arpa ttl=15m type=A
add address=10.10.100.83 comment=dhcp1-EC:DA:3B:A8:7B:D8 name=espressif.fasan.home.arpa ttl=15m type=A
add address=10.10.100.77 comment=dhcp1-4E:F0:69:93:B6:69 name=10-10-100-77.fasan.home.arpa ttl=15m type=A
add address=10.10.100.70 comment=dhcp1-96:EA:32:7A:16:6D name=10-10-100-70.fasan.home.arpa ttl=15m type=A
add address=10.10.100.246 comment=dhcp1-B4:8A:0A:C0:98:BB name=esp-c098bb.fasan.home.arpa ttl=15m type=A
add address=10.10.100.248 comment=dhcp1-C2:E3:BD:34:0A:67 name=10-10-100-248.fasan.home.arpa ttl=15m type=A
add address=10.10.100.242 comment=dhcp1-E8:6B:EA:31:58:2C name=esp32-bluetooth-proxy-31582c.fasan.home.arpa ttl=15m type=A
add address=10.10.100.221 comment=dhcp1-DC:2C:6E:74:D3:9C name=mikrotik-hex.fasan.home.arpa ttl=15m type=A
add address=10.10.100.249 comment=dhcp1-6C:3C:7C:78:35:92 name=10-10-100-249.fasan.home.arpa ttl=15m type=A
add address=10.10.100.80 comment=dhcp1-5A:53:57:4F:C7:60 name=10-10-100-80.fasan.home.arpa ttl=15m type=A
add address=10.10.100.76 comment=dhcp1-94:08:53:90:BF:17 name=10-10-100-76.fasan.home.arpa ttl=15m type=A
add address=10.10.100.254 comment=dhcp1-38:C9:86:1A:EA:84 name=imac.fasan.home.arpa ttl=15m type=A
add address=10.10.100.90 comment=dhcp1-28:F0:76:0B:80:42 name=imac.fasan.home.arpa ttl=15m type=A
add address=10.10.100.95 comment=dhcp1-B2:9F:00:1F:DA:0C name=10-10-100-95.fasan.home.arpa ttl=15m type=A
add address=10.10.100.195 comment=#DHCP name=Lambda-Wrmepumpe.fasan.home.arpa ttl=30m type=A
add address=10.10.100.57 comment=#DHCP name=wikijs.fasan.home.arpa type=A
add address=10.10.100.207 comment=#DHCP name=AppleTVafzimmer.fasan.home.arpa type=A
add address=10.10.100.7 comment=#DHCP name=Wohnzimmer.fasan.home.arpa type=A
add address=10.10.100.202 comment=#DHCP name=MikroTik-hEX-POE.fasan.home.arpa type=A
add address=10.10.100.192 comment=#DHCP name=Controme-Miniserver.fasan.home.arpa type=A
add address=10.10.100.221 comment=#DHCP name=MikroTik-hEX.fasan.home.arpa type=A
add address=10.10.100.239 comment=#DHCP name=Telefon.fasan.home.arpa type=A
add address=10.10.100.201 comment=#DHCP name=MikroTik-ax2.fasan.home.arpa type=A
add address=10.10.100.208 comment=#DHCP name=MikroTik-cAP-ax.fasan.home.arpa type=A
add address=10.10.100.23 comment=#DHCP name=espressif.fasan.home.arpa type=A
add address=10.10.100.22 comment=#DHCP name=espressif.fasan.home.arpa type=A
add address=10.10.100.11 comment=#DHCP name=iPhone.fasan.home.arpa type=A
add address=10.10.100.84 comment=#DHCP name=Eve-LightStrip.fasan.home.arpa type=A
add address=10.10.100.252 comment=#DHCP name=Bridgeab015d5c0.fasan.home.arpa type=A
add address=10.10.100.254 comment=#DHCP name=iMac.fasan.home.arpa type=A
add address=10.10.100.117 comment=#DHCP name=Surface.fasan.home.arpa type=A
add address=10.10.100.25 comment=#DHCP name=espressif.fasan.home.arpa type=A
add address=10.10.100.24 comment=#DHCP name=espressif.fasan.home.arpa type=A
add address=10.10.100.90 comment=#DHCP name=iMac.fasan.home.arpa type=A
add address=10.10.100.12 comment=#DHCP name=Watch.fasan.home.arpa type=A
add address=10.10.100.199 comment=#DHCP name=Controme-Fubodenheizungs-Gateway.fasan.home.arpa type=A
add address=10.10.100.26 comment=#DHCP name=espressif.fasan.home.arpa type=A
add address=10.10.100.249 comment=#DHCP name=Canon-Drucker.fasan.home.arpa type=A
add address=10.10.100.206 comment=#DHCP name=Schlafzimmer.fasan.home.arpa type=A
add address=10.10.100.29 comment=#DHCP name=m5stack-atom-lite-167084.fasan.home.arpa type=A
add address=10.10.100.56 comment=#DHCP name=DEBBWN186673.fasan.home.arpa type=A
add address=10.10.100.86 comment=#DHCP name=android-75885eeb92c734a.fasan.home.arpa type=A
add address=10.10.100.246 comment=#DHCP name=ESP-C098BB.fasan.home.arpa type=A
add address=10.10.100.79 comment=#DHCP name=XS03-WX-321B71.fasan.home.arpa type=A
/ip firewall address-list
add address=10.10.100.255 list=L2TP-Heating
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="HARMAN Laptop - allow access to printer" disabled=yes dst-address=10.10.100.249 out-interface-list=!WAN src-mac-address=C8:5E:A9:B4:A3:16
add action=drop chain=forward comment="HARMAN Laptop - drop if destination not WAN" out-interface-list=!WAN src-mac-address=C8:5E:A9:B4:A3:16
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related hw-offload=yes
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
add action=dst-nat chain=dstnat comment="Telefon S850A Go" dst-port=49004-49012 protocol=udp to-addresses=10.10.100.239 to-ports=49004-49012
add action=dst-nat chain=dstnat comment="Port 80 Forwarding Miniserver" dst-port=51820 in-interface-list=WAN protocol=tcp to-addresses=10.10.100.192 to-ports=80
add action=dst-nat chain=dstnat comment="Port 22 Forwarding Miniserver" dst-port=51830 in-interface-list=WAN protocol=tcp to-addresses=10.10.200.192 to-ports=22
add action=dst-nat chain=dstnat comment="Port 80 Forwarding Floor Gateway" dst-port=51720 in-interface-list=WAN protocol=tcp to-addresses=10.10.100.199 to-ports=80
add action=dst-nat chain=dstnat comment="Port 22 Forwarding Floor Gateway" dst-port=51730 in-interface-list=WAN protocol=tcp to-addresses=10.10.100.199 to-ports=22
/ip ipsec profile
set [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5 enc-algorithm=aes-256,aes-192,aes-128,3des
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" dst-port=33434-33534 protocol=udp
add action=accept chain=input comment="defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=udp src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=ipsec-esp
add action=accept chain=input comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN
add action=drop chain=forward comment="HARMAN Laptop - drop if destination not WAN" out-interface-list=!WAN src-mac-address=C8:5E:A9:B4:A3:16
add action=accept chain=forward comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=ipsec-esp
add action=accept chain=forward comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN
/ipv6 nd
set [ find default=yes ] interface=bridge
/system clock
set time-zone-name=Europe/Berlin
/system identity
set name="MikroTik ax3"
/system logging
set 0 topics=info,!wireguard
add disabled=yes topics=debug,wireless
/system note
set show-at-login=no
/system ntp client
set enabled=yes
/system ntp server
set broadcast=yes enabled=yes manycast=yes
/system ntp client servers
add address=ntp0.fau.de
add address=ntp1.fau.de
add address=ntp2.fau.de
add address=ntp3.fau.de
add address=ntp0.ewetel.de
add address=ntp1.ewetel.de
/system routerboard wps-button
set enabled=yes on-event=wps-accept
/system scheduler
add interval=1d name=update on-event="/system package update\r\
\ncheck-for-updates once\r\
\n:delay 3s;\r\
\n:if ( [get status] = \"New version is available\") do={ install }" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=2024-08-25 start-time=03:00:00
/system script
add comment=defconf dont-require-permissions=no name=wps-accept owner=*sys policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=\
"\r\
\n :foreach iface in=[/interface/wifi find where (configuration.mode=\"ap\" && disabled=no)] do={\r\
\n /interface/wifi wps-push-button \$iface;}\r\
\n "
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
/tool romon
set enabled=yes
/tool sniffer
set filter-stream=yes streaming-enabled=yes streaming-server=10.10.100.192:http
[SEadmin@MikroTik ax3] > 
Auf Facebook teilen
Auf Twitter teilen
Auf Reddit teilen
Auf Linkedin teilenBitte markiere auch die Kommentare, die zur Lösung des Beitrags beigetragen haben
Content-ID: 668525
Url: https://administrator.de/contentid/668525
Ausgedruckt am: 21.11.2024 um 13:11 Uhr
2 Kommentare
Neuester Kommentar
1
Sorry @peter, aber es gibt auch indirekte Fragen! Es geht mir darum, ob ich etwas falsch konfiguriert habe, weshalb ab und zu die Verbindungen abbrechen.
???
???
