Good day everyone, I have an issue where my CRS368 running SwOS 2.13 is obtaining the wrong IP address via DHCP. Let me give you the background. I use the switch to power an LtAP LTE6 and RB5009. This works great so that I don’t have to have two more devices plugged into a power strip. The LtAP and RB5009 are on switch ports untagged for VLAN 5. The RB5009 gets its IP via DHCP from the LtAP which is the source of my internet connection. I thought that by putting both devices on a VLAN that only they use, all communication would be isolated. The RB5009 should be providing IP addresses via DHCP (static and dynamic assignment) to the switch via a trunk port, as well as all network devices. What is happening however, is that the switch is getting assigned an IP by the RB5009 and then subsequently obtaining a new IP from the LtAP. I’ve watched this occur multiple times in the console. I know that I can set trusted ports in the DHCP & PPOE Snooping area in the System settings, but if I disable the ports that the LtAP and RB5009 are on, then the RB5009 no longer gets an IP from the LtAP. I have tried to set up port isolation but have either done it wrong, or it’s of no effect. Rather than drop a bunch of screenshots and config files in, I wanted to first get the thoughts of those smarter than me as to why this is happening and what I could do to fix it. I’ll then try to figure my issue out and come back for more help if not. Obviously I know that I could plug the the LtAP LAN into the RB5009 WAN and easily solve this, but there’s gotta be a way to make this work the way I want/need it to. Can anyone provide me a hint?
I see no such product on MikroTik’s site, even if I search the “Archived” products.
I thought that by putting both devices on a VLAN that only they use, all communication would be isolated.
I think I need a network diagram to make sense of what you’re putting down in prose. Label the subnets and associated VLANs, and mark where the DHCP servers and clients are.
My best guess from your wall-of-text is that you’ve got more than one DHCP server on the same VLAN, and the client isn’t talking to the one you think it ought to.
Apologies, it’s an CRS328-24P-4S+RM. Was so focused on describing the issue that I goofed the product name. I’ll do a quick chart here shortly.
How DHCP Works // DHCP EXPLAINED youtube video by Chris Greer with Wireshark
OK let’s hope this helps. It’s crude but I think it conveys everything I am trying to say and what I am witnessing. I’m sure the issue is that the switch sees two DHCP servers but I am struggling with how to have the switch accept one while allowing the other to give an IP to the expected device (RB5009) as you will see.
If the switch was running RouterOS, you could bind its DHCP client to a specific port, bridge, or VLAN and get the behavior you want.
Although SwOS doesn’t appear to have the same ability, isn’t it as simple as setting the “Allow From VLAN” field to something only the RB5009 can serve?
The allow from VLAN field is only to limit the VLAN that can be used to access the GUI for switch config. That won’t be of help here.
I had been running RoS on the switch and wanted to give SwOS a try. It I think I’m going to go back. There are a number of little things that I find either don’t exist in SwOS or are way more limiting.
Just re-read the wiki and maybe that will work. I’ll give it a shot. Damn I can’t believe it was something that simple if it does work. I though it was more for limiting access than anything else.
Thanks for being a better reader than I was tangent. allow from VLAN did it! The mystery of the phantom switch has been solved.