I really would like any advise on a matter here.
Recently (a couple of days ago) my network started to misbehave, and some weird things are occurring.
For example, my Windows laptop says my Wifi has no internet, but I can utilize it normally (I'm writing this post right now); My Linux Server, connected via ethernet, can't update (apt update), returning timeout. When I connect the Linux with my iPhone wifi tethering, it works just fine; My Smart TV says there's a connection issue (via Wifi or Eth) with the internet, but I can watch Netflix; My PS5 console can't connect to the Wifi network, saying there a network issue.
Another weird thing, in my hAP ac, I'm able to update the routerOs. But in one cAP ac, configured as stand-alone, not CAPsMAN, it timed out. Nothing changed in my settings for quite a while, so I have no idea what might have been generating these issues.
Here are my export settings for both Router and cAP ac.
hAP ac (Router)
cAP ac# feb/02/2023 10:36:39 by RouterOS 7.7
# software id = XLZG-LBM0
#
# model = RB962UiGS-5HacT2HnT
# serial number = 8A77087C856C
/interface bridge
add admin-mac=CC:2D:E0:C4:F4:AD auto-mac=no comment=defconf name=bridge
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-g/n channel-width=20/40mhz-XX \
country=brazil disabled=no distance=indoors installation=indoor mode=\
ap-bridge ssid=AB-HOME2G tx-power=10 tx-power-mode=all-rates-fixed \
wireless-protocol=802.11
set [ find default-name=wlan2 ] band=5ghz-n/ac channel-width=20/40/80mhz-eCee \
country=brazil default-authentication=no default-forwarding=no disabled=no \
frequency=5765 mode=ap-bridge ssid=AB-HOME5G wireless-protocol=802.11 \
wps-mode=disabled
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1 name=pppoe-vivo user=\
cliente@cliente
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk eap-methods="" \
mode=dynamic-keys supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=10.25.10.100-10.25.10.254
/ip dhcp-server
add address-pool=dhcp interface=bridge name=defconf
/caps-man manager
set ca-certificate=auto certificate=auto
/caps-man manager interface
set [ find default=yes ] forbid=yes
add disabled=no interface=bridge
/interface bridge port
add bridge=bridge comment=defconf ingress-filtering=no interface=ether2
add bridge=bridge comment=defconf ingress-filtering=no interface=ether3
add bridge=bridge comment=defconf ingress-filtering=no interface=ether4
add bridge=bridge comment=defconf ingress-filtering=no interface=ether5
add bridge=bridge comment=defconf ingress-filtering=no interface=sfp1
add bridge=bridge comment=defconf ingress-filtering=no interface=wlan1
add bridge=bridge comment=defconf ingress-filtering=no interface=wlan2
/ip neighbor discovery-settings
set discover-interface-list=LAN
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface detect-internet
set internet-interface-list=WAN lan-interface-list=LAN wan-interface-list=WAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
add interface=pppoe-vivo list=WAN
/interface ovpn-server server
set auth=sha1,md5
/interface wireless access-list
add interface=wlan2 signal-range=-70..120
add authentication=no forwarding=no interface=wlan2 signal-range=-120..-70
add authentication=no forwarding=no interface=wlan1 signal-range=-120..-65
add interface=wlan1 signal-range=-65..120
/interface wireless cap
set discovery-interfaces=bridge interfaces=wlan1,wlan2
/ip address
add address=10.25.10.1/24 comment=defconf interface=bridge network=10.25.10.0
/ip dhcp-client
add comment=defconf disabled=yes interface=ether1
/ip dhcp-server lease
add address=10.25.10.30 client-id=SuiteLuz2 mac-address=D8:F1:5B:C9:78:CC \
server=defconf
add address=10.25.10.20 comment="Home Automation Server" mac-address=\
DC:A6:32:6B:6C:09 server=defconf
add address=10.25.10.33 mac-address=A0:20:A6:11:94:88 server=defconf
add address=10.25.10.31 mac-address=D8:F1:5B:C8:DA:DE server=defconf
add address=10.25.10.34 mac-address=A0:20:A6:03:D5:E7 server=defconf
add address=10.25.10.35 mac-address=60:01:94:E3:B5:81 server=defconf
add address=10.25.10.37 mac-address=CC:50:E3:E8:9E:D7 server=defconf
add address=10.25.10.38 mac-address=50:02:91:57:06:A3 server=defconf
add address=10.25.10.36 mac-address=50:02:91:5C:E0:FB server=defconf
add address=10.25.10.39 mac-address=CC:50:E3:E8:A1:87 server=defconf
add address=10.25.10.3 client-id=1:d0:3:df:6b:8:be mac-address=\
D0:03:DF:6B:08:BE server=defconf
add address=10.25.10.101 client-id=1:b8:c6:aa:7a:c1:23 comment=\
"Start IP reservation for other devices (TVs, TV Box, Console, etc.)" \
mac-address=B8:C6:AA:7A:C1:23 server=defconf
add address=10.25.10.40 mac-address=D8:F1:5B:E0:76:9A server=defconf
add address=10.25.10.29 comment="Start IP reservation for Tasmota Devices" \
mac-address=F4:CF:A2:16:73:CA server=defconf
add address=10.25.10.41 mac-address=60:01:94:FB:F6:6C server=defconf
add address=10.25.10.50 mac-address=84:CC:A8:9C:26:5E server=defconf
add address=10.25.10.2 client-id=1:2c:c8:1b:c3:16:7e mac-address=\
2C:C8:1B:C3:16:7E server=defconf
add address=10.25.10.60 comment=">> Cortina Suite" mac-address=\
E8:DB:84:8D:02:AB server=defconf
add address=10.25.10.80 client-id=1:f4:b1:9c:19:f:7a comment="Camera Quintal" \
mac-address=F4:B1:9C:19:0F:7A server=defconf
add address=10.25.10.10 client-id=1:18:a9:9b:ff:cc:42 mac-address=\
18:A9:9B:FF:CC:42 server=defconf
/ip dhcp-server network
add address=10.25.10.0/24 comment=defconf dns-server=8.8.8.8,8.8.4.4 gateway=\
10.25.10.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip dns static
add address=10.25.10.1 comment=defconf disabled=yes name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related hw-offload=yes
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=\
invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" \
connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=\
out,none out-interface-list=WAN
add action=dst-nat chain=dstnat comment=\
"Direciona as chamadas do Unifi para o Unifi Controller Linux" dst-address=\
191.250.187.198 dst-port=8443 in-interface-list=WAN protocol=tcp \
to-addresses=10.25.10.10 to-ports=8443
add action=dst-nat chain=dstnat dst-port=22 in-interface=pppoe-vivo protocol=\
tcp to-addresses=10.25.10.10 to-ports=22
add action=dst-nat chain=dstnat dst-port=80 protocol=tcp to-addresses=\
10.25.10.10
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=bridge type=internal
add interface=pppoe-vivo type=external
/system clock
set time-zone-name=America/Sao_Paulo
/system identity
set name="MikroTik Router"
/system logging
add
add topics=wireless
/system routerboard settings
set auto-upgrade=yes
/tool graphing interface
add
/tool graphing resource
add
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
I really appreciate any advise or feedback.# feb/02/2023 10:41:44 by RouterOS 7.1.1
# software id = HNGB-HYWP
#
# model = RBcAPGi-5acD2nD
# serial number = DD340E628100
/interface bridge
add name=bridge
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-g/n channel-width=20/40mhz-XX \
country=brazil disabled=no frequency=auto mode=ap-bridge ssid=AB-HOME2G \
tx-power=10 tx-power-mode=all-rates-fixed wps-mode=disabled
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" mode=\
dynamic-keys supplicant-identity=MikroTik
add authentication-types=wpa-psk,wpa2-psk mode=dynamic-keys name=wlan2-profile \
supplicant-identity=MikroTik
/interface wireless
set [ find default-name=wlan2 ] band=5ghz-n/ac basic-rates-a/g=54Mbps \
channel-width=20/40/80mhz-eeeC country=brazil default-authentication=no \
default-forwarding=no disabled=no frequency=5240 mode=ap-bridge \
security-profile=wlan2-profile ssid=AB-HOME5G wireless-protocol=802.11 \
wps-mode=disabled
/interface bridge nat
add action=accept chain=srcnat out-interface=ether1
/interface bridge port
add bridge=bridge interface=wlan1
add bridge=bridge interface=wlan2
add bridge=bridge interface=ether1
add bridge=bridge interface=ether2
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface wireless access-list
add authentication=no forwarding=no interface=wlan2 signal-range=-120..-80
add interface=wlan2 signal-range=-80..120
/ip dhcp-client
add interface=bridge
/ip firewall filter
add action=accept chain=input connection-state=established,related,untracked
add action=drop chain=input connection-state=invalid
add action=accept chain=input protocol=icmp
add action=accept chain=input dst-address=127.0.0.1
add action=accept chain=input dst-port=5246,5247 protocol=udp src-address=\
127.0.0.1
add action=accept chain=forward ipsec-policy=in,ipsec
add action=accept chain=forward ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward connection-state=\
established,related hw-offload=yes
add action=accept chain=forward connection-state=established,related
add action=drop chain=forward connection-state=invalid
/system clock
set time-zone-name=America/Sao_Paulo
/system leds settings
set all-leds-off=immediate
/system routerboard settings
set cpu-frequency=auto
Cheers!