my opinion - something is really wrong with your setup, or hardware. it's not normal that you are the only one with problems all the time.
May be I'm the one wining more than some others. But following this thread I read that I'm not the only one
with problems:
> The problems in the bridge mode RB433AH been fixed?
> I disable snmp and random lockups stop
> Found another nv2 bug I could not fix. When I downgraded to 5.4 all my customers were stable
> some snmp problems.
My setup is quite simple and always the same on some hundred cpes. Find config below.
In short it does DHCP Server on LAN, NAT and gets an IP on wlan1.
AP bridges wlan1 and ether1. CPE gets wlan IP from Routerboard to which the AP is connected
on ether1 (RB450G, RB1100, ...).
When I do lab testing I take an AP, CPE from the shelf, update to the newest version (including FW),
connect my LAP to the CPE the AP to my office LAN, do bandwidth tests and use this connection for
a while for emailing/surfing/.. to see how it behaves. To see interference behavior I start a second
AP in some distance on the same/nearby channel with different power levels and watch what happens
while doing bandwidth tests.
So nothing special here.
I just post my observations ...
Why I am whining: Crashing CPEs would give me a crazy lot of phone calls and a really bad time.
May be it's a hardware fault but it is not likely as I took the same CPE for my last tests
without crashing.
To make it clear: ROS is the best system building a Wisp and I like it very much. I dont want
to talk it down. I am happy if someone on the list warns on things that dont work so he
saves me the time running into the same problems.
So what I wanted to say: I dont think 5.7 is ready for prime time now.
############ CPE Config #######
/ interface wireless security-profiles
add name="security" mode=dynamic-keys authentication-types=wpa2-psk \
unicast-ciphers=aes-ccm group-ciphers=aes-ccm wpa-pre-shared-key="" \
wpa2-pre-shared-key="xxxxxx"\
eap-methods=passthrough tls-mode=no-certificates \
tls-certificate=none static-algo-0=none static-key-0="" static-algo-1=none \
static-key-1="" static-algo-2=none static-key-2="" static-algo-3=none \
static-key-3="" static-transmit-key=key-0 static-sta-private-algo=none \
static-sta-private-key="" radius-mac-authentication=no group-key-update=5m
/interface wireless
set 0 adaptive-noise-immunity=none allow-sharedkey=no \
antenna-gain=18 area="" arp=enabled band=5ghz-a/n basic-rates-a/g=6Mbps \
basic-rates-b=1Mbps comment="" compression=no country=germany \
default-ap-tx-limit=0 default-authentication=yes default-client-tx-limit=\
0 default-forwarding=yes dfs-mode=radar-detect disable-running-check=no disabled=\
no disconnect-timeout=3s frame-lifetime=0 frequency=5180 frequency-mode=\
regulatory-domain hide-ssid=no ht-ampdu-priorities=0 ht-amsdu-limit=8192 \
ht-amsdu-threshold=8192 ht-basic-mcs=\
mcs-0,mcs-1,mcs-2,mcs-3,mcs-4,mcs-5,mcs-6,mcs-7 ht-extension-channel=\
above-control ht-guard-interval=any ht-rxchains=0 ht-supported-mcs="mcs-0,\
mcs-1,mcs-2,mcs-3,mcs-4,mcs-5,mcs-6,mcs-7,mcs-8,mcs-9,mcs-10,mcs-11,mcs-12\
,mcs-13,mcs-14,mcs-15" ht-txchains=0 hw-fragmentation-threshold=disabled \
hw-protection-mode=none hw-retries=8 \
l2mtu=2290 mode=\
station mtu=1500 name=wlan1 on-fail-retry-time=100ms \
periodic-calibration=default periodic-calibration-interval=60 \
preamble-mode=both proprietary-extensions=post-2.9.25 \
rate-set=default scan-list=default security-profile=security ssid=myssid \
station-bridge-clone-mac=00:00:00:00:00:00 supported-rates-a/g=\
6Mbps,9Mbps,12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps supported-rates-b=\
1Mbps,2Mbps,5.5Mbps,11Mbps tx-power-mode=default update-stats-interval=\
disabled wds-cost-range=50-150 wds-default-bridge=none wds-default-cost=\
100 wds-ignore-ssid=no wds-mode=disabled wmm-support=disabled\
wireless-protocol=any nv2-security=enabled nv2-preshared-key=\
xxxxxxx
/ ip pool
add name="home" ranges=192.168.0.2-192.168.0.254
/ ip upnp
set enabled=yes allow-disable-external-interface=no show-dummy-rule=yes
/ ip upnp interfaces
add interface=ether1 type=internal disabled=no
add interface=wlan1 type=external disabled=no
/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB \
max-udp-packet-size=512 servers=x.x.x.x,y.y.y.y
/ip address print
/ip address remove 0
/ ip address
add address=192.168.0.1/24 network=192.168.0.0 broadcast=192.168.0.255 \
interface=ether1 comment="" disabled=no
/ ip neighbor discovery
set ether1 discover=yes
set wlan1 discover=yes
/ip firewall nat
add action=dst-nat chain=dstnat comment=\
"phone" disabled=yes \
dst-port=5004-5009,5060-5069,7077-7087,10000 in-interface=wlan1 protocol=\
udp to-addresses=192.168.0.254
add action=masquerade chain=srcnat comment="" disabled=no out-interface=wlan1
/ ip firewall filter
add chain=input action=accept src-address=192.168.0.0/16 comment="" \
disabled=no
add chain=input action=accept src-address=213.185.128.0/19 comment="" \
disabled=no
add chain=input action=drop comment="" disabled=no
/ ip firewall service-port
set ftp ports=21 disabled=no
set tftp ports=69 disabled=no
设置irc端口= 6667残疾人= no
set h323 disabled=yes
set quake3 disabled=no
set gre disabled=yes
set pptp disabled=yes
/ ip firewall connection tracking
set enabled=yes tcp-syn-sent-timeout=5s tcp-syn-received-timeout=5s \
tcp-established-timeout=1d tcp-fin-wait-timeout=10s \
tcp-close-wait-timeout=10s tcp-last-ack-timeout=10s \
tcp-time-wait-timeout=10s tcp-close-timeout=10s udp-timeout=10s \
udp-stream-timeout=3m icmp-timeout=10s generic-timeout=10m \
tcp-syncookie=no
/ ip dhcp-client
add interface=wlan1 add-default-route=yes use-peer-dns=yes use-peer-ntp=yes \
comment="" disabled=no
/ ip dhcp-server
add name="server1" interface=ether1 lease-time=3d address-pool=home \
bootp-support=static authoritative=yes disabled=no
/ ip dhcp-server config
set store-leases-disk=5m
/ ip dhcp-server lease
/ ip dhcp-server network
add address=192.168.0.0/24 comment="" dns-server=192.168.0.1 \
gateway=192.168.0.1 netmask=24
# access for tool
/ip service enable api
/user group add name="apigroup" policy="read,winbox"
/user add name="apiuser" group="apigroup" password="xxxxx"
/ip firewall filter add chain=input protocol=tcp dst-port=8728 \
in-interface=!ether1 action=drop place-before=0
#
# Detect Fritzbox
#
/system scheduler
add comment="" disabled=no interval=0s name=fritzSchedule on-event=fritz \
policy=reboot start-time=startup
/system script
add name=fritz policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\
{\r\
\n:delay 10s;\r\
\n:local avmMacAdr [:toarray (\"00:04:0E\",\"00:15:0C\",\"00:1A:4F\",\"00:\
1C:4A\",\"00:1F:3F\", \"00:24:FE\",\"BC:05:43\")]; \r\
\n:local isFritz \"false\";\r\
\n\r\
\n#a sagt wieviele dyn. und eventuelle FritzBox Eintraege es gibt\r\
\n#b wieviele stat. FritzBox Eintraege es gibt\r\
\n:local a [/ip dhcp-server lease print count-only where host-name~\"Fritz\
|fritz\" and dynamic=yes];\r\
\n:local b [/ip dhcp-server lease print count-only where dynamic=no and co\
mment~\"FritzBox\"];\r\
\n\r\
\n\r\
\n:log info \"Es gibt \$a dynamische Leases namens Fritz\";\r\
\n:log info \"Es gibt \$b statische Leases namens Fritz\";\r\
\n########################################################################\
###################################################\r\
\nif (\$a>1) do={:log info \"Script wird beendet, da mind. zwei FritzBox G\
eraete angesteckt sind\"} else={\r\
\n########################################################################\
###################################################\r\
\nif (\$a=1 and \$b=1) do={:log info \"1 statisch eingetragene FritzBox vo\
rhanden, sowie ein weiterer Fritz Host-Name -> Eventuell wird FritzBox get\
ausch\";\r\
\n:local mac [/ip dhcp-server lease get [find host-name~\"Fritz|fritz\" an\
d dynamic=yes] mac-address]; :put \$mac;\r\
\n\r\
\n\r\
\n:local submac [:pick \$mac 0 8];\r\
\n\r\
\n#falls die Mac Adresse des Hosts im avmMacAdr Array vorkommt -> setze is\
Fritz auf true\r\
\n\r\
\n:for i from=0 to=([:len \$avmMacAdr]-1) do={ :if (\$submac=[:pick \$avmM\
acAdr \$i]) do={:set isFritz \"true\"}}\r\
\n\r\
\n:if (\$isFritz!=\"true\") do={:put \"Keine Fritzbox, lediglich Username \
Fritz -> exit\"} else={\r\
\n:log info \"Erstelle NAT-Regel fuer FritzBox!\";\r\
\n\r\
\n#loesche nun statischen DHCP-Server Lease und NAT-Rule der vorherigen Fr\
itzBox\r\
\n:local oldMac [/ip dhcp-server lease get [find comment~\"FritzBox\" and \
dynamic=no] mac-address]; \r\
\n\r\
\n#finde den alten NAT sowie DHCP Lease Eintrag anhand der MAC-Adresse des\
\_alten Geraets, welche als Kommentar mit angegeben wurde und loesche dies\
e\r\
\n/ip firewall nat remove [find comment~\"\$oldMac\"];\r\
\n/ip dhcp-server lease remove [find comment~\"\$oldMac\"];\r\
\n\r\
\n\r\
\n#Mache neue FritzBox statisch und setze einen Kommentar versehen mit der\
\_MAC-Adresse\r\
\n/ip dhcp-server lease make-static [/ip dhcp-server lease find host-name~\
\"Fritz|fritz\" and dynamic=yes];\r\
\n/ip dhcp-server lease comment [find host-name~\"Fritz|fritz\"] \"\$mac -\
> statisch FritzBox\";\r\
\n\r\
\n#erstelle NAT Regel \r\
\n:local q [/ip dhcp-server lease get [find host-name~\"Fritz|fritz\" and \
comment~\"\$mac\"] address]; \r\
\n/ip firewall nat add chain=dstnat action=dst-nat to-addresses=\$q to-por\
ts=0 protocol=tcp in-interface=wlan1 dst-port=!8291 comment=\"\$mac NAT-Ru\
le FritzBox\";\r\
\n}\r\
\n}\r\
\n########################################################################\
####################################################\r\
\nif (\$a=1 and \$b=0) do={:log info \"Fritz Host-Name als dynamischer DHC\
P Lease vorhanden -> schaue ob FritzBox\";\r\
\n\r\
\n:local mac [/ip dhcp-server lease get [find host-name~\"Fritz|fritz\" an\
d dynamic=yes] mac-address]; :put \$mac;\r\
\n:local submac [:pick \$mac 0 8];\r\
\n\r\
\n#falls die Mac Adresse des Hosts im avmMacAdr Array vorkommt -> setze is\
Fritz auf true\r\
\n\r\
\n:for i from=0 to=([:len \$avmMacAdr]-1) do={ :if (\$submac=[:pick \$avmM\
acAdr \$i]) do={:set isFritz \"true\"}}\r\
\n\r\
\n:if (\$isFritz!=\"true\") do={:put \"Keine Fritzbox, sondern lediglich U\
sername Fritz -> exit\"} else={\r\
\n:log info \"FritzBox vorhanden -> Erstelle NAT-Regel fuer FritzBox!\";\r\
\n\r\
\n:local natRule [/ip firewall nat print count-only where comment~\"\$mac\
\"];\r\
\n:if (\$natRule>0) do={:log info \"NAT-Regel bereits vorhanden\" } else={\
\r\
\n\r\
\n#mache FritzBox statisch\r\
\n:local d [/ip dhcp-server lease get [find host-name~\"Fritz|fritz\" and \
dynamic=yes] address];\r\
\n/ip dhcp-server lease make-static [/ip dhcp-server lease find address=\$\
d and dynamic=yes];\r\
\n/ip dhcp-server lease comment [find host-name~\"Fritz|fritz\"] \"\$mac -\
> statisch FritzBox\";\r\
\n\r\
\n/ip firewall nat add chain=dstnat action=dst-nat to-addresses=\$d to-por\
ts=0 protocol=tcp in-interface=wlan1 dst-port=!8291 comment=\"\$mac NAT-Ru\
le FritzBox\";\r\
\n/ip firewall nat add chain=dstnat action=dst-nat to-addresses=\$d to-por\
ts=0 protocol=udp in-interface=wlan1 dst-port=!8291 comment=\"\$mac NAT-Ru\
le FritzBox\";\r\
\n\r\
\n########################################################################\
####################################################\r\
\n}\r\
\n}\r\
\n}\r\
\n}\r\
\n}"
# !!!! Change here !!!!
/ interface wireless set wlan1 antenna-gain=18 radio-name="c334"
/ system identity set name="c334"
/interface wireless print
/interface ethernet print
############################