I have 3 Mikrotik units :
- main unit : RB4011iGS+5HacQ2HnD-IN
- hAP ac TC
- hAP 10-15 minutes ac²
All those are using Capsman with main confir from the RB4011oGS
Since the beginning (which is several months) I've been having smaller or bigger connectivity issues. Wifi on laptops disconnects randomly every 10-her short 15 minutes. It is rather short and difficult to notice during normal use when reading news, messaging or something like that. But my choildren have many issues during remote classes as well as watching youtube. Currently I'm struggling with even LAN connection to my TV as it looses internet and TV says that internet is unavailable.
I have been trying to search over the internet but I know nothing. I'm not a pro in this as well which makes it even more difficult.
Any hints I might follow ?
Thanks in advance
Yassith
My config is as follows :
Code: Select all
# jun/27/2021 11:02:48 by RouterOS 6.48.3
# software id = 58K8-MTPR
#
# model = RB4011iGS+5HacQ2HnD
# serial number = D43B0D3A380D
/caps-man channel
add band=2ghz-b/g/n control-channel-width=20mhz extension-channel=disabled \
frequency=2462 name=channel11
add band=5ghz-a/n/ac control-channel-width=20mhz extension-channel=disabled \
frequency=5180,5200,5220,5240,5745 name=5G
add band=2ghz-b/g/n control-channel-width=20mhz extension-channel=disabled \
frequency=2412 name=channel1
add band=2ghz-b/g/n control-channel-width=20mhz extension-channel=disabled \
frequency=2437 name=channel6
/interface bridge
add name=bridgeVLAN10 protocol-mode=none
add name=bridgeVLAN100 protocol-mode=none
add name=bridgeVLAN200 protocol-mode=none
add name=bridgeVLAN300 protocol-mode=none
add name=bridgeVLAN400 protocol-mode=none
/interface wireless
# managed by CAPsMAN
# channel: 2412/20/gn(17dBm), SSID: Lepianka-2G, CAPsMAN forwarding
set [ find default-name=wlan2 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \
country=poland distance=indoors frequency=auto installation=indoor mode=\
ap-bridge name=wlan-2G ssid=Lepianka-2G wireless-protocol=802.11 \
wps-mode=disabled
# managed by CAPsMAN
# channel: 5180/20/ac/P(20dBm), SSID: Lepianka-5G, CAPsMAN forwarding
set [ find default-name=wlan1 ] band=5ghz-a/n/ac channel-width=\
20/40/80mhz-XXXX country=poland distance=indoors frequency=auto \
installation=indoor mode=station-pseudobridge name=wlan-5G \
secondary-channel=auto ssid=Lepianka_5G wireless-protocol=802.11 \
wps-mode=disabled
add disabled=no keepalive-frames=disabled mac-address=4A:8F:5A:F6:08:84 \
master-interface=wlan-2G multicast-buffering=disabled name=wlan2G-AV \
ssid=Lepianka-AV vlan-id=200 wds-cost-range=0 wds-default-cost=0 \
wps-mode=disabled
/interface ethernet
set [ find default-name=ether1 ] name=ether1-WAN
/interface eoip
add local-address=10.10.0.5 mac-address=78:5D:C8:1F:5E:1C name=WOL-Ether6 \
remote-address=10.100.0.220 tunnel-id=1
/interface vlan
add interface=ether1-WAN name=eth1_vlan10-admin vlan-id=10
add interface=ether1-WAN name=eth1_vlan100-main vlan-id=100
add interface=ether1-WAN name=eth1_vlan200-AV vlan-id=200
add interface=ether1-WAN name=eth1_vlan300-IoT vlan-id=300
add interface=ether1-WAN name=eth1_vlan400-guest vlan-id=400
/caps-man security
add authentication-types=wpa2-psk encryption=aes-ccm name=main passphrase=\
XXXXXXX
add authentication-types=wpa2-psk encryption=aes-ccm name=AV passphrase=\
XXXXXXX
add authentication-types=wpa2-psk encryption=aes-ccm name=IoT passphrase=\
XXXXXX
add authentication-types=wpa2-psk encryption=aes-ccm name=gosc passphrase=\
XXXXX
/interface ethernet switch port
set 0 default-vlan-id=0
set 1 default-vlan-id=0
set 2 default-vlan-id=0
set 3 default-vlan-id=0
set 4 default-vlan-id=0
set 5 default-vlan-id=0
set 6 default-vlan-id=0
set 7 default-vlan-id=0
set 8 default-vlan-id=0
set 9 default-vlan-id=0
set 10 default-vlan-id=0
set 11 default-vlan-id=0
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/caps-man datapath
add bridge=bridgeVLAN100 client-to-client-forwarding=yes interface-list=LAN \
name=main vlan-id=100
add bridge=bridgeVLAN200 client-to-client-forwarding=yes interface-list=LAN \
name=AV vlan-id=200
add bridge=bridgeVLAN300 client-to-client-forwarding=yes interface-list=LAN \
name=IoT vlan-id=300
add bridge=bridgeVLAN400 client-to-client-forwarding=yes interface-list=LAN \
name=guest vlan-id=400
/caps-man configuration
add channel=5G country=poland datapath=main distance=indoors mode=ap \
multicast-helper=full name=Lepiank-5G rx-chains=0,1,2,3 security=main \
ssid=Lepianka-5G tx-chains=0,1,2,3
add channel=channel6 country=poland datapath=AV distance=indoors mode=ap \
multicast-helper=full name=AV rx-chains=0,1,2,3 security=AV ssid=\
Lepianka-AV tx-chains=0,1,2,3
add channel=channel11 country=poland datapath=IoT distance=indoors mode=ap \
multicast-helper=full name=IoT rx-chains=0,1,2,3 security=IoT ssid=\
Lepianka-IoT tx-chains=0,1,2,3
add channel=channel11 country=poland datapath=guest distance=indoors mode=ap \
name=guest rx-chains=0,1,2,3 security=gosc ssid=Lepianka-guest tx-chains=\
0,1,2,3
add channel=channel1 country=poland datapath=main distance=indoors mode=ap \
multicast-helper=full name=Lepiank-2G rx-chains=0,1,2,3 security=main \
ssid=Lepianka-2G tx-chains=0,1,2,3
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" mode=\
dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key="M12poka;)" \
wpa2-pre-shared-key="M12poka;)"
add authentication-types=wpa2-psk eap-methods="" mode=dynamic-keys name=guest \
supplicant-identity="" wpa2-pre-shared-key=12kowaks2
add authentication-types=wpa2-psk eap-methods="" mode=dynamic-keys name=IoT \
supplicant-identity="" wpa2-pre-shared-key=12kowaks2
/interface wireless
add disabled=no keepalive-frames=disabled mac-address=0A:55:31:6D:22:85 \
master-interface=wlan-2G multicast-buffering=disabled name=wlan2G-IoT \
security-profile=IoT ssid=Lepinka-IoT vlan-id=300 wds-cost-range=0 \
wds-default-cost=0 wps-mode=disabled
add disabled=no keepalive-frames=disabled mac-address=4A:8F:5A:F6:08:85 \
master-interface=wlan-2G multicast-buffering=disabled name=wlan2G-guest \
security-profile=guest ssid=Lepianka-guest vlan-id=400 wds-cost-range=0 \
wds-default-cost=0 wps-mode=disabled
/ip pool
add name=dhcp ranges=10.0.0.2-10.0.0.254
add name=dhcp_pool1 ranges=10.0.0.2-10.0.0.254
add name=dhcp_pool2 ranges=10.10.0.2-10.10.0.254
add name=dhcp_pool3 ranges=10.100.0.2-10.100.0.254
add name=dhcp_pool4 ranges=10.20.0.2-10.20.0.254
add name=dhcp_pool5 ranges=10.30.0.2-10.30.0.254
add name=dhcp_pool6 ranges=10.30.0.2-10.30.0.254
add name=dhcp_pool7 ranges=10.40.0.2-10.40.0.254
add name=dhcp_pool8 ranges=10.0.0.2-10.0.0.254
add name=dhcp_pool9 ranges=10.0.0.2-10.0.0.254
add name=dhcp_pool10 ranges=10.100.0.2-10.100.0.200
add name=dhcp_pool11 ranges=10.20.0.2-10.20.0.200
add name=dhcp_pool12 ranges=10.10.0.2-10.10.0.200
add name=dhcp_pool13 ranges=10.0.0.2-10.0.0.200
/ip dhcp-server
add address-pool=dhcp_pool6 disabled=no interface=bridgeVLAN400 name=\
dhcpVLAN400
add address-pool=dhcp_pool10 disabled=no interface=bridgeVLAN10 name=\
dhcpVLAN10
add address-pool=dhcp_pool11 disabled=no interface=bridgeVLAN300 name=\
dhcpVLAN300
add address-pool=dhcp_pool12 disabled=no interface=bridgeVLAN200 name=\
dhcpVLAN200
add address-pool=dhcp_pool13 disabled=no interface=bridgeVLAN100 name=\
dhcpVLAN100
/user group
add name=hassio policy="read,write,test,api,!local,!telnet,!ssh,!ftp,!reboot,!\
policy,!winbox,!password,!web,!sniff,!sensitive,!romon,!dude,!tikapp"
/caps-man access-list
add action=accept allow-signal-out-of-range=10s disabled=no signal-range=\
-70..120 ssid-regexp=""
add action=reject allow-signal-out-of-range=10s disabled=no signal-range=\
-120..-71 ssid-regexp=""
/caps-man manager
set ca-certificate=auto certificate=auto enabled=yes
/caps-man provisioning
add action=create-dynamic-enabled hw-supported-modes=ac,an \
master-configuration=Lepiank-5G name-format=identity
add action=create-dynamic-enabled hw-supported-modes=gn master-configuration=\
Lepiank-2G name-format=identity slave-configurations=AV,IoT,guest
add hw-supported-modes=ac master-configuration=Lepiank-2G radio-mac=\
48:8F:5A:31:F3:E0 slave-configurations=AV,IoT,guest
/interface bridge port
add bridge=bridgeVLAN100 interface=ether2
add bridge=bridgeVLAN100 interface=ether3
add bridge=bridgeVLAN100 interface=ether4
add bridge=bridgeVLAN100 interface=ether5
add bridge=bridgeVLAN200 interface=ether6
add bridge=bridgeVLAN200 interface=ether7
add bridge=bridgeVLAN300 interface=ether8
add bridge=bridgeVLAN300 interface=ether9
add bridge=bridgeVLAN10 comment=TRUNK interface=ether10
add bridge=bridgeVLAN100 hw=no interface=sfp-sfpplus1
add bridge=bridgeVLAN10 interface=eth1_vlan10-admin
add bridge=bridgeVLAN100 interface=eth1_vlan100-main
add bridge=bridgeVLAN200 interface=eth1_vlan200-AV
add bridge=bridgeVLAN300 interface=eth1_vlan300-IoT
add bridge=bridgeVLAN400 interface=eth1_vlan400-guest
add bridge=bridgeVLAN200 interface=wlan2G-AV
add bridge=bridgeVLAN100 interface=wlan-5G
add bridge=bridgeVLAN300 interface=wlan2G-IoT
add bridge=bridgeVLAN400 interface=wlan2G-guest
add bridge=bridgeVLAN100 interface=wlan-2G
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface bridge vlan
add bridge=bridgeVLAN100 tagged=ether1-WAN untagged=ether10 vlan-ids=10
add bridge=bridgeVLAN100 tagged=ether1-WAN untagged=\
ether2,ether3,ether4,ether5,wlan-5G,wlan-2G vlan-ids=100
add bridge=bridgeVLAN200 tagged=ether10 untagged=ether6,ether7,wlan2G-AV \
vlan-ids=200
add bridge=bridgeVLAN300 tagged=ether1-WAN untagged=ether8,ether9,wlan2G-IoT \
vlan-ids=300
add bridge=bridgeVLAN400 tagged=ether1-WAN untagged=wlan2G-guest,ether10 \
vlan-ids=400
/interface detect-internet
set detect-interface-list=all
/interface list member
add interface=bridgeVLAN200 list=LAN
add list=LAN
add interface=bridgeVLAN300 list=LAN
add interface=bridgeVLAN400 list=LAN
add interface=wlan-5G list=LAN
add interface=ether1-WAN list=WAN
add interface=ether2 list=LAN
add interface=ether3 list=LAN
add interface=ether4 list=LAN
add interface=ether5 list=LAN
add interface=ether6 list=LAN
add interface=ether7 list=LAN
add interface=ether8 list=LAN
add interface=ether9 list=LAN
add interface=ether10 list=LAN
add interface=sfp-sfpplus1 list=LAN
add interface=wlan-2G list=LAN
/interface wireless cap
#
set caps-man-addresses=127.0.0.1 certificate=request enabled=yes interfaces=\
wlan-5G,wlan-2G
/ip address
add address=10.10.0.1/24 interface=bridgeVLAN200 network=10.10.0.0
add address=10.100.0.1/24 interface=bridgeVLAN10 network=10.100.0.0
add address=10.20.0.1/24 interface=bridgeVLAN300 network=10.20.0.0
add address=10.30.0.1/24 interface=bridgeVLAN400 network=10.30.0.0
add address=10.0.0.1/24 interface=eth1_vlan100-main network=10.0.0.0
/ip arp
add address=10.10.0.5 interface=bridgeVLAN200 mac-address=78:5D:C8:1F:5E:1C
add address=10.10.0.254 disabled=yes interface=bridgeVLAN200 mac-address=\
FF:FF:FF:FF:FF:FF
add address=10.0.0.1 interface=ether1-WAN mac-address=08:55:31:6D:22:7A
/ip dhcp-client
add disabled=no interface=ether1-WAN
/ip dhcp-server lease
add address=10.10.0.3 client-id=1:4c:1b:86:c1:9a:be mac-address=\
4C:1B:86:C1:9A:BE server=dhcpVLAN200
add address=10.10.0.7 client-id=1:38:81:d7:15:6a:3d mac-address=\
38:81:D7:15:6A:3D server=dhcpVLAN200
add address=10.100.0.254 client-id=1:dc:a6:32:f2:7f:69 mac-address=\
DC:A6:32:F2:7F:69 server=dhcpVLAN10
add address=10.10.0.5 client-id=1:7c:1c:4e:93:fc:b5 mac-address=\
78:5D:C8:1F:5E:1C server=dhcpVLAN200
add address=10.20.0.104 mac-address=24:A1:60:0E:D9:F5 server=dhcpVLAN300
add address=10.20.0.120 mac-address=24:A1:60:0E:DA:9A server=dhcpVLAN300
add address=10.20.0.121 mac-address=24:A1:60:0E:E2:D2 server=dhcpVLAN300
add address=10.20.0.124 mac-address=24:A1:60:0E:E3:8C server=dhcpVLAN300
add address=10.20.0.125 mac-address=2C:F4:32:EF:0B:0A server=dhcpVLAN300
add address=10.20.0.132 mac-address=70:03:9F:49:6F:12 server=dhcpVLAN300
add address=10.20.0.134 mac-address=C4:DD:57:30:7D:13 server=dhcpVLAN300
add address=10.20.0.135 mac-address=C4:DD:57:2F:B6:32 server=dhcpVLAN300
add address=10.20.0.136 mac-address=C4:DD:57:2F:B6:7D server=dhcpVLAN300
add address=10.20.0.96 mac-address=D0:40:EF:F7:00:FC server=dhcpVLAN300
add address=10.20.0.95 mac-address=D0:40:EF:F6:F3:0C server=dhcpVLAN300
add address=10.20.0.94 mac-address=D0:40:EF:7B:9A:4E server=dhcpVLAN300
add address=10.20.0.93 mac-address=D0:40:EF:7B:37:92 server=dhcpVLAN300
add address=10.10.0.2 client-id=1:a0:9f:10:21:15:62 mac-address=\
A0:9F:10:21:15:62 server=dhcpVLAN200
add address=10.10.0.8 client-id=1:a0:9f:10:1f:d0:ff mac-address=\
A0:9F:10:1F:D0:FF server=dhcpVLAN200
add address=10.10.0.9 client-id=1:a0:9f:10:1e:9a:a2 mac-address=\
A0:9F:10:1E:9A:A2 server=dhcpVLAN200
/ip dhcp-server network
add address=10.0.0.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=10.0.0.1
add address=10.1.0.0/24 comment=defconf dns-server=10.100.0.254 gateway=\
10.1.0.1 netmask=24
add address=10.10.0.0/24 dns-server=10.100.0.254 gateway=10.10.0.1
add address=10.20.0.0/24 dns-server=10.100.0.254 gateway=10.20.0.1
add address=10.30.0.0/24 dns-server=10.100.0.254 gateway=10.30.0.1
add address=10.40.0.0/24 dns-server=10.100.0.254 gateway=10.40.0.1
add address=10.100.0.0/24 dns-server=10.100.0.254 gateway=10.100.0.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=10.0.0.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=accept chain=forward comment="Rule for WOL" disabled=yes \
dst-address=10.10.0.254 dst-limit=1,3,src-address/10s in-interface=\
ether1-WAN log=yes log-prefix=FWD out-interface=bridgeVLAN200
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
"defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
disabled=yes in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=accept chain=input comment=CAPSMAN dst-port=5246,5247 protocol=udp
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
add action=drop chain=forward comment="Rule to allow WOL(not working)" \
disabled=yes log=yes log-prefix=DROP
/ip firewall nat
add action=dst-nat chain=dstnat comment="Rule to WOL" disabled=yes dst-port=\
9999 in-interface=ether1-WAN log=yes log-prefix=PRE-RT protocol=udp \
to-addresses=10.10.0.5 to-ports=9
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN src-address-list=""
/ip firewall service-port
set ftp disabled=yes
/system clock
set time-zone-name=Europe/Warsaw
/system identity
set name="Main wifi AP"
/system leds
add interface=wlan-2G leds="wlan-2G_signal1-led,wlan-2G_signal2-led,wlan-2G_si\
gnal3-led,wlan-2G_signal4-led,wlan-2G_signal5-led" type=\
wireless-signal-strength
add interface=wlan-2G leds=wlan-2G_tx-led type=interface-transmit
add interface=wlan-2G leds=wlan-2G_rx-led type=interface-receive
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN