vlan su RB411

[it9mbz]

Ciao a tutti,

abbiamo la necessità di far viaggiare via radio 3 vlan.

Gli apparecchi montano delle RB411 configurate come WDS Station una e Station l'altra.

Finchè il flusso dati è scarso (solo piccoli pacchetti con testo o similari) il link regge, ma non appena si aumenta il flusso (utilizzando vnc ad esempio) il link cade ed è necessario resettare (spegnere ed accendere) la WDS Station.

Ho letto da qualche parte che potrebbe essere dovuto alla MTU, che aumentata di 4 byte dalle vlan, porterebbe in crash il sistema.

Potrebbe essere questo il motivo? Basterebbe quindi ridurre l'MTU di 4 byte?

Grazie anticipatamente.

[figheras]

Guarda c'è gente che sfrutta questi apparati ai massimi livelli e non credo proprio che un misero VNC possa mandare in crash un apparato...
Innanzitutto spiegaci meglio le configurazioni degli apparati...anche se quello station wds <-------->station non l'ho capita proprio......due apparati slave come fanno a comunicare??

Facci sapere avrai il nostro appoggio

[it9mbz]

OK, vedrò di tirar giù le configurazioni e le posto.

Grazie.

[it9mbz]

Come si fa a postare un file di testo con le barre di scorrimento?

Non vorrei mettere un post lungo.

AH, le due RB411 hanno RouterOS differenti, ma la cosa strana e che una ha la versione 4.5.
La stranezza sta nel fatto che sul sito della MikroTik la più recente stabile downlodabile è la 4.11!

Ciao, Sergio.

[Niemira]

Come si fa a postare un file di testo con le barre di scorrimento?

Devi usare il tasto Code, e inserire il testo tra i comandi html che compaiono premendolo.

[it9mbz]

Ecco finalmente gli export dei due RB411

Questo è il primo

Codice: Seleziona tutto

# jan/31/1970 05:39:34 by RouterOS 3.23
# software id = 8AMG-DTT
#
interface wireless security-profiles
set default authentication-types=""
eap-methods=passthrough
group-ciphers=""
group-key-update=5m
interim-update=0s
mode=none
name=default
radius-eap-accounting=no
radius-mac-accounting=no
radius-mac-authentication=no
radius-mac-caching=disabled
radius-mac-format=XX:XX:XX:XX:XX:XX
radius-mac-mode=as-username static-algo-0=none
static-algo-1=none
static-algo-2=none
static-algo-3=none
static-key-0=""
static-key-1=""
static-key-2=""
static-key-3=""
static-sta-private-algo=none
static-sta-private-key=""
static-transmit-key=key-0
supplicant-identity=MikroTik
tls-certificate=none
tls-mode=no-certificates
unicast-ciphers="" wpa-pre-shared-key=
"" wpa2-pre-shared-key=""
interface wireless
set 0 ack-timeout=dynamic
adaptive-noise-immunity=none a
llow-sharedkey=no
antenna-gain=0
antenna-mode=ant-a area=""
arp=enabled band=5ghz
basic-rates-a/g=6Mbps
basic-rates-b=1Mbps
burst-time=disabled
comment=""
compression=no
country=italy
default-ap-tx-limit=0
default-authentication=yes
default-client-tx-limit=0
default-forwarding=yes
dfs-mode=no-radar-detect
disable-running-check=no
disabled=no
disconnect-timeout=3s
frame-lifetime=0
frequency=5540
frequency-mode=regulatory-domain
hide-ssid=no
hw-retries=4
mac-address=00:80:48:60:60:E1
max-station-count=2007
mode=bridge
mtu=1500
name=wlan1
noise-floor-threshold=default
on-fail-retry-time=100ms
periodic-calibration=default
periodic-calibration-interval=60
preamble-mode=both
proprietary-extensions=post-2.9.25
radio-name=0080486060E1
rate-set=default
scan-list=default
security-profile=default
ssid=ARICuccio5Ghz
station-bridge-clone-mac=00:00:00:00:00:00
supported-rates-a/g=6Mbps,9Mbps,12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps
supported-rates-b=1Mbps,2Mbps,5.5Mbps,11Mbps tx-power=23 \
tx-power-mode=card-rates
update-stats-interval=disabled
wds-cost-range=50-150
wds-default-bridge=bridge1
wds-default-cost=100
wds-ignore-ssid=no
wds-mode=dynamic
wmm-support=disabled
interface wireless
manual-tx-power-table
set wlan1 comment=""
manual-tx-powers="1Mbps:17,2Mbps:17,5.5Mbps:17,11Mbps:17,6Mbps:17,9Mbps:17,12Mbps:17,18Mbps:17,24\
    Mbps:17,36Mbps:17,48Mbps:17,54Mbps:17,HT20-1:0,HT20-2:0,HT20-3:0,HT20-4:0,HT20-5:0,HT20-6:0,HT20-7:0,HT20-8:0,HT40\
    -1:0,HT40-2:0,HT40-3:0,HT40-4:0,HT40-5:0,HT40-6:0,HT40-7:0,HT40-8:0"
interface wireless nstreme
set wlan1
comment=""
disable-csma=no
enable-nstreme=yes
enable-polling=yes
framer-limit=3200
framer-policy=\dynamic-size
interface wireless align
set active-mode=yes
audio-max=-20
audio-min=-100
audio-monitor=00:00:00:00:00:00
filter-mac=00:00:00:00:00:00
frame-size=300
frames-per-second=25
receive-all=no
ssid-all=no
interface wireless sniffer
set channel-time=200ms
file-limit=10
file-name=""
memory-limit=10
multiple-channels=no
only-headers=no
receive-errors=no
streaming-enabled=no
streaming-max-rate=0
streaming-server=0.0.0.0
/interface wireless snooper
set channel-time=200ms
multiple-channels=yes
receive-errors=no


[admin@ARIPA-SEDE-MA-5Ghz] > /interface bridge export 
# jan/31/1970 05:42:16 by RouterOS 3.23
# software id = 8AMG-DTT
#/interface bridge
add admin-mac=00:00:00:00:00:00
ageing-time=5m
arp=enabled
auto-mac=yes comment=""
disabled=no
forward-delay=15s
max-message-age=20s
mtu=1500
name=bridge1
priority=0x8000
protocol-mode=none
transmit-hold-count=6
interface bridge port
add bridge=bridge1
comment=""
disabled=no
edge=auto
external-fdb=auto
horizon=none
interface=ether1
path-cost=10
point-to-point=auto
priority=0x80
add bridge=bridge1
comment=""
disabled=no
edge=auto
external-fdb=auto
horizon=none
interface=wlan1
path-cost=10
point-to-point=auto
priority=0x80
add comment=""
disabled=no
edge=auto
external-fdb=auto
horizon=none
path-cost=10
point-to-point=auto
priority=0x80
add comment=""
disabled=no
edge=auto
external-fdb=auto
horizon=none
path-cost=10
point-to-point=auto
priority=0x80
add comment=""
disabled=no
edge=auto
external-fdb=auto
horizon=none
path-cost=10
point-to-point=auto
priority=0x80
/interface bridge settings
set use-ip-firewall=no
use-ip-firewall-for-pppoe=no
use-ip-firewall-for-vlan=no
[admin@ARIPA-SEDE-MA-5Ghz] >




[admin@ARIPA-SEDE-MA-5Ghz] > /ip export
# jan/31/1970 05:43:33 by RouterOS 3.23
# software id = 8AMG-DTT
#
ip hotspot profile
set default dns-name=""
hotspot-address=0.0.0.0
html-directory=hotspot
http-cookie-lifetime=3d
http-proxy=0.0.0.0:0
login-by=cookie,http-chap
name=default
rate-limit=""
smtp-server=0.0.0.0
split-user-domain=no
use-radius=no
ip hotspot
user profile
set default
idle-timeout=none
keepalive-timeout=2m
name=default
shared-users=1
status-autorefresh=1m
transparent-proxy=no
ip ipsec proposal
set default auth-algorithms=sha1
disabled=no
enc-algorithms=3des
lifetime=30m
name=default
pfs-group=modp1024
/ip accounting
set account-local-traffic=no
enabled=no
threshold=256
/ip accounting web-access
set accessible-via-web=no
address=0.0.0.0/0
/ip dhcp-server config
set store-leases-disk=5m
/ip dns
set allow-remote-requests=no
cache-max-ttl=1w
cache-size=2048KiB
max-udp-packet-size=512
primary-dns=0.0.0.0 \
secondary-dns=0.0.0.0
/ip firewall connection tracking
set enabled=yes
generic-timeout=10m
icmp-timeout=10s t
cp-close-timeout=10s
tcp-close-wait-timeout=10s \
tcp-established-timeout=1d
tcp-fin-wait-timeout=10s
tcp-last-ack-timeout=10s
tcp-syn-received-timeout=5s \
tcp-syn-sent-timeout=5s
tcp-syncookie=no
tcp-time-wait-timeout=10s
udp-stream-timeout=3m
udp-timeout=10s
/ip firewall service-port
set ftp disabled=no
ports=21
set tftp disabled=no
ports=69
set irc disabled=no
ports=6667
set h323 disabled=no
set sip disabled=no
ports=5060,5061
set pptp disabled=no
/ip hotspot service-port
set ftp disabled=no ports=21
/ip neighbor discovery
set ether1
discover=yes
set wlan1
discover=no
set bridge1
discover=yes
/ip proxy
set always-from-cache=no
cache-administrator=webmaster
cache-hit-dscp=4
cache-on-disk=no
enabled=no
max-cache-size=none
max-client-connections=600
max-fresh-time=3d
max-server-connections=600
parent-proxy=0.0.0.0
parent-proxy-port=0
port=8080
serialize-connections=no
src-address=0.0.0.0
/ip service
set telnet address=0.0.0.0/0
disabled=no
port=23
set ftp address=0.0.0.0/0
disabled=no
port=21
set www address=0.0.0.0/0
disabled=no
port=80
set ssh address=0.0.0.0/0
disabled=no
port=22
set www-ssl
address=0.0.0.0/0
certificate=none
disabled=yes
port=443
set api address=0.0.0.0/0
disabled=yes
port=8728
set winbox
address=0.0.0.0/0
disabled=no
port=8291
/ip socks
set connection-idle-timeout=2m
enabled=no
max-connections=200
port=1080
/ip traffic-flow
set active-flow-timeout=30m
cache-entries=4k
enabled=no
inactive-flow-timeout=15s
interfaces=all
/ip upnp
set allow-disable-external-interface=yes
enabled=no
show-dummy-rule=yes

Questo è il secondo

Codice: Seleziona tutto

# feb/20/1970 19:00:47 by RouterOS 3.20
# software id = JD7G-DTT
#
/interface wireless security-profiles
set default authentication-types=""
eap-methods=passthrough
group-ciphers=""
group-key-update=5m i
nterim-update=0s mode=none
name=default
radius-eap-accounting=no
radius-mac-accounting=no
radius-mac-authentication=no
radius-mac-caching=disabled
radius-mac-format=XX:XX:XX:XX:XX:XX
radius-mac-mode=as-username
static-algo-0=none
static-algo-1=none
static-algo-2=none
static-algo-3=none
static-key-0=""
static-key-1=""
static-key-2=""
static-key-3=""
static-sta-private-algo=none
static-sta-private-key=""
static-transmit-key=key-0
supplicant-identity=Jeko
tls-certificate=none
tls-mode=no-certificates
unicast-ciphers=""
wpa-pre-shared-key=""
wpa2-pre-shared-key=""
/interface wireless
set 0 ack-timeout=dynamic
adaptive-noise-immunity=client-mode
allow-sharedkey=no
antenna-gain=0
antenna-mode=ant-a
area=""
arp=enabled
band=5ghz
basic-rates-a/g=6Mbps
basic-rates-b=1Mbps
burst-time=disabled
comment=""
compression=no
country=italy
default-ap-tx-limit=0
default-authentication=yes
default-client-tx-limit=0
default-forwarding=yes
dfs-mode=none
disable-running-check=no
disabled=no
disconnect-timeout=6s f
rame-lifetime=0
frequency=5540
frequency-mode=regulatory-domain
hide-ssid=no
hw-retries=4
mac-address=00:80:48:62:EB:1E
max-station-count=2007
mode=station-wds
mtu=1500
name=wlan1
noise-floor-threshold=default
on-fail-retry-time=150ms
periodic-calibration=default
periodic-calibration-interval=60
preamble-mode=both
proprietary-extensions=post-2.9.25
radio-name=00804862EB1E
rate-set=configured
scan-list=default
security-profile=default
ssid=ARICuccio5Ghz
station-bridge-clone-mac=00:00:00:00:00:00
supported-rates-a/g=6Mbps,9Mbps,12Mbps,18Mbps,24Mbps,36Mbps supported-rates-b=1Mbps,2Mbps,5.5Mbps,11Mbps
tx-power=23
tx-power-mode=card-rates
update-stats-interval=disabled
wds-cost-range=50-150
wds-default-bridge=bridge1
wds-default-cost=100
wds-ignore-ssid=no
wds-mode=dynamic
wmm-support=disabled
/interface wireless manual-tx-power-table
set wlan1 comment=""
manual-tx-powers="1Mbps:17,2Mbps:17,5.5Mbps:17,11Mbps:17,6Mbps:17,9Mbps:17,12Mbps:17,18Mbps:17,24Mbps\
    :17,36Mbps:17,48Mbps:17,54Mbps:17,HT20-1:0,HT20-2:0,HT20-3:0,HT20-4:0,HT20-5:0,HT20-6:0,HT20-7:0,HT20-8:0,HT40-1:0,HT4\
    0-2:0,HT40-3:0,HT40-4:0,HT40-5:0,HT40-6:0,HT40-7:0,HT40-8:0"
/interface wireless nstreme
set wlan1
comment=""
disable-csma=no
enable-nstreme=yes
enable-polling=yes
framer-limit=3200
framer-policy=dynamic-size
/interface wireless align
set active-mode=yes
audio-max=-20
audio-min=-100
audio-monitor=00:00:00:00:00:00
filter-mac=00:00:00:00:00:00
frame-size=300
frames-per-second=25
receive-all=no ssid-all=no
/interface wireless sniffer
set channel-time=200ms f
ile-limit=10
file-name=""
memory-limit=10
multiple-channels=no
only-headers=no r
eceive-errors=no
streaming-enabled=no
streaming-max-rate=0
streaming-server=0.0.0.0
/interface wireless snooper
set channel-time=200ms
multiple-channels=yes
receive-errors=no
[admin@ARIPA-CUCCIO-SL-5Ghz] >






[admin@ARIPA-CUCCIO-SL-5Ghz] > /interface bridge export
# feb/20/1970 19:01:16 by RouterOS 3.20
# software id = JD7G-DTT
#
/interface bridge
add admin-mac=00:00:00:00:00:00
ageing-time=5m
arp=enabled
auto-mac=yes
comment=""
disabled=no
forward-delay=15s
max-message-age=20s
mtu=1500
name=bridge1
priority=0x8000
protocol-mode=none
transmit-hold-count=6
/interface bridge port
add bridge=bridge1
comment=""
disabled=no
edge=auto
external-fdb=auto
horizon=none
interface=ether1
path-cost=10
point-to-point=auto
priority=0x80
add bridge=bridge1
comment=""
disabled=no
edge=auto
external-fdb=auto
horizon=none
interface=wlan1
path-cost=10
point-to-point=auto
priority=0x80
/interface bridge settings
set use-ip-firewall=no
use-ip-firewall-for-pppoe=no
use-ip-firewall-for-vlan=no
[admin@ARIPA-CUCCIO-SL-5Ghz] >





[admin@ARIPA-CUCCIO-SL-5Ghz] > /ip export
# feb/20/1970 19:01:35 by RouterOS 3.20
# software id = JD7G-DTT
#
/ip hotspot profile
set default dns-name=""
hotspot-address=0.0.0.0
html-directory=hotspot
http-cookie-lifetime=3d
http-proxy=0.0.0.0:0
login-by=cookie,http-chap
name=default
rate-limit=""
smtp-server=0.0.0.0
split-user-domain=no
use-radius=no
/ip hotspot user profile
set default idle-timeout=none
keepalive-timeout=2m
name=default
shared-users=1
status-autorefresh=1m
transparent-proxy=no
/ip ipsec proposal
set default auth-algorithms=sha1
disabled=no
enc-algorithms=3des
lifetime=30m
name=default
pfs-group=modp1024
/ip accounting
set account-local-traffic=no
enabled=no
threshold=256
/ip accounting web-access
set accessible-via-web=no
address=0.0.0.0/0
/ip dhcp-server config
set store-leases-disk=5m
/ip dns
set allow-remote-requests=no
cache-max-ttl=1w
cache-size=2048KiB
max-udp-packet-size=512
primary-dns=0.0.0.0
secondary-dns=0.0.0.0
/ip firewall connection tracking
set enabled=yes
generic-timeout=10m
icmp-timeout=10s
tcp-close-timeout=10s
tcp-close-wait-timeout=10s
tcp-established-timeout=1d
tcp-fin-wait-timeout=10s
tcp-last-ack-timeout=10s
tcp-syn-received-timeout=5s
tcp-syn-sent-timeout=5s
tcp-syncookie=no
tcp-time-wait-timeout=10s
udp-stream-timeout=3m
udp-timeout=10s
/ip firewall service-port
set ftp disabled=no
ports=21
set tftp disabled=no
ports=69
set irc
disabled=no
ports=6667
set h323
disabled=no
set sip disabled=no
ports=5060,5061
set pptp disabled=no
/ip hotspot service-port
set ftp disabled=no ports=21
/ip neighbor discovery
set ether1
discover=yes
set wlan1
discover=no
set bridge1
discover=yes
/ip proxy
set always-from-cache=no
cache-administrator=webmaster
cache-hit-dscp=4
cache-on-disk=no
enabled=no
max-cache-size=none
max-client-connections=600
max-fresh-time=3d
max-server-connections=600
parent-proxy=0.0.0.0
parent-proxy-port=0
port=8080
serialize-connections=no
src-address=0.0.0.0
/ip service
set telnet address=0.0.0.0/0
disabled=no
port=23
set ftp address=0.0.0.0/0
disabled=no
port=21
set www address=0.0.0.0/0
disabled=no
port=80
set ssh address=0.0.0.0/0
disabled=no
port=22
set www-ssl address=0.0.0.0/0
certificate=none
disabled=yes
port=443
set api address=0.0.0.0/0
disabled=yes
port=8728
set winbox address=0.0.0.0/0
disabled=no
port=8291
/ip socks
set connection-idle-timeout=2m
enabled=no
max-connections=200
port=1080
/ip traffic-flow
set active-flow-timeout=30m
cache-entries=4k
enabled=no
inactive-flow-timeout=15s
interfaces=all
/ip upnp
set allow-disable-external-interface=yes
enabled=no
show-dummy-rule=yes

Le vlan sono configurate in due switch CISCO Catalyst 1900 collegati direttamente alle porte ethernet delle RB411.

Grazie per l'aiuto.

Ciao, Sergio.

[it9mbz]

Innanzitutto spiegaci meglio le configurazioni degli apparati...anche se quello station wds <-------->station non l'ho capita proprio

Hai ragione, ricordavo male.

Come puoi vedere dall'export delle configurazioni, una è STATION WDS e l'altra BRIDGE.

Come dicevo all'inizio del thread, ho letto da qualche parte che l'implementazione delle VLAN aggiunge 4 byte (suppongo per l'incapsulamento sulla linea TRUNK) al pacchetto in transito. Quando il pacchetto raggiunge il valore di MTU, i 4 byte vengono comunque aggiunti.
Questo vorrebbe dire che se sullo SWITCH (managed) imposto un MTU di 1500, alla fine sul TRUNK il MTU sarà di 1504 .
Dovrei quindi scalare il MTU sulla porta TRUNK di 4 byte (1496) o aumentare di 4 byte il MTU della porta ethernet del 411.

Questo è un mio punto di vista, che proverò appena possibile.

Altre idee su cosa potrebbe portare in crash le 411?

Grazie.

Ciao, Sergio.

[parabolino]

Per favore, verifica se cade a livello radio oppure no.
Aggirona all'ultima versione disposnibile di ROS e del firmware della RB411.

[it9mbz]

Il link non cade a livello radio, piuttosto a livello ethernet, tantè che pensavo fosse guasta la porta ethernet del ROS o dello switch CISCO.

Anzi, dalla parte opposta del link (lato con ethernet funzionante), è possibile raggiungere l'altra scheda via radio (tramite il Winbox).

Ciao, Sergio.