I have a mikrotik router with several devices behind it. There addresses range from 192.168.10.10 -192.168.10.20.
All of my lan ports are bridged on the mikrotik, and it is only handing out DHCP 192.168.11.x addresses. My problem is that the 10.x addresses will start showing up in the GW with both 192.168.10.10 and 192.168.10.1 of which the 10.1 gets encapsulated to a 11.x address. Any thoughts as to why this might be happening?

Thank you

You should post "/ip address" and "/ip firewall nat". Maybe someone will see the challenge.

Below is the output for firwall and IP.
Also I am not sure if this is the issue but my bridge did nor have an admin mac assigned to it not did it have any protocol mode on it. I have since set these as well see output below. Do you think these could have helped or hurt the problem or caused a new problem I have yet to see??

Flags: X - disabled, R - running
0 R name="Hotspot_BR" mtu=1500 arp=enabled mac-address=00:0C:42:51:23:C6
protocol-mode=stp priority=0x8000 auto-mac=no
admin-mac=00:0C:42:51:23:C6 max-message-age=20s forward-delay=15s
transmit-hold-count=6 ageing-time=5m




Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK BROADCAST INTERFACE
0 ;;; Default DHCP
192.168.11.1/24 192.168.11.0 192.168.11.255 Hotspot_BR
1 ;;; passthrough addresses
192.168.14.1/24 192.168.14.0 192.168.14.255 Hotspot_BR
2 ;;; bwoia ips
65.15.130.145/26 65.15.130.128 65.15.130.191 Public
3 ;;; aps
192.168.10.1/24 192.168.10.0 192.168.10.255 Hotspot_BR

Output for firewall/nat

Flags: X - disabled, I - invalid, D - dynamic
0 X ;;; place hotspot rules here
chain=unused-hs-chain action=passthrough

1 chain=srcnat action=masquerade src-address=192.168.11.0/24

2 chain=srcnat action=masquerade src-address=192.168.14.0/24

3 chain=dstnat action=dst-nat to-addresses=192.168.10.14 to-ports=80
protocol=tcp dst-port=60004

4 chain=dstnat action=dst-nat to-addresses=192.168.10.15 to-ports=80
protocol=tcp dst-port=60005

5 chain=dstnat action=dst-nat to-addresses=192.168.10.20 to-ports=80
protocol=tcp in-interface=Public dst-port=60000

6 chain=dstnat action=dst-nat to-addresses=192.168.10.16 to-ports=80
protocol=tcp dst-port=60006

7 chain=dstnat action=dst-nat to-addresses=192.168.10.20 to-ports=8291
protocol=tcp in-interface=Public dst-port=60002

8 chain=dstnat action=dst-nat to-addresses=192.168.10.5 to-ports=8291
protocol=tcp dst-port=60003

9 chain=srcnat action=masquerade src-address=192.168.12.0/24

10 chain=dstnat action=dst-nat to-addresses=192.168.10.100 to-ports=80
protocol=tcp dst-port=60007

11 chain=dstnat action=dst-nat to-addresses=192.168.10.101 to-ports=80
protocol=tcp dst-port=60008

12 chain=dstnat action=dst-nat to-addresses=192.168.10.100 to-ports=80
protocol=tcp dst-port=60010

13 chain=srcnat action=masquerade src-address=192.168.10.0/24

I am going to guess you have a hotspot on the bridge. If you want all ips coming through the hotspot interface as they are, then you should remove the address-pool setting in the hotspot. That will disable the hotspot's universal NAT. Change X to the line number of the hotspot.

Yes but would that explain why a 192.168.10.10 would all of a sudden show up with 192.168.10.1 when 192.168.10.x is not in the dhcp pool? Unfortunately it is not happening at the moment so I can not take a snapshot of what I see.

Those srcnat rules may affect that. I use one masquerade. Then remove all the masquerade rules that use a src-address.

Could that also explain the following. When we monitor our devices behind a mikrotik. The IP on the monitoring machine shows up in the table with the mac of the monitored device and then gets a dhcp address? This only happens on a handful of my mikrotiks and I can not reproduce it in my office to troubleshoot any thoughts?

# MAC-ADDRESS ADDRESS TO-ADDRESS SERVER IDLE-TIMEOUT
1 SP 00:02:6F:7C:33:F7 192.168.10.14 192.168.10.14 hotspot1
45 D 00:02:6F:7C:33:F7 24.227.116.186 192.168.11.54 hotspot1 20m
2 SP 00:02:6F:7C:33:F5 192.168.10.15 192.168.10.15 hotspot1
46 D 00:02:6F:7C:33:F5 24.227.116.186 192.168.11.118 hotspot1 20m
3 SP 00:02:6F:7C:33:F8 192.168.10.16 192.168.10.16 hotspot1
44 D 00:02:6F:7C:33:F8 24.227.116.186 192.168.11.53 hotspot1 20m
4 SP 00:02:6F:7C:34:0A 192.168.10.18 192.168.10.18 hotspot1
5 SP 00:02:6F:7C:33:EE 192.168.10.19 192.168.10.19 hotspot1
47 D 00:02:6F:7C:33:EE 24.227.116.186 192.168.11.55 hotspot1 20m

The ones in bold have non-localnet ips on the hotspot network, but they are translated to the to-address in that entry.

# MAC-ADDRESS ADDRESS TO-ADDRESS SERVER IDLE-TIMEOUT
1 SP 00:02:6F:7C:33:F7 192.168.10.14 192.168.10.14 hotspot1
45 D 00:02:6F:7C:33:F7 24.227.116.186 192.168.11.54 hotspot1 20m
2 SP 00:02:6F:7C:33:F5 192.168.10.15 192.168.10.15 hotspot1
46 D 00:02:6F:7C:33:F5 24.227.116.186 192.168.11.118 hotspot1 20m
3 SP 00:02:6F:7C:33:F8 192.168.10.16 192.168.10.16 hotspot1
44 D 00:02:6F:7C:33:F8 24.227.116.186 192.168.11.53 hotspot1 20m
4 SP 00:02:6F:7C:34:0A 192.168.10.18 192.168.10.18 hotspot1
5 SP 00:02:6F:7C:33:EE 192.168.10.19 192.168.10.19 hotspot1
47 D 00:02:6F:7C:33:EE 24.227.116.186 192.168.11.55 hotspot1 20m

All the 24.227.116.x addresses are translated to 192.168.11.x addresses. You must set the address-pool=none in "/ip hotspot" to disable that NAT.

ADD: Do you know where the 24.227.116.186 ip is and how it is assigned? Now that I look at it closely, it appears that there is both a dhcp (192.168.10.x) and a static ip (24.227.116.168) on each of those mac addresses. Check "ip address" in the station equipment.

The 24.x addresses are my remote server communicating to the devices behind my mikrotik.

I also do not want to disable nat I my hotspot. So that if someone connects locally with a IP not in my range it will still allow them to conect or is that some other option?

Also tonight I have noticed the following. Any reason why 1 mac would pull 3 IPS. I have since disabled addresses per mac, or is there a good vaule to use? I also set up only one srcnat masquarde as mentioned below. Are there any other thoughts?

349 D 00:1F:3B:87:53:87 192.168.1.103 192.168.12.162 hotspot1 30m >
350 00:1F:3B:87:53:87 192.168.12.161 192.168.12.161 hotspot1 30m >
361 A 00:1F:3B:87:53:87 192.168.12.153 192.168.12.153 hotspot1 1h >
367 14:5A:05:29:69:D4 192.168.12.148 192.168.12.148 hotspot1 30m >
371 D 14:5A:05:29:69:D4 192.168.11.239 192.168.12.146 hotspot1 30m >

Also if I disable address-pool from the hotspot server how will it know what IP range to hand out?

Thanks

The 24.x addresses are my remote server communicating to the devices behind my mikrotik.

I also do not want to disable nat I my hotspot. So that if someone connects locally with a IP not in my range it will still allow them to conect or is that some other option?

Also tonight I have noticed the following. Any reason why 1 mac would pull 3 IPS. I have since disabled addresses per mac, or is there a good vaule to use? I also set up only one srcnat masquarde as mentioned below. Are there any other thoughts?

349 D 00:1F:3B:87:53:87 192.168.1.103 192.168.12.162 hotspot1 30m >
350 00:1F:3B:87:53:87 192.168.12.161 192.168.12.161 hotspot1 30m >
361 A 00:1F:3B:87:53:87 192.168.12.153 192.168.12.153 hotspot1 1h >
367 14:5A:05:29:69:D4 192.168.12.148 192.168.12.148 hotspot1 30m >
371 D 14:5A:05:29:69:D4 192.168.11.239 192.168.12.146 hotspot1 30m >

Also if I disable address-pool from the hotspot server how will it know what IP range to hand out?

Thanks

I also experience this, and in my case its because i run a point to point wireless links to certain areas, but all the cabled networks are all ok. This however does not affect my hotsport/browsing in any way. However, if your router reports the same ip from different sources, you may want to ensure you specify your out interface in your NAT rule.