- Modificato
Ciao, ultimamente sto riscontrando diversi problemi con i miei telefoni android collegati alla wifi del mio hap ac2 collegato ad openfiber (postemobile) tramite ONT.
Riscontro diversi problemi ad esempio con i video su facebook ed instagram e spesso e volentieri il telefono usa la rete cellulare perchè riporta che la rete wifi non ha accesso ad internet.
La cosa che mi risulta strana è che se il client pppoe lo attacco alla ether1 che è collegata all'ONT non ho problemi a navigare, ma se la attacco alla vlan che è collegata alla ether1 il client non riesce a collegarsi al pppoe server.
Vi posto la mia config del mikrotik e spero mi possiate dare una mano.
# 2025-03-15 06:40:30 by RouterOS 7.18.1
# software id = ZNKV-4BZ0
#
# model = RBD52G-5HacD2HnD
# serial number =
/interface bridge
add name=bridge1 port-cost-mode=short
/interface wireless
set [ find default-name=wlan2 ] antenna-gain=0 band=5ghz-a/n/ac country=\
no_country_set disabled=no frequency=auto frequency-mode=manual-txpower \
mode=ap-bridge name=wlan5G ssid=Tiscalli5G wireless-protocol=802.11
/interface vlan
add interface=ether1 mtu=1492 name=vlan1 vlan-id=835
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1 keepalive-timeout=100 \
max-mru=1492 max-mtu=1492 name=pppoe-out1 use-peer-dns=yes user=openfiber
/caps-man security
add authentication-types=wpa-psk,wpa2-psk encryption=aes-ccm \
group-encryption=aes-ccm name=security
/caps-man configuration
add channel.band=2ghz-b/g .control-channel-width=20mhz .extension-channel=XX \
country=etsi datapath.client-to-client-forwarding=yes .local-forwarding=\
yes name=cfg-2ghz security=security ssid=Tiscalli
add channel.band=5ghz-a/n/ac .control-channel-width=20mhz .extension-channel=\
XXXX country=etsi datapath.client-to-client-forwarding=yes \
.local-forwarding=yes name=cfg-5ghz-ac security=security ssid=Tiscalli
add channel.band=5ghz-a/n .control-channel-width=20mhz .extension-channel=XX \
country=etsi datapath.client-to-client-forwarding=yes .local-forwarding=\
yes name=cfg-5ghz-an security=security ssid=Tiscalli
/interface list
add name=WAN
add name=LAN
/interface wifi channel
add band=2ghz-ax frequency=2412,2437,2462 name=2ghz-1_6_11 skip-dfs-channels=\
disabled width=20mhz
add band=5ghz-ax frequency=5500,5520,5540,5560 name=5ghz-no_dfs \
skip-dfs-channels=disabled width=20/40/80mhz
/interface wifi security
add authentication-types=wpa-psk,wpa2-psk disabled=no encryption="" name=\
security wps=disable
/interface wireless channels
add band=2ghz-b/g/n frequency=2412 list=ch1_6_11 name=ch1 width=20
add band=2ghz-b/g/n frequency=2437 list=ch1_6_11 name=ch6 width=20
add band=2ghz-b/g/n frequency=2462 list=ch1_6_11 name=ch11 width=20
/interface wireless
set [ find default-name=wlan1 ] antenna-gain=0 band=2ghz-b/g/n country=\
no_country_set disabled=no frequency=ch11 frequency-mode=manual-txpower \
mode=ap-bridge name=wlan2.4 scan-list=ch1_6_11 ssid=Tiscalli \
wireless-protocol=802.11 wps-mode=disabled
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=\
dynamic-keys supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.1.3-192.168.1.200
/ip dhcp-server
add address-pool=dhcp interface=bridge1 name=dhcp1
/ip smb users
set [ find default=yes ] disabled=yes
/ipv6 dhcp-server
add interface=bridge1 name=server1 prefix-pool=pool1
/ipv6 pool
add name=pool1 prefix=2000::1/64 prefix-length=64
/caps-man manager
set enabled=yes
/caps-man provisioning
add action=create-dynamic-enabled hw-supported-modes=gn master-configuration=\
cfg-2ghz name-format=prefix-identity name-prefix=2ghz
add action=create-dynamic-enabled hw-supported-modes=ac master-configuration=\
cfg-5ghz-ac name-format=prefix-identity name-prefix=5ghz-ac
add action=create-dynamic-enabled hw-supported-modes=an master-configuration=\
cfg-5ghz-an name-format=prefix-identity name-prefix=5ghz-an
/interface bridge port
add bridge=bridge1 interface=ether2 internal-path-cost=10 path-cost=10
add bridge=bridge1 interface=ether3 internal-path-cost=10 path-cost=10
add bridge=bridge1 interface=ether4 internal-path-cost=10 path-cost=10
add bridge=bridge1 interface=ether5 internal-path-cost=10 path-cost=10
add bridge=bridge1 interface=wlan5G
add bridge=bridge1 interface=wlan2.4
/ip firewall connection tracking
set udp-timeout=10s
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface list member
add interface=bridge1 list=LAN
add interface=vlan1 list=WAN
add interface=pppoe-out1 list=WAN
/interface ovpn-server server
add mac-address=FE:AE:24:F7:7C:F7 name=ovpn-server1
/interface wireless cap
set interfaces=wlan5G,wlan2.4
/ip address
add address=192.168.1.2/24 interface=bridge1 network=192.168.1.0
/ip cloud
set ddns-enabled=yes ddns-update-interval=10m
/ip dhcp-client
add interface=vlan1
/ip dhcp-server lease
add address=192.168.1.7 mac-address=60:01:94:D8:E3:F5 server=dhcp1
add address=192.168.1.9 client-id=1:48:0:33:ae:66:37 comment=skipper \
mac-address=48:00:33:AE:66:37 server=dhcp1
add address=192.168.1.251 mac-address=40:9F:38:D0:C5:0D server=dhcp1
add address=192.168.1.252 mac-address=40:9F:38:D0:F3:CC server=dhcp1
add address=192.168.1.250 mac-address=40:9F:38:D0:FA:E6 server=dhcp1
add address=192.168.1.253 mac-address=40:9F:38:D0:D6:C7 server=dhcp1
add address=192.168.1.254 mac-address=40:9F:38:D1:07:06 server=dhcp1
add address=192.168.1.6 mac-address=24:0A:C4:10:5A:EC server=dhcp1
add address=192.168.1.15 mac-address=70:EE:50:1F:05:0C server=dhcp1
add address=192.168.1.5 client-id=1:78:24:af:41:bc:3d mac-address=\
78:24:AF:41:BC:3D server=dhcp1
add address=192.168.1.3 client-id=1:78:f2:9e:90:86:da mac-address=\
78:F2:9E:90:86:DA server=dhcp1
add address=192.168.1.53 client-id=1:e4:2a:ac:c3:ee:7a mac-address=\
E4:2A:AC:C3:EE:7A server=dhcp1
add address=192.168.1.57 client-id=1:3c:2a:f4:a6:c4:c0 comment=Stampante \
mac-address=3C:2A:F4:A6:C4:C0 server=dhcp1
add address=192.168.1.68 client-id=1:d8:ce:3a:89:92:7 comment=mi9se \
mac-address=D8:CE:3A:89:92:07 server=dhcp1
add address=192.168.1.4 client-id=1:4a:bd:13:4:bc:e1 mac-address=\
4A:BD:13:04:BC:E1 server=dhcp1
add address=192.168.1.196 comment=echo mac-address=DC:54:D7:BF:12:F3 server=\
dhcp1
add address=192.168.1.17 client-id=1:5c:62:8b:a0:e1:b0 mac-address=\
5C:62:8B:A0:E1:B0 server=dhcp1
add address=192.168.1.20 client-id=1:9c:eb:e8:ef:25:63 mac-address=\
9C:EB:E8:EF:25:63 server=dhcp1
add address=192.168.1.19 client-id=1:3c:6:30:14:c0:90 mac-address=\
3C:06:30:14:C0:90 server=dhcp1
/ip dhcp-server network
add address=192.168.1.0/24 dns-server=8.8.8.8 gateway=192.168.1.2 netmask=24
/ip dns
set allow-remote-requests=yes servers=8.8.8.8
/ip firewall filter
add action=accept chain=input connection-state=established,related
add action=fasttrack-connection chain=forward connection-state=\
established,related hw-offload=yes
add action=fasttrack-connection chain=forward connection-state=\
established,related hw-offload=yes
add action=drop chain=input in-interface-list=WAN
add action=drop chain=input connection-state=invalid log=yes log-prefix=\
DROP_INVALID
add action=add-src-to-address-list address-list=BruteForce_SSH \
address-list-timeout=1h chain=input dst-port=22 log=yes log-prefix=\
SSH_ATTACK protocol=tcp src-address-list=!trusted
add action=drop chain=input dst-port=22 protocol=tcp src-address-list=\
BruteForce_SSH
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN
add action=dst-nat chain=dstnat dst-port=443 in-interface-list=WAN \
log-prefix="[443]" protocol=tcp to-addresses=192.168.1.3 to-ports=443
add action=dst-nat chain=dstnat dst-port=6881 in-interface-list=WAN \
log-prefix="[443]" protocol=tcp to-addresses=192.168.1.5 to-ports=6881
add action=dst-nat chain=dstnat dst-port=6881 in-interface-list=WAN \
log-prefix="[443]" protocol=udp to-addresses=192.168.1.5 to-ports=6881
add action=dst-nat chain=dstnat dst-port=3074 in-interface-list=WAN protocol=\
tcp src-port="" to-addresses=192.168.1.53 to-ports=3074
add action=dst-nat chain=dstnat dst-port=3074 in-interface-list=WAN protocol=\
udp to-addresses=192.168.1.53 to-ports=3074
add action=masquerade chain=srcnat out-interface=pppoe-out1
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/ip ipsec profile
set [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5
/ip route
add disabled=no dst-address=192.168.1.0/24 gateway=*B routing-table=main \
suppress-hw-offload=no
/ip service
set telnet address=192.168.1.0/24
set ftp address=192.168.1.0/24
set www address=192.168.1.0/24
set ssh address=192.168.1.0/24
set api address=192.168.1.0/24
set winbox address=192.168.1.0/24,192.168.216.0/24
set api-ssl address=192.168.1.0/24
/ip smb shares
set [ find default=yes ] directory=/flash/pub
/ipv6 nd
add hop-limit=64 interface=bridge1 managed-address-configuration=yes \
other-configuration=yes
/ipv6 nd prefix
add interface=bridge1
/system clock
set time-zone-name=America/Los_Angeles
/system note
set show-at-login=no
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN