Answer the question
In order to leave comments, you need to log in
Why does HP Aruba block all ports when connecting Microtik hAP?
In one of the shopping centers, when the tenant connects Microtika hAP to the local network (the Internet provider provides a connection through the network equipment of the shopping center), the storey HP Aruba stops responding, thereby depriving the entire floor of the shopping center of access to the Internet. A laptop connected to the same port does not have this effect. The administrator of the shopping center said that the problem is in Mikrotik, "there is probably a software loop", without specifying the details. What can Aruba not like about Mikrotik? Mikrotik cofing below.
eth1 - the Internet is connected through a small router with a 3G modem giving DHCP
eth2 - provider. when connecting to this port, go to the
eth3-5 shopping center network - LAN
There is no balancing. Right at this config, the storey switch stops working. (Admins of the shopping center lose contact with it. When the link is disconnected, everything is restored in a minute)
only two VPN tunnels were cut out of the configuration (openVPN and SSTP)
/interface bridge
add name=bridge-LAN
add fast-forward=no name=bridge-WAN1
add fast-forward=no name=bridge-WAN2
/interface ethernet
set [ find default-name=ether2 ] l2mtu=1598 mac-address=CC:2D:E0:BB:A9:98 \
name=ether1 speed=1Gbps
set [ find default-name=ether3 ] l2mtu=1598 mac-address=CC:2D:E0:BB:A9:99 \
name=ether2 speed=1Gbps
set [ find default-name=ether4 ] l2mtu=1598 mac-address=CC:2D:E0:BB:A9:9A \
name=ether3 speed=1Gbps
set [ find default-name=ether5 ] l2mtu=1598 mac-address=CC:2D:E0:BB:A9:9B \
name=ether4 speed=1Gbps
set [ find default-name=ether1 ] name=ether6
/interface ethernet switch port
set 0 default-vlan-id=auto vlan-mode=disabled
set 1 default-vlan-id=auto vlan-mode=disabled
set 2 default-vlan-id=auto vlan-mode=disabled
set 3 default-vlan-id=auto vlan-mode=disabled
set 5 default-vlan-id=auto vlan-mode=disabled
/interface list
add name=WAN
add name=LAN
add name=WAN2
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key=password wpa2-pre-shared-key=password
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=dhcp ranges=192.168.18.3-192.168.18.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge-LAN name=dhcp2
/interface bridge port
add bridge=bridge-LAN interface=ether3
add bridge=bridge-LAN interface=ether4
add bridge=bridge-LAN interface=ether5
add bridge=bridge-LAN interface=sfp1
add bridge=bridge-LAN interface=wlan2
add bridge=bridge-LAN interface=wlan1
add bridge=bridge-WAN1 interface=ether1
add bridge=bridge-WAN2 interface=ether2
/interface list member
add interface=ether1 list=WAN
add interface=ether2 list=WAN2
add interface=ether3 list=LAN
add interface=ether4 list=LAN
add interface=ether5 list=LAN
add interface=sfp1 list=LAN
add interface=wlan2 list=LAN
add interface=wlan1 list=LAN
add interface=bridge-LAN list=LAN
/ip address
add address=192.168.18.1/24 interface=ether3 network=192.168.18.0
add address=7.7.7.6/30 interface=ether2 network=7.7.7.4
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=ether1
/ip dhcp-server network
add address=192.168.18.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.18.1 netmask=24
/ip dns
set servers=8.8.8.8,8.8.4.4
/ip firewall filter
add action=accept chain=input protocol=icmp
add action=accept chain=input connection-state=established
add action=accept chain=input connection-state=related
add action=accept chain=input connection-state=new in-interface=bridge-LAN src-address=192.168.18.0/24
add action=drop chain=forward connection-state=invalid
add action=drop chain=input in-interface-list=!LAN
/ip firewall nat
add action=masquerade chain=srcnat out-interface=bridge-WAN1
/ip firewall service-port
set sip disabled=yes
/ip route
add disabled=yes distance=1 gateway=7.7.7.5
/ip service
set telnet disabled=yes
set ftp disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/system clock
set time-zone-name=Europe/Moscow
/system identity
set name=MikroTik
/system routerboard settings
set silent-boot=no
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
Answer the question
In order to leave comments, you need to log in
and what for bridges on links with providers?
remove them and your stp from the provider network)
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question