I’ve got really strange traffic on my LocalAP wlan1-gateway interface. I was using mikrotik wireless sniffer and Wireshark to get sniff traffic and got a lot of broadcast packages.
This traffic exists even if ether1-local interface is disabled! And I’ve got no idea what has happend in 4a.m. in the morning and led to the hop on the graphic.
wlan1-gateway (LocalAP)
wlan1-gateway (LocalAP)
ether1-local (LocalAP)
ether1-local (LocalAP)
Topology:
RemoteAP <------ wi-fi bridge ----> LocalAP <----> switch <----> wired clients & some cAP 2n
Sniffing results: https://yadi.sk/i/aPCPuf7gn5BoD
RemoteAP config (not full):
/interface bridge
add mtu=1500 name=bridge1 protocol-mode=none
/interface wireless
set [ find default-name=wlan1 ] band=5ghz-a/n country=russia disabled=no frequency=5650 frequency-mode=superchannel \
guard-interval=long ht-supported-mcs=\
mcs-0,mcs-1,mcs-2,mcs-3,mcs-4,mcs-5,mcs-6,mcs-7,mcs-8,mcs-9,mcs-10,mcs-11,mcs-12,mcs-13,mcs-14,mcs-15 \
hw-protection-mode=rts-cts hw-retries=15 mode=bridge name=wlan1-gateway nv2-cell-radius=10 nv2-preshared-key=xxx \
nv2-security=enabled radio-name=RemoteAP scan-list=default,5630-5670 ssid=netx tx-power=14 tx-power-mode=\
card-rates wireless-protocol=nv2
/queue type
set 1 pfifo-limit=500
set 2 kind=pfifo pfifo-limit=500
/interface bridge port
add bridge=bridge1 interface=wlan1-gateway
add bridge=bridge1 interface=ether1-local
/ip address
add address=192.168.87.1/24 comment=LAN interface=bridge1 network=192.168.87.0
LocalAP config (not full):
/interface wireless
set [ find default-name=wlan1 ] band=5ghz-a/n channel-width=20/40mhz-Ce country=russia disabled=no frequency=5650 frequency-mode=superchannel guard-interval=long \
ht-supported-mcs=mcs-0,mcs-1,mcs-2,mcs-3,mcs-4,mcs-5,mcs-6,mcs-7,mcs-8,mcs-9,mcs-10,mcs-11,mcs-12,mcs-13,mcs-14,mcs-15 hw-protection-mode=rts-cts hw-retries=15 \
mode=station-bridge name=wlan1-gateway nv2-preshared-key=xxx nv2-security=enabled radio-name=LocalAP scan-list=5630-5670,default ssid=netx \
tx-power=13 tx-power-mode=card-rates wireless-protocol=nv2
/interface vlan
add interface=ether1-local l2mtu=1594 name=vlan47 vlan-id=47
add interface=ether1-local l2mtu=1594 name=vlan101 vlan-id=101
/queue type
set 1 pfifo-limit=500
set 2 kind=pfifo pfifo-limit=500
/ip firewall filter
add chain=input comment="default configuration" protocol=icmp
add chain=input comment="default configuration" connection-state=established,related
add action=drop chain=input dst-address=192.168.47.1 protocol=tcp src-address=192.168.47.0/24
add action=drop chain=input comment="default configuration" connection-state=invalid
add action=fasttrack-connection chain=forward comment="default configuration" connection-state=established,related
add chain=forward comment="default configuration" connection-state=established,related
add action=drop chain=forward comment="default configuration" connection-state=invalid
/ip firewall nat
add action=masquerade chain=srcnat out-interface=wlan1-gateway
/ip route
add distance=1 gateway=130.20.17.1
/ip address
add address=192.168.88.1/24 comment="Admin LAN" interface=ether1-local network=192.168.88.0
add address=192.168.87.2/24 comment="Bridge LAN" interface=wlan1-gateway network=192.168.87.0
add address=130.20.17.17/24 comment=WAN interface=wlan1-gateway network=185.92.147.0
add address=192.168.101.1/24 comment="Home LAN" interface=vlan101 network=192.168.101.0
add address=192.168.47.1/24 comment="Guest LAN" interface=vlan47 network=192.168.47.0