Bonjour nscheffer,
Voici un export de ma conf. Merci énormément pour ton aide.
Nico
# jan/02/1970 01:09:38 by RouterOS 7.3beta37
# software id = QAL9-GJXC
#
# model = CRS305-1G-4S+
# serial number = B9XXXXXXXXXX
/interface bridge
add name=br-wan
/interface ethernet
set [ find default-name=ether1 ] advertise="10M-half,10M-full,100M-half,100M-f\
ull,1000M-half,1000M-full,10000M-full,2500M-full" comment=LAN name=\
ether1-LAN
set [ find default-name=sfp-sfpplus1 ] advertise=\
1000M-full,10000M-full,2500M-full auto-negotiation=no comment=\
WAN-ONU-2500GBaseX name=ether1-WAN speed=2.5Gbps
set [ find default-name=sfp-sfpplus2 ] disabled=yes
set [ find default-name=sfp-sfpplus3 ] disabled=yes
set [ find default-name=sfp-sfpplus4 ] disabled=yes
/interface vlan
add comment="Internet ONT" interface=ether1-WAN loop-protect-disable-time=0s \
loop-protect-send-interval=1s name=vlan832-internet vlan-id=832
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip dhcp-client option
add code=60 name=vendor-class-identifier value=0x736167656d
add code=77 name=userclass value="0x2b46535644534c5f6c697665626f782e496e746572\
6e65742e736f66746174686f6d652e4c697665626f7834"
add code=90 name=authsend value="0x00000000000000000000001a0900000558010341010\
d6674692f793378686879783c12344359316f73455f72302c2f7e494d430313406c08b22ce\
d67c3b7XXXXXXXXXXXXXX"
/ip pool
add name=pool_lan ranges=192.168.1.100-192.168.1.200
/ip dhcp-server
add address-pool=pool_lan interface=ether1-LAN lease-time=1w name=LAN
/port
set 0 name=serial0
/queue interface
set ether1-LAN queue=ethernet-default
set ether1-WAN queue=ethernet-default
/interface bridge filter
add action=set-priority chain=output dst-port=67 ip-protocol=udp log=yes \
log-prefix="Set CoS6 on DHCP request" mac-protocol=ip new-priority=6 \
out-interface=vlan832-internet passthrough=yes
/interface bridge port
add bridge=*6 comment=defconf interface=ether1-LAN
add bridge=*6 comment=defconf interface=ether1-WAN
add bridge=*6 comment=defconf interface=sfp-sfpplus2
add bridge=*6 comment=defconf interface=sfp-sfpplus3
add bridge=*6 comment=defconf interface=sfp-sfpplus4
add bridge=br-wan interface=vlan832-internet
/ip address
add address=192.168.88.1/24 comment=defconf interface=*6 network=192.168.88.0
add address=192.168.88.1/24 comment=defconf interface=ether1-LAN network=\
192.168.88.0
add address=192.168.1.1/24 interface=ether1-LAN network=192.168.1.0
/ip dhcp-client
add dhcp-options=hostname,clientid,authsend,userclass,vendor-class-identifier \
interface=br-wan
/ip dhcp-server network
add address=192.168.1.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.1.1 \
netmask=24
/ip firewall address-list
add address=192.168.1.0/24 list=support
add address=192.168.88.0/24 list=support
add address=0.0.0.0/8 comment="Self-Identification [RFC 3330]" list=bogons
add address=10.0.0.0/8 comment="Private[RFC 1918] - CLASS A" disabled=yes \
list=bogons
add address=127.0.0.0/16 comment="Loopback [RFC 3330]" list=bogons
add address=169.254.0.0/16 comment="Link Local [RFC 3330]" list=bogons
add address=172.16.0.0/12 comment="Private[RFC 1918] - CLASS B" disabled=yes \
list=bogons
add address=192.168.0.0/16 comment="Private[RFC 1918] - CLASS C" disabled=yes \
list=bogons
add address=192.0.2.0/24 comment="Reserved - IANA - TestNet1" list=bogons
add address=192.88.99.0/24 comment="6to4 Relay Anycast [RFC 3068]" list=\
bogons
add address=198.18.0.0/15 comment="NIDB Testing" list=bogons
add address=198.51.100.0/24 comment="Reserved - IANA - TestNet2" list=bogons
add address=203.0.113.0/24 comment="Reserved - IANA - TestNet3" list=bogons
/ip firewall filter
add action=add-src-to-address-list address-list=Syn_Flooder \
address-list-timeout=30m chain=input comment=\
"Add Syn Flood IP to the list" connection-limit=30,32 protocol=tcp \
tcp-flags=syn
add action=drop chain=input comment="Drop to syn flood list" \
src-address-list=Syn_Flooder
add action=add-src-to-address-list address-list=Port_Scanner \
address-list-timeout=1w chain=input comment="Port Scanner Detect" \
protocol=tcp psd=21,3s,3,1
add action=drop chain=input comment="Drop to port scan list" \
src-address-list=Port_Scanner
add action=jump chain=input comment="Jump for icmp input flow" jump-target=\
ICMP protocol=icmp
add action=jump chain=forward comment="Jump for icmp forward flow" \
jump-target=ICMP protocol=icmp
add action=drop chain=forward comment="Drop to bogon list" dst-address-list=\
bogons
add action=add-src-to-address-list address-list=spammers \
address-list-timeout=3h chain=forward comment=\
"Add Spammers to the list for 3 hours" connection-limit=30,32 dst-port=\
25,587 limit=30/1m,0:packet protocol=tcp
add action=drop chain=forward comment="Avoid spammers action" dst-port=25,587 \
protocol=tcp src-address-list=spammers
add action=accept chain=input comment="Accept DNS - UDP" port=53 protocol=udp
add action=accept chain=input comment="Accept DNS - TCP" port=53 protocol=tcp
add action=accept chain=input comment="Accept to established connections" \
connection-state=established
add action=accept chain=input comment="Accept to related connections" \
connection-state=related
add action=accept chain=input comment="Full access to SUPPORT address list" \
src-address-list=support
add action=accept chain=ICMP comment="Echo request - Avoiding Ping Flood" \
icmp-options=8:0 limit=1,5:packet protocol=icmp
add action=accept chain=ICMP comment="Echo reply" icmp-options=0:0 protocol=\
icmp
add action=accept chain=ICMP comment="Time Exceeded" icmp-options=11:0 \
protocol=icmp
add action=accept chain=ICMP comment="Destination unreachable" icmp-options=\
3:0-1 protocol=icmp
add action=accept chain=ICMP comment=PMTUD icmp-options=3:4 protocol=icmp
add action=drop chain=ICMP comment="Drop to the other ICMPs" protocol=icmp
add action=jump chain=output comment="Jump for icmp output" jump-target=ICMP \
protocol=icmp
/ip firewall nat
add action=masquerade chain=srcnat out-interface=br-wan to-addresses=0.0.0.0
/system clock
set time-zone-name=Europe/Paris
/system routerboard settings
set boot-os=router-os
/tool sniffer
set file-name=br-wan.log filter-interface=br-wan
Bonsoir @Nico2888,
Dans ta conf je ne vois pas l'option 61 dans la partie DHCP client options. Je suis dans le 78 avec un OLT Alcatel, mes deux box envoient l'option 61 et je fais pareil sans les Box. J'ai par contre pas encore fait le test sans.
Quelques vérifications :
- ton ONT est bien en O5 ?
- si tu mets le ports en Auto (sans le forcer en 2.5Gbps) il va négocier en 1Gbps est ce que ca marche ?
- sans les règles du Firewall, est que le WAN récupère une IPv 4?
Déjà quelques pistes pour investiguer...