Есть маршрутизатор Mikrotik RB951G. Используется у себя в квартире. Дома есть несколько смартфонов на Android и iPhone 7. С подключением по Wi-Fi нет у них проблем, но есть ноутбук, который по Wi-Fi подключается лишь в метре от маршрутизатора и потом через пару минут отключается.
Конфигурация маршрутизатора ниже. Ранее была ещё одна точка доступа и как-то экспериментировал с CAPsMAN, но она выведена из сети. Каналы проверял, выбран наиболее свободный. Сетевая карта в ноутбуке Qualcomm Atheros AR956x.
# dec/19/2019 20:14:38 by RouterOS 6.43.8
# software id = 9E8B-TCM6
#
# model = 951G-2HnD
# serial number = 8A7008CB0B30
/caps-man channel
add band=2ghz-onlyn control-channel-width=20mhz extension-channel=Ce frequency=\
2472 name="For RB951G" tx-power=18
add band=2ghz-onlyn control-channel-width=20mhz extension-channel=Ce frequency=\
2412 name="For mAP" tx-power=18
/interface bridge
add admin-mac=CC:2D:E0:69:C7:21 auto-mac=no comment=defconf name=bridge
/interface ethernet
set [ find default-name=ether1 ] mac-address=84:16:F9:2F:C3:6F
/interface wireless
set [ find default-name=wlan1 ] adaptive-noise-immunity=ap-and-client-mode \
band=2ghz-g/n basic-rates-b="" disabled=no frequency=2442 \
hw-protection-mode=rts-cts hw-retries=6 installation=indoor mode=ap-bridge \
radio-name=MicroTik-RB951 rate-set=configured ssid=MicroTik-RB951 \
supported-rates-b="" tx-power=20 tx-power-mode=all-rates-fixed \
wireless-protocol=802.11 wmm-support=enabled wps-mode=disabled
/interface wireless nstreme
set wlan1 enable-polling=no
/caps-man datapath
add bridge=bridge client-to-client-forwarding=yes local-forwarding=yes name=\
datapath1
/caps-man security
add authentication-types=wpa2-psk encryption=aes-ccm,tkip group-encryption=\
aes-ccm name=Home passphrase=[password]
/caps-man configuration
add channel="For RB951G" country=russia3 datapath=datapath1 datapath.bridge=\
bridge datapath.client-to-client-forwarding=yes mode=ap name=Home \
rx-chains=0,1,2 security=Home security.authentication-types=wpa2-psk \
security.encryption=aes-ccm,tkip security.group-encryption=aes-ccm \
security.passphrase=haxcxcdb3210 ssid=Home tx-chains=0,1,2
add channel="For mAP" country=russia3 datapath=datapath1 mode=ap name=Home_AP \
security=Home ssid=Home_CAP
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" \
group-ciphers=tkip,aes-ccm mode=dynamic-keys supplicant-identity=MikroTik \
unicast-ciphers=tkip,aes-ccm wpa-pre-shared-key=[password] \
wpa2-pre-shared-key=[password]
/ip pool
add name=dhcp ranges=192.168.0.11-192.168.0.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge lease-time=3d name=defconf
/caps-man provisioning
add action=create-dynamic-enabled master-configuration=Home radio-mac=\
CC:2D:E0:69:C7:21
add action=create-dynamic-enabled master-configuration=Home_AP
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=wlan1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/interface wireless cap
set bridge=bridge interfaces=wlan1
/ip address
add address=192.168.0.1/24 comment=defconf interface=bridge network=192.168.0.0
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=ether1
/ip dhcp-server config
set store-leases-disk=3d
/ip dhcp-server network
add address=192.168.0.0/24 comment=defconf dns-server=91.207.136.62 gateway=\
192.168.0.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.0.1 name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=accept chain=input comment="Allow IGMP" in-interface=ether1 \
protocol=igmp
add chain=forward dst-port=1234 protocol=udp
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=drop chain=forward comment="defconf: drop invalid" connection-state=\
invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=\
out,none out-interface-list=WAN
add action=masquerade chain=srcnat out-interface=bridge
/ip route
add distance=1 gateway=10.19.19.1
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=bridge type=internal
add interface=ether1 type=external
/routing igmp-proxy
set quick-leave=yes
/routing igmp-proxy interface
add alternative-subnets=0.0.0.0/0 interface=ether1 upstream=yes
add interface=bridge
/system clock
set time-zone-name=Europe/Moscow
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
-
Вопрос задан
-
251 просмотр
Простой
Средний
Простой
