Community discussions

 
gremling
just joined
Topic Author
Posts: 2
Joined: Tue Mar 27, 2018 4:39 am

Capsman Slow

Wed May 22, 2019 5:15 pm

Hello everybody, im from argentina, and ir work in a highschool.
Some times ago, Ive installed 1 RB2011UiAS (with v6.43.4) and 3 rbcap2nd (2 with v6.43.12 and 1 with v 6.44.3). I've configured capsman, with 3 configuratios p/AP. The SSIDs disapear every times, and clients disconects constantly. Attach configuration file, and espect for your opinions adn sugerences.
# may/22/2019 10:39:55 by RouterOS 6.43.4
# software id = M0BJ-W405
#
# model = 2011UiAS

/caps-man channel
add band=2ghz-b/g/n comment="Canal 1" control-channel-width=20mhz frequency=\
    2412 name=channel1
add band=2ghz-b/g/n comment="Canal 6" control-channel-width=20mhz frequency=\
    2437 name=channel6
add band=2ghz-b/g/n comment="Canal 11" control-channel-width=20mhz frequency=\
    2462 name=channel11
/caps-man datapath
add client-to-client-forwarding=yes local-forwarding=yes name=Datapath-Admin \
    vlan-id=180 vlan-mode=use-tag
add bridge-horizon=2 client-to-client-forwarding=yes local-forwarding=yes \
    name=Datapath-Profes vlan-id=150 vlan-mode=use-tag
add local-forwarding=yes name=Datapath-ITR3 vlan-id=160 vlan-mode=use-tag
/interface ethernet
set [ find default-name=ether1 ] comment=ToWanCoop name="ether1 - toWanCoop" \
    speed=100Mbps
set [ find default-name=ether2 ] comment=toSwitchSala name=\
    "ether2 - toSwitchSala" speed=100Mbps
set [ find default-name=ether3 ] comment=toSwitchAdministracion name=\
    "ether3 - toSwitchAdmin" speed=100Mbps
set [ find default-name=ether4 ] speed=100Mbps
set [ find default-name=ether5 ] advertise=100M-full comment=toPfSense \
    full-duplex=no name="ether5 - toPFSense" rx-flow-control=auto speed=\
    100Mbps tx-flow-control=auto
set [ find default-name=ether6 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full comment=\
    "Interfaz Sala - APs - Laboratorio" name=ether6-master
set [ find default-name=ether7 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether8 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether9 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether10 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full comment=\
    "Interfaz APs" poe-out=off
/interface pptp-server
add name=PPTP-Cristian user=""
/interface vlan
add interface=ether10 name=VlanAdmin vlan-id=180
add interface=ether10 name=VlanITR3Ether1 vlan-id=160
add interface=ether6-master name=VlanLaboratorio vlan-id=20
add interface=ether10 name=VlanProfesEther1 vlan-id=150
add interface=ether6-master name=VlanSala vlan-id=10
/caps-man rates
add basic=1Mbps,11Mbps,6Mbps,54Mbps ht-basic-mcs=mcs-0,mcs-7 \
    ht-supported-mcs=mcs-0,mcs-7 name=rate1 supported=\
    1Mbps,11Mbps,6Mbps,54Mbps
/caps-man security
add authentication-types=wpa-psk,wpa2-psk comment=\
    "Perfil de seguridad de red Profes" encryption=aes-ccm group-encryption=\
    aes-ccm group-key-update=1h name=securityProfes passphrase=nadieconecta
add authentication-types=wpa-psk,wpa2-psk comment=\
    "Perfil de seguridad de la red ITR3" encryption=aes-ccm group-encryption=\
    aes-ccm name=securityITR3 passphrase=archivado
add authentication-types=wpa-psk,wpa2-psk comment=\
    "Perfil de seguridad de la red Admin" encryption=aes-ccm \
    group-encryption=aes-ccm name=securityAdmin passphrase=peperina
/caps-man configuration
add channel=channel1 comment="Configuracion Red Wifi Admin Channel 1" \
    country=argentina datapath=Datapath-Admin distance=indoors \
    guard-interval=any hide-ssid=yes hw-protection-mode=cts-to-self \
    hw-retries=7 mode=ap multicast-helper=full name=ConfigRedAdminChannel1 \
    security=securityAdmin security.group-key-update=5m ssid=Admin
add channel=channel6 comment="Configuracion Red Wifi Admin Channel 6" \
    country=argentina datapath=Datapath-Admin distance=indoors \
    guard-interval=any hide-ssid=yes hw-protection-mode=cts-to-self \
    hw-retries=7 mode=ap multicast-helper=full name=ConfigRedAdminChannel6 \
    security=securityAdmin security.group-key-update=5m ssid=Admin
add channel=channel11 comment="Configuracion Red Wifi Admin Channel 11" \
    country=argentina datapath=Datapath-Admin distance=indoors \
    guard-interval=any hide-ssid=yes hw-protection-mode=cts-to-self \
    hw-retries=7 mode=ap multicast-helper=full name=ConfigRedAdminChannel11 \
    security=securityAdmin security.group-key-update=5m ssid=Admin
add channel=channel1 comment="Configuracion Red Wifi Profes Channel 1" \
    country=argentina datapath=Datapath-Profes distance=indoors \
    guard-interval=any hw-protection-mode=none hw-retries=7 mode=ap \
    multicast-helper=full name=ConfigRedProfesChannel1 rates=rate1 security=\
    securityProfes security.group-key-update=5m ssid=Profes
add channel=channel6 comment="Configuracion Red Wifi Profes Channel 6" \
    country=argentina datapath=Datapath-Profes distance=indoors \
    guard-interval=any hw-protection-mode=none hw-retries=7 mode=ap \
    multicast-helper=full name=ConfigRedProfesChannel6 rates=rate1 security=\
    securityProfes security.group-key-update=5m ssid=Profes
add channel=channel11 comment="Configuracion Red Wifi Profes Channel 11" \
    country=argentina datapath=Datapath-Profes distance=indoors \
    guard-interval=any hw-protection-mode=none hw-retries=7 mode=ap \
    multicast-helper=full name=ConfigRedProfesChannel11 rates=rate1 security=\
    securityProfes security.group-key-update=5m ssid=Profes
add channel=channel1 comment="Configuracion Red Wifi ITR3 Channel 1 " \
    country=argentina datapath=Datapath-ITR3 distance=indoors guard-interval=\
    any hw-protection-mode=cts-to-self hw-retries=7 max-sta-count=30 mode=ap \
    multicast-helper=full name=ConfigRedITR3Channel1 security=securityITR3 \
    ssid=ITR3
add channel=channel6 comment="Configuracion Red Wifi ITR3 Channel 6" country=\
    argentina datapath=Datapath-ITR3 distance=indoors guard-interval=any \
    hw-protection-mode=cts-to-self hw-retries=7 max-sta-count=30 mode=ap \
    multicast-helper=full name=ConfigRedITR3Channel6 security=securityITR3 \
    ssid=ITR3
add channel=channel11 comment="Configuracion Red Wifi ITR3 Channel 11" \
    country=argentina datapath=Datapath-ITR3 distance=indoors guard-interval=\
    any hw-protection-mode=cts-to-self hw-retries=7 max-sta-count=30 mode=ap \
    multicast-helper=full name=ConfigRedITR3Channel11 security=securityITR3 \
    ssid=ITR3
/caps-man interface
add configuration=ConfigRedAdminChannel6 disabled=no l2mtu=1600 mac-address=\
    XX:XX:XX:XX:XX:X1 master-interface=none name=CapAulas-Admin radio-mac=\
    XX:XX:XX:XX:XX:X1 radio-name=E48D8CFE50D1
add configuration=ConfigRedITR3Channel6 disabled=no l2mtu=1600 mac-address=\
    XX:XX:XX:XX:XX:X2 master-interface=CapAulas-Admin name=CapAulas-ITR3 \
    radio-mac=00:00:00:00:00:00 radio-name=E68D8CFE50D1
add configuration=ConfigRedProfesChannel6 disabled=no l2mtu=1600 mac-address=\
    XX:XX:XX:XX:XX:X3 master-interface=CapAulas-Admin name=CapAulas-Profes \
    radio-mac=00:00:00:00:00:00 radio-name=E68D8CFE50D2
add configuration=ConfigRedAdminChannel1 disabled=no l2mtu=1600 mac-address=\
    XX:XX:XX:XX:XX:X4 master-interface=none name=CapPrece-Admin radio-mac=\
    XX:XX:XX:XX:XX:X4 radio-name=E48D8CFEC875
add configuration=ConfigRedITR3Channel1 disabled=no l2mtu=1600 mac-address=\
    XX:XX:XX:XX:XX:X4 master-interface=CapPrece-Admin name=CapPrece-ITR3 \
    radio-mac=00:00:00:00:00:00 radio-name=E68D8CFEC875
add configuration=ConfigRedProfesChannel1 disabled=no l2mtu=1600 mac-address=\
    XX:XX:XX:XX:XX:X6 master-interface=CapPrece-Admin name=CapPrece-Profes \
    radio-mac=00:00:00:00:00:00 radio-name=E68D8CFEC876
add configuration=ConfigRedAdminChannel11 disabled=no l2mtu=1600 mac-address=\
    XX:XX:XX:XX:XX:X7 master-interface=none name=CapTaller-Admin radio-mac=\
    XX:XX:XX:XX:XX:X7 radio-name=CC2DE07087C3
add configuration=ConfigRedITR3Channel11 disabled=no l2mtu=1600 mac-address=\
    XX:XX:XX:XX:XX:X7 master-interface=CapTaller-Admin name=CapTaller-ITR3 \
    radio-mac=00:00:00:00:00:00 radio-name=CE2DE07087C3
add configuration=ConfigRedProfesChannel11 disabled=no l2mtu=1600 \
    mac-address=XX:XX:XX:XX:XX:X8 master-interface=CapTaller-Admin name=\
    CapTaller-Profes radio-mac=00:00:00:00:00:00 radio-name=CE2DE07087C4
/interface list
add name=Todas
add exclude=dynamic name=discover
add name=mactel
add name=mac-winbox
add name=VlanAdminCapsman
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip dhcp-server option
add code=252 name=wpad value="'http://10.81.1.20:8080/wpad/wpad.dat'"
/ip dhcp-server option sets
add name=Proxy options=wpad
/ip firewall layer7-protocol
add name=Avast regexp=avast
add name=httpvideo regexp="http/(0.9|1.0|1.1)[x09-x0d ][1-5][0-9][0-9][x09-x0d\
    \_-~]*(content-type: video)"
/ip pool
add name=dhcp_pool_Sala ranges=192.168.2.100-192.168.2.254
add name=dhcp_pool_admin ranges=192.168.0.100-192.168.0.254
add name=Pool_Profes ranges=10.81.10.100-10.81.10.254
add name=PoolAdminMkt ranges=10.81.100.100-10.81.100.120
add name=PoolITR3 ranges=10.81.11.10-10.81.11.254
add name=PoolLaboratorio ranges=192.168.3.100-192.168.3.254
/ip dhcp-server
add address-pool=dhcp_pool_Sala authoritative=after-2sec-delay disabled=no \
    interface=VlanSala name=DhcpServerSala
add address-pool=dhcp_pool_admin authoritative=after-2sec-delay disabled=no \
    interface="ether3 - toSwitchAdmin" name=DhcpServerAdmin
add address-pool=Pool_Profes disabled=no interface=VlanProfesEther1 \
    lease-time=1d name=DhcpServerProfes
add address-pool=PoolAdminMkt disabled=no interface=VlanAdmin lease-time=1d \
    name=DhcpServerAdminMkt
add address-pool=PoolITR3 disabled=no interface=VlanITR3Ether1 lease-time=1d \
    name=DhcpServerITR3
add address-pool=PoolLaboratorio disabled=no interface=VlanLaboratorio name=\
    DhcpServerLabo
/ppp profile
set *FFFFFFFE dns-server=8.8.8.8,8.8.4.4
/queue simple
add limit-at=1G/1G max-limit=1G/1G name=TraficoAd priority=1/1 target=\
    192.168.2.10/32,192.168.3.20/32
add max-limit=128k/0 name=PfSense packet-marks="" target="ether5 - toPFSense"
/queue type
add kind=pcq name=DescargaSmatTV pcq-classifier=dst-address \
    pcq-dst-address6-mask=64 pcq-rate=2M pcq-src-address6-mask=64
add kind=pcq name=BAJADA pcq-limit=25000000KiB pcq-total-limit=25600KiB
add kind=pcq name=SUBIDA pcq-limit=5000000KiB
add kind=pcq name=ITR3 pcq-classifier=dst-address pcq-dst-address6-mask=64 \
    pcq-limit=3000KiB pcq-rate=2M pcq-src-address6-mask=64 pcq-total-limit=\
    3000KiB
add kind=pcq name=Sala pcq-classifier=dst-address pcq-dst-address6-mask=64 \
    pcq-limit=3000KiB pcq-rate=2M pcq-src-address6-mask=64 pcq-total-limit=\
    3000KiB
add kind=pcq name=Profes pcq-classifier=dst-address pcq-dst-address6-mask=64 \
    pcq-limit=3000KiB pcq-rate=2M pcq-src-address6-mask=64 pcq-total-limit=\
    3000KiB
add kind=pcq name=Administracion pcq-classifier=dst-address \
    pcq-dst-address6-mask=64 pcq-limit=10000000KiB pcq-rate=5M \
    pcq-src-address6-mask=64 pcq-total-limit=10000KiB
/queue simple
add limit-at=1M/5M max-limit=1M/5M name=ITR3 queue=default-small/ITR3 target=\
    VlanITR3Ether1
add disabled=yes limit-at=2M/15M max-limit=2M/15M name=Sala queue=\
    default-small/Sala target=VlanSala,VlanLaboratorio
add limit-at=1M/5M max-limit=1M/5M name=Profes queue=default-small/Profes \
    target=VlanProfesEther1
add limit-at=5M/10M max-limit=5M/10M name=Administracion priority=2/2 queue=\
    default-small/Administracion target=\
    "ether3 - toSwitchAdmin,ether3 - toSwitchAdmin"
/queue tree
add name=Download parent=ether6-master priority=1 queue=BAJADA
add name=PRIO3 packet-mark=ICMP-Paquetes parent=Download priority=3 queue=\
    BAJADA
add name=PRIO6 packet-mark=HTTP-Paquetes parent=Download priority=6 queue=\
    BAJADA
add name=PRIO4 packet-mark=DNS-Paquetes parent=Download priority=4 queue=\
    BAJADA
add name=PRIO5 packet-mark=GRE-Paquetes parent=Download priority=5 queue=\
    BAJADA
add name=PRIO5-PPTP packet-mark=PPTP-Paquetes parent=Download priority=5 \
    queue=BAJADA
add name=PRIO7-50MB packet-mark=50MB-paquetes parent=Download priority=7 \
    queue=BAJADA
add name=Upload parent="ether1 - toWanCoop" priority=1 queue=SUBIDA
add name=PRIO.3 packet-mark=ICMP-Paquetes parent=Upload priority=3 queue=\
    SUBIDA
add name=PRIO.6 packet-mark=HTTP-Paquetes parent=Upload priority=6 queue=\
    SUBIDA
add name=PRIO.4 packet-mark=DNS-Paquetes parent=Upload priority=4 queue=\
    SUBIDA
add name=PRIO.5 packet-mark=GRE-Paquetes parent=Upload priority=5 queue=\
    SUBIDA
add name=PRIO.5-PPTP packet-mark=PPTP-Paquetes parent=Upload priority=5 \
    queue=SUBIDA
add name=PRIO.7-50MB packet-mark=50MB-paquetes parent=Upload priority=7 \
    queue=SUBIDA
add name=PRIO1 packet-mark=Admin-Paquetes parent=Download priority=1 queue=\
    BAJADA
add name=PRIO2 packet-mark=Administracion-paquetes parent=Download priority=2 \
    queue=BAJADA
add name=PRIO.1 packet-mark=Admin-Paquetes parent=Upload priority=1 queue=\
    SUBIDA
add name=PRIO.2 packet-mark=Administracion-paquetes parent=Upload priority=2 \
    queue=SUBIDA
add name=PRIO6.Proxy packet-mark=http-proxy-paquetes parent=Download \
    priority=6 queue=BAJADA
add name=PRIO.6-Proxy packet-mark=http-proxy-paquetes parent=Upload priority=\
    6 queue=SUBIDA
/snmp community
set [ find default=yes ] addresses=0.0.0.0/0
/user group
add name=group1
/caps-man access-list
---------------SOME ACLS HERE-----------------------------------
add action=accept allow-signal-out-of-range=5s client-to-client-forwarding=\
    yes comment="Permitir todos a ITR3" disabled=no interface=any \
    signal-range=-80..120 ssid-regexp=ITR3
add action=reject allow-signal-out-of-range=5s comment=\
    "Desconectar al que se vaya de rango" disabled=no interface=any \
    signal-range=-120..-81 ssid-regexp=""
add action=reject allow-signal-out-of-range=10s comment=\
    "Denegar al que no cumpla ninguna de arriba" disabled=no interface=any \
    ssid-regexp=""
/caps-man manager
set ca-certificate=auto certificate=auto enabled=yes
/caps-man provisioning
add action=create-enabled master-configuration=ConfigRedAdminChannel1 \
    name-format=identity radio-mac=YY:YY:YY:YY:YY:Y1 slave-configurations=\
    ConfigRedITR3Channel1,ConfigRedProfesChannel1
add action=create-enabled master-configuration=ConfigRedAdminChannel6 \
    name-format=identity radio-mac=YY:YY:YY:YY:YY:Y2 slave-configurations=\
    ConfigRedITR3Channel6,ConfigRedProfesChannel6
add action=create-enabled master-configuration=ConfigRedAdminChannel11 \
    name-format=identity radio-mac=YY:YY:YY:YY:YY:Y3 slave-configurations=\
    ConfigRedITR3Channel11,ConfigRedProfesChannel11
/ip neighbor discovery-settings
set discover-interface-list=discover
/interface list member
add list=Todas
add interface=VlanITR3Ether1 list=Todas
add interface=VlanLaboratorio list=Todas
add interface=VlanProfesEther1 list=Todas
add interface=VlanSala list=Todas
add interface="ether3 - toSwitchAdmin" list=Todas
add interface="ether5 - toPFSense" list=Todas
add interface=sfp1 list=discover
add interface="ether2 - toSwitchSala" list=discover
add interface="ether3 - toSwitchAdmin" list=discover
add interface=ether4 list=discover
add interface="ether5 - toPFSense" list=discover
add interface=ether6-master list=discover
add interface=ether7 list=discover
add interface=ether8 list=discover
add interface=ether9 list=discover
add interface=ether10 list=discover
add interface=VlanProfesEther1 list=discover
add interface=VlanITR3Ether1 list=discover
add list=discover
add interface=VlanSala list=discover
add interface=VlanLaboratorio list=discover
add interface=PPTP-Cristian list=discover
add list=mactel
add list=mac-winbox
add list=VlanAdminCapsman
add list=VlanAdminCapsman
add list=VlanAdminCapsman
/interface pptp-server server
set enabled=yes
/ip address
add address=192.168.2.1/24 comment="Direccion Interfaz Vlan Sala" interface=\
    VlanSala network=192.168.2.0
add address=172.16.1.1/24 comment="Direccion Interfaz a PfSense" interface=\
    "ether5 - toPFSense" network=172.16.1.0
add address=192.168.0.1/24 comment="Direccion Interfaz Administracion" \
    interface="ether3 - toSwitchAdmin" network=192.168.0.0
add address=192.168.1.15/24 comment="Ip interfaz a router fibra coop" \
    interface="ether1 - toWanCoop" network=192.168.1.0
add address=10.81.10.1/24 comment="Ip Vlan Profes" interface=VlanProfesEther1 \
    network=10.81.10.0
add address=10.81.11.1/24 comment="Ip Vlan Itr3" interface=VlanITR3Ether1 \
    network=10.81.11.0
add address=10.81.100.1/24 comment="Ip Vlan Admin" interface=VlanAdmin \
    network=10.81.100.0
add address=192.168.3.1/24 comment="Ip Vlan Laboratorio" interface=\
    VlanLaboratorio network=192.168.3.0
/ip dhcp-server network
add address=10.81.10.0/24 comment="Red Profes" dns-server=8.8.8.8,8.8.4.4 \
    gateway=10.81.10.1 netmask=24
add address=10.81.11.0/24 comment="Red ITR3" dhcp-option=wpad dns-server=\
    192.168.2.10 gateway=10.81.11.1 netmask=24
add address=10.81.100.0/24 comment="Red Admin Mkt" dns-server=8.8.8.8,8.8.4.4 \
    gateway=10.81.100.1 netmask=24
add address=192.168.0.0/24 comment="Red de Administracion" dns-server=\
    8.8.8.8,8.8.4.4 gateway=192.168.0.1 netmask=24
add address=192.168.2.0/24 comment="Red Sala" dhcp-option=wpad dns-server=\
    192.168.2.10 gateway=192.168.2.1
add address=192.168.3.0/24 comment="Red Laboratorio" dhcp-option=wpad \
    dns-server=192.168.2.10 gateway=192.168.3.1 netmask=24
/ip dns
set servers=8.8.8.8,8.8.4.4
/ip dns static
add address=192.168.88.1 name=router
/ip firewall address-list
add address=192.168.2.100-192.168.2.254 list=RedSala
add address=192.168.0.1-192.168.0.254 list=RedAdministracion
add address=10.81.10.1-10.81.10.254 list=RedWifiProfes
add address=172.16.1.1-172.16.1.2 list=RedProxy
add address=192.168.69.0-192.168.69.254 list=RedWifiPrueba
add address=10.81.100.100-10.81.100.120 list=RedWifiAdminMkt
/ip firewall filter
add action=accept chain=input comment="Permitir conexiones Established" \
    connection-state=established in-interface="ether1 - toWanCoop"
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="Permitir PPTP" dst-port=1723 protocol=\
    tcp
add action=accept chain=input comment="Permitir GRE" protocol=gre
add action=drop chain=input comment="defconf: drop all from WAN" \
    in-interface="ether1 - toWanCoop"
add action=accept chain=forward comment="Prmitir Trafico Red Administracion" \
    src-address-list=RedAdministracion
add action=accept chain=forward comment="CapTaller Admin" src-address=\
    10.81.100.4
add action=accept chain=forward comment="Cap Preceptores Admin" src-address=\
    10.81.100.2
add action=accept chain=forward comment="Cap Aulas Admin" src-address=\
    10.81.100.3
add action=accept chain=input comment="CapsMan Discover Vlan Admin" dst-port=\
    5246,5247 in-interface=VlanAdmin protocol=udp
add action=accept chain=input comment="CapsMan Discover Vlan Profes" \
    dst-port=5246,5247 in-interface=VlanProfesEther1 protocol=udp
add action=accept chain=input comment="CapsMan Discover Vlan ITR3" dst-port=\
    5246,5247 in-interface=VlanITR3Ether1 protocol=udp
add action=drop chain=forward comment=\
    "Denegar trafico de la Sala a Administracion" connection-state=\
    !established dst-address-list=RedAdministracion in-interface=VlanSala
add action=drop chain=forward comment=\
    "Denegar trafico del Laboratorio a Administracion" connection-state=\
    !established dst-address-list=RedAdministracion in-interface=\
    VlanLaboratorio
add action=drop chain=forward comment=\
    "Denegar trafico de la red Profes hacia Administracion" connection-state=\
    !established dst-address-list=RedAdministracion in-interface=\
    VlanProfesEther1
add action=drop chain=forward comment=\
    "Denegar trafico de la red ITR3 hacia Administracion" connection-state=\
    !established dst-address-list=RedAdministracion in-interface=\
    VlanITR3Ether1
add action=drop chain=input comment="Denegar Ingresos desde la red ITR3" \
    in-interface=VlanITR3Ether1
/ip firewall mangle
add action=mark-connection chain=prerouting comment=\
    "Marco conexion Admin MKT" connection-state=new new-connection-mark=\
    Admin-con passthrough=yes src-address-list=RedWifiAdminMkt
add action=mark-packet chain=forward comment="Marco aquetes red Admin MKT" \
    connection-mark=Admin-con new-packet-mark=Admin-Paquetes passthrough=no
add action=mark-connection chain=prerouting comment=\
    "Marco conexiones red administracion" connection-state=new disabled=yes \
    new-connection-mark=Administracion-conn passthrough=yes src-address-list=\
    RedAdministracion
add action=mark-packet chain=forward comment=\
    "Marco paquetes red administracion" connection-mark=Administracion-conn \
    disabled=yes new-packet-mark=Administracion-paquetes passthrough=no
add action=mark-connection chain=prerouting comment=ICMP connection-state=new \
    new-connection-mark=ICMP-Con passthrough=yes protocol=icmp \
    src-address-list=!RedWifiAdminMkt
add action=mark-packet chain=forward comment=ICMP-Paquetes connection-mark=\
    ICMP-Con new-packet-mark=ICMP-Paquetes passthrough=no
add action=mark-connection chain=prerouting comment=DNS connection-state=new \
    dst-port=53 new-connection-mark=DNS-Con passthrough=yes protocol=tcp \
    src-address-list=!RedWifiAdminMkt
add action=mark-packet chain=forward comment=DNS-Paquetes connection-mark=\
    DNS-Con new-packet-mark=DNS-Paquetes passthrough=no
add action=mark-connection chain=prerouting comment=GRE connection-state=new \
    dst-port=47 new-connection-mark=gre-con passthrough=yes protocol=tcp \
    src-address-list=!RedWifiAdminMkt
add action=mark-packet chain=forward comment=GRE-Paquetes connection-mark=\
    gre-con new-packet-mark=GRE-Paquetes passthrough=no
add action=mark-connection chain=prerouting comment=PPTP connection-state=new \
    dst-port=1723 new-connection-mark=pptp-con passthrough=yes protocol=tcp \
    src-address-list=!RedWifiAdminMkt
add action=mark-packet chain=forward comment=PPTP-Paquetes connection-mark=\
    pptp-con new-packet-mark=PPTP-Paquetes passthrough=no
add action=mark-connection chain=prerouting comment=HTTP connection-state=new \
    new-connection-mark=http-con passthrough=yes port=80,443,8080,8181 \
    protocol=tcp src-address-list=!RedWifiAdminMkt
add action=mark-packet chain=forward comment="HTTP Paquetes" connection-mark=\
    http-con new-packet-mark=HTTP-Paquetes passthrough=no
add action=mark-connection chain=prerouting comment="HTTP 50MB" \
    connection-bytes=50000000-0 new-connection-mark=50MB-con passthrough=yes \
    protocol=tcp src-address-list=!RedWifiAdminMkt
add action=mark-packet chain=forward comment=50MB-paquetes connection-mark=\
    50MB-con new-packet-mark=50MB-paquetes
add action=mark-connection chain=prerouting comment=\
    "Marco conexiones al proxy como http" connection-state=new dst-address=\
    172.16.1.2 dst-port=3128 new-connection-mark=http-proxy-con protocol=tcp
add action=mark-packet chain=forward connection-mark=http-proxy-con \
    new-packet-mark=http-proxy-paquetes passthrough=no
add action=mark-connection chain=prerouting comment="Marco conexion Sala" \
    connection-state=new new-connection-mark=Trafico-Sala passthrough=yes \
    src-address-list=192.168.2.100-192.168.2.254
add action=mark-packet chain=forward connection-mark=Trafico-Sala \
    new-packet-mark=Sala-Paquetes passthrough=no
/ip firewall nat
add action=masquerade chain=srcnat comment="Nat red labo" disabled=yes \
    out-interface="ether1 - toWanCoop" src-address=192.168.2.20
add action=masquerade chain=srcnat comment="Permitir Nat Admin Mkt" \
    out-interface="ether1 - toWanCoop" src-address-list=RedWifiAdminMkt
add action=masquerade chain=srcnat comment=\
    "Nateo para la red de administracion" out-interface="ether1 - toWanCoop" \
    src-address-list=RedAdministracion
add action=masquerade chain=srcnat comment="Nat maquina particular" \
    out-interface="ether1 - toWanCoop" src-address=192.168.2.102
add action=masquerade chain=srcnat comment="Nateo para la red del proxy" \
    out-interface="ether1 - toWanCoop" src-address-list=RedProxy
add action=masquerade chain=srcnat comment="Nateo para la red WifiProfes" \
    out-interface="ether1 - toWanCoop" src-address-list=RedWifiProfes
add action=masquerade chain=srcnat comment="Nat para Active Directory" \
    out-interface="ether1 - toWanCoop" src-address=192.168.2.10
add action=masquerade chain=srcnat comment="NAT para CactiEZ" out-interface=\
    "ether1 - toWanCoop" src-address=192.168.2.108
add action=masquerade chain=srcnat comment="Prmitir NAT para ICMP" protocol=\
    icmp
add action=masquerade chain=srcnat disabled=yes dst-port=21 out-interface=\
    "ether1 - toWanCoop" protocol=tcp src-address-list=RedSala
add action=masquerade chain=srcnat comment="Permitir NAT FTP Sala" dst-port=\
    21 out-interface="ether1 - toWanCoop" protocol=tcp src-address-list=\
    RedSala
add action=masquerade chain=srcnat comment="Nat para AP del taller" \
    out-interface="ether1 - toWanCoop" src-address=10.81.100.4
add action=masquerade chain=srcnat comment="Nat para AP de las aulas" \
    out-interface="ether1 - toWanCoop" src-address=10.81.100.3
add action=masquerade chain=srcnat comment="Nat para AP de los preceptores" \
    out-interface="ether1 - toWanCoop" src-address=10.81.100.2
add action=masquerade chain=srcnat comment="Nat para OpenMediaVault" \
    out-interface="ether1 - toWanCoop" src-address=192.168.3.20
add action=dst-nat chain=dstnat comment="Redirigir FTP a Active Directory" \
    dst-port=21 in-interface="ether1 - toWanCoop" protocol=tcp to-addresses=\
    192.168.2.10 to-ports=21
add action=dst-nat chain=dstnat comment=\
    "Redirigir control ftp a ActiveDirectory" dst-port=20 in-interface=\
    "ether1 - toWanCoop" protocol=tcp to-addresses=192.168.2.10 to-ports=20
add action=dst-nat chain=dstnat comment=\
    "Redirigir puerto 8080 externo a Active Directory" dst-port=8080 \
    in-interface="ether1 - toWanCoop" protocol=tcp to-addresses=192.168.2.10 \
    to-ports=8080
add action=masquerade chain=srcnat comment="Arduino Juarez Fernandez" \
    out-interface="ether1 - toWanCoop" src-address=192.168.2.99
add action=masquerade chain=srcnat comment="camila juarez borrar" \
    src-address=192.168.2.105
/ip route
add distance=1 gateway=192.168.1.100
/lcd
set time-interval=hour
/queue simple
add dst=192.168.2.10/32 limit-at=1G/1G max-limit=1G/1G name=AlActiveDirectory \
    target="*14,VlanITR3Ether1,VlanLaboratorio,VlanProfesEther1,VlanSala,ether\
    3 - toSwitchAdmin,ether5 - toPFSense"
/system clock
set time-zone-name=America/Argentina/Cordoba
/system identity
set name=Cristian
/system ntp client
set enabled=yes primary-ntp=192.168.2.10
/system routerboard settings
set silent-boot=no
/system scheduler
add comment="Update No-IP DDNS" interval=5m name=no-ip_ddns_update on-event=\
    NoIPCoop policy=read,write,test start-date=jul/06/2017 start-time=\
    17:58:26
/tool graphing interface
add interface="ether3 - toSwitchAdmin"
add interface="ether2 - toSwitchSala"
add
/tool mac-server
set allowed-interface-list=mactel
/tool mac-server mac-winbox
set allowed-interface-list=mac-winbox
The Ap1 config is next:
# may/22/2019 10:56:50 by RouterOS 6.43.12
# software id = UBGN-SHAG
#
# model = RouterBOARD cAP 2nD

/interface bridge
add name=bridge1
/interface wireless
# managed by CAPsMAN
# channel: 2412/20-Ce/gn(20dBm), SSID: Admin, local forwarding
set [ find default-name=wlan1 ] band=2ghz-b/g/n disabled=no hide-ssid=yes \
    mode=ap-bridge rx-chains=0 ssid=CapPrece tx-chains=0 wireless-protocol=\
    802.11 wps-mode=disabled
/interface ethernet
set [ find default-name=ether1 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
/interface vlan
add interface=bridge1 name=Vlan-Admin-Eth vlan-id=180
add interface=bridge1 name=Vlan-ITR3-Eth vlan-id=160
add interface=bridge1 name=Vlan-Profes-Eth vlan-id=150
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/snmp community
set [ find default=yes ] addresses=0.0.0.0/0
/interface bridge port
add bridge=bridge1 interface=ether1
/interface wireless cap
# 
set bridge=bridge1 discovery-interfaces=bridge1 enabled=yes interfaces=wlan1
/ip address
add address=10.81.10.2/24 interface=Vlan-Profes-Eth network=10.81.10.0
add address=10.81.100.2/24 interface=Vlan-Admin-Eth network=10.81.100.0
/ip dns
set servers=8.8.8.8,8.8.4.4
/ip firewall filter
add action=accept chain=input protocol=icmp
add action=accept chain=input protocol=tcp
/ip route
add distance=1 gateway=10.81.100.1
add distance=1 dst-address=172.16.16.0/24 gateway=10.81.10.1 pref-src=\
    10.81.10.2
add distance=1 dst-address=192.168.0.0/24 gateway=10.81.100.1 pref-src=\
    10.81.10.2
/ip smb shares
set [ find default=yes ] directory=/pub
/snmp
set contact=ApPreceptores enabled=yes
/system clock
set time-zone-name=America/Argentina/Cordoba
/system identity
set name=CapPrece
/system leds
set 0 interface=wlan1
/system ntp client
set enabled=yes primary-ntp=192.168.2.10
/system scheduler
add interval=1m name=Patear-clientes on-event=Patear-clientes policy=\
    read,write,test start-date=nov/29/2017 start-time=01:15:38
The AP2 is next:
# jan/14/1970 00:13:50 by RouterOS 6.43.12
# software id = 6JT5-Y0HT
#
# model = RouterBOARD cAP 2nD
/interface bridge
add admin-mac=XX:XX:XX:XX:XX:Y1 auto-mac=no comment=defconf name=bridgeLocal
/interface wireless
# managed by CAPsMAN
# channel: 2437/20-Ce/gn(20dBm), SSID: Admin, local forwarding
set [ find default-name=wlan1 ] disabled=no ssid=MikroTik
/interface vlan
add interface=bridgeLocal name=VlanAdmin vlan-id=180
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/interface bridge port
add bridge=bridgeLocal comment=defconf interface=ether1
/interface wireless cap
# 
set bridge=bridgeLocal discovery-interfaces=bridgeLocal enabled=yes \
    interfaces=wlan1
/ip address
add address=10.81.100.3/24 interface=VlanAdmin network=10.81.100.0
/ip route
add distance=1 gateway=10.81.100.1
/system identity
set name=CapAulas
And the AP3 config is next:
# may/22/2019 14:01:20 by RouterOS 6.44.3
# software id = SVP6-AXBD
#
# model = RouterBOARD cAP 2nD
/interface bridge
add admin-mac=XX:XX:XX:XX:XX:Y9 auto-mac=no comment=defconf name=bridgeLocal
/interface wireless
# managed by CAPsMAN
# channel: 2462/20-eC/gn(20dBm), SSID: Admin, local forwarding
set [ find default-name=wlan1 ] disabled=no ssid=MikroTik
/interface ethernet
set [ find default-name=ether1 ] advertise=100M-full auto-negotiation=no
/interface vlan
add interface=bridgeLocal name=VlanAdmin vlan-id=180
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/interface bridge port
add bridge=bridgeLocal comment=defconf interface=ether1
/interface wireless cap
# 
set bridge=bridgeLocal discovery-interfaces=bridgeLocal enabled=yes \
    interfaces=wlan1
/ip address
add address=10.81.100.4/24 interface=VlanAdmin network=10.81.100.0
/ip route
add distance=1 gateway=10.81.100.1
/system identity
set name=CapTaller
/system ntp client
set enabled=yes primary-ntp=192.168.2.10
Any suggestion wille be accepted!
Regards!

Who is online

Users browsing this forum: Junior05, nest and 20 guests