I have a simple x86 RouterOS box with ether2 (local) set to 172.16.11.1 and ether1 (public) set as a dhcp-client to my cable modem. I can successfully set up static ip’s on the local side (using that now), but when I try and setup a dhcp-server on the local side, it keeps telling me that the server is “invalid”. I’m sure this is simple to most, but I’m spinning my wheels over it. Basically, I’m just trying to replicate my Linksys box setting and features before I try anything else.
Thanks
-tp
Show us your dhcp-server, and dhcp-server networks configuration
regards
Greetings!
How did you set it up? I use the command line, so
/ip dhcp-server setup
and answer the prompts. If all was configured correctly, except for selecting the interface, it should just be an “enter-enter-enter” exercise. If not configured correctly, one or more default settings will be incorrect.
/interface bridge
add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=proxy-arp auto-mac=yes
comment=“” disabled=no forward-delay=15s max-message-age=20s mtu=1500
name=“wan” priority=0x8000 protocol-mode=none transmit-hold-count=6
/interface ethernet
set 0 arp=enabled auto-negotiation=yes cable-settings=default comment=“”
disable-running-check=yes disabled=no full-duplex=yes
mac-address=00:E0:4C:A0:00:8D mtu=1500 name=“local” speed=1Gbps
set 1 arp=enabled auto-negotiation=yes cable-settings=default comment=“”
disable-running-check=yes disabled=no full-duplex=yes
mac-address=00:16:B6:06:8F:CB mtu=1500 name=“public” speed=100Mbps
/ip pool
add name=“Flint” ranges=172.16.11.60-172.16.11.70
add name=“pptp” ranges=172.16.9.200-172.16.9.229
add name=“dhcp_pool1” ranges=172.16.11.1-172.16.11.253
add name=“dhcp_pool2” ranges=172.16.11.2-172.16.11.254
/queue type
set default kind=pfifo name=“default” pfifo-limit=50
set ethernet-default kind=pfifo name=“ethernet-default” pfifo-limit=50
set wireless-default kind=sfq name=“wireless-default” sfq-allot=1514
sfq-perturb=5
set synchronous-default kind=red name=“synchronous-default”
red-avg-packet=1000 red-burst=20 red-limit=60 red-max-threshold=50
red-min-threshold=10
set hotspot-default kind=sfq name=“hotspot-default” sfq-allot=1514
sfq-perturb=5
set default-small kind=pfifo name=“default-small” pfifo-limit=10
/snmp
set contact=“” enabled=no engine-boots=0 engine-id=“” location=“”
time-window=15 trap-sink=0.0.0.0 trap-version=1
/snmp community
set public address=0.0.0.0/0 authentication-password=“”
authentication-protocol=MD5 encryption-password=“” encryption-protocol=DES
name=“public” read-access=yes security=none
/system logging action
set memory memory-lines=100 memory-stop-on-full=no name=“memory” target=memory
set disk disk-lines=100 disk-stop-on-full=no name=“disk” target=disk
set echo name=“echo” remember=yes target=echo
set remote name=“remote” remote=0.0.0.0:514 target=remote
/user group
add name=“read” policy=local,telnet,ssh,reboot,read,test,winbox,password,web,sn
iff,!ftp,!write,!policy
add name=“write” policy=local,telnet,ssh,reboot,read,write,test,winbox,password
,web,sniff,!ftp,!policy
add name=“full” policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbo
x,password,web,sniff
/interface wireless security-profiles
set default authentication-types=“” eap-methods=passthrough group-ciphers=“”
group-key-update=5m interim-update=0s mode=none name=“default”
radius-eap-accounting=no radius-mac-accounting=no
radius-mac-authentication=no radius-mac-caching=disabled
radius-mac-format=XX:XX:XX:XX:XX:XX radius-mac-mode=as-username
static-algo-0=none static-algo-1=none static-algo-2=none
static-algo-3=none static-key-0=“” static-key-1=“” static-key-2=“”
static-key-3=“” static-sta-private-algo=none static-sta-private-key=“”
static-transmit-key=key-0 supplicant-identity=“MikroTik”
tls-certificate=none tls-mode=no-certificates unicast-ciphers=“”
wpa-pre-shared-key=“” wpa2-pre-shared-key=“”
/ip ipsec proposal
add auth-algorithms=sha1 disabled=no enc-algorithms=3des lifetime=30m
name=“default” pfs-group=modp1024
/routing bgp instance
set default as=65530 client-to-client-reflection=yes comment=“” disabled=no
ignore-as-path-len=no name=“default” out-filter=“”
redistribute-connected=no redistribute-ospf=no redistribute-other-bgp=no
redistribute-rip=no redistribute-static=no router-id=0.0.0.0
/routing ospf area
add area-id=0.0.0.0 authentication=none disabled=no name=“backbone”
type=default
/ip hotspot profile
set default dns-name=“” hotspot-address=0.0.0.0 html-directory=hotspot
http-cookie-lifetime=3d http-proxy=0.0.0.0:0 login-by=cookie,http-chap
name=“default” rate-limit=“” smtp-server=0.0.0.0 split-user-domain=no
use-radius=no
/ip hotspot user profile
set default advertise=no idle-timeout=none keepalive-timeout=2m name=“default”
open-status-page=always shared-users=1 status-autorefresh=1m
transparent-proxy=yes
/ip dhcp-server
add address-pool=dhcp_pool2 authoritative=after-2sec-delay
bootp-support=static disabled=no interface=local lease-time=3d
name=“dhcp1”
/ppp profile
set default change-tcp-mss=yes comment=“” name=“default” only-one=default
use-compression=default use-encryption=default use-vj-compression=default
add bridge=wan change-tcp-mss=yes comment=“” local-address=172.16.9.1
name=“pptp-in” only-one=yes remote-address=pptp use-compression=default
use-encryption=required use-vj-compression=yes
set default-encryption change-tcp-mss=yes comment=“” name=“default-encryption”
only-one=default use-compression=default use-encryption=yes
use-vj-compression=default
/interface bridge port
add bridge=wan comment=“” disabled=no edge=auto external-fdb=auto horizon=none
interface=local path-cost=10 point-to-point=auto priority=0x80
/interface bridge settings
set use-ip-firewall=no use-ip-firewall-for-vlan=no
/ip accounting
set account-local-traffic=yes enabled=yes threshold=256
/ip accounting web-access
set accessible-via-web=no address=0.0.0.0/0
/ip address
add address=172.16.11.1/24 broadcast=172.16.11.255 comment=“” disabled=no
interface=local network=172.16.11.0
add address=172.16.9.1/24 broadcast=172.16.9.255 comment=“” disabled=no
interface=wan network=172.16.9.0
/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB
max-udp-packet-size=512 primary-dns=4.2.2.3 secondary-dns=68.87.77.130
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s
tcp-close-wait-timeout=10s tcp-established-timeout=1d
tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s
tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no
tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall filter
add action=drop chain=input comment=“Drop Invalid connections”
connection-state=invalid disabled=no
add action=accept chain=input comment=“Allow Established connections”
connection-state=established disabled=no
add action=accept chain=input comment=“Allow UDP” disabled=no protocol=udp
add action=accept chain=input comment=“Allow ICMP” disabled=no protocol=icmp
add action=accept chain=input comment=“” disabled=no
src-address=172.16.11.0/24
add action=drop chain=forward comment=“” disabled=no src-address=0.0.0.0/8
add action=drop chain=forward comment=“” disabled=no dst-address=0.0.0.0/8
add action=drop chain=forward comment=“” disabled=no src-address=127.0.0.0/8
add action=drop chain=forward comment=“” disabled=no dst-address=127.0.0.0/8
add action=drop chain=forward comment=“” disabled=no src-address=224.0.0.0/3
add action=drop chain=forward comment=“” disabled=no dst-address=224.0.0.0/3
add action=drop chain=tcp comment=“deny TFTP” disabled=no dst-port=69
protocol=tcp
add action=drop chain=tcp comment=“deny RPC portmapper” disabled=no
dst-port=111 protocol=tcp
add action=drop chain=tcp comment=“deny RPC portmapper” disabled=no
dst-port=135 protocol=tcp
add action=drop chain=tcp comment=“deny NBT” disabled=no dst-port=137-139
protocol=tcp
add action=drop chain=tcp comment=“deny cifs” disabled=no dst-port=445
protocol=tcp
add action=drop chain=tcp comment=“deny NFS” disabled=no dst-port=2049
protocol=tcp
add action=drop chain=tcp comment=“deny NetBus” disabled=no
dst-port=12345-12346 protocol=tcp
add action=drop chain=tcp comment=“deny NetBus” disabled=no dst-port=20034
protocol=tcp
add action=drop chain=tcp comment=“deny BackOriffice” disabled=no
dst-port=3133 protocol=tcp
add action=drop chain=tcp comment=“deny DHCP” disabled=no dst-port=67-68
protocol=tcp
add action=drop chain=udp comment=“deny TFTP” disabled=no dst-port=69
protocol=udp
add action=drop chain=udp comment=“deny PRC portmapper” disabled=no
dst-port=111 protocol=udp
add action=drop chain=udp comment=“deny PRC portmapper” disabled=no
dst-port=135 protocol=udp
add action=drop chain=udp comment=“deny NBT” disabled=no dst-port=137-139
protocol=udp
add action=drop chain=udp comment=“deny NFS” disabled=no dst-port=2049
protocol=udp
add action=drop chain=udp comment=“deny BackOriffice” disabled=no
dst-port=3133 protocol=udp
add action=accept chain=icmp comment=“drop invalid connections” disabled=no
icmp-options=0:0 protocol=icmp
add action=accept chain=icmp comment=“allow established connections”
disabled=no icmp-options=3:0 protocol=icmp
add action=accept chain=icmp comment=“allow already established connections”
disabled=no icmp-options=3:1 protocol=icmp
add action=accept chain=icmp comment=“allow source quench” disabled=no
icmp-options=4:0 protocol=icmp
add action=accept chain=icmp comment=“allow echo request” disabled=no
icmp-options=8:0 protocol=icmp
add action=accept chain=icmp comment=“allow time exceed” disabled=no
icmp-options=11:0 protocol=icmp
add action=accept chain=icmp comment=“allow parameter bad” disabled=no
icmp-options=12:0 protocol=icmp
add action=log chain=input comment=“Log everything else” disabled=no
log-prefix=“DROP INPUT”
add action=drop chain=input comment=“Drop everything else” disabled=no
/ip firewall nat
add action=masquerade chain=srcnat comment=“” disabled=no out-interface=public
src-address=172.16.11.0/24
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no
set pptp disabled=no
/ip neighbor discovery
set local discover=yes
set public discover=yes
set wan discover=yes
/ip proxy
set always-from-cache=no cache-administrator=“webmaster” cache-drive=system
cache-hit-dscp=4 cache-on-disk=no enabled=no max-cache-size=none
max-client-connections=600 max-fresh-time=3d max-server-connections=600
parent-proxy=0.0.0.0 parent-proxy-port=0 port=8080
serialize-connections=no src-address=0.0.0.0
/ip service
set telnet address=0.0.0.0/0 disabled=no port=23
set ftp address=0.0.0.0/0 disabled=no port=21
set www address=0.0.0.0/0 disabled=no port=80
set ssh address=0.0.0.0/0 disabled=no port=22
set www-ssl address=0.0.0.0/0 certificate=none disabled=yes port=443
set api address=0.0.0.0/0 disabled=yes port=8728
set winbox address=0.0.0.0/0 disabled=no port=8291
/ip socks
set connection-idle-timeout=2m enabled=no max-connections=200 port=1080
/ip traffic-flow
set active-flow-timeout=30m cache-entries=4k enabled=yes
inactive-flow-timeout=15s interfaces=all
/ip upnp
set allow-disable-external-interface=yes enabled=no show-dummy-rule=yes
/queue interface
set local queue=ethernet-default
set public queue=ethernet-default
set wan queue=default
/radius incoming
set accept=no port=1700
/system clock manual
set dst-delta=+00:00 dst-end=“jan/01/1970 00:00:00” dst-start=“jan/01/1970
00:00:00” time-zone=+00:00
/system console
add disabled=no term=“vt102”
set [ find vcno=1 ] disabled=no term=“linux”
set [ find vcno=2 ] disabled=no term=“linux”
set [ find vcno=3 ] disabled=no term=“linux”
set [ find vcno=4 ] disabled=no term=“linux”
set [ find vcno=5 ] disabled=no term=“linux”
set [ find vcno=6 ] disabled=no term=“linux”
set [ find vcno=7 ] disabled=no term=“linux”
set [ find vcno=8 ] disabled=no term=“linux”
/system console screen
set line-count=25
/system hardware
set multi-cpu=yes
/system health
set state-after-reboot=enabled
/system identity
set name=“Flint Router”
/system logging
add action=memory disabled=no prefix=“” topics=info
add action=memory disabled=no prefix=“” topics=error
add action=memory disabled=no prefix=“” topics=warning
add action=echo disabled=no prefix=“” topics=critical
/system note
set note=“” show-at-login=yes
/system ntp client
set
#error
/system upgrade mirror
set check-interval=1d enabled=no primary-server=0.0.0.0
secondary-server=0.0.0.0 user=“”
/system watchdog
set auto-send-supout=no automatic-supout=yes no-ping-delay=5m
watch-address=none watchdog-timer=yes
/tool bandwidth-server
set allocate-udp-ports-from=2000 authenticate=yes enabled=yes max-sessions=10
/tool e-mail
set from=“<>” server=0.0.0.0
/tool graphing
set store-every=5min
/tool graphing interface
add allow-address=0.0.0.0/0 disabled=no interface=all store-on-disk=yes
/tool mac-server
add disabled=no interface=all
/tool mac-server ping
set enabled=yes
/tool sniffer
set file-limit=10 file-name=“” filter-address1=0.0.0.0/0:0-65535
filter-address2=0.0.0.0/0:0-65535 filter-protocol=ip-only
filter-stream=yes interface=all memory-limit=128 only-headers=no
streaming-enabled=no streaming-server=0.0.0.0
/tool traffic-monitor
add comment=“” disabled=no interface=local name=“Local” on-event=“”
threshold=0 traffic=transmitted trigger=always
add comment=“” disabled=no interface=public name=“tmon1” on-event=“”
threshold=0 traffic=received trigger=always
add comment=“” disabled=no interface=wan name=“tmon2” on-event=“” threshold=0
traffic=transmitted trigger=always
/user
add address=0.0.0.0/0 comment=“system default user” disabled=no group=full
name=“admin”
/user aaa
set accounting=yes default-group=read interim-update=0s use-radius=no
/interface wireless align
set active-mode=yes audio-max=-20 audio-min=-100
audio-monitor=00:00:00:00:00:00 filter-mac=00:00:00:00:00:00
frame-size=300 frames-per-second=25 receive-all=no ssid-all=no
/interface wireless sniffer
set channel-time=200ms file-limit=10 file-name=“” memory-limit=10
multiple-channels=no only-headers=no receive-errors=no
streaming-enabled=no streaming-max-rate=0 streaming-server=0.0.0.0
/interface wireless snooper
set channel-time=200ms multiple-channels=yes receive-errors=no
/tool user-manager customer
add comment=“” disabled=no login=“admin” parent=admin password=“”
paypal-accept-pending=no paypal-allowed=no paypal-secure-response=no
permissions=owner signup-allowed=no subscriber=admin time-zone=+00:00
/routing mme
set bidirectional-timeout=2 gateway-class=none gateway-keepalive=1m
gateway-selection=no-gateway origination-interval=5s
preferred-gateway=0.0.0.0 timeout=1m ttl=50
/routing ospf
set distribute-default=never metric-bgp=20 metric-connected=20
metric-default=1 metric-rip=20 metric-static=20 mpls-te-area=unspecified
mpls-te-router-id=unspecified redistribute-bgp=no
redistribute-connected=no redistribute-rip=no redistribute-static=no
router-id=0.0.0.0
/routing rip
set distribute-default=never garbage-timer=2m metric-bgp=1 metric-connected=1
metric-default=1 metric-ospf=1 metric-static=1 redistribute-bgp=no
redistribute-connected=no redistribute-ospf=no redistribute-static=no
timeout-timer=3m update-timer=30s
/system ntp client
set enabled=yes mode=unicast primary-ntp=156.98.1.121 secondary-ntp=0.0.0.0
/system ntp server
set broadcast=no enabled=no manycast=yes multicast=no
/routing pim
set switch-to-spt=no switch-to-spt-bytes=0 switch-to-spt-interval=0s
/mpls
set dynamic-label-range=16-1048575
/mpls interface
add comment=“” disabled=no interface=all mpls-mtu=1508
/mpls ldp
set distribute-for-default-route=no enabled=no hop-limit=255 loop-detect=no
lsr-id=0.0.0.0 path-vector-limit=255 transport-address=0.0.0.0
use-explicit-null=no
/ipv6 nd
add advertise-mac-address=yes disabled=no hop-limit=unspecified interface=all
mtu=unspecified ra-delay=3s ra-interval=3m20s-10m ra-lifetime=30m
reachable-time=unspecified retransmit-interval=unspecified
/ipv6 nd prefix default
set autoconfig=yes on-link=yes preferred-lifetime=1w valid-lifetime=4w2d
/routing ripng
set distribute-default=never garbage-timer=2m metric-bgp=1 metric-connected=1
metric-default=1 metric-ospf=1 metric-static=1 redistribute-bgp=no
redistribute-connected=no redistribute-ospf=no redistribute-static=no
timeout-timer=3m update-timer=30s
/ip hotspot service-port
set ftp disabled=no ports=21
/ip dhcp-client
add add-default-route=yes comment=“” disabled=no interface=public
/ip dhcp-server config
set store-leases-disk=5m
/ip dhcp-server network
add address=172.16.11.0/24 comment=“” dns-server=172.16.11.1
gateway=172.16.11.1
/interface l2tp-server server
set authentication=pap,chap,mschap1,mschap2 default-profile=default-encryption
enabled=no max-mru=1460 max-mtu=1460 mrru=disabled
/interface ovpn-server server
set auth=sha1,md5 certificate=none cipher=blowfish128,aes128
default-profile=default enabled=no keepalive-timeout=60
mac-address=FE:EF:6A:8F:D0:67 max-mtu=1500 mode=ip netmask=24 port=1194
require-client-certificate=no
/interface pptp-server server
set authentication=chap,mschap1,mschap2 default-profile=pptp-in enabled=yes
keepalive-timeout=30 max-mru=1460 max-mtu=1460 mrru=disabled
/ppp aaa
set accounting=yes interim-update=0s use-radius=no
/ppp secret
add caller-id=“” comment=“” disabled=no limit-bytes-in=0 limit-bytes-out=0
name=“xxxxxxxx” password=“xxxxxxxxx” profile=pptp-in routes=“” service=pptp
I don’t understand the bridge setup. I see a bridge “wan” set, then interface “local” is added, but no other interface. And “local” is the interface your dhcp-server is on, correct?
Hi ;
when i fast read the topic i realized that he is doing bridging .
until i read what your config is , check the interface used with the dhcp-server .
and if you have only 2 lan interfaces why you are doing bridge ?
with best regards .
I have the following set-up:
ether1=“local”
ether2=“public”
bridge=“wan” (this is my pptp vpn connection)
You are correct, I want the DHCP-Server on the local side.
/interface bridge
add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=proxy-arp auto-mac=yes
comment=“” disabled=no forward-delay=15s max-message-age=20s mtu=1500
name=“wan” priority=0x8000 protocol-mode=none transmit-hold-count=6
/interface ethernet
set 0 arp=enabled auto-negotiation=yes cable-settings=default comment=“”
disable-running-check=yes disabled=no full-duplex=yes
mac-address=00:E0:4C:A0:00:8D mtu=1500 name=“local” speed=1Gbps
set 1 arp=enabled auto-negotiation=yes cable-settings=default comment=“”
disable-running-check=yes disabled=no full-duplex=yes
mac-address=00:16:B6:06:8F:CB mtu=1500 name=“public” speed=100Mbps
If you do a
/interface print
does all show ok?
What I would try is temporarily disable the bridge and give it a try. Maybe something on the other end is interfering.
[admin@Flint Router] /interface> pr de
Flags: X - disabled, R - running, D - dynamic, S - slave
0 R name=“local” mtu=1500 type=“ether”
1 R name=“public” mtu=1500 type=“ether”
2 R name=“wan” mtu=1500 type=“bridge”
3 R name=“” mtu=1460 type=“pptp-in”
Have you tried removing port ‘local’ from the bridge for a minute to check if the dhcp server comes up?
Not yet, I’ll try in the next hour or two when I have better access. By the way, thanks for the support !!
-tp
Glad to help.
My reasoning is: there is really nothing on this side of the VPN. But if there is another dhcp server on the other side, that could cause some trouble.
The only thing that I can see on your side that could cause any trouble is the interface you assigned the dhcp server to is now under the bridge interface. In either case, if it works without the bridge, you can add things back one at a time until the dhcp server fails. Then take that last thing out.
EDIT: I had a little time to play. If you want the dhcp server to work, assign it to the “wan” (bridge) interface, not “local”. As soon as I assign “local” to the bridge, I get an “Invalid” on the dhcp server if the dhcp server is on “local”.
You are correct so far !! The DHCP-Server is now functional !!
I will try to get the VPN back up and running now that I know what it was the cause of the DHCP Server not running.
Thanks Again.. I’ll let you know how it goes.
-tp
Ok, the PPTP-Server is up and running !!
It’s gonna take a bit to digest all this but like Elizabeth Taylor said “There’s no deodorant like success”.. 
All I really had to do was reactivate the VPN sections, and it tested out just fine. Thank goodness that my neighbor allowed me a little wireless bandwidth to loop back into my own router remotely to test it.
I really have to admit, this board really works great for getting the help you need !!
Thanks again to all,
-tp
i have problem like this and found the main problem is bridge interface .
after i disable bridge dhcp server come up and working then i enabled againt the bridge and everything working find but dhcp server become invalid.
any suggest about the problem ?
Is the lan interface assigned to that bridge? If so, when you add that interface to the bridge, the dhcp server will show invalid. Assign the ip address and set up the dhcp server on the bridge.
I had this issue with a new RB2011 … out of the box bridging is enabled. If you don’t need this feature, turn it off.
By chance under the bridge is the port enabled for that interface? Disable the bridge for that interface and see what happens.
