Using MikroTik RouterOS 6.45.9
I was trying to configure multiple networks on same Mikrotik router and I ran into some problems …
I have this network defined:
Address: 192.168.4.1/24
Network: 192.168.4.0
And it works OK, computers (192.168.4.21 and 192.168.4.22) can reach the internet, etc.
But I tried to define this new network:
Address: 192.168.7.0/24 (ending with 0)
Network: 192.168.7.0
And have 2 computers: 192.168.7.1 and 192.168.7.2 but these cannot reach the internet for some reason.
And I noticed that if I set this network address to 192.168.7.1 (ending in 1 instead of 0) and set computer’s IP to other than x.1 (e.g x.21 x.22) then they can connect to internet OK.
So does Mikrotik has a problem with networks being defined as address x.x.x.0/24 ?
If I understand correctly, the “address” is the IP that the router receives for that network (also “gateway IP”) and it only works if that is set to 1 and not 0.
Gateway can have any ip you want but generally 0 and 255 are reserved in /24 subnets.
0 is the network definition.
255 is broadcast.
If you have however a /23 subnet, the middle .0 and .255 can theoretically be used.
But to be honest, even that I will avoid (more knowledgeable members may have a different opinion on this).
In general: lowest address in some IPv4 subnet is reserved for network address and highest address in IPv4 subnet is reserved for (local) broadcast address. It’s not too hard to calculate it using binary operations, those who don’t can use any of on-line IP calculators (my favourite is this one). So when using subnet masks longer than 24, network address doesn’t necessarily end with a 0 and broadcast address doesn’t necessarily end with 255.
The exception is point-to-point addressing (/32 and /31 “subnets”), where network address gets a slightly different meaning (not really if one uses pretty abstract understanding about meaning of network address) and broadcast address doesn’t make any sense (since there is only one communication peer possible).
And consequence: one can not use reserved addresses as host addresses.
Isn’t this gateway / router address in this case the exact scenario for which first x.0 ip would be reserved ?
Also, I think it would be useful if the interface would show some warning or error maybe ? Should I submit this as feedback somewhere ?
I spend around 4 hours debuging that and now I remember I ran into exactly that before
No, with a /24 netmask .0 is simply ‘the network’ and not a valid address. Same with .255 as the broadcast address. A warning would probably be good if you tried to assign them tot an interface as address.
When having multiple networks on this router, e.g 192.168.4.x and 192.168.8.x I don’t fully understand what is the difference between the “IPs” and “networks” I define under these two:
dhcp server > networks
and ip > addresses
For dhcp networks I understand it should be like:
address: 192.168.8.1/24 should it be x.0 or x.1 here ?
gateway: 192.168.8.1 where this would be the router/gateway address of the computers in this network ?
for IP > addresses:
network: 192.168.8.0 should it be x.0 or x.1 here ?
address: 192.168.8.1/24 not sure if this should be 0/24 or 1/24 and IF it is mandatory to manually define these here under ip/addresses or just under DHCP server.
@mbovenka your reply and my similar question above overlapped a bit.
So under dhcp server > networks I define the settings for clients, which “gateway” they should use, AND under ip > addresses I define which IP the router / gateway receives in each network ?
So gateway ip should always be defined in both these places for each network, correct ?
It can be different.
Doesn’t have to be but it can.
The beauty and pitfall of ROS is that you can do quite a lot of things.
But it also allows you to do a lot of things wrong yet it will not tell you all the time.
Yes, pretty much. Technically, for the network definitions in your DHCP server config you could use any value for last octet, because ROS is smart enough to compute the network from the address and the netmask. But it’s more usual to use .0 there. The ‘gateway’ entry in the DHCP config is the address of your router and will be given to the DHCP clients as their default gateway. Most often that’s either .1 or .254, but it could be any valid address within the network. Under IP>Addresses you define the IP addresses of the box itself, and if that box is both the router and the DHCP server, which is a combination you see often, that would be the same as the gateway address in the DHCP server config.
So yes, there should be a ‘gateway’ entry in the DHCP server config and a router with that IP address in your network. Often a single box has both functions, but that need not be the case.
In /ip/dhcp-server/network, the use of address (with subnet length) is for DHCP server to select the right settings package.
The process is this:
using certain magic process, DHCP server selects IP address to be offered to DHCP client
DHCP server goes through all the /ip/dhcp-server/network/ items and checks, if selected IP address matches the address property of DHCP network item (including subnet length).
DHCP server takes other DHCP lease properties from the (first) matching item. If none are matching, none of DHCP lease properties are filled in.
DHCP server sends client an offer containing properties, obtained in previous bullet
LAN gateway address is 192.168.89.254 and netmask is /23 (making whole LAN spanning from 192.168.88.1 to 192.168.89.254 with 192.168.88.0 as network address and 192.168.89.255 as broadcast address). Address pool for dynamically DHCP leases is the lower half (192.168.88.1-192.168.88.255 … note that the upper address is legal host address because of subnet mask /23) of whole subnet.
Now, when a random DHCP client requests lease, DHCP server will pull out a random (yeah right) address from pool, e.g. 192.168.88.142. Then it’ll compare this address with setting from network section. First one matches (192.168.88.142 is between 192.168.88.0 and 192.168.88.255 which is what 192.168.88.0/24 translates to), so it sends out DHCP offer containing DNS server 8.8.8.8 (and other settings).
In comparison, when sweetheart asks for DHCP lease, DHCP server recognises it by client-id and selects address 192.168.89.42 to be offered. Again DHCP server goes through network items and the second one matches (192.168.89.42 is between 192.168.89.0 and 192.168.89.255), so DHCP server completes DHCP offer with DNS server 192.168.89.254 (and the rest of settings).
Note that network items contain setting of netmask=23 … this is the property which is sent out to clients (so first client will then configure it’s interface with IP address 192.168.88.142**/23** and likewise the second one with 192.168.89.42/23) … and has nothing to do with subnet length set in address property of DHCP network items.
@mkx that was waay over my current understanding of networks or my ability to maintain focus
Not sure if you are very helpful or troling
I have another thing that seems confusing (not very important) …
Why under ip > address list the address is formatted as 192.168.4.1/24 and the network is formatted as 192.168.4.0 ? Wouldn’t it make more sense to have that address as fixed 192.168.4.1 and network as 192.168.4.0/24 ?
Under dhcp > networks I tried giving the network 192.168.8.x the existent gateway 192.168.4.1 but that didn’t work (no access to internet) unless I changed under ip > address list the x.4.1 ip to be /16 instead of /24 so that is like the networks/mask under which the x.4.1 gateway is visible ?
Under /ip/address network property is most of times automatically (correctly) calculated from address with subnet length. Only in some particular cases one wants to set network address manually (in some PtP use cases).
When configuring DHCP network items, one has to consider the end result that DHCP client will have to live with. If you send out 192.168.8.x with netmask 24, then anything outside 192.168.8.1-192.168.8.254 will be inaccessible for client (due to network mask) … so gateway address send out has to fall into subnet defined by offered address and netmask. You can send out shorter netmask, the longest netmask spanning both 192.168.4.1 and 192.168.8.x is /20. However, the connectivity has to be bi-directional, meaning that also gateway with address 192.168.4.1 has to have netmask with length of /20 at most (shorter, e.g. /16, will work).
Your second line … I find it slightly offending. Specially so as you admit you did not understand all of my post (so you can not judge yourself).
That’s because 192.168.8.0/24 and 192.168.4.0/24 are not the same network, and you can’t have a gateway that’s not in the network you’re in. So you can’t assign 192.168.4.1 as gateway for the 192.168.8.x network until you shift the netmask so that both 192.168.4.x & 192.168.8.x become the same network, which takes at least a /20 netmask (usable addresses 192.168.0.1 - 192.168.15.254). As you found out /16 works as well (usable addresses 192.168.0.1 - 192.168.255.254).
This is trolling, to help you understand…
If I try to make a long distance phone call within north america and dial 0 first it wont work… ( in fact I am likely to get the operator instead )
If I try to make a long distance phone call to Europ;e and dial 1 first, it wont work .
In other words, you cannot re-invent rules established as some things are designed to work as is.
Accept it or move on!
MKX is simply and gently pointing out the facts, others would be more blunt.
