Mikrotik zwei Router verbinden: ax2 bekommt keine IP
Hallo @aqui,
zu Mikrotik zwei Router verbinden: weitere Fragen:
Es hat bis gestern alles so gut funktioniert: den Netgear switch habe ich durch einen MT hEX POE ersetzt, und dann folgendes realisiert:
cap ax am ax3, ax2 am ax3, heX POE am ax2, und heX am heX POE
Dann habe ich irgendwann im LOG gesehen, dass dort ständig RX loop Packages auftauchen, auf den ax3 ether4.
Ich hatte dann am ax3 das ether4 disabled und wieder enabled, doch seither bekommt der ax2 keine IP-Adresse vom ax3 mehr zugewiesen. Wenn ich den hEX POE direkt an den ax3 an denselben Port hänge, dann erhält dieser eine IP, auch der hEX und all Geräte.
Ich habe den ax2 zurückgesetzt, die Konfiguration gelöscht, und ein minimales Setup erstellt, nur VLAN 111 als Trunk und als MGMNT. Trotzdem erhält der ax2 keine IP.
ax3:
Übrigens habe ich auch mal den Lease script unter /system script erstellt. Aber welchen Befehl muss ich dann im DHCP script angeben?
zu Mikrotik zwei Router verbinden: weitere Fragen:
Es hat bis gestern alles so gut funktioniert: den Netgear switch habe ich durch einen MT hEX POE ersetzt, und dann folgendes realisiert:
cap ax am ax3, ax2 am ax3, heX POE am ax2, und heX am heX POE
Dann habe ich irgendwann im LOG gesehen, dass dort ständig RX loop Packages auftauchen, auf den ax3 ether4.
Ich hatte dann am ax3 das ether4 disabled und wieder enabled, doch seither bekommt der ax2 keine IP-Adresse vom ax3 mehr zugewiesen. Wenn ich den hEX POE direkt an den ax3 an denselben Port hänge, dann erhält dieser eine IP, auch der hEX und all Geräte.
Ich habe den ax2 zurückgesetzt, die Konfiguration gelöscht, und ein minimales Setup erstellt, nur VLAN 111 als Trunk und als MGMNT. Trotzdem erhält der ax2 keine IP.
[SEadmin@MikroTik ax2] >
# 1970-01-02 00:44:47 by RouterOS 7.15.2
# software id = 5MCE-DL16
#
# model = C52iG-5HaxD2HaxD
# serial number = HGC09WRMRVQ
/interface bridge
add name=br_vlan pvid=111 vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] name="ether1 [TRUNK ax3]"
set [ find default-name=ether4 ] name="ether4 [MANAGEMENT]"
/interface vlan
add interface="ether1 [TRUNK ax3]" name=vlan111 vlan-id=111
/interface bridge port
add bridge=br_vlan interface="ether1 [TRUNK ax3]" pvid=111
add bridge=br_vlan frame-types=admit-only-untagged-and-priority-tagged interface="ether4 [MANAGEMENT]" pvid=111
/ipv6 settings
set disable-ipv6=yes
/interface bridge vlan
add bridge=br_vlan tagged=br_vlan vlan-ids=111
/ip dhcp-client
add interface=vlan111
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=10.10.111.1 routing-table=main scope=30 suppress-hw-offload=no target-scope=10
/system identity
set name="MikroTik ax2"
/system note
set show-at-login=no
/system routerboard settings
set auto-upgrade=yes
/tool romon
set enabled=yes
[SEadmin@MikroTik ax2] >
ax3:
\n\r\
\n} else={\r\
\n# DHCP lease removed\r\
\n /ip dns static remove [find comment=\$token];\r\
\n} " lease-time=10m name=dhcp_200
add address-pool=dhcp_pool_40 interface="vlan40 [PROXMOX]" lease-script="# DNS TTL to set for DNS entries\r\
\n:local dnsttl \"00:15:00\";\r\
\n\r\
\n###\r\
\n# Script entry point\r\
\n#\r\
\n# Expected environment variables:\r\
\n# leaseBound 1 = lease bound, 0 = lease removed\r\
\n# leaseServerName Name of DHCP server\r\
\n# leaseActIP IP address of DHCP client\r\
\n# leaseActMAC MAC address of DHCP client\r\
\n###\r\
\n\r\
\n:local scriptName \"dhcp2dns\"\r\
\n:do {\r\
\n :local scriptObj [:parse [/system script get \$scriptName source]]\r\
\n \$scriptObj leaseBound=\$leaseBound leaseServerName=\$leaseServerName leaseActIP=\$leaseActIP leaseActMAC=\$leaseActMAC\r\
\n} on-error={ :log warning \"DHCP server '\$leaseServerName' lease script error\" };\r\
\n\r\
\n# \"a.b.c.d\" -> \"a-b-c-d\" for IP addresses used as replacement for missing host names\r\
\n:local ip2Host do=\\\r\
\n{\r\
\n :local outStr\r\
\n :for i from=0 to=([:len \$inStr] - 1) do=\\\r\
\n {\r\
\n :local tmp [:pick \$inStr \$i];\r\
\n :if (\$tmp =\".\") do=\\\r\
\n {\r\
\n :set tmp \"-\"\r\
\n }\r\
\n :set outStr (\$outStr . \$tmp)\r\
\n }\r\
\n :return \$outStr\r\
\n}\r\
\n\r\
\n:local mapHostName do={\r\
\n# param: name\r\
\n# max length = 63\r\
\n# allowed chars a-z,0-9,-\r\
\n :local allowedChars \"abcdefghijklmnopqrstuvwxyz0123456789-\";\r\
\n :local numChars [:len \$name];\r\
\n :if (\$numChars > 63) do={:set numChars 63};\r\
\n :local result \"\";\r\
\n\r\
\n :for i from=0 to=(\$numChars - 1) do={\r\
\n :local char [:pick \$name \$i];\r\
\n :if ([:find \$allowedChars \$char] < 0) do={:set char \"-\"};\r\
\n :set result (\$result . \$char);\r\
\n }\r\
\n :return \$result;\r\
\n}\r\
\n\r\
\n:local lowerCase do={\r\
\n# param: entry\r\
\n :local lower \"abcdefghijklmnopqrstuvwxyz\";\r\
\n :local upper \"ABCDEFGHIJKLMNOPQRSTUVWXYZ\";\r\
\n :local result \"\";\r\
\n :for i from=0 to=([:len \$entry] - 1) do={\r\
\n :local char [:pick \$entry \$i];\r\
\n :local pos [:find \$upper \$char];\r\
\n :if (\$pos > -1) do={:set char [:pick \$lower \$pos]};\r\
\n :set result (\$result . \$char);\r\
\n }\r\
\n :return \$result;\r\
\n}\r\
\n\r\
\n:local token \"\$leaseServerName-\$leaseActMAC\";\r\
\n:local LogPrefix \"DHCP2DNS (\$leaseServerName)\"\r\
\n\r\
\n:if ( [ :len \$leaseActIP ] <= 0 ) do=\\\r\
\n{\r\
\n :log error \"\$LogPrefix: empty lease address\"\r\
\n :error \"empty lease address\"\r\
\n}\r\
\n\r\
\n:if ( \$leaseBound = 1 ) do=\\\r\
\n{\r\
\n # new DHCP lease added\r\
\n /ip dhcp-server\r\
\n #:local dnsttl [ get [ find name=\$leaseServerName ] lease-time ]\r\
\n network\r\
\n :local domain [ get [ find \$leaseActIP in address ] domain ]\r\
\n #:log info \"\$LogPrefix: DNS domain is \$domain\"\r\
\n\r\
\n :local hostname [/ip dhcp-server lease get [:pick [find mac-address=\$leaseActMAC and server=\$leaseServerName] 0] value-name=host-name]\r\
\n #:log info \"\$LogPrefix: DHCP hostname is \$hostname\"\r\
\n\r\
\n #Hostname cleanup\r\
\n :if ( [ :len \$hostname ] <= 0 ) do=\\\r\
\n {\r\
\n :set hostname [ \$ip2Host inStr=\$leaseActIP ]\r\
\n :log info \"\$LogPrefix: Empty hostname for '\$leaseActIP', using generated host name '\$hostname'\"\r\
\n }\r\
\n :set hostname [\$lowerCase entry=\$hostname]\r\
\n :set hostname [\$mapHostName name=\$hostname]\r\
\n #:log info \"\$LogPrefix: Clean hostname for FQDN is \$hostname\";\r\
\n\r\
\n :if ( [ :len \$domain ] <= 0 ) do=\\\r\
\n {\r\
\n :log warning \"\$LogPrefix: Empty domainname for '\$leaseActIP', cannot create static DNS name\"\r\
\n :error \"Empty domainname for '\$leaseActIP'\"\r\
\n }\r\
\n\r\
\n :local fqdn (\$hostname . \".\" . \$domain)\r\
\n #:log info \"\$LogPrefix: FQDN for DNS is \$fqdn\"\r\
\n\r\
\n :if ([/ip dhcp-server lease get [:pick [find mac-address=\$leaseActMAC and server=\$leaseServerName] 0] ]) do={\r\
\n # :log info message=\"\$LogPrefix: \$leaseActMAC -> \$hostname\"\r\
\n :do {\r\
\n /ip dns static add address=\$leaseActIP name=\$fqdn ttl=\$dnsttl comment=\$token;\r\
\n } on-error={:log error message=\"\$LogPrefix: Failure during dns registration of \$fqdn with \$leaseActIP\"}\r\
\n }\r\
\n\r\
\n} else={\r\
\n# DHCP lease removed\r\
\n /ip dns static remove [find comment=\$token];\r\
\n} " lease-time=10m name=dhcp_40
add address-pool=dhcp_pool_50 interface="vlan50 [PHONE]" lease-script="# DNS TTL to set for DNS entries\r\
\n:local dnsttl \"00:15:00\";\r\
\n\r\
\n###\r\
\n# Script entry point\r\
\n#\r\
\n# Expected environment variables:\r\
\n# leaseBound 1 = lease bound, 0 = lease removed\r\
\n# leaseServerName Name of DHCP server\r\
\n# leaseActIP IP address of DHCP client\r\
\n# leaseActMAC MAC address of DHCP client\r\
\n###\r\
\n\r\
\n:local scriptName \"dhcp2dns\"\r\
\n:do {\r\
\n :local scriptObj [:parse [/system script get \$scriptName source]]\r\
\n \$scriptObj leaseBound=\$leaseBound leaseServerName=\$leaseServerName leaseActIP=\$leaseActIP leaseActMAC=\$leaseActMAC\r\
\n} on-error={ :log warning \"DHCP server '\$leaseServerName' lease script error\" };\r\
\n\r\
\n# \"a.b.c.d\" -> \"a-b-c-d\" for IP addresses used as replacement for missing host names\r\
\n:local ip2Host do=\\\r\
\n{\r\
\n :local outStr\r\
\n :for i from=0 to=([:len \$inStr] - 1) do=\\\r\
\n {\r\
\n :local tmp [:pick \$inStr \$i];\r\
\n :if (\$tmp =\".\") do=\\\r\
\n {\r\
\n :set tmp \"-\"\r\
\n }\r\
\n :set outStr (\$outStr . \$tmp)\r\
\n }\r\
\n :return \$outStr\r\
\n}\r\
\n\r\
\n:local mapHostName do={\r\
\n# param: name\r\
\n# max length = 63\r\
\n# allowed chars a-z,0-9,-\r\
\n :local allowedChars \"abcdefghijklmnopqrstuvwxyz0123456789-\";\r\
\n :local numChars [:len \$name];\r\
\n :if (\$numChars > 63) do={:set numChars 63};\r\
\n :local result \"\";\r\
\n\r\
\n :for i from=0 to=(\$numChars - 1) do={\r\
\n :local char [:pick \$name \$i];\r\
\n :if ([:find \$allowedChars \$char] < 0) do={:set char \"-\"};\r\
\n :set result (\$result . \$char);\r\
\n }\r\
\n :return \$result;\r\
\n}\r\
\n\r\
\n:local lowerCase do={\r\
\n# param: entry\r\
\n :local lower \"abcdefghijklmnopqrstuvwxyz\";\r\
\n :local upper \"ABCDEFGHIJKLMNOPQRSTUVWXYZ\";\r\
\n :local result \"\";\r\
\n :for i from=0 to=([:len \$entry] - 1) do={\r\
\n :local char [:pick \$entry \$i];\r\
\n :local pos [:find \$upper \$char];\r\
\n :if (\$pos > -1) do={:set char [:pick \$lower \$pos]};\r\
\n :set result (\$result . \$char);\r\
\n }\r\
\n :return \$result;\r\
\n}\r\
\n\r\
\n:local token \"\$leaseServerName-\$leaseActMAC\";\r\
\n:local LogPrefix \"DHCP2DNS (\$leaseServerName)\"\r\
\n\r\
\n:if ( [ :len \$leaseActIP ] <= 0 ) do=\\\r\
\n{\r\
\n :log error \"\$LogPrefix: empty lease address\"\r\
\n :error \"empty lease address\"\r\
\n}\r\
\n\r\
\n:if ( \$leaseBound = 1 ) do=\\\r\
\n{\r\
\n # new DHCP lease added\r\
\n /ip dhcp-server\r\
\n #:local dnsttl [ get [ find name=\$leaseServerName ] lease-time ]\r\
\n network\r\
\n :local domain [ get [ find \$leaseActIP in address ] domain ]\r\
\n #:log info \"\$LogPrefix: DNS domain is \$domain\"\r\
\n\r\
\n :local hostname [/ip dhcp-server lease get [:pick [find mac-address=\$leaseActMAC and server=\$leaseServerName] 0] value-name=host-name]\r\
\n #:log info \"\$LogPrefix: DHCP hostname is \$hostname\"\r\
\n\r\
\n #Hostname cleanup\r\
\n :if ( [ :len \$hostname ] <= 0 ) do=\\\r\
\n {\r\
\n :set hostname [ \$ip2Host inStr=\$leaseActIP ]\r\
\n :log info \"\$LogPrefix: Empty hostname for '\$leaseActIP', using generated host name '\$hostname'\"\r\
\n }\r\
\n :set hostname [\$lowerCase entry=\$hostname]\r\
\n :set hostname [\$mapHostName name=\$hostname]\r\
\n #:log info \"\$LogPrefix: Clean hostname for FQDN is \$hostname\";\r\
\n\r\
\n :if ( [ :len \$domain ] <= 0 ) do=\\\r\
\n {\r\
\n :log warning \"\$LogPrefix: Empty domainname for '\$leaseActIP', cannot create static DNS name\"\r\
\n :error \"Empty domainname for '\$leaseActIP'\"\r\
\n }\r\
\n\r\
\n :local fqdn (\$hostname . \".\" . \$domain)\r\
\n #:log info \"\$LogPrefix: FQDN for DNS is \$fqdn\"\r\
\n\r\
\n :if ([/ip dhcp-server lease get [:pick [find mac-address=\$leaseActMAC and server=\$leaseServerName] 0] ]) do={\r\
\n # :log info message=\"\$LogPrefix: \$leaseActMAC -> \$hostname\"\r\
\n :do {\r\
\n /ip dns static add address=\$leaseActIP name=\$fqdn ttl=\$dnsttl comment=\$token;\r\
\n } on-error={:log error message=\"\$LogPrefix: Failure during dns registration of \$fqdn with \$leaseActIP\"}\r\
\n }\r\
\n\r\
\n} else={\r\
\n# DHCP lease removed\r\
\n /ip dns static remove [find comment=\$token];\r\
\n} " lease-time=10m name=dhcp_50
add address-pool=dhcp_pool_60 interface="vlan60 [MOBILE OFFICE]" lease-script="# DNS TTL to set for DNS entries\r\
\n:local dnsttl \"00:15:00\";\r\
\n\r\
\n###\r\
\n# Script entry point\r\
\n#\r\
\n# Expected environment variables:\r\
\n# leaseBound 1 = lease bound, 0 = lease removed\r\
\n# leaseServerName Name of DHCP server\r\
\n# leaseActIP IP address of DHCP client\r\
\n# leaseActMAC MAC address of DHCP client\r\
\n###\r\
\n\r\
\n:local scriptName \"dhcp2dns\"\r\
\n:do {\r\
\n :local scriptObj [:parse [/system script get \$scriptName source]]\r\
\n \$scriptObj leaseBound=\$leaseBound leaseServerName=\$leaseServerName leaseActIP=\$leaseActIP leaseActMAC=\$leaseActMAC\r\
\n} on-error={ :log warning \"DHCP server '\$leaseServerName' lease script error\" };\r\
\n\r\
\n# \"a.b.c.d\" -> \"a-b-c-d\" for IP addresses used as replacement for missing host names\r\
\n:local ip2Host do=\\\r\
\n{\r\
\n :local outStr\r\
\n :for i from=0 to=([:len \$inStr] - 1) do=\\\r\
\n {\r\
\n :local tmp [:pick \$inStr \$i];\r\
\n :if (\$tmp =\".\") do=\\\r\
\n {\r\
\n :set tmp \"-\"\r\
\n }\r\
\n :set outStr (\$outStr . \$tmp)\r\
\n }\r\
\n :return \$outStr\r\
\n}\r\
\n\r\
\n:local mapHostName do={\r\
\n# param: name\r\
\n# max length = 63\r\
\n# allowed chars a-z,0-9,-\r\
\n :local allowedChars \"abcdefghijklmnopqrstuvwxyz0123456789-\";\r\
\n :local numChars [:len \$name];\r\
\n :if (\$numChars > 63) do={:set numChars 63};\r\
\n :local result \"\";\r\
\n\r\
\n :for i from=0 to=(\$numChars - 1) do={\r\
\n :local char [:pick \$name \$i];\r\
\n :if ([:find \$allowedChars \$char] < 0) do={:set char \"-\"};\r\
\n :set result (\$result . \$char);\r\
\n }\r\
\n :return \$result;\r\
\n}\r\
\n\r\
\n:local lowerCase do={\r\
\n# param: entry\r\
\n :local lower \"abcdefghijklmnopqrstuvwxyz\";\r\
\n :local upper \"ABCDEFGHIJKLMNOPQRSTUVWXYZ\";\r\
\n :local result \"\";\r\
\n :for i from=0 to=([:len \$entry] - 1) do={\r\
\n :local char [:pick \$entry \$i];\r\
\n :local pos [:find \$upper \$char];\r\
\n :if (\$pos > -1) do={:set char [:pick \$lower \$pos]};\r\
\n :set result (\$result . \$char);\r\
\n }\r\
\n :return \$result;\r\
\n}\r\
\n\r\
\n:local token \"\$leaseServerName-\$leaseActMAC\";\r\
\n:local LogPrefix \"DHCP2DNS (\$leaseServerName)\"\r\
\n\r\
\n:if ( [ :len \$leaseActIP ] <= 0 ) do=\\\r\
\n{\r\
\n :log error \"\$LogPrefix: empty lease address\"\r\
\n :error \"empty lease address\"\r\
\n}\r\
\n\r\
\n:if ( \$leaseBound = 1 ) do=\\\r\
\n{\r\
\n # new DHCP lease added\r\
\n /ip dhcp-server\r\
\n #:local dnsttl [ get [ find name=\$leaseServerName ] lease-time ]\r\
\n network\r\
\n :local domain [ get [ find \$leaseActIP in address ] domain ]\r\
\n #:log info \"\$LogPrefix: DNS domain is \$domain\"\r\
\n\r\
\n :local hostname [/ip dhcp-server lease get [:pick [find mac-address=\$leaseActMAC and server=\$leaseServerName] 0] value-name=host-name]\r\
\n #:log info \"\$LogPrefix: DHCP hostname is \$hostname\"\r\
\n\r\
\n #Hostname cleanup\r\
\n :if ( [ :len \$hostname ] <= 0 ) do=\\\r\
\n {\r\
\n :set hostname [ \$ip2Host inStr=\$leaseActIP ]\r\
\n :log info \"\$LogPrefix: Empty hostname for '\$leaseActIP', using generated host name '\$hostname'\"\r\
\n }\r\
\n :set hostname [\$lowerCase entry=\$hostname]\r\
\n :set hostname [\$mapHostName name=\$hostname]\r\
\n #:log info \"\$LogPrefix: Clean hostname for FQDN is \$hostname\";\r\
\n\r\
\n :if ( [ :len \$domain ] <= 0 ) do=\\\r\
\n {\r\
\n :log warning \"\$LogPrefix: Empty domainname for '\$leaseActIP', cannot create static DNS name\"\r\
\n :error \"Empty domainname for '\$leaseActIP'\"\r\
\n }\r\
\n\r\
\n :local fqdn (\$hostname . \".\" . \$domain)\r\
\n #:log info \"\$LogPrefix: FQDN for DNS is \$fqdn\"\r\
\n\r\
\n :if ([/ip dhcp-server lease get [:pick [find mac-address=\$leaseActMAC and server=\$leaseServerName] 0] ]) do={\r\
\n # :log info message=\"\$LogPrefix: \$leaseActMAC -> \$hostname\"\r\
\n :do {\r\
\n /ip dns static add address=\$leaseActIP name=\$fqdn ttl=\$dnsttl comment=\$token;\r\
\n } on-error={:log error message=\"\$LogPrefix: Failure during dns registration of \$fqdn with \$leaseActIP\"}\r\
\n }\r\
\n\r\
\n} else={\r\
\n# DHCP lease removed\r\
\n /ip dns static remove [find comment=\$token];\r\
\n} " lease-time=10m name=dhcp_60
add address-pool=dhcp_pool_100 interface="vlan100 [HOME]" lease-script="# DNS TTL to set for DNS entries\r\
\n:local dnsttl \"00:15:00\";\r\
\n\r\
\n###\r\
\n# Script entry point\r\
\n#\r\
\n# Expected environment variables:\r\
\n# leaseBound 1 = lease bound, 0 = lease removed\r\
\n# leaseServerName Name of DHCP server\r\
\n# leaseActIP IP address of DHCP client\r\
\n# leaseActMAC MAC address of DHCP client\r\
\n###\r\
\n\r\
\n:local scriptName \"dhcp2dns\"\r\
\n:do {\r\
\n :local scriptObj [:parse [/system script get \$scriptName source]]\r\
\n \$scriptObj leaseBound=\$leaseBound leaseServerName=\$leaseServerName leaseActIP=\$leaseActIP leaseActMAC=\$leaseActMAC\r\
\n} on-error={ :log warning \"DHCP server '\$leaseServerName' lease script error\" };\r\
\n\r\
\n# \"a.b.c.d\" -> \"a-b-c-d\" for IP addresses used as replacement for missing host names\r\
\n:local ip2Host do=\\\r\
\n{\r\
\n :local outStr\r\
\n :for i from=0 to=([:len \$inStr] - 1) do=\\\r\
\n {\r\
\n :local tmp [:pick \$inStr \$i];\r\
\n :if (\$tmp =\".\") do=\\\r\
\n {\r\
\n :set tmp \"-\"\r\
\n }\r\
\n :set outStr (\$outStr . \$tmp)\r\
\n }\r\
\n :return \$outStr\r\
\n}\r\
\n\r\
\n:local mapHostName do={\r\
\n# param: name\r\
\n# max length = 63\r\
\n# allowed chars a-z,0-9,-\r\
\n :local allowedChars \"abcdefghijklmnopqrstuvwxyz0123456789-\";\r\
\n :local numChars [:len \$name];\r\
\n :if (\$numChars > 63) do={:set numChars 63};\r\
\n :local result \"\";\r\
\n\r\
\n :for i from=0 to=(\$numChars - 1) do={\r\
\n :local char [:pick \$name \$i];\r\
\n :if ([:find \$allowedChars \$char] < 0) do={:set char \"-\"};\r\
\n :set result (\$result . \$char);\r\
\n }\r\
\n :return \$result;\r\
\n}\r\
\n\r\
\n:local lowerCase do={\r\
\n# param: entry\r\
\n :local lower \"abcdefghijklmnopqrstuvwxyz\";\r\
\n :local upper \"ABCDEFGHIJKLMNOPQRSTUVWXYZ\";\r\
\n :local result \"\";\r\
\n :for i from=0 to=([:len \$entry] - 1) do={\r\
\n :local char [:pick \$entry \$i];\r\
\n :local pos [:find \$upper \$char];\r\
\n :if (\$pos > -1) do={:set char [:pick \$lower \$pos]};\r\
\n :set result (\$result . \$char);\r\
\n }\r\
\n :return \$result;\r\
\n}\r\
\n\r\
\n:local token \"\$leaseServerName-\$leaseActMAC\";\r\
\n:local LogPrefix \"DHCP2DNS (\$leaseServerName)\"\r\
\n\r\
\n:if ( [ :len \$leaseActIP ] <= 0 ) do=\\\r\
\n{\r\
\n :log error \"\$LogPrefix: empty lease address\"\r\
\n :error \"empty lease address\"\r\
\n}\r\
\n\r\
\n:if ( \$leaseBound = 1 ) do=\\\r\
\n{\r\
\n # new DHCP lease added\r\
\n /ip dhcp-server\r\
\n #:local dnsttl [ get [ find name=\$leaseServerName ] lease-time ]\r\
\n network\r\
\n :local domain [ get [ find \$leaseActIP in address ] domain ]\r\
\n #:log info \"\$LogPrefix: DNS domain is \$domain\"\r\
\n\r\
\n :local hostname [/ip dhcp-server lease get [:pick [find mac-address=\$leaseActMAC and server=\$leaseServerName] 0] value-name=host-name]\r\
\n #:log info \"\$LogPrefix: DHCP hostname is \$hostname\"\r\
\n\r\
\n #Hostname cleanup\r\
\n :if ( [ :len \$hostname ] <= 0 ) do=\\\r\
\n {\r\
\n :set hostname [ \$ip2Host inStr=\$leaseActIP ]\r\
\n :log info \"\$LogPrefix: Empty hostname for '\$leaseActIP', using generated host name '\$hostname'\"\r\
\n }\r\
\n :set hostname [\$lowerCase entry=\$hostname]\r\
\n :set hostname [\$mapHostName name=\$hostname]\r\
\n #:log info \"\$LogPrefix: Clean hostname for FQDN is \$hostname\";\r\
\n\r\
\n :if ( [ :len \$domain ] <= 0 ) do=\\\r\
\n {\r\
\n :log warning \"\$LogPrefix: Empty domainname for '\$leaseActIP', cannot create static DNS name\"\r\
\n :error \"Empty domainname for '\$leaseActIP'\"\r\
\n }\r\
\n\r\
\n :local fqdn (\$hostname . \".\" . \$domain)\r\
\n #:log info \"\$LogPrefix: FQDN for DNS is \$fqdn\"\r\
\n\r\
\n :if ([/ip dhcp-server lease get [:pick [find mac-address=\$leaseActMAC and server=\$leaseServerName] 0] ]) do={\r\
\n # :log info message=\"\$LogPrefix: \$leaseActMAC -> \$hostname\"\r\
\n :do {\r\
\n /ip dns static add address=\$leaseActIP name=\$fqdn ttl=\$dnsttl comment=\$token;\r\
\n } on-error={:log error message=\"\$LogPrefix: Failure during dns registration of \$fqdn with \$leaseActIP\"}\r\
\n }\r\
\n\r\
\n} else={\r\
\n# DHCP lease removed\r\
\n /ip dns static remove [find comment=\$token];\r\
\n} " lease-time=10m name=dhcp_100
add address-pool=dhcp_pool_1 interface="vlan1 [DEFAULT]" lease-script="# DNS TTL to set for DNS entries\r\
\n:local dnsttl \"00:15:00\";\r\
\n\r\
\n###\r\
\n# Script entry point\r\
\n#\r\
\n# Expected environment variables:\r\
\n# leaseBound 1 = lease bound, 0 = lease removed\r\
\n# leaseServerName Name of DHCP server\r\
\n# leaseActIP IP address of DHCP client\r\
\n# leaseActMAC MAC address of DHCP client\r\
\n###\r\
\n\r\
\n:local scriptName \"dhcp2dns\"\r\
\n:do {\r\
\n :local scriptObj [:parse [/system script get \$scriptName source]]\r\
\n \$scriptObj leaseBound=\$leaseBound leaseServerName=\$leaseServerName leaseActIP=\$leaseActIP leaseActMAC=\$leaseActMAC\r\
\n} on-error={ :log warning \"DHCP server '\$leaseServerName' lease script error\" };\r\
\n\r\
\n# \"a.b.c.d\" -> \"a-b-c-d\" for IP addresses used as replacement for missing host names\r\
\n:local ip2Host do=\\\r\
\n{\r\
\n :local outStr\r\
\n :for i from=0 to=([:len \$inStr] - 1) do=\\\r\
\n {\r\
\n :local tmp [:pick \$inStr \$i];\r\
\n :if (\$tmp =\".\") do=\\\r\
\n {\r\
\n :set tmp \"-\"\r\
\n }\r\
\n :set outStr (\$outStr . \$tmp)\r\
\n }\r\
\n :return \$outStr\r\
\n}\r\
\n\r\
\n:local mapHostName do={\r\
\n# param: name\r\
\n# max length = 63\r\
\n# allowed chars a-z,0-9,-\r\
\n :local allowedChars \"abcdefghijklmnopqrstuvwxyz0123456789-\";\r\
\n :local numChars [:len \$name];\r\
\n :if (\$numChars > 63) do={:set numChars 63};\r\
\n :local result \"\";\r\
\n\r\
\n :for i from=0 to=(\$numChars - 1) do={\r\
\n :local char [:pick \$name \$i];\r\
\n :if ([:find \$allowedChars \$char] < 0) do={:set char \"-\"};\r\
\n :set result (\$result . \$char);\r\
\n }\r\
\n :return \$result;\r\
\n}\r\
\n\r\
\n:local lowerCase do={\r\
\n# param: entry\r\
\n :local lower \"abcdefghijklmnopqrstuvwxyz\";\r\
\n :local upper \"ABCDEFGHIJKLMNOPQRSTUVWXYZ\";\r\
\n :local result \"\";\r\
\n :for i from=0 to=([:len \$entry] - 1) do={\r\
\n :local char [:pick \$entry \$i];\r\
\n :local pos [:find \$upper \$char];\r\
\n :if (\$pos > -1) do={:set char [:pick \$lower \$pos]};\r\
\n :set result (\$result . \$char);\r\
\n }\r\
\n :return \$result;\r\
\n}\r\
\n\r\
\n:local token \"\$leaseServerName-\$leaseActMAC\";\r\
\n:local LogPrefix \"DHCP2DNS (\$leaseServerName)\"\r\
\n\r\
\n:if ( [ :len \$leaseActIP ] <= 0 ) do=\\\r\
\n{\r\
\n :log error \"\$LogPrefix: empty lease address\"\r\
\n :error \"empty lease address\"\r\
\n}\r\
\n\r\
\n:if ( \$leaseBound = 1 ) do=\\\r\
\n{\r\
\n # new DHCP lease added\r\
\n /ip dhcp-server\r\
\n #:local dnsttl [ get [ find name=\$leaseServerName ] lease-time ]\r\
\n network\r\
\n :local domain [ get [ find \$leaseActIP in address ] domain ]\r\
\n #:log info \"\$LogPrefix: DNS domain is \$domain\"\r\
\n\r\
\n :local hostname [/ip dhcp-server lease get [:pick [find mac-address=\$leaseActMAC and server=\$leaseServerName] 0] value-name=host-name]\r\
\n #:log info \"\$LogPrefix: DHCP hostname is \$hostname\"\r\
\n\r\
\n #Hostname cleanup\r\
\n :if ( [ :len \$hostname ] <= 0 ) do=\\\r\
\n {\r\
\n :set hostname [ \$ip2Host inStr=\$leaseActIP ]\r\
\n :log info \"\$LogPrefix: Empty hostname for '\$leaseActIP', using generated host name '\$hostname'\"\r\
\n }\r\
\n :set hostname [\$lowerCase entry=\$hostname]\r\
\n :set hostname [\$mapHostName name=\$hostname]\r\
\n #:log info \"\$LogPrefix: Clean hostname for FQDN is \$hostname\";\r\
\n\r\
\n :if ( [ :len \$domain ] <= 0 ) do=\\\r\
\n {\r\
\n :log warning \"\$LogPrefix: Empty domainname for '\$leaseActIP', cannot create static DNS name\"\r\
\n :error \"Empty domainname for '\$leaseActIP'\"\r\
\n }\r\
\n\r\
\n :local fqdn (\$hostname . \".\" . \$domain)\r\
\n #:log info \"\$LogPrefix: FQDN for DNS is \$fqdn\"\r\
\n\r\
\n :if ([/ip dhcp-server lease get [:pick [find mac-address=\$leaseActMAC and server=\$leaseServerName] 0] ]) do={\r\
\n # :log info message=\"\$LogPrefix: \$leaseActMAC -> \$hostname\"\r\
\n :do {\r\
\n /ip dns static add address=\$leaseActIP name=\$fqdn ttl=\$dnsttl comment=\$token;\r\
\n } on-error={:log error message=\"\$LogPrefix: Failure during dns registration of \$fqdn with \$leaseActIP\"}\r\
\n }\r\
\n\r\
\n} else={\r\
\n# DHCP lease removed\r\
\n /ip dns static remove [find comment=\$token];\r\
\n} " lease-time=10m name=dhcp_1
add address-pool=dhcp_pool_111 interface="vlan111 [MANAGEMENT]" lease-script="# DNS TTL to set for DNS entries\r\
\n:local dnsttl \"00:15:00\";\r\
\n\r\
\n###\r\
\n# Script entry point\r\
\n#\r\
\n# Expected environment variables:\r\
\n# leaseBound 1 = lease bound, 0 = lease removed\r\
\n# leaseServerName Name of DHCP server\r\
\n# leaseActIP IP address of DHCP client\r\
\n# leaseActMAC MAC address of DHCP client\r\
\n###\r\
\n\r\
\n:local scriptName \"dhcp2dns\"\r\
\n:do {\r\
\n :local scriptObj [:parse [/system script get \$scriptName source]]\r\
\n \$scriptObj leaseBound=\$leaseBound leaseServerName=\$leaseServerName leaseActIP=\$leaseActIP leaseActMAC=\$leaseActMAC\r\
\n} on-error={ :log warning \"DHCP server '\$leaseServerName' lease script error\" };\r\
\n\r\
\n# \"a.b.c.d\" -> \"a-b-c-d\" for IP addresses used as replacement for missing host names\r\
\n:local ip2Host do=\\\r\
\n{\r\
\n :local outStr\r\
\n :for i from=0 to=([:len \$inStr] - 1) do=\\\r\
\n {\r\
\n :local tmp [:pick \$inStr \$i];\r\
\n :if (\$tmp =\".\") do=\\\r\
\n {\r\
\n :set tmp \"-\"\r\
\n }\r\
\n :set outStr (\$outStr . \$tmp)\r\
\n }\r\
\n :return \$outStr\r\
\n}\r\
\n\r\
\n:local mapHostName do={\r\
\n# param: name\r\
\n# max length = 63\r\
\n# allowed chars a-z,0-9,-\r\
\n :local allowedChars \"abcdefghijklmnopqrstuvwxyz0123456789-\";\r\
\n :local numChars [:len \$name];\r\
\n :if (\$numChars > 63) do={:set numChars 63};\r\
\n :local result \"\";\r\
\n\r\
\n :for i from=0 to=(\$numChars - 1) do={\r\
\n :local char [:pick \$name \$i];\r\
\n :if ([:find \$allowedChars \$char] < 0) do={:set char \"-\"};\r\
\n :set result (\$result . \$char);\r\
\n }\r\
\n :return \$result;\r\
\n}\r\
\n\r\
\n:local lowerCase do={\r\
\n# param: entry\r\
\n :local lower \"abcdefghijklmnopqrstuvwxyz\";\r\
\n :local upper \"ABCDEFGHIJKLMNOPQRSTUVWXYZ\";\r\
\n :local result \"\";\r\
\n :for i from=0 to=([:len \$entry] - 1) do={\r\
\n :local char [:pick \$entry \$i];\r\
\n :local pos [:find \$upper \$char];\r\
\n :if (\$pos > -1) do={:set char [:pick \$lower \$pos]};\r\
\n :set result (\$result . \$char);\r\
\n }\r\
\n :return \$result;\r\
\n}\r\
\n\r\
\n:local token \"\$leaseServerName-\$leaseActMAC\";\r\
\n:local LogPrefix \"DHCP2DNS (\$leaseServerName)\"\r\
\n\r\
\n:if ( [ :len \$leaseActIP ] <= 0 ) do=\\\r\
\n{\r\
\n :log error \"\$LogPrefix: empty lease address\"\r\
\n :error \"empty lease address\"\r\
\n}\r\
\n\r\
\n:if ( \$leaseBound = 1 ) do=\\\r\
\n{\r\
\n # new DHCP lease added\r\
\n /ip dhcp-server\r\
\n #:local dnsttl [ get [ find name=\$leaseServerName ] lease-time ]\r\
\n network\r\
\n :local domain [ get [ find \$leaseActIP in address ] domain ]\r\
\n #:log info \"\$LogPrefix: DNS domain is \$domain\"\r\
\n\r\
\n :local hostname [/ip dhcp-server lease get [:pick [find mac-address=\$leaseActMAC and server=\$leaseServerName] 0] value-name=host-name]\r\
\n #:log info \"\$LogPrefix: DHCP hostname is \$hostname\"\r\
\n\r\
\n #Hostname cleanup\r\
\n :if ( [ :len \$hostname ] <= 0 ) do=\\\r\
\n {\r\
\n :set hostname [ \$ip2Host inStr=\$leaseActIP ]\r\
\n :log info \"\$LogPrefix: Empty hostname for '\$leaseActIP', using generated host name '\$hostname'\"\r\
\n }\r\
\n :set hostname [\$lowerCase entry=\$hostname]\r\
\n :set hostname [\$mapHostName name=\$hostname]\r\
\n #:log info \"\$LogPrefix: Clean hostname for FQDN is \$hostname\";\r\
\n\r\
\n :if ( [ :len \$domain ] <= 0 ) do=\\\r\
\n {\r\
\n :log warning \"\$LogPrefix: Empty domainname for '\$leaseActIP', cannot create static DNS name\"\r\
\n :error \"Empty domainname for '\$leaseActIP'\"\r\
\n }\r\
\n\r\
\n :local fqdn (\$hostname . \".\" . \$domain)\r\
\n #:log info \"\$LogPrefix: FQDN for DNS is \$fqdn\"\r\
\n\r\
\n :if ([/ip dhcp-server lease get [:pick [find mac-address=\$leaseActMAC and server=\$leaseServerName] 0] ]) do={\r\
\n # :log info message=\"\$LogPrefix: \$leaseActMAC -> \$hostname\"\r\
\n :do {\r\
\n /ip dns static add address=\$leaseActIP name=\$fqdn ttl=\$dnsttl comment=\$token;\r\
\n } on-error={:log error message=\"\$LogPrefix: Failure during dns registration of \$fqdn with \$leaseActIP\"}\r\
\n }\r\
\n\r\
\n} else={\r\
\n# DHCP lease removed\r\
\n /ip dns static remove [find comment=\$token];\r\
\n} " lease-time=10m name=dhcp_111
/ppp profile
add change-tcp-mss=yes dns-server=10.10.111.1 name=vpn
set *FFFFFFFE dns-server=10.10.200.1
/routing bgp template
set default disabled=no output.network=bgp-networks
/interface bridge port
add bridge=br_vlan frame-types=admit-only-untagged-and-priority-tagged interface="ether3 [MANAGEMENT]" pvid=111
add bridge=br_vlan frame-types=admit-only-vlan-tagged interface="wifi1 [5 GHz MASTER]" point-to-point=no pvid=2
add bridge=br_vlan frame-types=admit-only-vlan-tagged interface="wifi2 [2.4 GHz MASTER]" point-to-point=no pvid=2
add bridge=br_vlan frame-types=admit-only-vlan-tagged interface="wifi3 [HOMETEC 5] " point-to-point=no pvid=200
add bridge=br_vlan frame-types=admit-only-untagged-and-priority-tagged interface="ether2 [PHONE]" pvid=50
add bridge=br_vlan frame-types=admit-only-vlan-tagged interface="wifi4 [HOME 5]" point-to-point=no pvid=100
add bridge=br_vlan frame-types=admit-only-vlan-tagged interface="wifi5 [HOME 2.4]" point-to-point=no pvid=100
add bridge=br_vlan frame-types=admit-only-vlan-tagged interface="wifi6 [HOMETEC 2]" point-to-point=no pvid=200
add bridge=br_vlan interface="ether1[TRUNK AP]" pvid=111
add bridge=br_vlan interface="ether4 [TRUNK AX2]" pvid=111
/ip firewall connection tracking
set udp-timeout=10s
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/ipv6 settings
set disable-ipv6=yes
/interface bridge vlan
add bridge=br_vlan tagged=br_vlan vlan-ids=111
add bridge=br_vlan tagged="br_vlan,ether1[TRUNK AP],ether4 [TRUNK AX2],wifi3 [HOMETEC 5] ,wifi6 [HOMETEC 2]" vlan-ids=200
add bridge=br_vlan tagged="br_vlan,ether1[TRUNK AP],ether4 [TRUNK AX2],wifi1 [5 GHz MASTER],wifi2 [2.4 GHz MASTER]" vlan-ids=2
add bridge=br_vlan tagged="br_vlan,ether1[TRUNK AP],wifi4 [HOME 5],wifi5 [HOME 2.4],ether4 [TRUNK AX2]" vlan-ids=100
add bridge=br_vlan tagged="br_vlan,ether4 [TRUNK AX2],ether1[TRUNK AP]" vlan-ids=40
add bridge=br_vlan tagged="br_vlan,ether4 [TRUNK AX2],ether1[TRUNK AP]" vlan-ids=50
add bridge=br_vlan tagged="br_vlan,ether4 [TRUNK AX2],ether1[TRUNK AP]" vlan-ids=60
/interface detect-internet
set detect-interface-list=WAN
/interface l2tp-server server
set authentication=mschap2 enabled=yes use-ipsec=yes
/interface list member
add interface="vlan1 [DEFAULT]" list=LAN
add interface="vlan200 [HOMETEC]" list=LAN
add interface=pppoe-out1 list=WAN
add interface="vlan2 [WLAN]" list=LAN
add interface="vlan40 [PROXMOX]" list=LAN
add interface="vlan100 [HOME]" list=LAN
add interface="vlan50 [PHONE]" list=LAN
add interface="vlan60 [MOBILE OFFICE]" list=LAN
add interface="vlan111 [MANAGEMENT]" list=LAN
/interface ovpn-server server
set auth=sha1,md5
/interface pptp-server server
# PPTP connections are considered unsafe, it is suggested to use a more modern VPN protocol instead
set authentication=mschap2
/ip address
add address=10.10.200.1/24 interface="vlan200 [HOMETEC]" network=10.10.200.0
add address=10.10.40.1/24 interface="vlan40 [PROXMOX]" network=10.10.40.0
add address=10.10.50.1/24 interface="vlan50 [PHONE]" network=10.10.50.0
add address=10.10.60.1/24 interface="vlan60 [MOBILE OFFICE]" network=10.10.60.0
add address=10.10.100.1/24 interface="vlan100 [HOME]" network=10.10.100.0
add address=10.10.1.1/24 interface="vlan1 [DEFAULT]" network=10.10.1.0
add address=10.10.111.1/24 interface="vlan111 [MANAGEMENT]" network=10.10.111.0
/ip cloud
set ddns-enabled=yes ddns-update-interval=10m
/ip dhcp-server lease
add address=10.10.111.2 client-id=1:d4:1:c3:7c:b7:b2 mac-address=D4:01:C3:7C:B7:B2 server=dhcp_111
add address=10.10.50.200 mac-address=58:9E:C6:36:4B:BB server=dhcp_50
add address=10.10.200.20 client-id=1:0:50:f4:36:f1:a7 comment="Lambda W\E4rmepumpe" mac-address=00:50:F4:36:F1:A7 server=dhcp_200
add address=10.10.111.4 client-id=1:2e:c8:1b:18:8c:4a mac-address=2E:C8:1B:18:8C:4A server=dhcp_111
add address=10.10.111.10 client-id=1:dc:2c:6e:74:d3:9b mac-address=DC:2C:6E:74:D3:9B server=dhcp_111
add address=10.10.40.117 client-id=1:2:58:8a:7c:5a:3f comment="Home Assistant" mac-address=02:58:8A:7C:5A:3F server=dhcp_40
add address=10.10.111.5 client-id=1:d4:1:c3:b8:f8:a6 mac-address=D4:01:C3:B8:F8:A6 server=dhcp_111
add address=10.10.200.193 client-id=1:dc:a6:32:f6:4a:47 mac-address=DC:A6:32:F6:4A:47 server=dhcp_200
add address=10.10.111.6 client-id=1:d4:1:c3:8a:64:75 mac-address=D4:01:C3:8A:64:75 server=dhcp_111
add address=10.10.200.130 client-id=1:dc:a6:32:2c:97:f mac-address=DC:A6:32:2C:97:0F server=dhcp_200
add address=10.10.100.116 client-id=1:6c:3c:7c:78:35:92 comment="Canon Drucker" mac-address=6C:3C:7C:78:35:92 server=dhcp_100
add address=10.10.200.132 client-id=1:e8:6b:ea:31:58:2c mac-address=E8:6B:EA:31:58:2C server=dhcp_200
/ip dhcp-server network
add address=10.10.1.0/24 dns-server=10.10.1.1 domain=fasan.home.arpa gateway=10.10.1.1
add address=10.10.20.0/24 dns-server=10.10.20.1 domain=fasan.home.arpa gateway=10.10.20.1
add address=10.10.40.0/24 dns-server=10.10.40.1 domain=fasan.home.arpa gateway=10.10.40.1
add address=10.10.50.0/24 dns-server=10.10.50.1 domain=fasan.home.arpa gateway=10.10.50.1
add address=10.10.60.0/24 dns-server=10.10.60.1 domain=fasan.home.arpa gateway=10.10.60.1
add address=10.10.100.0/24 dns-server=10.10.100.1 domain=fasan.home.arpa gateway=10.10.100.1
add address=10.10.111.0/24 dns-server=10.10.111.1 domain=fasan.home.arpa gateway=10.10.111.1
add address=10.10.200.0/24 dns-server=10.10.200.1 domain=fasan.home.arpa gateway=10.10.200.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=10.10.100.111 comment=dhcp_100-2A:B3:C4:F3:A3:16 name=10-10-100-111.fasan.home.arpa ttl=15m
add address=10.10.100.107 comment=dhcp_100-F0:B3:EC:1E:A7:9A name=appletvafzimmer.fasan.home.arpa ttl=15m
add address=10.10.50.200 comment=dhcp_50-58:9E:C6:36:4B:BB name=s850a-go.fasan.home.arpa ttl=15m
add address=10.10.200.105 comment=dhcp_200-D4:F9:8D:01:32:F0 name=espressif.fasan.home.arpa ttl=15m
add address=10.10.100.101 comment=dhcp_100-3C:6A:9D:17:6E:A8 name=-y------.fasan.home.arpa ttl=15m
add address=10.10.111.5 comment=dhcp_111-D4:01:C3:B8:F8:A6 name=mikrotik-cap-ax.fasan.home.arpa ttl=15m
add address=10.10.200.108 comment=dhcp_200-68:B6:B3:A2:1F:40 name=ecoflow.fasan.home.arpa ttl=15m
add address=10.10.100.110 comment=dhcp_100-96:EA:32:7A:16:6D name=10-10-100-110.fasan.home.arpa ttl=15m
add address=10.10.200.109 comment=dhcp_200-D4:F9:8D:02:08:74 name=espressif.fasan.home.arpa ttl=15m
add address=10.10.100.100 comment=dhcp_100-EC:DA:3B:A8:7B:D8 name=espressif.fasan.home.arpa ttl=15m
add address=10.10.200.102 comment=dhcp_200-D4:F9:8D:02:32:34 name=espressif.fasan.home.arpa ttl=15m
add address=10.10.200.112 comment=dhcp_200-B4:8A:0A:C0:98:BB name=esp-c098bb.fasan.home.arpa ttl=15m
add address=10.10.100.104 comment=dhcp_100-F6:13:48:5A:03:10 name=10-10-100-104.fasan.home.arpa ttl=15m
add address=10.10.200.132 comment=dhcp_200-E8:6B:EA:31:58:2C name=esp32-bluetooth-proxy-31582c.fasan.home.arpa ttl=15m
add address=10.10.200.107 comment=dhcp_200-68:67:25:B3:0C:B8 name=hw51-1637.fasan.home.arpa ttl=15m
add address=10.10.200.104 comment=dhcp_200-24:4C:AB:01:5D:5C name=tibber-host.fasan.home.arpa ttl=15m
add address=10.10.111.6 comment=dhcp_111-D4:01:C3:8A:64:75 name=mikrotik-hex-poe.fasan.home.arpa ttl=15m
add address=10.10.111.3 comment=dhcp_111-38:C9:86:1A:EA:84 name=imac.fasan.home.arpa ttl=15m
add address=10.10.200.193 comment=dhcp_200-DC:A6:32:F6:4A:47 name=contromeminiserver.fasan.home.arpa ttl=15m
/ip firewall address-list
add address=0.0.0.0/8 comment="defconf: RFC6890" list=no_forward_ipv4
add address=169.254.0.0/16 comment="defconf: RFC6890" list=no_forward_ipv4
add address=224.0.0.0/4 comment="defconf: multicast" list=no_forward_ipv4
add address=255.255.255.255 comment="defconf: RFC6890" list=no_forward_ipv4
add address=127.0.0.0/8 comment="defconf: RFC6890" list=bad_ipv4
add address=192.0.0.0/24 comment="defconf: RFC6890" list=bad_ipv4
add address=192.0.2.0/24 comment="defconf: RFC6890 documentation" list=bad_ipv4
add address=198.51.100.0/24 comment="defconf: RFC6890 documentation" list=bad_ipv4
add address=203.0.113.0/24 comment="defconf: RFC6890 documentation" list=bad_ipv4
add address=240.0.0.0/4 comment="defconf: RFC6890 reserved" list=bad_ipv4
add address=0.0.0.0/8 comment="defconf: RFC6890" list=not_global_ipv4
add address=10.0.0.0/8 comment="defconf: RFC6890" list=not_global_ipv4
add address=100.64.0.0/10 comment="defconf: RFC6890" list=not_global_ipv4
add address=169.254.0.0/16 comment="defconf: RFC6890" list=not_global_ipv4
add address=172.16.0.0/12 comment="defconf: RFC6890" list=not_global_ipv4
add address=192.0.0.0/29 comment="defconf: RFC6890" list=not_global_ipv4
add address=192.168.0.0/16 comment="defconf: RFC6890" list=not_global_ipv4
add address=198.18.0.0/15 comment="defconf: RFC6890 benchmark" list=not_global_ipv4
add address=255.255.255.255 comment="defconf: RFC6890" list=not_global_ipv4
add address=224.0.0.0/4 comment="defconf: multicast" list=bad_src_ipv4
add address=255.255.255.255 comment="defconf: RFC6890" list=bad_src_ipv4
add address=0.0.0.0/8 comment="defconf: RFC6890" list=bad_dst_ipv4
add address=224.0.0.0/4 comment="defconf: RFC6890" list=bad_dst_ipv4
add address=10.10.111.222 comment="L2TP Hometec" list="L2TP Mikrotik"
/ip firewall filter
add action=accept chain=forward comment="defconf: accept in IPSec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out IPSec policy" ipsec-policy=out,ipsec
add action=accept chain=input comment=L2TP/IPSec dst-port=500,1701,4500 protocol=udp
add action=accept chain=input comment=L2TP/IPSec protocol=ipsec-esp
add action=accept chain=input comment="accept DNS via VPN " dst-address=10.10.111.1 dst-port=53 protocol=tcp src-address-list="L2TP Mikrotik"
add action=accept chain=input comment="accept DNS via VPN " dst-address=10.10.111.1 dst-port=53 protocol=udp src-address-list="L2TP Mikrotik"
add action=accept chain=input comment="defconf: accept out IPSec policy" dst-port=53,123 in-interface-list=LAN protocol=udp
add action=accept chain=input comment="defconf: accept out IPSec policy" dst-port=53 in-interface-list=LAN protocol=tcp
add action=accept chain=input comment="defconf: accept ICMP after RAW" protocol=icmp
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=accept chain=forward comment="defconf: accept all that matches IPSec policy" ipsec-policy=in,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related hw-offload=yes
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=log chain=forward disabled=yes log=yes log-prefix=XX
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
add action=drop chain=forward comment="defconf: drop bad forward IPs" src-address-list=no_forward_ipv4
add action=drop chain=forward comment="defconf: drop bad forward IPs" dst-address-list=no_forward_ipv4
add action=drop chain=forward out-interface="vlan111 [MANAGEMENT]"
add action=drop chain=input comment="drop all not coming from MANAGEMENT VLAN" in-interface="!vlan111 [MANAGEMENT]"
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" out-interface-list=WAN
add action=accept chain=srcnat comment="defconf: accept all that matches IPSec policy" ipsec-policy=out,ipsec
add action=dst-nat chain=dstnat comment="Telefon S850A Go" dst-port=49004-49012 protocol=udp to-addresses=10.10.50.200 to-ports=49004-49012
add action=dst-nat chain=dstnat comment="Port 80 Forwarding Miniserver" disabled=yes dst-port=51820 in-interface-list=WAN protocol=tcp to-addresses=10.10.200.193 to-ports=80
add action=dst-nat chain=dstnat comment="Port 22 Forwarding Miniserver" disabled=yes dst-port=51830 in-interface-list=WAN protocol=tcp to-addresses=10.10.200.193 to-ports=22
add action=dst-nat chain=dstnat comment="Port 80 Forwarding Floor Gateway" disabled=yes dst-port=51720 in-interface-list=WAN protocol=tcp to-addresses=10.10.200.105 to-ports=80
add action=dst-nat chain=dstnat comment="Port 22 Forwarding Floor Gateway" disabled=yes dst-port=51730 in-interface-list=WAN protocol=tcp to-addresses=10.10.200.105 to-ports=22
/ip firewall raw
add action=accept chain=prerouting comment="defconf: enable for transparent firewall"
add action=accept chain=prerouting comment="defconf: accept DHCP discover" dst-address=255.255.255.255 dst-port=67 in-interface-list=LAN protocol=udp src-address=0.0.0.0 src-port=68
add action=drop chain=prerouting comment="defconf: drop bogon IP's" src-address-list=bad_ipv4
add action=drop chain=prerouting comment="defconf: drop bogon IP's" dst-address-list=bad_ipv4
add action=drop chain=prerouting comment="defconf: drop bogon IP's" src-address-list=bad_src_ipv4
add action=drop chain=prerouting comment="defconf: drop bogon IP's" dst-address-list=bad_dst_ipv4
add action=drop chain=prerouting comment="defconf: drop non global from WAN" in-interface-list=WAN src-address-list=not_global_ipv4
add action=drop chain=prerouting comment="defconf: drop forward to local lan from WAN" dst-address=192.168.88.0/24 in-interface-list=WAN
add action=drop chain=prerouting comment="defconf: drop local if not from default IP range" in-interface-list=LAN src-address=!192.168.88.0/24
add action=drop chain=prerouting comment="defconf: drop bad UDP" port=0 protocol=udp
add action=jump chain=prerouting comment="defconf: jump to ICMP chain" jump-target=icmp4 protocol=icmp
add action=jump chain=prerouting comment="defconf: jump to TCP chain" jump-target=bad_tcp protocol=tcp
add action=accept chain=prerouting comment="defconf: accept everything else from LAN" in-interface-list=LAN
add action=accept chain=prerouting comment="defconf: accept everything else from WAN" in-interface-list=WAN
add action=drop chain=prerouting comment="defconf: drop the rest"
add action=drop chain=bad_tcp comment="defconf: TCP flag filter" protocol=tcp tcp-flags=!fin,!syn,!rst,!ack
add action=drop chain=bad_tcp comment=defconf protocol=tcp tcp-flags=fin,syn
add action=drop chain=bad_tcp comment=defconf protocol=tcp tcp-flags=fin,rst
add action=drop chain=bad_tcp comment=defconf protocol=tcp tcp-flags=fin,!ack
add action=drop chain=bad_tcp comment=defconf protocol=tcp tcp-flags=fin,urg
add action=drop chain=bad_tcp comment=defconf protocol=tcp tcp-flags=syn,rst
add action=drop chain=bad_tcp comment=defconf protocol=tcp tcp-flags=rst,urg
add action=drop chain=bad_tcp comment="defconf: TCP port 0 drop" port=0 protocol=tcp
add action=accept chain=icmp4 comment="defconf: echo reply" icmp-options=0:0 limit=5,10:packet protocol=icmp
add action=accept chain=icmp4 comment="defconf: net unreachable" icmp-options=3:0 protocol=icmp
add action=accept chain=icmp4 comment="defconf: host unreachable" icmp-options=3:1 protocol=icmp
add action=accept chain=icmp4 comment="defconf: protocol unreachable" icmp-options=3:2 protocol=icmp
add action=accept chain=icmp4 comment="defconf: port unreachable" icmp-options=3:3 protocol=icmp
add action=accept chain=icmp4 comment="defconf: fragmentation needed" icmp-options=3:4 protocol=icmp
add action=accept chain=icmp4 comment="defconf: echo" icmp-options=8:0 limit=5,10:packet protocol=icmp
add action=accept chain=icmp4 comment="defconf: time exceeded " icmp-options=11:0-255 protocol=icmp
add action=drop chain=icmp4 comment="defconf: drop other icmp" protocol=icmp
/ip firewall service-port
set sip disabled=yes
/ip ipsec profile
set [ find default=yes ] enc-algorithm=aes-256,aes-192,aes-128
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set www-ssl disabled=no
/ipv6 firewall address-list
add address=fe80::/10 comment="defconf: RFC6890 Linked-Scoped Unicast" list=no_forward_ipv6
add address=ff00::/8 comment="defconf: multicast" list=no_forward_ipv6
add address=::1/128 comment="defconf: RFC6890 lo" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: RFC6890 IPv4 mapped" list=bad_ipv6
add address=2001::/23 comment="defconf: RFC6890" list=bad_ipv6
add address=2001:db8::/32 comment="defconf: RFC6890 documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: RFC6890 orchid" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: RFC6890 Discard-only" list=not_global_ipv6
add address=2001::/32 comment="defconf: RFC6890 TEREDO" list=not_global_ipv6
add address=2001:2::/48 comment="defconf: RFC6890 Benchmark" list=not_global_ipv6
add address=fc00::/7 comment="defconf: RFC6890 Unique-Local" list=not_global_ipv6
add address=::/128 comment="defconf: unspecified" list=bad_dst_ipv6
add address=::/128 comment="defconf: unspecified" list=bad_src_ipv6
add address=ff00::/8 comment="defconf: multicast" list=bad_src_ipv6
/ipv6 firewall filter
add action=accept chain=input comment="defconf: accept ICMPv6 after RAW" protocol=icmpv6
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=accept chain=input comment="defconf: accept UDP traceroute" dst-port=33434-33534 protocol=udp
add action=accept chain=input comment="defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=udp src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
add action=accept chain=input comment="defconf: accept IPSec AH" protocol=ipsec-ah
add action=accept chain=input comment="defconf: accept IPSec ESP" protocol=ipsec-esp
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop bad forward IPs" src-address-list=no_forward_ipv6
add action=drop chain=forward comment="defconf: drop bad forward IPs" dst-address-list=no_forward_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6 after RAW" protocol=icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept AH" protocol=ipsec-ah
add action=accept chain=forward comment="defconf: accept ESP" protocol=ipsec-esp
add action=accept chain=forward comment="defconf: accept all that matches IPSec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN
# no interface
add action=drop chain=input comment="drop all not coming from MANAGEMENT VLAN" in-interface=!*C
/ipv6 firewall raw
add action=accept chain=prerouting comment="defconf: enable for transparent firewall" disabled=yes
add action=accept chain=prerouting comment="defconf: RFC4291, section 2.7.1" dst-address=ff02::1:ff00:0/104 icmp-options=135 protocol=icmpv6 src-address=::/128
add action=drop chain=prerouting comment="defconf: drop bogon IP's" src-address-list=bad_ipv6
add action=drop chain=prerouting comment="defconf: drop bogon IP's" dst-address-list=bad_ipv6
add action=drop chain=prerouting comment="defconf: drop packets with bad SRC ipv6" src-address-list=bad_src_ipv6
add action=drop chain=prerouting comment="defconf: drop packets with bad dst ipv6" dst-address-list=bad_dst_ipv6
add action=drop chain=prerouting comment="defconf: drop non global from WAN" in-interface-list=WAN src-address-list=not_global_ipv6
add action=jump chain=prerouting comment="defconf: jump to ICMPv6 chain" jump-target=icmp6 protocol=icmpv6
add action=accept chain=prerouting comment="defconf: accept local multicast scope" dst-address=ff02::/16
add action=drop chain=prerouting comment="defconf: drop other multicast destinations" dst-address=ff00::/8
add action=accept chain=prerouting comment="defconf: accept everything else from WAN" in-interface-list=WAN
add action=accept chain=prerouting comment="defconf: accept everything else from LAN" in-interface-list=LAN
add action=drop chain=prerouting comment="defconf: drop the rest"
add action=drop chain=icmp6 comment="defconf: rfc4890 drop ll if hop-limit!=255" dst-address=fe80::/10 hop-limit=not-equal:255 protocol=icmpv6
add action=accept chain=icmp6 comment="defconf: dst unreachable" icmp-options=1:0-255 protocol=icmpv6
add action=accept chain=icmp6 comment="defconf: packet too big" icmp-options=2:0-255 protocol=icmpv6
add action=accept chain=icmp6 comment="defconf: limit exceeded" icmp-options=3:0-1 protocol=icmpv6
add action=accept chain=icmp6 comment="defconf: bad header" icmp-options=4:0-2 protocol=icmpv6
add action=accept chain=icmp6 comment="defconf: Mobile home agent address discovery" icmp-options=144:0-255 protocol=icmpv6
add action=accept chain=icmp6 comment="defconf: Mobile home agent address discovery" icmp-options=145:0-255 protocol=icmpv6
add action=accept chain=icmp6 comment="defconf: Mobile prefix solic" icmp-options=146:0-255 protocol=icmpv6
add action=accept chain=icmp6 comment="defconf: Mobile prefix advert" icmp-options=147:0-255 protocol=icmpv6
add action=accept chain=icmp6 comment="defconf: echo request limit 5,10" icmp-options=128:0-255 limit=5,10:packet protocol=icmpv6
add action=accept chain=icmp6 comment="defconf: echo reply limit 5,10" icmp-options=129:0-255 limit=5,10:packet protocol=icmpv6
add action=accept chain=icmp6 comment="defconf: rfc4890 router solic limit 5,10 only LAN" hop-limit=equal:255 icmp-options=133:0-255 in-interface-list=LAN limit=5,10:packet protocol=icmpv6
add action=accept chain=icmp6 comment="defconf: rfc4890 router advert limit 5,10 only LAN" hop-limit=equal:255 icmp-options=134:0-255 in-interface-list=LAN limit=5,10:packet protocol=icmpv6
add action=accept chain=icmp6 comment="defconf: rfc4890 neighbor solic limit 5,10 only LAN" hop-limit=equal:255 icmp-options=135:0-255 in-interface-list=LAN limit=5,10:packet protocol=icmpv6
add action=accept chain=icmp6 comment="defconf: rfc4890 neighbor advert limit 5,10 only LAN" hop-limit=equal:255 icmp-options=136:0-255 in-interface-list=LAN limit=5,10:packet protocol=icmpv6
add action=accept chain=icmp6 comment="defconf: rfc4890 inverse ND solic limit 5,10 only LAN" hop-limit=equal:255 icmp-options=141:0-255 in-interface-list=LAN limit=5,10:packet protocol=icmpv6
add action=accept chain=icmp6 comment="defconf: rfc4890 inverse ND advert limit 5,10 only LAN" hop-limit=equal:255 icmp-options=142:0-255 in-interface-list=LAN limit=5,10:packet protocol=icmpv6
add action=drop chain=icmp6 comment="defconf: drop other icmp" protocol=icmpv6
/ppp secret
add local-address=10.10.111.1 name=Mikrotik profile=vpn remote-address=10.10.111.222 service=l2tp
/system clock
set time-zone-name=Europe/Berlin
/system identity
set name="Mikrotik ax3"
/system note
set show-at-login=no
/system ntp client
set enabled=yes
/system ntp server
set enabled=yes manycast=yes multicast=yes
/system ntp client servers
add address=ntp0.fau.de
add address=ntp1.fau.de
add address=ntp2.fau.de
add address=ntp3.fau.de
add address=npt0.ewetel.de
add address=ntp1.ewetel.de
/tool romon
set enabled=yes
[SEadmin@Mikrotik ax3] >
Übrigens habe ich auch mal den Lease script unter /system script erstellt. Aber welchen Befehl muss ich dann im DHCP script angeben?
Please also mark the comments that contributed to the solution of the article
Content-ID: 72663223652
Url: https://administrator.de/contentid/72663223652
Printed on: December 14, 2024 at 16:12 o'clock
26 Comments
Latest comment
Moin.
Statische Route hier ist überflüssig
Und eine Firewall vollständig aktivieren bevor alles so läuft wie gewünscht ist auch nicht gerade intelligent fürs Debugging. Also intern immer erst mal auf Durchzug schalten.
Gruß
Aber welchen Befehl muss ich dann im DHCP script angeben?
Natürlich den zum Starten des Skriptes/system script run SCRIPTNAME
cap ax am ax3, ax2 am ax3, heX POE am ax2, und heX am heX POE
Bild der Netzwerktopologie, unvollständige configs vervollständigen und doppelt und dreifache Skripte aus den Configs eliminieren wäre als erstes mal sinnvoll für das Verständnis!Statische Route hier ist überflüssig
/ip route add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=10.10.111.1 routing-table=main scope=30 suppress-hw-offload=no target-scope=10
wenn sowieso ein DHCP Client die Default-Route setzt./ip dhcp-client add interface=vlan111
Und eine Firewall vollständig aktivieren bevor alles so läuft wie gewünscht ist auch nicht gerade intelligent fürs Debugging. Also intern immer erst mal auf Durchzug schalten.
Gruß
verschiedenes versucht.
Trial&Error ist bei Mikrotik eine ganz schlechte Basis ...https://help.gowifi.co.nz/support/solutions/articles/48001077268-beginne ...
https://help.mikrotik.com/docs/display/ROS/First+Time+Configuration
https://nsrc.org/workshops/2024/nsrc-btnog11-cndo/networking/cndo/en/pre ...
https://mum.mikrotik.com/presentations/VN17/presentation_4332_1493289082 ...
sondern lerne Schritt für Schritt,
Dann solltest du auch Schritt für Schritt vorgehen und nicht nur Copy n Paste in deine Router einfügen, denn das hast du mit den Firewall-Regeln gemacht, da sind einige drin die für deinen Router vollkommen fehlerhaft sind und wichtige Kommunikation zwischen dem Router und den Clients verhindern.Also auch Schritt für Schritt vorgehen, alle Firewall-Filter-Regeln deaktivieren und erst mal die Basics zu laufen bringen dann erst die Firewall wie ich oben schon angemerkt habe. Und dann aber bitte auch kein Copy n Paste sondern erst mal jede Regel einzeln verstehen was sie bewirkt, denn das ist essentiell für ein nachhaltiges Arbeiten mit dem Mikrotik sonst wirst du immer wie der Ochs vor dem Berg stehen wenn was nicht so funktioniert wie du dir das vorstellst und Router unnötigerweise immer wieder zurücksetzen obwohl das nicht nötig gewesen wäre. Im schlimmsten Fall öffnest du Tür und Tor für alle mit deinen Regeln.
Vor allem den Packetflow zu verstehen ist essentiell bei der Arbeit mit RouterOS seinen Interfaces und vor allem auch der Firewall
https://help.mikrotik.com/docs/display/ROS/Packet+Flow+in+RouterOS
und schon bescheren sich meine Kinder, dass sie nicht mehr ins Internet kommen ...
Naja wenn du das Masquerade am WAN auch deaktivierst was erwartest du ?! Klar das dann nix mehr geht, deswegen schrieb ich ja explizit nur die Firewall-Filter-Regeln und nicht die NAT Regeln. Wenn deine Geräte mit privaten IPs ins Internet routen ohne das diese durch das Masquerading auf die Public IP des routers umgeschrieben werden klar das da nix zurück kommen kann .Me done ... good luck and happy learning 👋
Brillsche Aufsetze 🥸, fällt dir hier in der Config des AX2 nix auf ...?
/interface vlan
add interface="ether1 [TRUNK ax3]" name=vlan111 vlan-id=111
Na Fehler gefunden? Das VLAN-Interface selbst muss auf dem Bridge Interface erstellt werden und nicht auf ether1!add interface="ether1 [TRUNK ax3]" name=vlan111 vlan-id=111
/interface vlan add interface=br_vlan name=vlan111 vlan-id=111
Tja hier weiß ja keiner wie du sonst noch was wie verknotet und verloopt hast, und an der Prio spielen ist absoluter Blödsinn wenn alle Devices im MGMT Layer-2 Netz eine IP haben, geht man direkt per IP auf die Devices, hängt sich ins MGMT Netz (Neighbor Discovery Settings müssen auf das richtige Interface gesetzt sein) oder man regelt alles über RoMon.
Wie im ersten Post geschrieben Infos unvollständig, keine Struktur/Bild des Aufbaus etc. , die wird sich hier keiner aus den Fingern saugen wollen...
Wie im ersten Post geschrieben Infos unvollständig, keine Struktur/Bild des Aufbaus etc. , die wird sich hier keiner aus den Fingern saugen wollen...
Naja wenn man auf einem VLAN-Durchlauferhitzer wie dem AX2 eine Firewall aktiviert die da völlig deplatziert ist und die auch für das Einsatz-Szenario nicht richtig konfiguriert ist , klar das da nix geht .... Hatte ich aber oben schon x mal erwähnt, aber du bist ziemlich beratungsresistent was das betrifft . Die Firewall gehört ausschließlich an den Perimeter am AX3 welcher die zentrale Routing-Instanz in deinem Netzwerk ist !
Außerdem ist das VLAN-Filtering auf dem AX2 in der Bridge deaktiviert, ohne VLAN-Filtering haben die PVIDs keine Wirkung.
Wenn du was haben willst was du nie wieder anfassen willst, tja dann bist du bei Mikrotik mit deinem Wissensstand absolut falsch. Mikrotik kauft man als Netzwerkspezi dem das Konfigurieren Spaß macht und der sich mit der Materie auch wirklich beschäftigen und lernen will, mit Copy n Paste und "auf gut Glück" wirst du dort immer Schiffbruch erleiden.
Außerdem ist das VLAN-Filtering auf dem AX2 in der Bridge deaktiviert, ohne VLAN-Filtering haben die PVIDs keine Wirkung.
noch vieles nicht weiß, zum anderen, was kann meine Familie machen, wenn ich einmal nicht da bin, und es Probleme mit dem Netzwerk gibt? Deshalb sollte es so einfach wie möglich sein.
Dann kauf dir ne Fritte und ein paar Repeater verkabel die mit der Fritte und gut.Wenn es aber einmal mit den VLAN´s funktioniert, soll nichts mehr groß verändert werden, aber auch mit neuen Updates kann es mal Probleme geben, usw.
Wenn du dir einen ganzen Zoo an Mikrotiks holst und absoluter Anfänger bist solltest du langsam kapiert haben das man das dauerhaft nur nur mit tiefgehendem Netzwerk-Wissen stemmen kann, vor allem sollte man immer wissen was man tut auch bei Upgrades von Mikrotiks muss man immer einen Notfall Plan parat haben, denn die gehen schnell mal schief.Wenn du was haben willst was du nie wieder anfassen willst, tja dann bist du bei Mikrotik mit deinem Wissensstand absolut falsch. Mikrotik kauft man als Netzwerkspezi dem das Konfigurieren Spaß macht und der sich mit der Materie auch wirklich beschäftigen und lernen will, mit Copy n Paste und "auf gut Glück" wirst du dort immer Schiffbruch erleiden.
Außerdem ist das VLAN-Filtering auf dem AX2 in der Bridge deaktiviert, ohne VLAN-Filtering haben die PVIDs der Ports keine Wirkung, sobald Access-Ports in einer Bridge ins Spiel kommen ist VLAN-Filtering Pflicht sonst werden alle Ports mit sämtlichem Traffic geflutet.
Jedenfalls habe ich beim ax2 mal den bridge Protokoll-Mode auf "off" geschaltet, und dann wieder auf "RSTP", und jetzt funktioniert alles.
Zufall .
Das macht hier echt keinen Spaß ... Wenn man sich hier auf nix verlassen kann. Wir opfern hier unsere Zeit lesen die Configs hier durch und dann sowas 🤮.
Good luck, ich bin raus 🖖
Good luck, ich bin raus 🖖