Device on switch does not get ip from router dhcp

Hi Mikrotik forum members,

I’m a new Mikrotik user, having fun setting up my first devices. I’ve managed to take a few hurdles, finding answers in various forum posts here. However, I’m as yet unable to tackle my current problem. Any pointing in the right direction is much appreciated.

The issue:
Connecting my laptop to the switch does not give it an IP. Connecting to the router gives it an IP in the configured dhcp range.

My setup:
Router: CCR2004-16G-2S+, running RouterOS 7.5
Switch: CRS112–8P-4S, running RouterOS 6.49.6
Connected using XS+DA0001

Extra info:
I’ve configured the router using this getting started guide: https://help.mikrotik.com/docs/display/ROS/First+Time+Configuration
I’m using the default config for the switch, adjusting only some settings as needed to be connected to the router
All firewall rules in the router are currently disabled to make sure that’s not the problem
The ether2 setting in the switch was used for a direct connection with my laptop when the connection with/through the router was not yet working
The router ether2 ↔ switch ether1 connection was used until I got the DirectAttach cable working (on router sfp1 ↔ switch sfp9)

Router config export:

# oct/07/2022 18:41:03 by RouterOS 7.5
# model = CCR2004-16G-2S+
/interface bridge
add name=local
/interface ethernet
set [ find default-name=sfp-sfpplus1 ] auto-negotiation=no speed=1Gbps
/interface list
add name=listBridge
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool1 ranges=192.168.79.100-192.168.79.254
/ip dhcp-server
add address-pool=dhcp_pool1 interface=local name=dhcp1
/port
set 0 name=serial0
set 1 name=serial1
/interface bridge port
add bridge=local interface=ether2
add bridge=local interface=sfp-sfpplus1
add bridge=local interface=ether3
add bridge=local interface=ether4
/ip neighbor discovery-settings
set discover-interface-list=listBridge
/interface list member
add interface=local list=listBridge
/interface ovpn-server server
set auth=sha1,md5
/ip address
add address=192.168.79.1/24 interface=local network=192.168.79.0
/ip cloud
set update-time=no
/ip dhcp-client
add interface=ether1
/ip dhcp-server lease
add address=192.168.79.3 client-id=xxx mac-address=\
    MAC-of-switch-ether1 server=dhcp1
add address=192.168.79.2 client-id=yyy mac-address=\
    MAC-of-switch-sfp9 server=dhcp1
/ip dhcp-server network
add address=192.168.79.0/24 dns-server=192.168.79.1 gateway=192.168.79.1
/ip dns
set allow-remote-requests=yes
/ip firewall filter
add action=accept chain=input comment="accept established,related" \
    connection-state=established,related disabled=yes
add action=drop chain=input connection-state=invalid disabled=yes log-prefix=\
    FW_Invalid_Input
add action=accept chain=input comment="allow ICMP" disabled=yes in-interface=\
    ether1 protocol=icmp
add action=accept chain=input comment="allow Winbox" disabled=yes \
    in-interface=ether1 port=8291 protocol=tcp
add action=accept chain=input comment="allow SSH" disabled=yes in-interface=\
    ether1 port=2279 protocol=tcp
add action=drop chain=input comment="block everything else" disabled=yes \
    in-interface=ether1 log-prefix=FW_Rest
add action=fasttrack-connection chain=forward comment=\
    "fast-track for established,related" connection-state=established,related \
    disabled=yes hw-offload=yes
add action=accept chain=forward comment="accept established,related" \
    connection-state=established,related disabled=yes
add action=drop chain=forward connection-state=invalid disabled=yes \
    log-prefix=FW_Invalid_Forward
add action=drop chain=forward comment=\
    "drop access to clients behind NAT from WAN" connection-nat-state=!dstnat \
    connection-state=new disabled=yes in-interface=ether1
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set winbox address=192.168.79.0/24
set api-ssl address=192.168.79.0/24 disabled=yes
/ip ssh
set strong-crypto=yes
/system clock
set time-zone-name=Europe/Amsterdam
/system ntp client
set enabled=yes
/system ntp client servers
add address=pool.ntp.org
/tool bandwidth-server
set enabled=no
/tool mac-server
set allowed-interface-list=listBridge
/tool mac-server mac-winbox
set allowed-interface-list=listBridge

Switch config export:

# oct/07/2022 18:41:51 by RouterOS 6.49.6
# model = CRS112-8P-4S
/interface bridge
add admin-mac=MAC-of-switch-ether1 auto-mac=no comment=defconf name=bridge
/interface ethernet
set [ find default-name=sfp9 ] auto-negotiation=no
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/interface bridge port
add bridge=bridge comment=defconf disabled=yes interface=ether1
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=ether6
add bridge=bridge comment=defconf interface=ether7
add bridge=bridge comment=defconf interface=ether8
add bridge=bridge comment=defconf disabled=yes interface=sfp9
add bridge=bridge comment=defconf interface=sfp10
add bridge=bridge comment=defconf interface=sfp11
add bridge=bridge comment=defconf interface=sfp12
/interface list member
add interface=ether1 list=WAN
add interface=ether2 list=LAN
add interface=ether3 list=LAN
add interface=ether4 list=LAN
add interface=ether5 list=LAN
add interface=ether6 list=LAN
add interface=ether7 list=LAN
add interface=ether8 list=LAN
add interface=sfp9 list=WAN
add interface=sfp10 list=LAN
add interface=sfp11 list=LAN
add interface=sfp12 list=LAN
/ip address
add address=192.168.79.2/24 comment=defconf disabled=yes interface=ether2 \
    network=192.168.79.0
add address=192.168.79.2/24 interface=bridge network=192.168.79.0
/ip dhcp-client
add disabled=no interface=sfp9
add disabled=no interface=ether1
/ip dns
set allow-remote-requests=yes servers=192.168.79.1
/ip route
add distance=1 gateway=192.168.79.1
/system clock
set time-zone-name=Europe/Amsterdam
/system identity
set name=RouterOS
/system ntp client
set enabled=yes primary-ntp=162.159.200.1 server-dns-names=""

Best regards,
H. Deur

Did I really create such a difficult situation, nobody can help point me in the right direction?

/interface bridge port
add bridge=bridge comment=defconf disabled=yes interface=ether1
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=ether6
add bridge=bridge comment=defconf interface=ether7
add bridge=bridge comment=defconf interface=ether8
add bridge=bridge comment=defconf disabled=yes interface=sfp9
add bridge=bridge comment=defconf interface=sfp10
add bridge=bridge comment=defconf interface=sfp11
add bridge=bridge comment=defconf interface=sfp12

Say it isnt so, if thats the case, one should ask did you plug in both devices.

Thanks for your replies.

@rextended: I took those two ports out of the bridge (by disabling them there) as they are not supposed to be used as LAN port, but as the port for connecting to the router. Isn’t that correct?
In the end only sfp9 will be used for this. But as I had some trouble getting the sfp ports to connect correctly, I used ether1 with a normal patch cable at first.

@anav: Do you mean whether the router, the switch and the client are all plugged in to a wall socket and/or patch cables? In that case, yes, they are.
DA cable from router sfp1 to switch sfp9, laptop connected with patch cable to switch ether3, it does not get an IP.
Laptop connected to router ether3 (same patch cable), it does get an IP.
If this is not what you mean, I’m not sure I understand your question. Could you elaborate?

Do you know the difference between “router” and “switch”?
When you buy a “standalone” switch, have any “WAN” port?
In your opinion how computer reach the router, if it is not in the SAME LAN?

I’m definitely not a network guru, but I do know the difference between a router and a switch. Sorry for calling it a LAN port, I know all ports of the switch are part of the LAN. I just meant that ether1 (at least for now) and sfp9 are not supposed to be used by a client, but instead are meant to be used as the uplink port (is that the correct term?). The port through which the switch is connected to the router. This does seem to work as the switch gets an IP from the router (even with the disabled setting).

Are you saying that the uplink port (still not sure that’s the correct terminology, but hopefully you know what I mean) in a switch should be part of the bridge?
Is there no difference in setup between ports meant for clients and a port meant to connect to the router?

Neither I, is just a tag from the forum for the number of the posts.

Sorry, but I still doubt.

Still valid the same:

And why you remove (disable) the ports from the LAN BRIDGE?
(DHCP client must be on bridge, not ether or sfp, and must be only one)
(obviously, except for xSTP or other non-standard switch advanced features, you must use only one port to connect the "switch" to the "router")

When you buy a "standalone" switch, have any importance what port you use vs the router?
If you treat on different way ports (except VLAN, etc.) is not anymore one switch...

Yes, only one port at a time is used to connect to the router. As mentioned, this was because I had some trouble connecting with the sfp port and used ether1 in the mean time.

Good point about the “standalone” switch! Somehow I thought there should be a difference, but in an unmanaged switch it does not matter which port is used to connect to the router. I was making it more difficult in my head than it is.

Thank you for your time and patience!

Just had a change to play some more with this and can happily confirm rextended’s advice. After fixing my (very dumb) mistake, the client gets it’s IP as it should.
Thanks again for the help, rextended!

Nice, Thanks.