Automaitc IP from MT issue

fahedksa · February 25, 2008, 8:12pm

My probelm start today and before its works fine
my netowrk use 6 swith each 24 port the problem some users get ip from server and some of them not while they in same swith
example swith1 15 get ip and others in same switch cant get IP
when i restart the MT its start works fine for 1 or 2 minute after that start problem again

my setting is

/ interface ethernet
set ll name=“ll” mtu=1500 mac-address=xx:xx:xx:xx:xx:xx arp=enabled disable-running-check=yes
auto-negotiation=yes full-duplex=yes cable-settings=default speed=100Mbps comment=“” disabled=no
set internal name=“internal” mtu=1500 mac-address=xx:xx:xx:xx:xx:xx arp=enabled disable-running-check=yes
auto-negotiation=yes full-duplex=yes cable-settings=default speed=100Mbps comment=“” disabled=no
/ interface l2tp-server server
set enabled=no max-mtu=1460 max-mru=1460 authentication=pap,chap,mschap1,mschap2
default-profile=default-encryption
/ interface pptp-server server
set enabled=no max-mtu=1460 max-mru=1460 authentication=mschap1,mschap2 keepalive-timeout=30
default-profile=default-encryption
/ ip pool
add name=“dhcp-pool-1” ranges=10.0.0.1-10.0.0.253
/ ip telephony region
/ ip telephony gatekeeper
set gatekeeper=none remote-id=“” remote-address=0.0.0.0
/ ip telephony aaa
set use-radius-accounting=no interim-update=0s
/ ip telephony codec
move G.711-uLaw-64k/sw
move G.711-ALaw-64k/sw
move G.729A-8k/sw
move G.729-8k/sw
move G.723.1-6.3k/sw
move GSM-06.10-13.2k/sw
move LPC-10-2.5k/sw
/ ip accounting
set enabled=no account-local-traffic=no threshold=256
/ ip accounting web-access
set accessible-via-web=no address=0.0.0.0/0
/ ip service
set telnet port=23 address=0.0.0.0/0 disabled=no
set ftp port=21 address=0.0.0.0/0 disabled=no
set www port=80 address=0.0.0.0/0 disabled=no
set ssh port=22 address=0.0.0.0/0 disabled=no
set www-ssl port=443 address=0.0.0.0/0 certificate=none disabled=yes
/ ip upnp
set enabled=no allow-disable-external-interface=yes show-dummy-rule=yes
/ ip arp
/ ip socks
set enabled=no port=1080 connection-idle-timeout=2m max-connections=200
/ ip dns
set primary-dns=208.67.222.222 secondary-dns=208.67.220.220 allow-remote-requests=yes cache-size=5000KiB
cache-max-ttl=1w
/ ip traffic-flow
set enabled=no interfaces=all cache-entries=4k active-flow-timeout=30m inactive-flow-timeout=15s
/ ip address
add address=10.0.0.1/24 network=10.0.0.0 broadcast=10.0.0.255 interface=internal comment=“added by setup”
disabled=no
add address=192.168.1.159/32 network=192.168.1.1 broadcast=192.168.1.1 interface=ll comment=“” disabled=no
/ ip proxy
set enabled=yes src-address=0.0.0.0 port=8080 parent-proxy=0.0.0.0:0 cache-drive=system
cache-administrator=“webmaster” max-disk-cache-size=69181000KiB max-ram-cache-size=100000KiB
cache-only-on-disk=yes maximal-client-connections=1000 maximal-server-connections=1000
max-object-size=5000KiB max-fresh-time=3d
/ ip proxy access
add dst-port=23-25 action=deny comment=“block telnet & spam e-mail relaying” disabled=yes
add dst-port=!443,563 action=deny comment=“allow CONNECT only to SSL ports 443 [https] and 563 [snews]
when enabled all pages not open show access denied” disabled=yes
/ ip proxy direct
add src-address=0.0.0.0 dst-address=0.0.0.0 dst-port=0-65535 path=:\.pdf method=GET action=allow comment=“”
disabled=no
/ ip neighbor discovery
set ll discover=yes
set internal discover=yes
/ ip route
add dst-address=0.0.0.0/0 gateway=192.168.1.1 scope=255 target-scope=10 comment=“” disabled=no
/ ip firewall mangle
add chain=forward src-address=10.0.0.0/24 action=mark-connection new-connection-mark=users-con
passthrough=yes comment=“” disabled=no
add chain=forward connection-mark=users-con action=mark-packet new-packet-mark=users passthrough=yes
comment=“” disabled=no
/ ip firewall nat
add chain=dstnat in-interface=internal dst-address=!10.0.0.1 protocol=tcp dst-port=80 action=redirect
to-ports=8080 comment=“” disabled=no
add chain=srcnat out-interface=ll action=masquerade comment=“” disabled=no
/ ip firewall connection tracking
set enabled=yes tcp-syn-sent-timeout=5s tcp-syn-received-timeout=5s tcp-established-timeout=1d
tcp-fin-wait-timeout=10s tcp-close-wait-timeout=10s tcp-last-ack-timeout=10s tcp-time-wait-timeout=10s
tcp-close-timeout=10s udp-timeout=10s udp-stream-timeout=3m icmp-timeout=10s generic-timeout=10m
tcp-syncookie=no
/ ip firewall filter
add chain=input connection-state=established action=accept comment=“Accept established connections”
disabled=no
add chain=input connection-state=related action=accept comment=“Accept related connections” disabled=no
add chain=forward protocol=tcp dst-port=1493 action=accept comment=“JMSN Messenger” disabled=no
add chain=forward protocol=tcp dst-port=1542 action=accept comment=“JMSN Messenger” disabled=no
add chain=forward protocol=tcp dst-port=1863 action=accept comment=“JMSN Messenger” disabled=no
add chain=forward protocol=tcp dst-port=1963 action=accept comment=“JMSN Messenger” disabled=no
add chain=forward protocol=tcp dst-port=80 action=accept comment=“JMSN Messenger” disabled=no
add chain=forward protocol=tcp dst-port=443 action=accept comment=“JMSN Messenger” disabled=no
add chain=input connection-state=invalid action=drop comment=“Drop invalid connections” disabled=no
add chain=input src-address=0.0.0.0/24 action=accept comment=“From Mikrotikls network” disabled=no
add chain=input src-address=10.0.0.0/24 action=accept comment=“From Mikrotikls network” disabled=no
add chain=input protocol=tcp dst-port=80 connection-limit=100,0 action=drop comment=“limit total http
connections to 100” disabled=no
add chain=input protocol=tcp connection-limit=2,32 src-address-list=black_list action=drop comment=“suppress
DoS attack from 1 IP” disabled=no
add chain=input protocol=tcp connection-limit=10,32 action=add-src-to-address-list address-list=black_list
address-list-timeout=1d comment=“detect DoS attack 1 IP” disabled=no
add chain=input action=jump jump-target=virus comment=“!!! Check for well-known viruses !!!” disabled=no
add chain=input protocol=udp action=accept comment=“UDP” disabled=no
add chain=input protocol=icmp limit=50/5s,2 action=accept comment=“Allow limited pings” disabled=no
add chain=input protocol=icmp action=drop comment=“Drop excess pings” disabled=no
add chain=input protocol=tcp dst-port=22 action=accept comment=“SSH for demo purposes” disabled=no
add chain=input protocol=tcp dst-port=25 action=accept comment=“” disabled=no
add chain=input protocol=tcp dst-port=23 action=accept comment=“Telnet for demo purposes” disabled=no
add chain=input protocol=tcp dst-port=80 action=accept comment=“http for demo purposes” disabled=no
add chain=input protocol=tcp dst-port=3987 action=accept comment=“winbox for demo purposes” disabled=no
add chain=input protocol=tcp dst-port=8291 action=accept comment=“new winbox for demo purposes” disabled=no
add chain=input action=log log-prefix=“DROP” comment=“Log and drop everything else” disabled=no
add chain=input action=drop comment=“Log and drop everything else” disabled=no
add chain=forward connection-state=established action=accept comment=“Established connections” disabled=no
add chain=forward connection-state=related action=accept comment=“Related connections” disabled=no
add chain=forward connection-state=invalid action=drop comment=“Drop invalid connections” disabled=no
add chain=forward action=jump jump-target=virus comment=“!!! Check for well-known viruses !!!” disabled=no
add chain=forward protocol=udp action=accept comment=“UDP” disabled=no
add chain=forward protocol=icmp limit=50/5s,2 action=accept comment=“Allow limited pings” disabled=no
add chain=forward protocol=icmp action=drop comment=“Drop excess pings” disabled=no
add chain=output connection-state=related action=accept comment=“Related” disabled=no
add chain=output protocol=udp dst-port=123 action=accept comment=“UDP 123” disabled=no
add chain=virus protocol=tcp dst-port=135-139 action=drop comment=“Drop Blaster Worm” disabled=no
add chain=virus protocol=udp dst-port=135-139 action=drop comment=“Drop Messenger Worm” disabled=no
add chain=virus protocol=tcp dst-port=445 action=drop comment=“Drop Blaster Worm” disabled=no
add chain=virus protocol=udp dst-port=445 action=drop comment=“Drop Blaster Worm” disabled=no
add chain=virus protocol=tcp dst-port=593 action=drop comment=“" disabled=no
add chain=virus protocol=tcp dst-port=1024-1030 action=drop comment="” disabled=no
add chain=virus protocol=tcp dst-port=1080 action=drop comment=“Drop MyDoom” disabled=no
add chain=virus protocol=tcp dst-port=1214 action=drop comment=“________” disabled=no
add chain=virus protocol=tcp dst-port=1363 action=drop comment=“ndm requester” disabled=no
add chain=virus protocol=tcp dst-port=1364 action=drop comment=“ndm server” disabled=no
add chain=virus protocol=tcp dst-port=1368 action=drop comment=“screen cast” disabled=no
add chain=virus protocol=tcp dst-port=1373 action=drop comment=“hromgrafx” disabled=no
add chain=virus protocol=tcp dst-port=1377 action=drop comment=“cichlid” disabled=no
add chain=virus protocol=tcp dst-port=1433-1434 action=drop comment=“Worm” disabled=no
add chain=virus protocol=tcp dst-port=2745 action=drop comment=“Bagle Virus” disabled=no
add chain=virus protocol=tcp dst-port=2283 action=drop comment=“Drop Dumaru.Y” disabled=no
add chain=virus protocol=tcp dst-port=2535 action=drop comment=“Drop Beagle” disabled=no
add chain=virus protocol=tcp dst-port=2745 action=drop comment=“Drop Beagle.C-K” disabled=no
add chain=virus protocol=tcp dst-port=3127-3128 action=drop comment=“Drop MyDoom” disabled=no
add chain=virus protocol=tcp dst-port=3410 action=drop comment=“Drop Backdoor OptixPro” disabled=no
add chain=virus protocol=tcp dst-port=4444 action=drop comment=“Worm” disabled=no
add chain=virus protocol=udp dst-port=4444 action=drop comment=“Worm” disabled=no
add chain=virus protocol=tcp dst-port=5554 action=drop comment=“Drop Sasser” disabled=no
add chain=virus protocol=tcp dst-port=8866 action=drop comment=“Drop Beagle.B” disabled=no
add chain=virus protocol=tcp dst-port=9898 action=drop comment=“Drop Dabber.A-B” disabled=no
add chain=virus protocol=tcp dst-port=10000 action=drop comment=“Drop Dumaru.Y” disabled=no
add chain=virus protocol=tcp dst-port=10080 action=drop comment=“Drop MyDoom.B” disabled=no
add chain=virus protocol=tcp dst-port=12345 action=drop comment=“Drop NetBus” disabled=no
add chain=virus protocol=tcp dst-port=17300 action=drop comment=“Drop Kuang2” disabled=no
add chain=virus protocol=tcp dst-port=27374 action=drop comment=“Drop SubSeven” disabled=no
add chain=virus protocol=tcp dst-port=65506 action=drop comment=“Drop PhatBot, Agobot, Gaobot” disabled=no
add chain=forward dst-address=10.0.0.1 action=log log-prefix=“” comment=“demo2” disabled=no
add chain=virus protocol=udp dst-port=4444 action=drop comment=“Worm” disabled=no
add chain=virus protocol=tcp dst-port=5554 action=drop comment=“Drop Sasser” disabled=no
add chain=virus protocol=tcp dst-port=8866 action=drop comment=“Drop Beagle.B” disabled=no
add chain=virus protocol=tcp dst-port=9898 action=drop comment=“Drop Dabber.A-B” disabled=no
add chain=virus protocol=tcp dst-port=10000 action=drop comment=“Drop Dumaru.Y” disabled=no
add chain=virus protocol=tcp dst-port=10080 action=drop comment=“Drop MyDoom.B” disabled=no
add chain=virus protocol=tcp dst-port=12345 action=drop comment=“Drop NetBus” disabled=no
add chain=virus protocol=tcp dst-port=17300 action=drop comment=“Drop Kuang2” disabled=no
add chain=virus protocol=tcp dst-port=27374 action=drop comment=“Drop SubSeven” disabled=no
add chain=virus protocol=tcp dst-port=65506 action=drop comment=“Drop PhatBot, Agobot, Gaobot” disabled=no
/ ip firewall service-port
set ftp ports=21 disabled=no
set tftp ports=69 disabled=no
set irc ports=6667 disabled=no
set h323 disabled=yes
set quake3 disabled=no
set gre disabled=yes
set pptp disabled=yes
/ ip hotspot
add name=“server1” interface=internal address-pool=dhcp-pool-1 profile=hsprof1 idle-timeout=none
keepalive-timeout=none addresses-per-mac=1 disabled=no
/ ip hotspot service-port
set ftp ports=21 disabled=no
// ip hotspot profile
set default name=“default” hotspot-address=0.0.0.0 dns-name=“” html-directory=hotspot rate-limit=“”
http-proxy=0.0.0.0:0 smtp-server=0.0.0.0 login-by=http-chap split-user-domain=no use-radius=no
add name=“hsprof1” hotspot-address=0.0.0.0 dns-name=“” html-directory=hotspot rate-limit=“”
http-proxy=0.0.0.0:0 smtp-server=0.0.0.0 login-by=http-chap split-user-domain=no use-radius=no
/ ip hotspot user
add name=“admin” password=“” profile=default comment=“” disabled=no
/ ip hotspot user profile
set default name=“default” idle-timeout=none keepalive-timeout=none status-autorefresh=1m shared-users=1
transparent-proxy=no
/ ip dhcp-server
add name=“dhcp1” interface=internal lease-time=3d address-pool=dhcp-pool-1 bootp-support=static
authoritative=after-2sec-delay disabled=no
/ ip dhcp-server config
set store-leases-disk=5m
/ ip dhcp-server lease
/ ip dhcp-server network
add address=10.0.0.0/24 gateway=10.0.0.1 dns-server=208.67.222.222,208.67.220.220 comment=“added by setup”
/ ip ipsec proposal
add name=“default” auth-algorithms=sha1 enc-algorithms=3des lifetime=30m lifebytes=0 pfs-group=modp1024
disabled=no
/ system logging
add topics=info prefix=“” action=memory disabled=no
add topics=error prefix=“” action=memory disabled=no
add topics=warning prefix=“” action=memory disabled=no
add topics=critical prefix=“” action=echo disabled=no
/ system logging action
set memory name=“memory” target=memory memory-lines=100 memory-stop-on-full=no
set disk name=“disk” target=disk disk-lines=100 disk-stop-on-full=no
set echo name=“echo” target=echo remember=yes
set remote name=“remote” target=remote remote=0.0.0.0:514
/ system upgrade mirror
set enabled=no primary-server=0.0.0.0 secondary-server=0.0.0.0 check-interval=1d user=“”
/ system clock dst
set dst-delta=+00:00 dst-start=“jan/01/1970 00:00:00” dst-end=“jan/01/1970 00:00:00”
/ system console
add port=serial0 term=“” disabled=no
set FIXME term=“linux” disabled=no
set FIXME term=“linux” disabled=no
set FIXME term=“linux” disabled=no
set FIXME term=“linux” disabled=no
set FIXME term=“linux” disabled=no
set FIXME term=“linux” disabled=no
set FIXME term=“linux” disabled=no
set FIXME term=“linux” disabled=no
/ system console screen
set line-count=25
/ system identity
set name=“speed”
/ system note
set show-at-login=yes note=“”
/ system scheduler
add name=“schedule1” on-event=emailip start-date=jan/01/1970 start-time=00:00:00 interval=30m comment=“”
disabled=no
/ system lcd
set enabled=no type=24x4 port=parallel contrast=0
/ system lcd page
set time display-time=5s disabled=yes
set resources display-time=5s disabled=yes
set uptime display-time=5s disabled=yes
set packets display-time=5s disabled=yes
set bits display-time=5s disabled=yes
set version display-time=5s disabled=yes
set ll display-time=5s disabled=yes
set internal display-time=5s disabled=yes
/ system ntp server
set enabled=no broadcast=no multicast=no manycast=no
/ system ntp client
set enabled=yes mode=unicast primary-ntp=208.67.222.222 secondary-ntp=208.67.220.220
/ system routerboard bios
set
/ system health
set state-after-reboot=enabled
/ port
set serial0 name=“serial0” baud-rate=9600 data-bits=8 parity=none stop-bits=1 flow-control=hardware
set serial1 name=“serial1” baud-rate=9600 data-bits=8 parity=none stop-bits=1 flow-control=hardware
/ ppp profile
set default name=“default” use-compression=default use-vj-compression=default use-encryption=default
only-one=default change-tcp-mss=yes comment=“”
set default-encryption name=“default-encryption” use-compression=default use-vj-compression=default
use-encryption=yes only-one=default change-tcp-mss=yes comment=“”
/ ppp aaa
set use-radius=no accounting=yes interim-update=0s
/ queue type
set default name=“default” kind=pfifo pfifo-limit=50
set ethernet-default name=“ethernet-default” kind=pfifo pfifo-limit=50
set wireless-default name=“wireless-default” kind=sfq sfq-perturb=5 sfq-allot=1514
set synchronous-default name=“synchronous-default” kind=red red-limit=60 red-min-threshold=10
red-max-threshold=50 red-burst=20 red-avg-packet=1000
set hotspot-default name=“hotspot-default” kind=sfq sfq-perturb=5 sfq-allot=1514
add name=“pcq-download” kind=pcq pcq-rate=0 pcq-limit=50 pcq-classifier=dst-address pcq-total-limit=2000
add name=“pcq-upload” kind=pcq pcq-rate=0 pcq-limit=50 pcq-classifier=src-address pcq-total-limit=2000
add name=“default-small” kind=pfifo pfifo-limit=10
/ queue simple
add name=“Limit-Local” target-addresses=10.0.0.0/24 dst-address=0.0.0.0/0 interface=internal parent=none
direction=both priority=8 queue=pcq-upload/pcq-download limit-at=0/0 max-limit=256000/1000000
total-queue=default-small disabled=no
add name=“P2PLinit” dst-address=0.0.0.0/0 interface=all parent=none direction=both priority=8
queue=pcq-upload/pcq-download limit-at=64000/128000 max-limit=64000/128000 total-queue=default-small
p2p=all-p2p disabled=no
/ queue tree
add name=“Download” parent=internal packet-mark=“” limit-at=0 queue=default priority=8 max-limit=1024000
burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
add name=“queue2” parent=Download packet-mark=users limit-at=0 queue=default priority=8 max-limit=0
burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
add name=“Upload” parent=ll packet-mark=“” limit-at=0 queue=default priority=8 max-limit=256000 burst-limit=0
burst-threshold=0 burst-time=0s disabled=no
add name=“queue4” parent=Upload packet-mark=users limit-at=0 queue=default priority=8 max-limit=0
burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
/ user
add name=“admin” group=full address=0.0.0.0/0 comment=“system default user” disabled=no
/ user group
add name=“read” policy=local,telnet,ssh,reboot,read,test,winbox,password,web,!ftp,!write,!policy
add name=“write” policy=local,telnet,ssh,reboot,read,write,test,winbox,password,web,!ftp,!policy
add name=“full” policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web
/ user aaa
set use-radius=no accounting=yes interim-update=0s default-group=read
/ radius incoming
set accept=no port=1700
/ driver
/ snmp
set enabled=no contact=“” location=“”
/ snmp community
set public name=“public” address=0.0.0.0/0 read-access=yes
/ tool bandwidth-server
set enabled=yes authenticate=yes allocate-udp-ports-from=2000 max-sessions=10
/ tool mac-server ping
set enabled=yes
/ tool e-mail
set server=0.0.0.0 from=“<>”
/ tool sniffer
set interface=all only-headers=no memory-limit=10 file-name=“” file-limit=10 streaming-enabled=no
streaming-server=0.0.0.0 filter-stream=yes filter-protocol=ip-only filter-address1=0.0.0.0/0:0-65535
filter-address2=0.0.0.0/0:0-65535
/ tool graphing
set store-every=5min
/ routing ospf
set router-id=0.0.0.0 distribute-default=never redistribute-connected=no redistribute-static=no
redistribute-rip=no redistribute-bgp=no metric-default=1 metric-connected=20 metric-static=20
metric-rip=20 metric-bgp=20
/ routing ospf area
set backbone area-id=0.0.0.0 type=default translator-role=translate-candidate authentication=none
prefix-list-import=“” prefix-list-export=“” disabled=no
/ routing bgp
set enabled=no as=1 router-id=0.0.0.0 redistribute-static=no redistribute-connected=no redistribute-rip=no
redistribute-ospf=no
/ routing rip
set redistribute-static=no redistribute-connected=no redistribute-ospf=no redistribute-bgp=no metric-static=1
metric-connected=1 metric-ospf=1 metric-bgp=1 update-timer=30s timeout-timer=3m garbage-timer=2m