Пропадает линк

Тема в разделе "Общий форум", создана пользователем icewhiteline, 3 дек 2019.

  1. icewhiteline

    icewhiteline Новый участник

    Приветствую!
    С одной стороны mikrotik rb2011, с другой какой-то кинетик.
    Проблема в том, что каждые несколько минут на микротике пропадает линк. Прям вот не горит лампочка.
    В логах сие сопровождается этим:
    info: ether1 link down
    info: ether1 link up (speed 100M, full duplex)

    в чем может быть дело?

    # dec/03/2019 14:19:29 by RouterOS 6.41
    # software id = 0JQZ-B6ER
    #
    # model = 2011UiAS
    # serial number = 724F0626CABF
    /interface bridge
    add fast-forward=no name=bridge1
    add fast-forward=no name=vpn
    /interface ovpn-server
    add name=vd user=vd
    /interface ethernet
    set [ find default-name=ether1 ] loop-protect=on mac-address=E4:8D:8C:3D:D2:7C
    set [ find default-name=ether2 ] loop-protect=on
    set [ find default-name=ether3 ] loop-protect=on
    set [ find default-name=ether4 ] loop-protect=on
    /interface wireless security-profiles
    set [ find default=yes ] supplicant-identity=MikroTik
    /ip dhcp-client option
    add code=55 name=parameter_request_list value=0x01F90321062A
    /ip ipsec policy group
    set [ find default=yes ] name=gruppa
    /ip ipsec proposal
    set [ find default=yes ] disabled=yes enc-algorithms=\
    aes-256-cbc,aes-256-ctr,3des
    /ip pool
    add name=l2tp-pool ranges=172.16.30.3-172.16.30.50
    add name=pool1 ranges=192.168.5.15-192.168.5.254
    /ip dhcp-server
    add address-pool=pool1 disabled=no interface=bridge1 name=server1
    /port
    set 1 baud-rate=9600 data-bits=8 flow-control=none name=usb2 parity=none \
    stop-bits=1
    /ppp profile
    add change-tcp-mss=yes dns-server=192.168.4.4 local-address=10.1.1.1 name=\
    l2tp_profile remote-address=l2tp-pool wins-server=192.168.4.4
    /interface bridge port
    add bridge=vpn interface=*F0000F
    add bridge=vpn interface=*F00014
    add bridge=bridge1 interface=ether3
    add bridge=bridge1 interface=ether4
    add bridge=bridge1 interface=ether2
    /ip neighbor discovery-settings
    set discover-interface-list=none
    /interface l2tp-server server
    set authentication=mschap2 default-profile=l2tp_profile ipsec-secret=\
    *************** use-ipsec=yes
    /interface ovpn-server server
    set auth=sha1 certificate=server cipher=aes256 default-profile=l2tp_profile \
    enabled=yes mode=ethernet port=34568 require-client-certificate=yes
    /interface pptp-server server
    set authentication=mschap2 default-profile=l2tp_profile
    /interface sstp-server server
    set certificate=server default-profile=l2tp_profile verify-client-certificate=\
    yes
    /ip address
    add address=192.168.5.4/24 interface=ether2 network=192.168.5.0
    add address=XX.XX.XX.XX/24 interface=ether1 network=XX.XX.XX.0
    /ip dhcp-client
    add dhcp-options=hostname,clientid disabled=no interface=ether1
    /ip dhcp-server lease
    add address=192.168.5.101 mac-address=00:17:C8:3E:E1:ED
    /ip dhcp-server network
    add address=192.168.5.0/24 dns-server=188.143.128.3 gateway=192.168.5.4 \
    netmask=24
    /ip dns
    set servers=188.143.128.3,188.143.128.53
    /ip firewall filter
    add action=accept chain=input dst-port=48788 protocol=tcp
    add action=accept chain=input protocol=icmp
    add action=accept chain=input connection-state=established
    add action=accept chain=input dst-port=34568 protocol=tcp
    add action=drop chain=input in-interface=ether1
    add action=drop chain=input comment="drop ftp brute forcers" dst-port=21 \
    protocol=tcp src-address-list=ftp_blacklist
    add action=accept chain=output content=" 530 Login incorrect" dst-limit=\
    1/1m,9,dst-address/1m protocol=tcp
    add action=add-dst-to-address-list address-list=ftp_blacklist \
    address-list-timeout=3h chain=output content=" 530 Login incorrect" \
    protocol=tcp
    add action=drop chain=input comment=" drop ssh brute forcers" dst-port=22 \
    protocol=tcp src-address-list=ssh_blacklist
    add action=add-src-to-address-list address-list=ssh_blacklist \
    address-list-timeout=1w3d chain=input comment=" " connection-state=new \
    dst-port=22 protocol=tcp src-address-list=ssh_stage3
    add action=add-src-to-address-list address-list=ssh_stage3 \
    address-list-timeout=1m chain=input comment=" " connection-state=new \
    dst-port=22 protocol=tcp src-address-list=ssh_stage2
    add action=add-src-to-address-list address-list=ssh_stage2 \
    address-list-timeout=1m chain=input comment=" " connection-state=new \
    dst-port=22 protocol=tcp src-address-list=ssh_stage1
    add action=add-src-to-address-list address-list=ssh_stage1 \
    address-list-timeout=1m chain=input comment=" " connection-state=new \
    dst-port=22 protocol=tcp
    add action=drop chain=input comment=" drop telnet brute forcers" dst-port=23 \
    protocol=tcp src-address-list=telnet_blacklist
    add action=add-src-to-address-list address-list=telnet_blacklist \
    address-list-timeout=1w3d chain=input connection-state=new dst-port=23 \
    protocol=tcp src-address-list=telnet_stage3
    add action=add-src-to-address-list address-list=telnet_stage3 \
    address-list-timeout=1m chain=input connection-state=new dst-port=23 \
    protocol=tcp src-address-list=telnet_stage2
    add action=add-src-to-address-list address-list=telnet_stage2 \
    address-list-timeout=1m chain=input connection-state=new dst-port=23 \
    protocol=tcp src-address-list=telnet_stage1
    add action=add-src-to-address-list address-list=telnet_stage1 \
    address-list-timeout=1m chain=input connection-state=new dst-port=23 \
    protocol=tcp
    add action=drop chain=input comment=" drop winbox brute forcers" dst-port=48788 \
    protocol=tcp src-address-list=winbox_blacklist
    add action=add-src-to-address-list address-list=winbox_blacklist \
    address-list-timeout=1w3d chain=input connection-state=new dst-port=48788 \
    protocol=tcp src-address-list=winbox_stage3
    add action=add-src-to-address-list address-list=winbox_stage3 \
    address-list-timeout=1m chain=input connection-state=new dst-port=48788 \
    protocol=tcp src-address-list=winbox_stage2
    add action=add-src-to-address-list address-list=winbox_stage2 \
    address-list-timeout=1m chain=input connection-state=new dst-port=48788 \
    protocol=tcp src-address-list=winbox_stage1
    add action=add-src-to-address-list address-list=winbox_stage1 \
    address-list-timeout=1m chain=input connection-state=new dst-port=48788 \
    protocol=tcp
    /ip firewall nat
    add action=masquerade chain=srcnat out-interface=ether1
    add action=dst-nat chain=dstnat disabled=yes dst-port=54444 in-interface=ether1 \
    protocol=tcp to-addresses=192.168.5.5 to-ports=3389
    add action=dst-nat chain=dstnat disabled=yes dst-port=34567 in-interface=ether1 \
    protocol=tcp to-addresses=192.168.5.8 to-ports=34567
    add action=masquerade chain=srcnat disabled=yes out-interface=ether2
    /ip ipsec policy
    set 0 dst-address=192.168.10.0/24 src-address=10.78.168.109/32
    /ip route
    add distance=1 gateway=188.143.150.1 pref-src=192.168.5.4
    add distance=1 gateway=188.143.150.1 pref-src=0.0.0.0
    add distance=1 dst-address=192.168.5.0/24 gateway=188.143.150.1 pref-src=\
    192.168.5.4
    /ip service
    set telnet disabled=yes
    set ftp disabled=yes
    set www disabled=yes
    set ssh disabled=yes
    set api disabled=yes
    set winbox port=48788
    set api-ssl disabled=yes
    /lcd
    /system clock
    set time-zone-name=Europe/Moscow
    /system logging
    set 0 prefix=info
    add disabled=yes prefix=ipsec topics=!ipsec
    add topics=ovpn
    /system scheduler
    add interval=1d name=reboot on-event="/system reboot" policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-date=jun/21/2019 start-time=08:00:00
    add interval=1d name=reboot2 on-event="/system reboot" policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-date=jun/21/2019 start-time=20:00:00
    /tool mac-server
    set allowed-interface-list=none
    /tool mac-server mac-winbox
    set allowed-interface-list=none
     
  2. Илья Князев

    Илья Князев Администратор Команда форума

    Похоже на аппаратную проблему. Втыкаем вместо Mikrotik любой другой девайс и смотрим за поведением.