Add DHCP-SERVER, but server is flagged as invalid

karhill · June 19, 2023, 5:03am

I am working with hAP ax^2 router.
vlan filtering is not enabled on the bridge interface. I am just trying to configure things before turning it on.

I have 2 VLANS (1 and 3), where 1 is the HOSTS_VLAN and 3 is the GUEST_VLAN. I am trying to add a dhcp_server for each vlan (to hand out different IPv4 networks on the different vlans.)

I can add a dhcp_server to the GUEST_VLAN without issues.

However, if I try to add a dhcp_server to the HOSTS_VLAN, it will get flagged as invalid, even if every other parameter to the add command is the same.

I do not understand why the dhcp_server is flagged as invalid. Can anyone help?

Details follow:
Here is the hardware/software:

[admin@MikroTik] > /system/routerboard/print
       routerboard: yes
        board-name: hAP ax^2
             model: C52iG-5HaxD2HaxD
     serial-number: HE708RNQ5HY
     firmware-type: ipq6000
  factory-firmware: 7.6
  current-firmware: 7.9.2
  upgrade-firmware: 7.9.2
[admin@MikroTik] > 
[admin@MikroTik] > /system/package/print
Columns: NAME, VERSION
# NAME       VERSION
0 routeros   7.9.2  
1 wifiwave2  7.9.2  
[admin@MikroTik] >

Here are the relevant interfaces (the vlan interfaces)

[admin@MikroTik] > /interface/print detail 
[...removed unrelated interfaces]
 5  R   ;;; The guest vlan
        name="GUEST_VLAN" type="vlan" mtu=1500 actual-mtu=1500 l2mtu=1564 mac-address=48:A9:8A:72:B5:26 ifname="vlan12" ifindex=35 id=12 
        last-link-down-time=jun/18/2023 20:52:49 last-link-up-time=jun/18/2023 20:52:50 link-downs=2 

 6  R   ;;; The default hosts vlan
        name="HOSTS_VLAN" type="vlan" mtu=1500 actual-mtu=1500 l2mtu=1564 mac-address=48:A9:8A:72:B5:26 ifname="vlan11" ifindex=36 id=11 
        last-link-down-time=jun/18/2023 20:52:49 last-link-up-time=jun/18/2023 20:52:50 link-downs=2

Here are how the vlans are defined. Note they are identical except for the vlan-id.

[admin@MikroTik] > /interface/vlan/print detail
Flags: X - disabled, R - running 
 0 R ;;; The guest vlan
     name="GUEST_VLAN" mtu=1500 l2mtu=1564 mac-address=48:A9:8A:72:B5:26 arp=enabled arp-timeout=auto loop-protect=default loop-protect-status=off 
     loop-protect-send-interval=5s loop-protect-disable-time=5m vlan-id=3 interface=bridge use-service-tag=no 

 1 R ;;; The default hosts vlan
     name="HOSTS_VLAN" mtu=1500 l2mtu=1564 mac-address=48:A9:8A:72:B5:26 arp=enabled arp-timeout=auto loop-protect=default loop-protect-status=off 
     loop-protect-send-interval=5s loop-protect-disable-time=5m vlan-id=1 interface=bridge use-service-tag=no 
[admin@MikroTik] >

Here are the vlans on the bridge interface:

[admin@MikroTik] > /interface/bridge/vlan/print
Columns: BRIDGE, VLAN-IDS
# BRIDGE  VLAN-IDS
0 bridge         1
                 2
                 3
                 4
[admin@MikroTik] >

Here are the IP pools that will be used for the dhcp-servers

[admin@MikroTik] > /ip/pool/print
Columns: NAME, RANGES
#  NAME        RANGES                       
0  HOSTS_POOL  192.168.51.100-192.168.51.220
1  GUEST_POOL  192.168.53.100-192.168.53.220
2  TEST_POOL   192.168.55.100-192.168.55.220
[admin@MikroTik] >

Now, I add a dhcp server on the GUEST_VLAN and everything is fine:

[admin@MikroTik] > /ip/dhcp-server/add address-pool=GUEST_POOL interface=GUEST_VLAN name=HOST_DHCP
[admin@MikroTik] > /ip/dhcp-server/print                                                           
Columns: NAME, INTERFACE, ADDRESS-POOL, LEASE-TIME
# NAME        INTERFACE   ADDRESS-POOL  LEASE-TIME
0 HOSTS_DHCP  GUEST_VLAN  GUEST_POOL    30m       
[admin@MikroTik] >

I will then remove the just created dhcp server and then try to add a dhcp-server again, with the exact same parameters except specifying the interface as HOSTS_VLAN rather than GUEST_VLAN. This creates a dhcp-server that is flagged as invalid. (Note, in a functioning environment, different pools would be used with the different dhcp-servers, and the dhcp-servers would have different names, but I am trying to minimize the differences to focus on the failure.)
Remove the just created dhcp-server:

[admin@MikroTik] > /ip/dhcp-server/remove 0

Now try to add a dhcp-server again, only changing the interface parameter. This creates a dhcp-server that is flagged as invalid. WHY??

[admin@MikroTik] > /ip/dhcp-server/add address-pool=GUEST_POOL interface=HOSTS_VLAN name=HOST_DHCP
[admin@MikroTik] > /ip/dhcp-server/print                                                            
Flags: I - INVALID
Columns: NAME, INTERFACE, ADDRESS-POOL, LEASE-TIME
#   NAME        INTERFACE   ADDRESS-POOL  LEASE-TIME
0 I HOSTS_DHCP  HOSTS_VLAN  GUEST_POOL    30m       
[admin@MikroTik] >

karhill · June 19, 2023, 10:23pm

I figured it out. The dhcp-server was created but flagged as invalid because there was no IP address on the interface where the dhcp-server was created. The dhcp-server, obviously, needs an interface with an IP address in order to function as function as a DHCP server (the server needs layer-3, IP, addressing).