our switch constantly has 100 percent CPU load, why?
Code: Select all
# 2024-01-22 13:48:17 by RouterOS 7.11.2
# model = CRS354-48P-4S+2Q+
/interface bridge
add name=BRIDGE protocol-mode=none vlan-filtering=yes
/interface ethernet
set [ find default-name=qsfpplus1-1 ] advertise="10M-half,10M-full,100M-half,1\
00M-full,1000M-half,1000M-full,10000M-full,2500M-full,5000M-full"
set [ find default-name=qsfpplus1-2 ] advertise="10M-half,10M-full,100M-half,1\
00M-full,1000M-half,1000M-full,10000M-full,2500M-full,5000M-full"
set [ find default-name=qsfpplus1-3 ] advertise="10M-half,10M-full,100M-half,1\
00M-full,1000M-half,1000M-full,10000M-full,2500M-full,5000M-full"
set [ find default-name=qsfpplus1-4 ] advertise="10M-half,10M-full,100M-half,1\
00M-full,1000M-half,1000M-full,10000M-full,2500M-full,5000M-full"
set [ find default-name=qsfpplus2-1 ] advertise="10M-half,10M-full,100M-half,1\
00M-full,1000M-half,1000M-full,10000M-full,2500M-full,5000M-full"
set [ find default-name=qsfpplus2-2 ] advertise="10M-half,10M-full,100M-half,1\
00M-full,1000M-half,1000M-full,10000M-full,2500M-full,5000M-full"
set [ find default-name=qsfpplus2-3 ] advertise="10M-half,10M-full,100M-half,1\
00M-full,1000M-half,1000M-full,10000M-full,2500M-full,5000M-full"
set [ find default-name=qsfpplus2-4 ] advertise="10M-half,10M-full,100M-half,1\
00M-full,1000M-half,1000M-full,10000M-full,2500M-full,5000M-full"
set [ find default-name=sfp-sfpplus1 ] auto-negotiation=no rx-flow-control=\
auto tx-flow-control=auto
set [ find default-name=sfp-sfpplus2 ] auto-negotiation=no rx-flow-control=\
auto tx-flow-control=auto
set [ find default-name=sfp-sfpplus3 ] auto-negotiation=no rx-flow-control=\
auto tx-flow-control=auto
set [ find default-name=sfp-sfpplus4 ] auto-negotiation=no rx-flow-control=\
auto tx-flow-control=auto
/interface vlan
add comment=MGT interface=BRIDGE name=VLAN_99 vlan-id=99
add comment=FIRMA interface=BRIDGE name=VLAN_100 vlan-id=100
add comment=GUEST interface=BRIDGE name=VLAN_200 vlan-id=200
add comment=DMZ interface=BRIDGE name=VLAN_300 vlan-id=300
add comment=HOTSPOT interface=BRIDGE name=VLAN_400 vlan-id=400
add comment=PRIVAT interface=BRIDGE name=VLAN_500 vlan-id=500
add comment=LTE interface=BRIDGE name=VLAN_600 vlan-id=600
add comment=BACKUP1 interface=BRIDGE name=VLAN_700 vlan-id=700
add comment=BACKUP2 interface=BRIDGE name=VLAN_800 vlan-id=800
add comment=TELEFON interface=BRIDGE name=VLAN_900 vlan-id=900
add comment=IOT interface=BRIDGE name=VLAN_1000 vlan-id=1000
add comment=PRINTER interface=BRIDGE name=VLAN_1100 vlan-id=1100
add comment=SONOS interface=BRIDGE name=VLAN_1200 vlan-id=1200
add comment=CAM interface=BRIDGE name=VLAN_1300 vlan-id=1300
add comment=FREE01 interface=BRIDGE name=VLAN_1400 vlan-id=1400
add comment=FREE02 interface=BRIDGE name=VLAN_1500 vlan-id=1500
add comment=FREE03 interface=BRIDGE name=VLAN_1600 vlan-id=1600
add comment=FREE04 interface=BRIDGE name=VLAN_1700 vlan-id=1700
add comment=FREE05 interface=BRIDGE name=VLAN_1800 vlan-id=1800
add comment=FREE06 interface=BRIDGE name=VLAN_1900 vlan-id=1900
add comment=FREE07 interface=BRIDGE name=VLAN_2000 vlan-id=2000
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/port
set 0 name=serial0
/system logging action
set 1 disk-file-name=log
add disk-file-count=1 disk-file-name=auth.log disk-lines-per-file=5000 name=\
auth target=disk
/interface bridge port
add bridge=BRIDGE interface=ether1 pvid=100
add bridge=BRIDGE interface=ether2 pvid=100
add bridge=BRIDGE interface=ether3 pvid=100
add bridge=BRIDGE interface=ether4 pvid=100
add bridge=BRIDGE interface=ether5 pvid=100
add bridge=BRIDGE interface=ether6 pvid=100
add bridge=BRIDGE interface=ether7 pvid=100
add bridge=BRIDGE interface=ether8 pvid=100
add bridge=BRIDGE interface=ether9 pvid=100
add bridge=BRIDGE interface=ether10 pvid=100
add bridge=BRIDGE interface=ether11 pvid=100
add bridge=BRIDGE interface=ether12 pvid=100
add bridge=BRIDGE interface=ether13 pvid=100
add bridge=BRIDGE interface=ether14 pvid=100
add bridge=BRIDGE interface=ether15 pvid=100
add bridge=BRIDGE interface=ether16 pvid=100
add bridge=BRIDGE interface=ether17 pvid=100
add bridge=BRIDGE interface=ether18
add bridge=BRIDGE interface=ether19 pvid=100
add bridge=BRIDGE interface=ether20 pvid=100
add bridge=BRIDGE interface=ether21 pvid=100
add bridge=BRIDGE interface=ether22 pvid=100
add bridge=BRIDGE interface=ether23 pvid=100
add bridge=BRIDGE interface=ether24 pvid=100
add bridge=BRIDGE interface=ether25 pvid=100
add bridge=BRIDGE interface=ether26 pvid=100
add bridge=BRIDGE interface=ether27 pvid=100
add bridge=BRIDGE interface=ether28
add bridge=BRIDGE interface=ether29 pvid=100
add bridge=BRIDGE interface=ether30 pvid=100
add bridge=BRIDGE interface=ether31 pvid=100
add bridge=BRIDGE interface=ether32 pvid=100
add bridge=BRIDGE interface=ether33 pvid=100
add bridge=BRIDGE interface=ether34
add bridge=BRIDGE interface=ether35 pvid=100
add bridge=BRIDGE interface=ether36 pvid=100
add bridge=BRIDGE interface=ether37 pvid=100
add bridge=BRIDGE interface=ether38
add bridge=BRIDGE interface=ether39 pvid=100
add bridge=BRIDGE interface=ether40 pvid=100
add bridge=BRIDGE interface=ether41 pvid=100
add bridge=BRIDGE interface=ether42 pvid=100
add bridge=BRIDGE interface=ether43 pvid=100
add bridge=BRIDGE interface=ether44 pvid=100
add bridge=BRIDGE interface=ether45 pvid=100
add bridge=BRIDGE interface=ether46 pvid=100
add bridge=BRIDGE interface=ether47 pvid=100
add bridge=BRIDGE interface=ether48 pvid=100
add bridge=BRIDGE interface=ether49 pvid=100
add bridge=BRIDGE interface=qsfpplus1-1
add bridge=BRIDGE interface=qsfpplus1-2
add bridge=BRIDGE interface=qsfpplus1-3
add bridge=BRIDGE interface=qsfpplus1-4
add bridge=BRIDGE interface=qsfpplus2-1
add bridge=BRIDGE interface=qsfpplus2-2
add bridge=BRIDGE interface=qsfpplus2-3
add bridge=BRIDGE interface=qsfpplus2-4
add bridge=BRIDGE interface=sfp-sfpplus1
add bridge=BRIDGE interface=sfp-sfpplus2
add bridge=BRIDGE interface=sfp-sfpplus3
add bridge=BRIDGE interface=sfp-sfpplus4
/ipv6 settings
set disable-ipv6=yes
/interface bridge vlan
add bridge=BRIDGE comment=FIRMA tagged="BRIDGE,sfp-sfpplus1,sfp-sfpplus2,sfp-s\
fpplus3,sfp-sfpplus4,ether28,ether18,ether34,ether38" vlan-ids=100
add bridge=BRIDGE comment=GUEST tagged=\
BRIDGE,sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4 vlan-ids=200
add bridge=BRIDGE comment=DMZ tagged=\
BRIDGE,sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4 vlan-ids=300
add bridge=BRIDGE comment=HOTSPOT tagged=\
BRIDGE,sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4 vlan-ids=400
add bridge=BRIDGE comment=PRIVAT tagged=\
BRIDGE,sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4 vlan-ids=500
add bridge=BRIDGE comment=LTE tagged=\
BRIDGE,sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4 vlan-ids=600
add bridge=BRIDGE comment=BACKUP01 tagged=\
BRIDGE,sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4 vlan-ids=700
add bridge=BRIDGE comment=BACKUP02 tagged=\
BRIDGE,sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4 vlan-ids=800
add bridge=BRIDGE comment=TELEFON tagged=\
BRIDGE,sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4 vlan-ids=900
add bridge=BRIDGE comment=IOT tagged=\
BRIDGE,sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4 vlan-ids=1000
add bridge=BRIDGE comment=PRINTER tagged=\
BRIDGE,sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4 vlan-ids=1100
add bridge=BRIDGE comment=SONOS tagged=\
BRIDGE,sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4 vlan-ids=1200
add bridge=BRIDGE comment=CAM tagged=\
BRIDGE,sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4 vlan-ids=1300
add bridge=BRIDGE comment=MOBILWLAN tagged=\
BRIDGE,sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4 vlan-ids=1400
add bridge=BRIDGE comment=FREE2 tagged=\
BRIDGE,sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4 vlan-ids=1500
add bridge=BRIDGE comment=FREE3 tagged=\
BRIDGE,sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4 vlan-ids=1600
add bridge=BRIDGE comment=FREE4 tagged=\
BRIDGE,sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4 vlan-ids=1700
add bridge=BRIDGE comment=FREE5 tagged=\
BRIDGE,sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4 vlan-ids=1800
add bridge=BRIDGE comment=FREE6 tagged=\
BRIDGE,sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4 vlan-ids=1900
add bridge=BRIDGE comment=FREE7 tagged=\
BRIDGE,sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4 vlan-ids=2000
add bridge=BRIDGE comment=FIRMA tagged="BRIDGE,sfp-sfpplus1,sfp-sfpplus2,sfp-s\
fpplus3,sfp-sfpplus4,ether38,ether34,ether28,ether18" vlan-ids=99
/ip dhcp-client
add interface=VLAN_99
add add-default-route=no interface=VLAN_100
/ip firewall address-list
add address=192.168.254.0/24 list=local
add address=10.16.0.0/16 list=local
add list=local
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh port=45735
set api disabled=yes
/ip ssh
set host-key-size=4096
/system clock
set time-zone-name=Europe/Berlin
/system identity
set name=TEST01SW02
/system logging
add action=auth topics=account
/system package update
set channel=long-term
/system routerboard settings
set auto-upgrade=yes boot-os=router-os enter-setup-on=delete-key silent-boot=\
yes
/system scheduler
add interval=3w name=BackupEmail on-event=BackupEmail policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-date=2021-01-25 start-time=01:00:00
add name=Reboot on-event="delay 30\r\
\n/log print file=logfile;\r\
\ndelay 10\r\
\n/tool e-mail send to=\"mreboot@test.com\" subject=\"\$[/system identity\
\_get name] - Rebooted at \$[/system clock get time] \$[/system clock get \
date]\" body=\"See attached log.\" file=\"logfile.txt\"\r\
\ndelay 5\r\
\n/file remove logfile.txt\r\
\nlog info \"email sent and logfile deleted\"" policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-time=startup
add comment="2024-01-22 13:45:54" interval=1m name=MikrotikLoginAlert \
on-event=MikrotikLoginAlert policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-date=2021-01-25 start-time=00:00:00
/system script
add dont-require-permissions=no name=BackupEmail owner=test policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":\
local mailfrom \"mikrotik@test.com\"\r\
\n:local rcptto \"mbackup@test.com\"\r\
\n:local hostname [/system identity get name]\r\
\n\r\
\n/export file config\r\
\n\r\
\n/tool e-mail send to=\$rcptto from=\$mailfrom subject=(\"{Config} \" . [\
/system identity get name] . \" Config, \" . [/system resource get version\
]) body=\"See attached file for configuration export.\$hostname\" file=con\
fig.rsc\r\
\n\r\
\n:delay 10\r\
\n\r\
\n/system backup save name=email\r\
\n\r\
\n/tool e-mail send to=\$rcptto from=\$mailfrom subject=(\"{Backup} \" . [\
/system identity get name] . \" backup, \" . [/system resource get version\
]) body=\"See attached file for configuration backup.\$hostname\" file=ema\
il.backup"
add dont-require-permissions=no name=MikrotikLoginAlert owner=test policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="#\
\_BEGIN SETUP\r\
\n:local scheduleName \"MikrotikLoginAlert\"\r\
\n:local emailAddress \"mikrotik@test.com\"\r\
\n:local emailAddressto \"mlogin@test.com\"\r\
\n:local startBuf [:toarray [/log find message~\"logged in\" || message~\"\
login failure\"]]\r\
\n:local removeThese {\"telnet\";\"10.16\"}\r\
\n:local removeThese {\"telnet\";\"10.99\"}\r\
\n:local removeThese {\"telnet\";\"192.168.254\"}\r\
\n:local removeThese {\"winbox\";\"10.16\"}\r\
\n:local removeThese {\"winbox\";\"10.99\"}\r\
\n:local removeThese {\"winbox\";\"192.168.254\"}\r\
\n:local removeThese {\"dude\";\"10.16\"}\r\
\n:local removeThese {\"dude\";\"10.99\"}\r\
\n:local removeThese {\"dude\";\"192.168.254\"}\r\
\n\r\
\n:local hostname [/system identity get name]\r\
\n# END SETUP\r\
\n\r\
\n# warn if schedule does not exist\r\
\n:if ([:len [/system scheduler find name=\"\$scheduleName\"]] = 0) do={\r\
\n/log warning \"[LOGMON] ERROR: Schedule does not exist. Create schedule \
and edit script to match name\"\r\
\n}\r\
\n\r\
\n# get last time\r\
\n:local lastTime [/system scheduler get [find name=\"\$scheduleName\"] co\
mment]\r\
\n# for checking time of each log entry\r\
\n:local currentTime\r\
\n# log message\r\
\n:local message\r\
\n\r\
\n# final output\r\
\n:local output\r\
\n\r\
\n:local keepOutput false\r\
\n# if lastTime is empty, set keepOutput to true\r\
\n:if ([:len \$lastTime] = 0) do={\r\
\n:set keepOutput true\r\
\n}\r\
\n\r\
\n:local counter 0\r\
\n# loop through all log entries that have been found\r\
\n:foreach i in=\$startBuf do={\r\
\n\r\
\n# loop through all removeThese array items\r\
\n:local keepLog true\r\
\n:foreach j in=\$removeThese do={\r\
\n# if this log entry contains any of them, it will be ignored\r\
\n:if ([/log get \$i message] ~ \"\$j\") do={\r\
\n:set keepLog false\r\
\n}\r\
\n}\r\
\n:if (\$keepLog = true) do={\r\
\n\r\
\n:set message [/log get \$i message]\r\
\n\r\
\n# LOG DATE\r\
\n# depending on log date/time, the format may be different. 3 known forma\
ts\r\
\n# format of jan/01/2002 00:00:00 which shows up at unknown date/time. Us\
ing as default\r\
\n:set currentTime [ /log get \$i time ]\r\
\n# format of 00:00:00 which shows up on current day's logs\r\
\n:if ([:len \$currentTime] = 8 ) do={\r\
\n:set currentTime ([:pick [/system clock get date] 0 11].\" \".\$currentT\
ime)\r\
\n} else={\r\
\n# format of jan/01 00:00:00 which shows up on previous day's logs\r\
\n:if ([:len \$currentTime] = 15 ) do={\r\
\n:set currentTime ([:pick \$currentTime 0 6].\"/\".[:pick [/system clock \
get date] 7 11].\" \".[:pick \$currentTime 7 15])\r\
\n}\r\
\n}\r\
\n\r\
\n# if keepOutput is true, add this log entry to output\r\
\n:if (\$keepOutput = true) do={\r\
\n:set output (\$output.\$currentTime.\" \".\$message.\"\\r\\n\")\r\
\n}\r\
\n# if currentTime = lastTime, set keepOutput so any further logs found wi\
ll be added to output\r\
\n# reset output in the case we have multiple identical date/time entries \
in a row as the last matching logs\r\
\n# otherwise, it would stop at the first found matching log, thus all fol\
lowing logs would be output\r\
\n:if (\$currentTime = \$lastTime) do={\r\
\n:set keepOutput true\r\
\n:set output \"\"\r\
\n}\r\
\n}\r\
\n\r\
\n# if this is last log entry\r\
\n:if (\$counter = ([:len \$startBuf]-1)) do={\r\
\n# If keepOutput is still false after loop, this means lastTime has a val\
ue, but a matching currentTime was never found.\r\
\n# This can happen if 1) The router was rebooted and matching logs stored\
\_in memory were wiped, or 2) An item is added\r\
\n# to the removeThese array that then ignores the last log that determine\
d the lastTime variable.\r\
\n# This resets the comment to nothing. The next run will be like the firs\
t time, and you will get all matching logs\r\
\n:if (\$keepOutput = false) do={\r\
\n# if previous log was found, this will be our new lastTime entry\r\
\n:if ([:len \$message] > 0) do={\r\
\n:set output (\$output.\$currentTime.\" \".\$message.\"\\r\\n\")\r\
\n}\r\
\n}\r\
\n}\r\
\n:set counter (\$counter + 1)\r\
\n}\r\
\n\r\
\n# If we have output, save new date/time, and send email\r\
\nif ([:len \$output] > 0) do={\r\
\n/system scheduler set [find name=\"\$scheduleName\"] comment=\$currentTi\
me\r\
\n/tool e-mail send to=\"\$emailAddressto\" subject=\"MikroTik alert \$cur\
rentTime on \$hostname\" body=\"\$output\"\r\
\n/log info \"[LOGMON] New logs found, send email\"\r\
\n}"
/tool bandwidth-server
set enabled=no
/tool graphing interface
add allow-address=192.168.254.0/24
add allow-address=10.16.0.0/16
/tool graphing queue
add allow-address=192.168.254.0/24
add allow-address=10.16.0.0/16
/tool graphing resource
add allow-address=192.168.254.0/24
add allow-address=10.16.0.0/16
/tool romon
set enabled=yes