Hi,
our switch constantly has 100 percent CPU load, why?
our switch constantly has 100 percent CPU load, why?
Code:
# 2024-01-22 13:48:17 by RouterOS 7.11.2# model = CRS354-48P-4S+2Q+/interface bridgeadd name=BRIDGE protocol-mode=none vlan-filtering=yes/interface ethernetset [ find default-name=qsfpplus1-1 ] advertise="10M-half,10M-full,100M-half,1\ 00M-full,1000M-half,1000M-full,10000M-full,2500M-full,5000M-full"set [ find default-name=qsfpplus1-2 ] advertise="10M-half,10M-full,100M-half,1\ 00M-full,1000M-half,1000M-full,10000M-full,2500M-full,5000M-full"set [ find default-name=qsfpplus1-3 ] advertise="10M-half,10M-full,100M-half,1\ 00M-full,1000M-half,1000M-full,10000M-full,2500M-full,5000M-full"set [ find default-name=qsfpplus1-4 ] advertise="10M-half,10M-full,100M-half,1\ 00M-full,1000M-half,1000M-full,10000M-full,2500M-full,5000M-full"set [ find default-name=qsfpplus2-1 ] advertise="10M-half,10M-full,100M-half,1\ 00M-full,1000M-half,1000M-full,10000M-full,2500M-full,5000M-full"set [ find default-name=qsfpplus2-2 ] advertise="10M-half,10M-full,100M-half,1\ 00M-full,1000M-half,1000M-full,10000M-full,2500M-full,5000M-full"set [ find default-name=qsfpplus2-3 ] advertise="10M-half,10M-full,100M-half,1\ 00M-full,1000M-half,1000M-full,10000M-full,2500M-full,5000M-full"set [ find default-name=qsfpplus2-4 ] advertise="10M-half,10M-full,100M-half,1\ 00M-full,1000M-half,1000M-full,10000M-full,2500M-full,5000M-full"set [ find default-name=sfp-sfpplus1 ] auto-negotiation=no rx-flow-control=\ auto tx-flow-control=autoset [ find default-name=sfp-sfpplus2 ] auto-negotiation=no rx-flow-control=\ auto tx-flow-control=autoset [ find default-name=sfp-sfpplus3 ] auto-negotiation=no rx-flow-control=\ auto tx-flow-control=autoset [ find default-name=sfp-sfpplus4 ] auto-negotiation=no rx-flow-control=\ auto tx-flow-control=auto/interface vlanadd comment=MGT interface=BRIDGE name=VLAN_99 vlan-id=99add comment=FIRMA interface=BRIDGE name=VLAN_100 vlan-id=100add comment=GUEST interface=BRIDGE name=VLAN_200 vlan-id=200add comment=DMZ interface=BRIDGE name=VLAN_300 vlan-id=300add comment=HOTSPOT interface=BRIDGE name=VLAN_400 vlan-id=400add comment=PRIVAT interface=BRIDGE name=VLAN_500 vlan-id=500add comment=LTE interface=BRIDGE name=VLAN_600 vlan-id=600add comment=BACKUP1 interface=BRIDGE name=VLAN_700 vlan-id=700add comment=BACKUP2 interface=BRIDGE name=VLAN_800 vlan-id=800add comment=TELEFON interface=BRIDGE name=VLAN_900 vlan-id=900add comment=IOT interface=BRIDGE name=VLAN_1000 vlan-id=1000add comment=PRINTER interface=BRIDGE name=VLAN_1100 vlan-id=1100add comment=SONOS interface=BRIDGE name=VLAN_1200 vlan-id=1200add comment=CAM interface=BRIDGE name=VLAN_1300 vlan-id=1300add comment=FREE01 interface=BRIDGE name=VLAN_1400 vlan-id=1400add comment=FREE02 interface=BRIDGE name=VLAN_1500 vlan-id=1500add comment=FREE03 interface=BRIDGE name=VLAN_1600 vlan-id=1600add comment=FREE04 interface=BRIDGE name=VLAN_1700 vlan-id=1700add comment=FREE05 interface=BRIDGE name=VLAN_1800 vlan-id=1800add comment=FREE06 interface=BRIDGE name=VLAN_1900 vlan-id=1900add comment=FREE07 interface=BRIDGE name=VLAN_2000 vlan-id=2000/interface wireless security-profilesset [ find default=yes ] supplicant-identity=MikroTik/ip hotspot profileset [ find default=yes ] html-directory=hotspot/portset 0 name=serial0/system logging actionset 1 disk-file-name=logadd disk-file-count=1 disk-file-name=auth.log disk-lines-per-file=5000 name=\ auth target=disk/interface bridge portadd bridge=BRIDGE interface=ether1 pvid=100add bridge=BRIDGE interface=ether2 pvid=100add bridge=BRIDGE interface=ether3 pvid=100add bridge=BRIDGE interface=ether4 pvid=100add bridge=BRIDGE interface=ether5 pvid=100add bridge=BRIDGE interface=ether6 pvid=100add bridge=BRIDGE interface=ether7 pvid=100add bridge=BRIDGE interface=ether8 pvid=100add bridge=BRIDGE interface=ether9 pvid=100add bridge=BRIDGE interface=ether10 pvid=100add bridge=BRIDGE interface=ether11 pvid=100add bridge=BRIDGE interface=ether12 pvid=100add bridge=BRIDGE interface=ether13 pvid=100add bridge=BRIDGE interface=ether14 pvid=100add bridge=BRIDGE interface=ether15 pvid=100add bridge=BRIDGE interface=ether16 pvid=100add bridge=BRIDGE interface=ether17 pvid=100add bridge=BRIDGE interface=ether18add bridge=BRIDGE interface=ether19 pvid=100add bridge=BRIDGE interface=ether20 pvid=100add bridge=BRIDGE interface=ether21 pvid=100add bridge=BRIDGE interface=ether22 pvid=100add bridge=BRIDGE interface=ether23 pvid=100add bridge=BRIDGE interface=ether24 pvid=100add bridge=BRIDGE interface=ether25 pvid=100add bridge=BRIDGE interface=ether26 pvid=100add bridge=BRIDGE interface=ether27 pvid=100add bridge=BRIDGE interface=ether28add bridge=BRIDGE interface=ether29 pvid=100add bridge=BRIDGE interface=ether30 pvid=100add bridge=BRIDGE interface=ether31 pvid=100add bridge=BRIDGE interface=ether32 pvid=100add bridge=BRIDGE interface=ether33 pvid=100add bridge=BRIDGE interface=ether34add bridge=BRIDGE interface=ether35 pvid=100add bridge=BRIDGE interface=ether36 pvid=100add bridge=BRIDGE interface=ether37 pvid=100add bridge=BRIDGE interface=ether38add bridge=BRIDGE interface=ether39 pvid=100add bridge=BRIDGE interface=ether40 pvid=100add bridge=BRIDGE interface=ether41 pvid=100add bridge=BRIDGE interface=ether42 pvid=100add bridge=BRIDGE interface=ether43 pvid=100add bridge=BRIDGE interface=ether44 pvid=100add bridge=BRIDGE interface=ether45 pvid=100add bridge=BRIDGE interface=ether46 pvid=100add bridge=BRIDGE interface=ether47 pvid=100add bridge=BRIDGE interface=ether48 pvid=100add bridge=BRIDGE interface=ether49 pvid=100add bridge=BRIDGE interface=qsfpplus1-1add bridge=BRIDGE interface=qsfpplus1-2add bridge=BRIDGE interface=qsfpplus1-3add bridge=BRIDGE interface=qsfpplus1-4add bridge=BRIDGE interface=qsfpplus2-1add bridge=BRIDGE interface=qsfpplus2-2add bridge=BRIDGE interface=qsfpplus2-3add bridge=BRIDGE interface=qsfpplus2-4add bridge=BRIDGE interface=sfp-sfpplus1add bridge=BRIDGE interface=sfp-sfpplus2add bridge=BRIDGE interface=sfp-sfpplus3add bridge=BRIDGE interface=sfp-sfpplus4/ipv6 settingsset disable-ipv6=yes/interface bridge vlanadd bridge=BRIDGE comment=FIRMA tagged="BRIDGE,sfp-sfpplus1,sfp-sfpplus2,sfp-s\ fpplus3,sfp-sfpplus4,ether28,ether18,ether34,ether38" vlan-ids=100add bridge=BRIDGE comment=GUEST tagged=\ BRIDGE,sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4 vlan-ids=200add bridge=BRIDGE comment=DMZ tagged=\ BRIDGE,sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4 vlan-ids=300add bridge=BRIDGE comment=HOTSPOT tagged=\ BRIDGE,sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4 vlan-ids=400add bridge=BRIDGE comment=PRIVAT tagged=\ BRIDGE,sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4 vlan-ids=500add bridge=BRIDGE comment=LTE tagged=\ BRIDGE,sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4 vlan-ids=600add bridge=BRIDGE comment=BACKUP01 tagged=\ BRIDGE,sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4 vlan-ids=700add bridge=BRIDGE comment=BACKUP02 tagged=\ BRIDGE,sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4 vlan-ids=800add bridge=BRIDGE comment=TELEFON tagged=\ BRIDGE,sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4 vlan-ids=900add bridge=BRIDGE comment=IOT tagged=\ BRIDGE,sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4 vlan-ids=1000add bridge=BRIDGE comment=PRINTER tagged=\ BRIDGE,sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4 vlan-ids=1100add bridge=BRIDGE comment=SONOS tagged=\ BRIDGE,sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4 vlan-ids=1200add bridge=BRIDGE comment=CAM tagged=\ BRIDGE,sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4 vlan-ids=1300add bridge=BRIDGE comment=MOBILWLAN tagged=\ BRIDGE,sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4 vlan-ids=1400add bridge=BRIDGE comment=FREE2 tagged=\ BRIDGE,sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4 vlan-ids=1500add bridge=BRIDGE comment=FREE3 tagged=\ BRIDGE,sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4 vlan-ids=1600add bridge=BRIDGE comment=FREE4 tagged=\ BRIDGE,sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4 vlan-ids=1700add bridge=BRIDGE comment=FREE5 tagged=\ BRIDGE,sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4 vlan-ids=1800add bridge=BRIDGE comment=FREE6 tagged=\ BRIDGE,sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4 vlan-ids=1900add bridge=BRIDGE comment=FREE7 tagged=\ BRIDGE,sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4 vlan-ids=2000add bridge=BRIDGE comment=FIRMA tagged="BRIDGE,sfp-sfpplus1,sfp-sfpplus2,sfp-s\ fpplus3,sfp-sfpplus4,ether38,ether34,ether28,ether18" vlan-ids=99/ip dhcp-clientadd interface=VLAN_99add add-default-route=no interface=VLAN_100/ip firewall address-listadd address=192.168.254.0/24 list=localadd address=10.16.0.0/16 list=localadd list=local/ip serviceset telnet disabled=yesset ftp disabled=yesset www disabled=yesset ssh port=45735set api disabled=yes/ip sshset host-key-size=4096/system clockset time-zone-name=Europe/Berlin/system identityset name=TEST01SW02/system loggingadd action=auth topics=account/system package updateset channel=long-term/system routerboard settingsset auto-upgrade=yes boot-os=router-os enter-setup-on=delete-key silent-boot=\ yes/system scheduleradd interval=3w name=BackupEmail on-event=BackupEmail policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \ start-date=2021-01-25 start-time=01:00:00add name=Reboot on-event="delay 30\r\ \n/log print file=logfile;\r\ \ndelay 10\r\ \n/tool e-mail send to=\"mreboot@test.com\" subject=\"\$[/system identity\ \_get name] - Rebooted at \$[/system clock get time] \$[/system clock get \ date]\" body=\"See attached log.\" file=\"logfile.txt\"\r\ \ndelay 5\r\ \n/file remove logfile.txt\r\ \nlog info \"email sent and logfile deleted\"" policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \ start-time=startupadd comment="2024-01-22 13:45:54" interval=1m name=MikrotikLoginAlert \ on-event=MikrotikLoginAlert policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \ start-date=2021-01-25 start-time=00:00:00/system scriptadd dont-require-permissions=no name=BackupEmail owner=test policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":\ local mailfrom \"mikrotik@test.com\"\r\ \n:local rcptto \"mbackup@test.com\"\r\ \n:local hostname [/system identity get name]\r\ \n\r\ \n/export file config\r\ \n\r\ \n/tool e-mail send to=\$rcptto from=\$mailfrom subject=(\"{Config} \" . [\ /system identity get name] . \" Config, \" . [/system resource get version\ ]) body=\"See attached file for configuration export.\$hostname\" file=con\ fig.rsc\r\ \n\r\ \n:delay 10\r\ \n\r\ \n/system backup save name=email\r\ \n\r\ \n/tool e-mail send to=\$rcptto from=\$mailfrom subject=(\"{Backup} \" . [\ /system identity get name] . \" backup, \" . [/system resource get version\ ]) body=\"See attached file for configuration backup.\$hostname\" file=ema\ il.backup"add dont-require-permissions=no name=MikrotikLoginAlert owner=test policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="#\ \_BEGIN SETUP\r\ \n:local scheduleName \"MikrotikLoginAlert\"\r\ \n:local emailAddress \"mikrotik@test.com\"\r\ \n:local emailAddressto \"mlogin@test.com\"\r\ \n:local startBuf [:toarray [/log find message~\"logged in\" || message~\"\ login failure\"]]\r\ \n:local removeThese {\"telnet\";\"10.16\"}\r\ \n:local removeThese {\"telnet\";\"10.99\"}\r\ \n:local removeThese {\"telnet\";\"192.168.254\"}\r\ \n:local removeThese {\"winbox\";\"10.16\"}\r\ \n:local removeThese {\"winbox\";\"10.99\"}\r\ \n:local removeThese {\"winbox\";\"192.168.254\"}\r\ \n:local removeThese {\"dude\";\"10.16\"}\r\ \n:local removeThese {\"dude\";\"10.99\"}\r\ \n:local removeThese {\"dude\";\"192.168.254\"}\r\ \n\r\ \n:local hostname [/system identity get name]\r\ \n# END SETUP\r\ \n\r\ \n# warn if schedule does not exist\r\ \n:if ([:len [/system scheduler find name=\"\$scheduleName\"]] = 0) do={\r\ \n/log warning \"[LOGMON] ERROR: Schedule does not exist. Create schedule \ and edit script to match name\"\r\ \n}\r\ \n\r\ \n# get last time\r\ \n:local lastTime [/system scheduler get [find name=\"\$scheduleName\"] co\ mment]\r\ \n# for checking time of each log entry\r\ \n:local currentTime\r\ \n# log message\r\ \n:local message\r\ \n\r\ \n# final output\r\ \n:local output\r\ \n\r\ \n:local keepOutput false\r\ \n# if lastTime is empty, set keepOutput to true\r\ \n:if ([:len \$lastTime] = 0) do={\r\ \n:set keepOutput true\r\ \n}\r\ \n\r\ \n:local counter 0\r\ \n# loop through all log entries that have been found\r\ \n:foreach i in=\$startBuf do={\r\ \n\r\ \n# loop through all removeThese array items\r\ \n:local keepLog true\r\ \n:foreach j in=\$removeThese do={\r\ \n# if this log entry contains any of them, it will be ignored\r\ \n:if ([/log get \$i message] ~ \"\$j\") do={\r\ \n:set keepLog false\r\ \n}\r\ \n}\r\ \n:if (\$keepLog = true) do={\r\ \n\r\ \n:set message [/log get \$i message]\r\ \n\r\ \n# LOG DATE\r\ \n# depending on log date/time, the format may be different. 3 known forma\ ts\r\ \n# format of jan/01/2002 00:00:00 which shows up at unknown date/time. Us\ ing as default\r\ \n:set currentTime [ /log get \$i time ]\r\ \n# format of 00:00:00 which shows up on current day's logs\r\ \n:if ([:len \$currentTime] = 8 ) do={\r\ \n:set currentTime ([:pick [/system clock get date] 0 11].\" \".\$currentT\ ime)\r\ \n} else={\r\ \n# format of jan/01 00:00:00 which shows up on previous day's logs\r\ \n:if ([:len \$currentTime] = 15 ) do={\r\ \n:set currentTime ([:pick \$currentTime 0 6].\"/\".[:pick [/system clock \ get date] 7 11].\" \".[:pick \$currentTime 7 15])\r\ \n}\r\ \n}\r\ \n\r\ \n# if keepOutput is true, add this log entry to output\r\ \n:if (\$keepOutput = true) do={\r\ \n:set output (\$output.\$currentTime.\" \".\$message.\"\\r\\n\")\r\ \n}\r\ \n# if currentTime = lastTime, set keepOutput so any further logs found wi\ ll be added to output\r\ \n# reset output in the case we have multiple identical date/time entries \ in a row as the last matching logs\r\ \n# otherwise, it would stop at the first found matching log, thus all fol\ lowing logs would be output\r\ \n:if (\$currentTime = \$lastTime) do={\r\ \n:set keepOutput true\r\ \n:set output \"\"\r\ \n}\r\ \n}\r\ \n\r\ \n# if this is last log entry\r\ \n:if (\$counter = ([:len \$startBuf]-1)) do={\r\ \n# If keepOutput is still false after loop, this means lastTime has a val\ ue, but a matching currentTime was never found.\r\ \n# This can happen if 1) The router was rebooted and matching logs stored\ \_in memory were wiped, or 2) An item is added\r\ \n# to the removeThese array that then ignores the last log that determine\ d the lastTime variable.\r\ \n# This resets the comment to nothing. The next run will be like the firs\ t time, and you will get all matching logs\r\ \n:if (\$keepOutput = false) do={\r\ \n# if previous log was found, this will be our new lastTime entry\r\ \n:if ([:len \$message] > 0) do={\r\ \n:set output (\$output.\$currentTime.\" \".\$message.\"\\r\\n\")\r\ \n}\r\ \n}\r\ \n}\r\ \n:set counter (\$counter + 1)\r\ \n}\r\ \n\r\ \n# If we have output, save new date/time, and send email\r\ \nif ([:len \$output] > 0) do={\r\ \n/system scheduler set [find name=\"\$scheduleName\"] comment=\$currentTi\ me\r\ \n/tool e-mail send to=\"\$emailAddressto\" subject=\"MikroTik alert \$cur\ rentTime on \$hostname\" body=\"\$output\"\r\ \n/log info \"[LOGMON] New logs found, send email\"\r\ \n}"/tool bandwidth-serverset enabled=no/tool graphing interfaceadd allow-address=192.168.254.0/24add allow-address=10.16.0.0/16/tool graphing queueadd allow-address=192.168.254.0/24add allow-address=10.16.0.0/16/tool graphing resourceadd allow-address=192.168.254.0/24add allow-address=10.16.0.0/16/tool romonset enabled=yesStatistics: Posted by dima1002 — Mon Jan 22, 2024 2:54 pm