Kam statickou IP

dominiktoreto

Zeptam se jeste zvlast a samozrejme pro vas blbe.

Zazizeni Ap a switche si davam do site pomoci staticke adresy.Menil jsem ted AP UBNT za Mikrotika.

Moc asi nechapu kam kdy tu statickou vytvorit a umistit.

Kdyz mam vse Bridge a vytvoreno Ap Station tak IP na eth1?

Pokud mam AP Client tak na wan1?

Jelikoz ne vzdy mi to jede v siti..

Diky za radu.

mirek_k

Pokud jsou rozhraní v bridge, tak IP na bridge.

Jinak na dané rozhraní.

Mirek

dominiktoreto

To jsem si myslel ze kdyz treba mam routr jako switch s AP, melo by to byt na bridge.Ale pak me porad pada sit i kdyz mam treba zarizeni na 192.168.5.2/24 a routr je 192.168.5.1/24 (DHCP 192.168.5.100-192.168.5.254)

mirek_k

Co je to padá?

Příčin může být více.

Mirek

dominiktoreto

Nejvice to sleduji na kamerach (onvif) ale pokud vypadne obraz,tak vypadne i internet.

Kdyz AP vytahnu ze zasuvky,rozjede se to..

Kyz zapnu tak po minite to skace.

mirek_k

Pošli schema sítě, takhle se těžko radí.

Kromě duplicitních adres umí pěknou paseku udělat i duplicitní MAC...

Mirek

dominiktoreto

Tak ten Switch AP je nastaven:

/interface bridge

add name=Bridge

/interface wireless security-profiles

add authentication-types=wpa-psk,wpa2-psk eap-methods="" management-protection=\

allowed mode=dynamic-keys name=XXX_Lan supplicant-identity="" \

wpa-pre-shared-key=networkpass wpa2-pre-shared-key=networkpass

/interface wireless

set [ find default-name=wlan1 ] band=2ghz-b/g/n disabled=no mode=ap-bridge \

name=Wifi2,4 security-profile=XXX_Lan ssid=XXX_LAN_M2,4

set [ find default-name=wlan2 ] band=5ghz-a/n/ac disabled=no mode=ap-bridge \

name=Wifi5 security-profile=XXX_Lan ssid=XXX_LAN_M5

/ip hotspot profile

set [ find default=yes ] html-directory=flash/hotspot

/interface bridge port

add bridge=Bridge interface=ether1

add bridge=Bridge interface=ether2

add bridge=Bridge interface=ether3

add bridge=Bridge interface=ether4

add bridge=Bridge interface=ether5

add bridge=Bridge interface=Wifi2,4

add bridge=Bridge interface=Wifi5

/ip address

add address=192.168.5.60/24 interface=ether2 network=192.168.5.0

/ip route

add distance=1 gateway=192.168.5.1

/system clock

set time-zone-name=Europe/Prague

/system routerboard settings

set cpu-frequency=650MHz init-delay=0s protected-routerboot=disabled

Hlaví routr je nastaven:

/interface bridge

add admin-mac=4C:5E:0C:FB:6C:40 auto-mac=no name=bridge-local

/interface ethernet

set [ find default-name=ether5 ] name=Kamery_Ether5

set [ find default-name=ether1 ] name=ether1-gateway

set [ find default-name=ether6 ] name=ether6-master-local

set [ find default-name=ether7 ] master-port=ether6-master-local name=\

ether7-slave-local

set [ find default-name=ether8 ] master-port=ether6-master-local name=\

ether8-slave-local

set [ find default-name=ether10 ] master-port=ether6-master-local name=\

ether10-slave-local

/ip neighbor discovery

set ether1-gateway discover=no

/interface ethernet

set [ find default-name=ether9 ] master-port=ether6-master-local name=\

Test_ether9

/interface wireless security-profiles

set [ find default=yes ] supplicant-identity=MikroTik

/ip ipsec proposal

set [ find default=yes ] enc-algorithms=aes-128-cbc

/ip pool

add name=dhcp ranges=192.168.5.100-192.168.5.254

add name=dhcp_pool1 ranges=192.168.0.2-192.168.0.254

add name=vpn ranges=192.168.89.2-192.168.89.255

/ip dhcp-server

add address-pool=dhcp disabled=no interface=bridge-local name=default

# DHCP server can not run on slave interface!

add address-pool=dhcp_pool1 disabled=no interface=Test_ether9 lease-time=3d \

name=dhcp1

/port

set 1 name=usb2

/interface ppp-client

add apn=internet default-route-distance=1 name=ppp-out1 port=usb2

/ppp profile

set *FFFFFFFE local-address=192.168.89.1 remote-address=vpn

/interface bridge port

add bridge=bridge-local interface=ether2

add bridge=bridge-local interface=ether3

add bridge=bridge-local interface=ether4

add bridge=bridge-local interface=Kamery_Ether5

add bridge=bridge-local interface=ether6-master-local

add bridge=bridge-local interface=sfp1

/interface l2tp-server server

set ipsec-secret=passWord261184789use-ipsec=yes

/interface sstp-server server

set default-profile=default-encryption

/ip address

add address=192.168.5.1/24 comment="default configuration" interface=ether2 \

network=192.168.5.0

add address=192.168.10.10/24 interface=ether1-gateway network=192.168.10.0

/ip arp

add address=192.168.5.9 comment="Elanka WS" interface=bridge-local mac-address=\

00:1A:4D:FF:D0:BF

add address=192.168.5.4 comment="NAS Synology" interface=bridge-local \

mac-address=00:11:32:21:DC:F7

/ip cloud

set ddns-enabled=yes

/ip dhcp-client

add comment="default configuration" dhcp-options=hostname,clientid interface=\

ether1-gateway

/ip dhcp-server lease

add address=192.168.5.243 always-broadcast=yes client-id=1:4c:ed:de:50:6f:b4 \

comment="Samsung wifi" mac-address=4C:ED:DE:50:6F:B4 server=default

add address=192.168.5.189 client-id=1:24:a4:3c:83:f9:e4 comment=\

"mFi z\E1suvka \9Aopa" mac-address=24:A4:3C:83:F9:E4 server=default

add address=192.168.5.119 client-id=1:d4:be:d9:65:fa:e6 comment="xXx Dock NTB" \

mac-address=D4:BE:D9:65:FA:E6 server=default

add address=192.168.5.123 client-id=1:24:77:3:a0:4d:bc comment=\

"Monika Wifi NTB" mac-address=24:77:03:A0:4D:BC server=default

add address=192.168.5.124 client-id=1:0:1a:4d:ff:d0:bf comment=\

"Elenka PC (Traccar)" mac-address=00:1A:4D:FF:D0:BF server=default

/ip dhcp-server network

add address=192.168.5.0/24 comment="default configuration" dns-server=\

192.168.10.1 gateway=192.168.5.1 netmask=24

/ip dns

set allow-remote-requests=yes servers=192.168.10.1

/ip dns static

add address=192.168.1.1 name=router

/ip firewall filter

add action=accept chain=input comment="default configuration" disabled=yes \

protocol=icmp

add action=accept chain=input comment="default configuration" connection-state=\

established,related disabled=yes

add action=drop chain=input comment="default configuration" disabled=yes \

in-interface=ether1-gateway

add action=accept chain=forward comment="default configuration" \

connection-state=established,related disabled=yes

add action=drop chain=forward comment="default configuration" connection-state=\

invalid disabled=yes

add action=drop chain=forward comment="default configuration" \

connection-nat-state=!dstnat connection-state=new disabled=yes \

in-interface=ether1-gateway

add action=accept chain=input disabled=yes dst-port=8728 protocol=tcp

add action=accept chain=input disabled=yes dst-port=80 protocol=tcp

add action=accept chain=input comment=Winbox disabled=yes dst-port=8291 \

protocol=tcp

add action=accept chain=input comment="default configuration" disabled=yes \

protocol=icmp

add action=accept chain=input comment="default configuration" connection-state=\

established,related disabled=yes

add action=drop chain=input comment="default configuration" disabled=yes \

in-interface=ether1-gateway

add action=accept chain=forward comment="default configuration" \

connection-state=established,related disabled=yes

add action=drop chain=forward comment="default configuration" connection-state=\

invalid disabled=yes

add action=drop chain=forward comment="default configuration" \

connection-nat-state=!dstnat connection-state=new disabled=yes \

in-interface=ether1-gateway

/ip firewall nat

add action=masquerade chain=srcnat comment="default configuration" \

out-interface=ether1-gateway

add action=masquerade chain=srcnat comment="default configuration" disabled=yes \

out-interface=ether1-gateway

add action=dst-nat chain=dstnat comment="Web NAS" dst-port=80 in-interface=\

ether1-gateway protocol=tcp to-addresses=192.168.5.4 to-ports=80

add action=dst-nat chain=dstnat comment="VNC Dell E6220 WiFi" dst-port=6002 \

in-interface=ether1-gateway protocol=tcp to-addresses=192.168.5.123 \

to-ports=5900

add action=dst-nat chain=dstnat comment="RDP WINServer " dst-port=6000 \

in-interface=ether1-gateway protocol=tcp to-addresses=192.168.5.2 to-ports=\

3389

add action=dst-nat chain=dstnat comment="VPN Server (PPTP) NAS " dst-port=1723 \

in-interface=ether1-gateway protocol=tcp to-addresses=192.168.5.4 to-ports=\

1723

add action=dst-nat chain=dstnat comment="CMS Synology NAS" disabled=yes \

dst-port=5001 in-interface=ether1-gateway protocol=tcp to-addresses=\

192.168.5.4 to-ports=5001

add action=dst-nat chain=dstnat comment="Traccar na PC Elenky" dst-port=\

5001-5030 in-interface=ether1-gateway protocol=tcp to-addresses=192.168.5.2 \

to-ports=5001-5030

add action=dst-nat chain=dstnat comment="Traccar na Android" dst-port=5055 \

in-interface=ether1-gateway protocol=tcp to-addresses=192.168.5.2 to-ports=\

5055

add action=dst-nat chain=dstnat comment="Traccar Web Page" dst-port=8082 \

in-interface=ether1-gateway protocol=tcp to-addresses=192.168.5.2 to-ports=\

8082

add action=dst-nat chain=dstnat comment="Synology Video Station" dst-port=\

9025-9040 in-interface=ether1-gateway protocol=tcp to-addresses=192.168.5.4 \

to-ports=9025-9040

add action=dst-nat chain=dstnat comment="DS Cloud NAS" dst-port=6690 \

in-interface=ether1-gateway protocol=tcp to-addresses=192.168.5.4 to-ports=\

6690

add action=dst-nat chain=dstnat comment="DVBT-Link TV Online" dst-port=39876 \

in-interface=ether1-gateway protocol=tcp to-addresses=192.168.5.4 to-ports=\

39876

add action=dst-nat chain=dstnat comment="DVBT-Link Stream" dst-address=\

192.168.10.10 dst-port=8100-8102 in-interface=ether1-gateway protocol=tcp \

to-addresses=192.168.5.4 to-ports=8100-8102

add action=dst-nat chain=dstnat comment="Fibaro Remote " dst-address=\

192.168.10.10 dst-port=6005 in-interface=ether1-gateway protocol=tcp \

to-addresses=192.168.5.117 to-ports=80

add action=dst-nat chain=dstnat comment="DVBT-Link Stream/udp" dst-address=\

192.168.10.10 dst-port=8100-8102 in-interface=ether1-gateway protocol=udp \

to-addresses=192.168.5.4 to-ports=8100-8102

add action=dst-nat chain=dstnat comment="DVBT-Link Stream/udp" dst-address=\

192.168.10.10 dst-port=8080 in-interface=ether1-gateway protocol=tcp \

to-addresses=192.168.5.4 to-ports=8080

add action=dst-nat chain=dstnat comment="HTTPS NAS" dst-port=443 in-interface=\

ether1-gateway protocol=tcp to-addresses=192.168.5.4 to-ports=443

add action=dst-nat chain=dstnat dst-port=5000 in-interface=ether1-gateway \

protocol=tcp to-addresses=192.168.5.4 to-ports=5000

add action=dst-nat chain=dstnat comment="Kamera Chotba" dst-port=6093 \

in-interface=ether1-gateway protocol=tcp to-addresses=192.168.5.93 \

to-ports=81

add action=dst-nat chain=dstnat comment="Kamera Byt" dst-port=6092 \

in-interface=ether1-gateway protocol=tcp to-addresses=192.168.5.92 \

to-ports=81

add action=dst-nat chain=dstnat comment="Kamera Vchod" dst-port=6094 \

in-interface=ether1-gateway protocol=tcp to-addresses=192.168.5.94 \

to-ports=80

add action=dst-nat chain=dstnat comment="Kamera Kaloudova (onvif)" dst-port=\

6198 in-interface=all-ethernet protocol=tcp to-addresses=192.168.5.98 \

to-ports=554

add action=dst-nat chain=dstnat comment="Kamera Kaloudova" dst-port=6098 \

in-interface=ether1-gateway protocol=tcp to-addresses=192.168.5.98 \

to-ports=8999

add action=dst-nat chain=dstnat dst-port=21 in-interface=ether1-gateway \

protocol=tcp to-addresses=192.168.5.4 to-ports=21

add action=dst-nat chain=dstnat dst-port=9900 in-interface=ether1-gateway \

protocol=tcp to-addresses=192.168.5.4 to-ports=9900

add action=dst-nat chain=dstnat comment="NVR WEB" dst-port=8589 in-interface=\

ether1-gateway protocol=tcp to-addresses=192.168.5.181 to-ports=80

add action=dst-nat chain=dstnat comment="NVR port 5050 pro aplikaci" dst-port=\

8581 in-interface=ether1-gateway protocol=tcp to-addresses=192.168.5.181 \

to-ports=5050

add action=dst-nat chain=dstnat comment="ElkoEP Inels Kuchyn\EC" dst-port=8588 \

in-interface=ether1-gateway protocol=tcp to-addresses=192.168.5.10 \

to-ports=80

add action=masquerade chain=srcnat comment="masq. vpn traffic" src-address=\

192.168.89.0/24

/ip route

add distance=1 gateway=192.168.10.1

/ip upnp

set enabled=yes

/lcd pin

set pin-number=2611

/ppp secret

add name=Dominiktoreto password=

add name=vpn password=

/system clock

set time-zone-autodetect=no time-zone-name=Europe/Amsterdam

/system identity

set name=MikroTik_Router_K9

/tool mac-server

set [ find default=yes ] disabled=yes

add interface=ether2

add interface=ether3

add interface=ether4

add interface=Kamery_Ether5

add interface=ether6-master-local

add interface=ether7-slave-local

add interface=ether8-slave-local

add interface=Test_ether9

add interface=ether10-slave-local

add interface=sfp1

add interface=bridge-local

/tool mac-server mac-winbox

set [ find default=yes ] disabled=yes

add interface=ether2

add interface=ether3

add interface=ether4

add interface=Kamery_Ether5

add interface=ether6-master-local

add interface=ether7-slave-local

add interface=ether8-slave-local

add interface=Test_ether9

add interface=ether10-slave-local

add interface=sfp1

add interface=bridge-local

/tool traffic-monitor

add interface=ether4 name=tmon1 threshold=0 trigger=always

Pak mám tři Glan switche Mikrotik na 192.168.5.5 a 192.168.5.6 a 192.168.5.7

mirek_k

Tohle je nastavení, ne schema...

Mirek

dominiktoreto

Ja vim,spi zda nemam chybu nekde v nastaveni.Nez neco nakreslim a projdu vsechny Ap a switsche,to redeji objednam zase UBNt :)

Tak jsem našel původní obrázek,jediné co se změnilo že 192.168.5.60 je DualBand Mikrotik a jsou do něj kabelem zapojeny 3 PC

mirek_k

A která větev zlobí?

Jinak píšeš, že switch má IP 1925.168.5.5,6,7, ale já tam vidím HTPC se stejnou adresou.

Pak AP napravo musí mít povolen bridge mod a klient musí být station bridge, ne jen station.

Mirek

dominiktoreto

HTPC má uz adresu DHCP.

Dělá to větev 192.168.5.51 - na switch pro kamery.

Ale zobrazovací kde to vypadává je zase na větvi 192.168.5.6x

mirek_k

Sledoval bych na hlavním routeru ARP tabulku na duplicitu MAC či IP.

Mirek

dominiktoreto

Mrknu na to,je to ale divne.

Ja vůbec nevím co je na adrese 192.168.5.3 ani 213

NEMUZE TO BYT TREBA TIM ZE TAM POUZIVAM ETH1?

Je tam bridge root

ludvik

MAC s nulami ignoruj. To je výsledek nekompletního ARP. Tedy ve smyslu - něco se s tím snaží komunikovat, ale na síti to neexistuje.

dominiktoreto

Hrozně me zaráží proč tam ten root bridge je...,jelikož na AP a Routru to nemám.Je to normální jev?

ludvik

Root bridge se týká spanning tree. Zapíná se to na bridge. A ve starších verzích to bývalo defaultně vypnuté, v novějších zapnuté. Pokud je to root port, tak to znamená že tam někde sedí jiný bridge (nebo switch, samozřejmě) s nižším ID (bridgeID+MAC, zjednodušeně), že tamtudy je kratší cesta.

Doporučuji to projít a buď to všude vypnout, nebo zapnout. Smyčky nemáš, tak bych to možná vypnul ... to je otázka do pranice. A pokud zapnul, tak bych nejhlavnějšímu dal co nejnižší ID. A těm co mohou padat naopak nižší.

dominiktoreto

To je pravda na te trase je RB260GS.

Až pak za ním je to AP a zmiňovyny hAP ac lite.A kde to vypnu v těch RB prosím?Nebo myslíte že to nebude příčina výpadků???

ludvik

Nebylo by lepší si to proklikat sám? Alespoň bys věděl, co kde je ...

Root bridge se týká spanning tree. Zapíná se to na bridge.

Jestli je na tom switchi SwOS, tak ten neznám.

Přímá příčina to nejspíš nebude. Ale pokud se přepočítává trasa, tak výpadek být může. Ale je krátký, max vteřiny. Teoreticky se ti tam ovšem může zapnout "něco" co si na sebe ten provoz převezme. (R)STP musíš mít pod kontrolou.

mirek_k

A v logu těch zařízení nic zajímavého není?

Mirek

dominiktoreto

To jsem právě udělal než jsem napsal..

Nic takového jsem tam nenašel..

Nic stejného jsem v logu nenašel,ani stejná IP a ani MAC,mám hledat ještě něco jiného?

To jsem netušil že to bude takový problém,mít síť jen na MT

Další stránka »