I have some suggestions that the reboot is due to overheating of the processor, the frequency is once every 3-4 days...
Can this be real? Hap ax3 has 1GB of RAM.This is probably true-memory overflow, and subsequent reboot in order to clear it (at the moment, the rest of the memory is 30-35 MB)
It turns out that it is possible, and most likely the manufacturer himself cannot say why this is happening. For the sake of experiment, I rebooted the router-650 MB of memory, after 3-4 days there will be 25-35 MB left, and so on, judging by the logs. The most interesting thing is that in hAPac for 6 years I didn't even know about such a problem, apparently v7 turned out to have a huge bunch of problems and glitches.Can this be real? Hap ax3 has 1GB of RAM.This is probably true-memory overflow, and subsequent reboot in order to clear it (at the moment, the rest of the memory is 30-35 MB)
# 2024-03-29 18:36:08 by RouterOS 7.14.2
# software id = DUKC-5YI2
#
# model = C53UiG+5HPaxD2HPaxD
# serial number = HEX091TBKZQ
/interface bridge
add name=bridge1
/interface ethernet
set [ find default-name=ether1 ] comment="cAP AX+Synology"
set [ find default-name=ether2 ] comment=WAN
set [ find default-name=ether3 ] comment="Samsung TV"
set [ find default-name=ether4 ] comment="Zhenyulka "
set [ find default-name=ether5 ] comment=Holl
/interface list
add name=WAN
add name=LAN
/interface wifi channel
add band=5ghz-ax disabled=no frequency=\
5180,5320,5240,5725,5850,5955,6115,6295,6575,6815,7015,7100,7155,7195 \
name=channel1_5 skip-dfs-channels=all width=20/40/80mhz
add band=2ghz-n disabled=no frequency=2412,2437,2452,2472 name=channel2_2.4 \
skip-dfs-channels=all width=20mhz
/interface wifi configuration
add channel=channel2_2.4 country=Russia disabled=no mode=ap name=cfg2_2.4 \
security.ft=yes ssid=MikroTik_2.4 tx-power=15
/interface wifi datapath
add bridge=bridge1 disabled=no name=datapath1
/interface wifi configuration
add country=Russia datapath=datapath1 datapath.bridge=bridge1 disabled=no \
mode=ap name=cfg1_5 security.ft=yes ssid=MikroTik_5 tx-power=15
/interface wifi security
add authentication-types=wpa2-psk,wpa3-psk disable-pmkid=no disabled=no \
encryption="" ft=yes group-encryption=ccmp group-key-update=30m \
management-protection=allowed name=sec1_5
add authentication-types=wpa-psk,wpa2-psk disable-pmkid=no disabled=no \
encryption="" ft=no group-encryption=ccmp group-key-update=30m \
management-protection=allowed name=sec2_2
/interface wifi
add channel=channel1_5 configuration=cfg1_5 configuration.mode=ap .tx-power=\
15 datapath=datapath1 disabled=no name=cap-wifi1_5 radio-mac=\
48:A9:8A:C5:3B:7A security=sec1_5 security.ft=yes
add channel=channel2_2.4 configuration=cfg2_2.4 configuration.mode=ap \
datapath=datapath1 disabled=no name=cap-wifi2_2.4 radio-mac=\
48:A9:8A:C5:3B:7B security=sec2_2 security.ft=yes
set [ find default-name=wifi1 ] channel=channel1_5 configuration=cfg1_5 \
configuration.mode=ap datapath=datapath1 disabled=no name=wifi1_5 \
security=sec1_5 security.ft=yes
set [ find default-name=wifi2 ] channel=channel2_2.4 configuration=cfg2_2.4 \
configuration.mode=ap datapath=datapath1 disabled=no name=wifi2_2.4 \
security=sec2_2 security.ft=yes
/ip kid-control
add fri=0s-1d mon=0s-1d name=system-dummy sat=0s-1d sun=0s-1d thu=0s-1d tue=\
0s-1d tur-fri=0s-1d tur-mon=0s-1d tur-sat=0s-1d tur-sun=0s-1d tur-thu=\
0s-1d tur-tue=0s-1d tur-wed=0s-1d wed=0s-1d
/ip pool
add name=dhcp_pool1 ranges=192.168.1.2-192.168.1.35
/ip dhcp-server
add add-arp=yes address-pool=dhcp_pool1 interface=bridge1 lease-time=1h name=\
dhcp1
/ip smb users
set [ find default=yes ] disabled=yes
/system logging action
add disk-file-name=usb1/log disk-lines-per-file=2000 name=usb1 target=disk
/interface bridge port
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
add bridge=bridge1 interface=wifi1_5
add bridge=bridge1 interface=wifi2_2.4
/ip firewall connection tracking
set tcp-established-timeout=15m
/interface detect-internet
set detect-interface-list=all
/interface list member
add interface=ether2 list=WAN
add interface=bridge1 list=LAN
/interface wifi access-list
add action=accept comment="Honor Magic4 Pro " disabled=no interface=any \
mac-address=68:A7:B4:18:F8:1C
add action=accept comment="OnePlus 10 Pro" disabled=no interface=any \
mac-address=48:74:12:BF:18:87
add action=accept comment="Yandex Station 1" disabled=no interface=\
cap-wifi2_2.4 mac-address=B8:87:6E:83:41:00
add action=accept comment="Polaris PWK 1725CGLD" disabled=no interface=\
wifi2_2.4 mac-address=82:64:6F:A9:2D:8F
add action=accept comment="Lamp 2" disabled=no interface=cap-wifi2_2.4 \
mac-address=A0:92:08:37:3A:39
add action=accept comment="Grundig TV" disabled=no interface=wifi1_5 \
mac-address=BC:6B:FF:D8:74:E3
add action=accept comment="Lamp 1" disabled=no interface=cap-wifi2_2.4 \
mac-address=A0:92:08:37:8E:55
add action=accept comment="HONOR Choice Robot Cleaner R2+" disabled=no \
interface=any mac-address=20:67:E0:76:A8:9C
add action=accept comment="Rozetka Smart Life" disabled=no interface=\
cap-wifi2_2.4 mac-address=C4:82:E1:2C:93:AC
add action=accept comment="Huawei mate 20X" disabled=no interface=any \
mac-address=48:3F:E9:66:62:EB
add action=accept comment="Yandex Station 2" disabled=no interface=wifi2_2.4 \
mac-address=3C:0B:4F:E6:A7:B4
add action=accept comment="Xiaomi Mi Box S Gen 2" disabled=no interface=\
cap-wifi1_5 mac-address=4C:31:2D:ED:85:FB
add action=accept comment="OnePlus Nord CE 2 Lite 5G" disabled=no interface=\
any mac-address=48:74:12:E6:27:5D
add action=accept comment="Realme C25S" disabled=no interface=any \
mac-address=E4:B5:03:2F:A9:EF
add action=reject comment="Blocking access to the WIFI network" disabled=no \
interface=any
/interface wifi capsman
set ca-certificate=auto certificate=auto enabled=yes package-path="" \
require-peer-certificate=no upgrade-policy=require-same-version
/interface wifi provisioning
add action=create-enabled disabled=no master-configuration=cfg2_2.4 \
name-format=cAP_2_2.4 radio-mac=00:00:00:00:00:00 supported-bands=2ghz-n
add action=create-enabled disabled=no master-configuration=cfg1_5 \
name-format=cAP_1_5 radio-mac=00:00:00:00:00:00 supported-bands=5ghz-ax
/ip address
add address=192.168.1.1/24 interface=bridge1 network=192.168.1.0
/ip cloud
set ddns-enabled=yes ddns-update-interval=30m
/ip cloud advanced
set use-local-address=yes
/ip dhcp-client
add interface=ether2
/ip dhcp-server lease
add address=192.168.1.8 client-id=1:c4:57:6e:75:3:c6 comment="Samsung TV" \
mac-address=C4:57:6E:75:03:C6 server=dhcp1
add address=192.168.1.4 client-id=1:50:e5:49:85:7e:16 comment=\
"Comp Zhenyulka " mac-address=50:E5:49:85:7E:16 server=dhcp1
add address=192.168.1.10 client-id=1:3c:83:75:e3:d4:98 comment=\
"Nokia 435 DS " mac-address=3C:83:75:E3:D4:98 server=dhcp1
add address=192.168.1.12 client-id=1:48:5d:60:66:34:c6 comment="MSI notebook" \
mac-address=48:5D:60:66:34:C6 server=dhcp1
add address=192.168.1.7 client-id=1:7c:a1:77:75:fc:2c comment=\
"Huawei Mate 10" mac-address=7C:A1:77:75:FC:2C server=dhcp1
add address=192.168.1.16 client-id=1:0:11:32:1a:28:cb comment=\
"Synology DS 212J" mac-address=00:11:32:1A:28:CB server=dhcp1
add address=192.168.1.18 client-id=1:b4:52:7d:68:d0:1b comment=\
"Sony Xperia Z" mac-address=B4:52:7D:68:D0:1B server=dhcp1
add address=192.168.1.19 client-id=1:40:61:86:bb:db:38 comment=\
"MSI \ED\EE\F3\F2 (LAN)" mac-address=40:61:86:BB:DB:38 server=dhcp1
add address=192.168.1.20 client-id=1:e0:24:81:45:49:68 comment="Honor 9X" \
mac-address=E0:24:81:45:49:68 server=dhcp1
add address=192.168.1.21 client-id=1:48:3f:e9:66:62:eb comment=\
"Huawei mate 20X" mac-address=48:3F:E9:66:62:EB server=dhcp1
add address=192.168.1.11 client-id=1:f8:1a:67:b6:1a:c8 comment="TP-Link WIFI" \
mac-address=F8:1A:67:B6:1A:C8 server=dhcp1
add address=192.168.1.3 client-id=1:f0:2f:74:cb:72:52 comment="My comp" \
mac-address=F0:2F:74:CB:72:52 server=dhcp1
add address=192.168.1.14 client-id=1:d4:8a:3b:5:a1:59 comment=\
"Xiaomi Mi Box S Gen 1" mac-address=D4:8A:3B:05:A1:59 server=dhcp1
add address=192.168.1.23 client-id=1:f8:e4:3b:c7:dd:b5 comment=\
"Xiaomi Mi Box S (USB-LAN Adapter)" mac-address=F8:E4:3B:C7:DD:B5 server=\
dhcp1
add address=192.168.1.26 comment=Lamp_2 mac-address=A0:92:08:37:3A:39 server=\
dhcp1
add address=192.168.1.25 comment=Lamp_1 mac-address=A0:92:08:37:8E:55 server=\
dhcp1
add address=192.168.1.17 client-id=1:e8:48:b8:f:96:f0 comment=\
"TP-Link Smart Swith" mac-address=E8:48:B8:0F:96:F0 server=dhcp1
add address=192.168.1.27 client-id=1:b2:4c:ca:8d:a2:33 comment=\
"Google Pixel 6 Pro" mac-address=B2:4C:CA:8D:A2:33 server=dhcp1
add address=192.168.1.5 client-id=1:68:a7:b4:18:f8:1c comment=\
"Honor magic 4 Pro" mac-address=68:A7:B4:18:F8:1C server=dhcp1
add address=192.168.1.24 client-id=\
ff:6e:83:41:0:0:1:0:1:c7:92:bc:88:b8:87:6e:83:41:0 comment=\
"Yandex Station 1" mac-address=B8:87:6E:83:41:00 server=dhcp1
add address=192.168.1.29 comment="Polaris PWK 1725CGLD" mac-address=\
82:64:6F:A9:2D:8F server=dhcp1
add address=192.168.1.9 comment="Rozetka Smart life" mac-address=\
C4:82:E1:2C:93:AC server=dhcp1
add address=192.168.1.13 client-id=1:48:74:12:bf:18:87 comment=\
OnePlus-10-Pro-5G mac-address=48:74:12:BF:18:87 server=dhcp1
add address=192.168.1.31 client-id=1:bc:6b:ff:d8:74:e3 comment="Grundig TV" \
mac-address=BC:6B:FF:D8:74:E3 server=dhcp1
add address=192.168.1.2 client-id=1:48:a9:8a:c5:3b:78 comment=\
"Mikrotik cAP ax" mac-address=48:A9:8A:C5:3B:78 server=dhcp1 use-src-mac=\
yes
add address=192.168.1.28 comment="HONOR Choice Robot Cleaner R2 Plus " \
mac-address=20:67:E0:76:A8:9C server=dhcp1
add address=192.168.1.6 client-id=\
ff:4f:e6:a7:b4:0:1:0:1:c7:92:bc:86:3c:b:5f:e6:a7:b4 comment=\
"Yandex Station 2" mac-address=3C:0B:4F:E6:A7:B4 server=dhcp1
add address=192.168.1.30 client-id=1:4c:31:2d:ed:85:fb comment=\
"Xiaomi Mi Box S Gen 2" mac-address=4C:31:2D:ED:85:FB server=dhcp1
add address=192.168.1.22 client-id=1:e4:b5:3:2f:a9:ef comment="Realme C25S" \
mac-address=E4:B5:03:2F:A9:EF server=dhcp1
add address=192.168.1.15 client-id=1:48:74:12:e6:27:5d comment=\
"OnePlus Nord CE 2 Lite 5G" mac-address=48:74:12:E6:27:5D server=dhcp1
/ip dhcp-server network
add address=192.168.1.0/24 gateway=192.168.1.1
/ip dns
set allow-remote-requests=yes cache-max-ttl=1d
/ip firewall address-list
add list=ftp_blacklist
add address=109.195.96.1 list=DNSServers
add address=5.3.3.3 list=DNSServers
/ip firewall filter
add action=fasttrack-connection chain=forward comment="FastTrack Connection" \
connection-state=established,related hw-offload=yes
add action=fasttrack-connection chain=forward hw-offload=yes in-interface=\
bridge1 out-interface=ether2
add action=accept chain=input comment="Allow IGMP" in-interface=ether2 \
protocol=igmp
add action=accept chain=forward comment="IPTV UDP forwarding" dst-port=1234 \
protocol=udp
add action=drop chain=input comment="Drop hackers" in-interface-list=WAN \
src-address-list=BlackLis
add action=drop chain=input dst-port=53 in-interface=ether2 protocol=udp \
src-address-list="dns spoofing"
add action=drop chain=input comment="drop ftp brute forcers" dst-port=\
21,55536-55537 protocol=tcp src-address-list=ftp_blacklist
add action=drop chain=input src-address-list="Scanner Port"
add action=accept chain=input protocol=icmp
add action=accept chain=input connection-state=established
add action=accept chain=input connection-state=related
add action=accept chain=input comment="Dostup snarugy" dst-port=8291 \
protocol=tcp
add action=accept chain=input comment="allow IPsec NAT" dst-port=4500 \
protocol=udp
add action=accept chain=input comment="allow IKE" dst-port=500 protocol=udp
add action=accept chain=input comment="allow l2tp" dst-port=1701 protocol=udp
add action=accept chain=input comment="allow pptp" dst-port=1723 protocol=tcp
add action=accept chain=input comment="allow sstp" dst-port=443 protocol=tcp
add action=accept chain=input connection-state=established,related
add action=accept chain=forward connection-state=established,related
add action=accept chain=input in-interface=ether2 limit=50/5s,2:packet \
protocol=icmp
add action=accept chain=forward dst-port=80 in-interface=ether2 protocol=tcp
add action=accept chain=output content="530 Login incorrect" dst-limit=\
1/1m,9,dst-address/1m protocol=tcp
add action=drop chain=forward connection-state=established,related \
in-interface=ether2 out-interface=bridge1
add action=drop chain=forward connection-state=invalid
add action=drop chain=input connection-state=invalid
add action=drop chain=forward connection-state=invalid
add action=add-dst-to-address-list address-list=ftp_blacklist \
address-list-timeout=4w2d chain=output content="530 Login incorrect" \
protocol=tcp
add action=add-src-to-address-list address-list="dns spoofing" \
address-list-timeout=2h chain=input dst-port=53 in-interface=ether2 \
protocol=udp
add action=add-src-to-address-list address-list=BlackList chain=input \
comment="DDoS DNS" in-interface-list=WAN protocol=udp src-address-list=\
!DNSServers src-port=53
add action=add-src-to-address-list address-list=BlackList chain=input \
comment="Drop external DNS connections" dst-port=53 in-interface-list=WAN \
protocol=udp
add action=add-src-to-address-list address-list=BlackList chain=input \
comment="Drop external DNS connections" dst-port=53 in-interface-list=WAN \
protocol=tcp
add action=accept chain=input comment=NTP-Allow dst-port=123 protocol=udp
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether2
add action=dst-nat chain=dstnat dst-port=55536-55537 in-interface=ether2 log=\
yes protocol=tcp to-addresses=192.168.1.16 to-ports=55536-55537
add action=dst-nat chain=dstnat dst-port=212 in-interface=ether2 log=yes \
protocol=tcp to-addresses=192.168.1.16 to-ports=212
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ip smb shares
set [ find default=yes ] directory=/pub
/ipv6 dhcp-client
add interface=ether2 pool-name=ipv6-pool request=address,prefix
/system clock
set time-zone-name=Asia/Astana
/system identity
set name="MikroTik hAP AX^3"
/system logging
set 0 action=usb1
set 1 action=usb1
set 2 action=usb1
set 3 action=usb1
/system note
set show-at-login=no
/system ntp client
set enabled=yes
/system ntp server
set enabled=yes manycast=yes multicast=yes
/system ntp client servers
add address=ntp0.ntp-servers.net
add address=ntp2.ntp-servers.net
add address=ntp6.ntp-servers.net
/system routerboard settings
set auto-upgrade=yes
/tool romon
set enabled=yes