Mikrotik 951 +usb LTE modem( отваливается WIFI)

#  # apr/09/2020 13:40:09 by RouterOS 6.46.5
# software id = QHMJ-SJTJ
#
# model = 951Ui-2HnD
# serial number = xxxxx
/interface lte
set [ find ] mac-address=**:**:**:**:** name=lte1
/interface bridge
add admin-mac=**:**:**:**:**:** arp=proxy-arp auto-mac=no comment=defconf \
    fast-forward=no name=bridge
/interface ethernet
set [ find default-name=ether1 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full mac-address=\
    **:**:**:**:**:**
set [ find default-name=ether2 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full mac-address=\
    **:**:**:**:**:** name=ether2-master
set [ find default-name=ether3 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full mac-address=\
    **:**:**:**:**:**
set [ find default-name=ether4 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full mac-address=\
   **:**:**:**:**:**
set [ find default-name=ether5 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full mac-address=\
    **:**:**:**:**:**:**
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce \
    country=russia2 disabled=no frequency=auto mode=ap-bridge radio-name=\
    Fazenda ssid=WIFI wireless-protocol=802.11
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
add exclude=dynamic name=discover
add name=mactel
add name=mac-winbox
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" \
    group-ciphers=tkip,aes-ccm mode=dynamic-keys supplicant-identity=MikroTik \
    unicast-ciphers=tkip,aes-ccm wpa2-pre-shared-key=******
/ip ipsec policy group
add name=policy_group1
/ip ipsec profile
set [ find default=yes ] enc-algorithm=aes-256,aes-128,3des
/ip pool
add name=dhcp ranges=192.168.0.15-192.168.0.99
add name=vpn_pool ranges=192.168.0.150-192.168.0.160
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=server1
/port
set 0 baud-rate=9600 data-bits=8 flow-control=none name=usb1 parity=none \
    stop-bits=1
/ppp profile
add change-tcp-mss=yes local-address=vpn_pool name=l2tp_profile \
    remote-address=vpn_pool
set *FFFFFFFE dns-server=192.168.0.1 local-address=192.168.0.253 \
    remote-address=192.168.0.252
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
    sword,web,sniff,sensitive,api,romon,dude,tikapp"
/interface bridge port
add bridge=bridge interface=ether2-master
add bridge=bridge interface=ether3
add bridge=bridge interface=ether4
add bridge=bridge interface=ether5
add bridge=bridge interface=*6
/ip neighbor discovery-settings
set discover-interface-list=discover
/interface l2tp-server server
set authentication=mschap2 default-profile=l2tp_profile enabled=yes \
    ipsec-secret=**** use-ipsec=yes
/interface list member
add comment=defconf list=LAN
add comment=defconf interface=ether1 list=WAN
add interface=ether2-master list=discover
add interface=ether3 list=discover
add interface=ether4 list=discover
add interface=ether5 list=discover
add list=discover
add interface=bridge list=discover
add interface=bridge list=mactel
add interface=bridge list=mac-winbox
/ip address
add address=192.168.88.1/24 comment=defconf disabled=yes interface=bridge \
    network=192.168.88.0
add address=**.**1.1**.***/29 interface=ether1 network=**.1**.1**.200
add address=192.168.0.1/24 interface=bridge network=192.168.0.0
/ip dhcp-client
add comment=defconf default-route-distance=3 dhcp-options=clientid,hostname \
    disabled=no interface=lte1
/ip dhcp-server network
add address=192.168.0.0/24 comment=defconf gateway=192.168.0.1
/ip dns
set allow-remote-requests=yes servers=85.114.0.81,85.114.2.81
/ip dns static
add address=192.168.88.1 name=router.lan
add address=192.168.88.1 name=router
add address=192.168.0.1 name=router**
/ip firewall address-list
add address=213.170.117.4 list=manage
add address=77.235.218.1 list=manage
add address=192.168.88.0/24 list=manage
add address=213.170.117.254 list=manage
add address=192.168.0.0/24 list=manage
add address=213.170.117.253 list=manage
add address=31.200.205.1 list=manage
/ip firewall filter
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=drop chain=input dst-port=53 in-interface=ether1 protocol=udp
add action=drop chain=output dst-address=213.170.117.253 out-interface=lte1
add action=accept chain=input src-address-list=manage
add action=reject chain=input dst-port=22,23,80,8291 protocol=tcp \
    reject-with=icmp-network-unreachable
add action=accept chain=input in-interface=lte1
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none
add action=dst-nat chain=dstnat dst-address=**5.1**.1**.*** dst-port=8420 log=\
    yes protocol=tcp to-addresses=192.168.0.107 to-ports=8420
add action=netmap chain=dstnat comment="****" dst-port=\
    **16 in-interface=ether1 port="" protocol=tcp to-addresses=192.168.0.51 \
    to-ports=**16
add action=netmap chain=dstnat dst-port=***5 in-interface=ether1 protocol=tcp \
    to-addresses=192.168.0.51 to-ports=***5
/ip route
add comment=main distance=100 gateway=9*.*61.1**.*01
add distance=1 dst-address=213.170.117.253/32 gateway=9*.1**.1**.*01
/ip service
set ftp disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ip socks access
add action=deny src-address=0.0.0.0/0
/ppp secret
add name=**** password=***** profile=l2tp_profile service=l2tp
/system clock
set time-zone-name=Europe/Moscow
/system ntp client
set enabled=yes primary-ntp=213.170.71.126 secondary-ntp=198.60.73.8
/system routerboard settings
set silent-boot=yes
/system scheduler
add interval=30s name="Ether to LTE script" on-event=Ether_to_LTE policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-time=startup
/system script
add dont-require-permissions=no name=Ether_to_LTE owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="#\
    \_Set local variables\r\
    \n:local firstInterface \"ether1\";\r\
    \n:local secondInterface \"lte1\";\r\
    \n:local pingTo1 \"8.8.8.8\";\r\
    \n:local pingTo2 \"77.88.8.8\";\r\
    \n:local pingCount 3;\r\
    \n:local stableConnectFrom 60;\r\
    \n\r\
    \n# Local variables\r\
    \n:local firstInterfaceName \$firstInterface;\r\
    \n:local secondInterfaceName \$secondInterface;\r\
    \n\r\
    \n# Function to cleaning ARP table\r\
    \n:local clearArp do={\r\
    \n    :local dumplist [/ip arp find]\r\
    \n    :foreach i in=\$dumplist do={\r\
    \n        /ip arp remove \$i\r\
    \n    }\r\
    \n    :log warning (\"ARP cleaned\");\r\
    \n}\r\
    \n\r\
    \n# Function reconnect lte1\r\
    \n:local reconnect lte1 do={\r\
    \n\t:log warning (\"Rebooting lte1 before using\");\r\
    \n    /interface lte1 set \$nameInterface disable=yes;\r\
    \n    :delay 1s;\r\
    \n    /interface lte1 set \$nameInterface disable=no;\r\
    \n}\r\
    \n\r\
    \n\r\
    \n:log info (\"Start ping to \$pingTo1 and \$pingTo2\");\r\
    \n\r\
    \n# Check FIRST interface\r\
    \n/interface ethernet {\r\
    \n    :if ( [get \$firstInterface disable] = true) do={\r\
    \n        set \$firstInterface disable=no;\r\
    \n\t\t:delay 2s;\r\
    \n    }\r\
    \n}\r\
    \n\r\
    \n# Check SECOND interface\r\
    \n/interface LTE {\r\
    \n    :if ( [get \$secondInterface disable] = true) do={\r\
    \n        set \$secondInterface disable=no;\r\
    \n\t\t:delay 8s;\r\
    \n    }\r\
    \n}\r\
    \n\r\
    \n/ip route {\r\
    \n    # Set objects to variables\r\
    \n    :set firstInterface [find dst-address=\"0.0.0.0/0\" gateway=\$firstI\
    nterfaceName];\r\
    \n    :set secondInterface [find dst-address=\"0.0.0.0/0\" gateway=\$secon\
    dInterfaceName];\r\
    \n\r\
    \n    # Check routes\r\
    \n    :if ( [get \$firstInterface distance] != 2 ) do={\r\
    \n        set \$firstInterface distance=2;\r\
    \n        :log warning (\"Distance for \" . \$firstInterfaceName . \" corr\
    ected\");\r\
    \n    }\r\
    \n\r\
    \n    :if ( [get \$secondInterface distance] != 1 && [get \$secondInterfac\
    e distance] != 3) do={\r\
    \n        set \$secondInterface distance=3;\r\
    \n        :log warning (\"Distance for \" . \$secondInterfaceName . \" cor\
    rected\");\r\
    \n    }\r\
    \n\r\
    \n    # Get ping successfully packets. In percent\r\
    \n    :local pingStatus \\\r\
    \n        ((( [/ping \$pingTo1 interface=\$firstInterfaceName count=\$ping\
    Count] + \\\r\
    \n        [/ping \$pingTo2 interface=\$firstInterfaceName count=\$pingCoun\
    t] ) / (\$pingCount * 2)) * 100);\r\
    \n\t\r\
    \n\t# Check Internet\r\
    \n    :if (\$pingStatus < \$stableConnectFrom) do={\r\
    \n\r\
    \n        :log error (\"Prostor Telecom no internet!\");\r\
    \n\r\
    \n        # Change distance\r\
    \n        :if ( [get \$secondInterface distance] != 1 ) do={\r\
    \n\t\t    \$reconnectLTE nameInterface=\$secondInterfaceName;\r\
    \n            set \$secondInterface distance=1;\r\
    \n            :log warning (\"Distance for \" . \$secondInterfaceName . \"\
    \_changed\");\r\
    \n            \$clearArp;\r\
    \n\t\t\t\r\
    \n\t\t\t/tool sms send usb1 channel=2 \"+*****\" message=\"Prostor T\
    elecom failure. LTE-modem enabled! Call: +7(4***\";\r\
    \n\r\
    \n\r\
    \n    } else={\r\
    \n        :log warning (\"Main ISP connected\");\r\
    \n        # Change distance\r\
    \n        :if ( [get \$secondInterface distance] != 3 ) do={\r\
    \n\t\t\t/tool sms send usb1 channel=2 \"+***77*9\" message=\"\
    elecom connected. LTE-modem disabled.\";\r\
    \n            set \$secondInterface distance=3;\r\
    \n            :log warning (\"Distance for \" . \$secondInterfaceName . \"\
    \_changed\");\r\
    \n            \$clearArp;\r\
    \n\t\t\r\
    \n    }\r\
    \n}\r\
    \n\r\
    \n:log info (\"End ping\");"
/tool mac-server
set allowed-interface-list=mactel
/tool mac-server mac-winbox
set allowed-interface-list=mac-winbox
/tool netwatch
add down-script="/ip firewall connection remove [find]\
    \n/ip route set [find comment=\"main\"] distance=100\
    \n/interface set lte1 disabled=yes\
    \n/interface set lte1 disabled=no\
    \n" host=213.170.117.253 interval=1m1s up-script="/ip firewall connection \
    remove [find]\
    \n/ip route set [find comment=\"main\"] distance=1\
    \n/interface set lte1 disabled=yes\
    \n/interface set lte1 disabled=no\
    \n"