Indice   FAQ  
Iscriviti  Login
Indice RouterOS RouterOS

hAP pingabile solo da rete cablata o guest

Tutto su questo sistema operativo linux based - Configurazioni, dubbi, problematiche &....

hAP pingabile solo da rete cablata o guest

Messaggioda ilCoso » mar 10 set 2019, 10:35

Ciao a tutti,

da qualche settimana ho un problema abbastanza bizzarro.

Ho una rete composta da un RB3011uias che fa da DHCP server e fornisce connettività internet in alcuni appartamenti distribuendo indirizzi ognuno su una rete diversa (192.168.1.0/24, 192.168.2.0/24, 192.168.3.0/24, etc...). Nel mio appartamento (classe 192.168.6.0/24) ho collegato un access point hAP configurato come wisp bridge e indirizzo statico 192.168.6.2 sul bridge su cui sono presenti le porte ethernet locali e la wlan privata.
Sull'hAP ho creato anche una seconda wlan per gli ospiti con classe 172.16.0.0/16.

In pratica collegandomi all'hAP attraverso la wlan privata non riesco più a pingare 192.168.6.2 né tantomeno accedere a webfig, cosa che invece riesco a fare benissimo collegandomi via cavo all'hAP o utilizzando la wlan guest. La cosa strana è che si tratta di un problema recente, visto che sono sempre riuscito ad accedere a webfig tramite wlan, quindi non capisco se si tratta di qualche aggiornamento di RouterOS che va in collisione con qualche configurazione mia oppure se più semplicemente ho fatto io qualche cazzata! :lol:

Questa è la configurazione dell'hAP:

Codice: Seleziona tutto
# sep/10/2019 10:22:38 by RouterOS 6.45.5
# software id = LUT7-VPF2
#
# model = RouterBOARD 952Ui-5ac2nD
# serial number = 71AF05DADB41
/interface bridge
add admin-mac=E4:8D:8C:B2:7F:67 auto-mac=no comment=defconf fast-forward=no name=bridge
add fast-forward=no name=bridge-guest
/interface ethernet
set [ find default-name=ether1 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether2 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether3 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether4 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether5 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
/interface wireless
set [ find default-name=wlan1 ] antenna-gain=2 band=2ghz-b/g/n channel-width=20/40mhz-Ce country=\
    italy disabled=no distance=indoors frequency=auto frequency-mode=regulatory-domain installation=\
    indoor mode=ap-bridge ssid=GIULIANDREANET wireless-protocol=802.11
set [ find default-name=wlan2 ] antenna-gain=2 band=5ghz-a/n/ac channel-width=20/40mhz-Ce country=\
    italy disabled=no distance=indoors frequency=auto frequency-mode=regulatory-domain installation=\
    indoor mode=ap-bridge ssid=GIULIANDREANET wireless-protocol=802.11
/interface list
add exclude=dynamic name=discover
add name=mactel
add name=mac-winbox
add name=WAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=dynamic-keys \
    supplicant-identity=MikroTik
add authentication-types=wpa2-psk eap-methods="" management-protection=allowed mode=dynamic-keys \
    name=guest supplicant-identity=""
/interface wireless
add disabled=no keepalive-frames=disabled mac-address=E6:8D:8C:B2:7F:6C master-interface=wlan1 \
    multicast-buffering=disabled name=wlan-guest1 security-profile=guest ssid=GIULIANDREANET-OSPITI \
    wds-cost-range=0 wds-default-cost=0 wps-mode=disabled
add disabled=no keepalive-frames=disabled mac-address=02:00:00:AA:00:01 master-interface=wlan2 \
    multicast-buffering=disabled name=wlan-guest2 security-profile=guest ssid=GIULIANDREANET-OSPITI \
    wds-cost-range=0 wds-default-cost=0 wps-mode=disabled
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=guest ranges=172.16.0.2-172.16.255.254
/ip dhcp-server
add address-pool=guest disabled=no interface=bridge-guest name=guest
/snmp community
set [ find default=yes ] addresses=0.0.0.0/0
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge comment=defconf interface=wlan2
add bridge=bridge hw=no interface=ether1
add bridge=bridge interface=ether3
add bridge=bridge interface=ether4
add bridge=bridge interface=ether5
add bridge=bridge-guest comment=guest interface=wlan-guest1
add bridge=bridge-guest interface=wlan-guest2
/ip neighbor discovery-settings
set discover-interface-list=discover
/interface detect-internet
set detect-interface-list=all
/interface list member
add interface=ether2 list=discover
add interface=ether3 list=discover
add interface=ether4 list=discover
add interface=ether5 list=discover
add interface=wlan1 list=discover
add interface=wlan2 list=discover
add interface=bridge list=discover
add interface=bridge-guest list=discover
add interface=wlan-guest1 list=discover
add interface=wlan-guest2 list=discover
add interface=ether2 list=mactel
add interface=wlan2 list=mactel
add interface=ether2 list=mac-winbox
add interface=wlan1 list=mactel
add interface=wlan2 list=mac-winbox
add interface=wlan1 list=mac-winbox
add interface=ether1 list=WAN
add interface=ether3 list=mactel
add interface=ether4 list=mactel
add interface=ether5 list=mactel
/interface wireless access-list
add interface=wlan-guest1 mac-address=54:60:09:52:F7:2E vlan-mode=no-tag
add interface=wlan-guest2 mac-address=54:60:09:52:F7:2E vlan-mode=no-tag
/ip address
add address=192.168.6.2/24 comment=defconf interface=bridge network=192.168.6.0
add address=172.16.0.1/16 comment=guest interface=bridge-guest network=172.16.0.0
/ip dhcp-relay
add dhcp-server=192.168.6.1 disabled=no interface=bridge name=relay1
add dhcp-server=172.16.0.1 disabled=no interface=bridge-guest name=relay2
/ip dhcp-server lease
add address=172.16.255.252 block-access=yes mac-address=54:60:09:52:F7:2E server=guest
/ip dhcp-server network
add address=172.16.0.0/16 dns-server=208.67.222.123,208.67.220.123 gateway=172.16.0.1 netmask=16
add address=192.168.6.0/24 comment=defconf dns-server=192.168.6.1 gateway=192.168.6.2 netmask=24
/ip dns
set allow-remote-requests=yes servers=1.1.1.1,1.0.0.1,9.9.9.9
/ip dns static
add address=192.168.6.2 name=router
/ip firewall filter
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=\
    established,related
add action=drop chain=forward comment="Private network isolation" dst-address=192.168.6.0/24 \
    src-address=172.16.0.0/16
add action=accept chain=forward comment="defconf: accept established,related" connection-state=\
    established,related
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input protocol=icmp
add action=accept chain=input connection-state=established
add action=accept chain=input connection-state=related
/ip firewall nat
add action=masquerade chain=srcnat out-interface=bridge src-address=172.16.0.0/16
/ip route
add distance=1 gateway=192.168.6.1
/ip ssh
set allow-none-crypto=yes forwarding-enabled=remote
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=ether2 type=internal
add interface=ether1 type=external
/system clock
set time-zone-name=Europe/Rome
/system identity
set name=GiuliAndreaMikroTik
/tool mac-server
set allowed-interface-list=mactel
/tool mac-server mac-winbox
set allowed-interface-list=mac-winbox


Grazie a chiunque riesca a fare luce sul mistero!

Andrea
ilCoso
Mikrotik Curious User
Mikrotik Curious User
 
Messaggi: 3
Iscritto il: gio 20 mar 2014, 15:58


Torna a RouterOS

Chi c’è in linea

Visitano il forum: Nessuno e 16 ospiti