Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
A
A
Azurius2018-10-16 13:39:17
Mikrotik
Azurius, 2018-10-16 13:39:17

Why does HP Aruba block all ports when connecting Microtik hAP?

In one of the shopping centers, when the tenant connects Microtika hAP to the local network (the Internet provider provides a connection through the network equipment of the shopping center), the storey HP Aruba stops responding, thereby depriving the entire floor of the shopping center of access to the Internet. A laptop connected to the same port does not have this effect. The administrator of the shopping center said that the problem is in Mikrotik, "there is probably a software loop", without specifying the details. What can Aruba not like about Mikrotik? Mikrotik cofing below.
eth1 - the Internet is connected through a small router with a 3G modem giving DHCP
eth2 - provider. when connecting to this port, go to the
eth3-5 shopping center network - LAN
There is no balancing. Right at this config, the storey switch stops working. (Admins of the shopping center lose contact with it. When the link is disconnected, everything is restored in a minute)
only two VPN tunnels were cut out of the configuration (openVPN and SSTP)

/interface bridge
add name=bridge-LAN
add fast-forward=no name=bridge-WAN1
add fast-forward=no name=bridge-WAN2
/interface ethernet
set [ find default-name=ether2 ] l2mtu=1598 mac-address=CC:2D:E0:BB:A9:98 \
    name=ether1 speed=1Gbps
set [ find default-name=ether3 ] l2mtu=1598 mac-address=CC:2D:E0:BB:A9:99 \
    name=ether2 speed=1Gbps
set [ find default-name=ether4 ] l2mtu=1598 mac-address=CC:2D:E0:BB:A9:9A \
    name=ether3 speed=1Gbps
set [ find default-name=ether5 ] l2mtu=1598 mac-address=CC:2D:E0:BB:A9:9B \
    name=ether4 speed=1Gbps
set [ find default-name=ether1 ] name=ether6
/interface ethernet switch port
set 0 default-vlan-id=auto vlan-mode=disabled
set 1 default-vlan-id=auto vlan-mode=disabled
set 2 default-vlan-id=auto vlan-mode=disabled
set 3 default-vlan-id=auto vlan-mode=disabled
set 5 default-vlan-id=auto vlan-mode=disabled
/interface list
add name=WAN
add name=LAN
add name=WAN2
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key=password wpa2-pre-shared-key=password
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=dhcp ranges=192.168.18.3-192.168.18.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge-LAN name=dhcp2

/interface bridge port
add bridge=bridge-LAN interface=ether3
add bridge=bridge-LAN interface=ether4
add bridge=bridge-LAN interface=ether5
add bridge=bridge-LAN interface=sfp1
add bridge=bridge-LAN interface=wlan2
add bridge=bridge-LAN interface=wlan1
add bridge=bridge-WAN1 interface=ether1
add bridge=bridge-WAN2 interface=ether2
/interface list member
add interface=ether1 list=WAN
add interface=ether2 list=WAN2
add interface=ether3 list=LAN
add interface=ether4 list=LAN
add interface=ether5 list=LAN
add interface=sfp1 list=LAN
add interface=wlan2 list=LAN
add interface=wlan1 list=LAN
add interface=bridge-LAN list=LAN
/ip address
add address=192.168.18.1/24 interface=ether3 network=192.168.18.0
add address=7.7.7.6/30 interface=ether2 network=7.7.7.4
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=ether1
/ip dhcp-server network
add address=192.168.18.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.18.1 netmask=24
/ip dns
set servers=8.8.8.8,8.8.4.4
/ip firewall filter
add action=accept chain=input protocol=icmp
add action=accept chain=input connection-state=established
add action=accept chain=input connection-state=related
add action=accept chain=input connection-state=new in-interface=bridge-LAN src-address=192.168.18.0/24
add action=drop chain=forward connection-state=invalid
add action=drop chain=input in-interface-list=!LAN
/ip firewall nat
add action=masquerade chain=srcnat out-interface=bridge-WAN1
/ip firewall service-port
set sip disabled=yes
/ip route
add disabled=yes distance=1 gateway=7.7.7.5
/ip service
set telnet disabled=yes
set ftp disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/system clock
set time-zone-name=Europe/Moscow
/system identity
set name=MikroTik
/system routerboard settings
set silent-boot=no
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN

What is wrong in the configuration?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
R
Ruslan Fedoseev, 2018-10-16
@martin74ua

and what for bridges on links with providers?
remove them and your stp from the provider network)

Similar questions
G
genya-yatsun2018-12-21 18:44:41
How to redirect internal network address to mikrotik internal network? 1Reply
I
i-pushkin2022-02-15 18:02:58
Why is there no access to some local resources behind VPN (Ip tunnel)? 0Reply
G
gadzhi152016-07-27 18:09:02
Mikrotik does not log in through winbox, what to do? 4Reply
H
Hocok_B_KapMaHe2016-09-10 00:29:25
How to legally avoid paying taxes? 7Reply
C
Cool Admin2014-07-07 08:31:48
Mikrotik RB2011UiAS-2HnD-IN client and AP at the same time - is it possible? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question