DHCP Client searching...

RouterOS Wireless Networking
1

Good evening! I was trying to set up CAPsMAN on Router MikroTik with RouterOS 7.14.3 and I need to get gateway address from DHCP-Client with interface bridge. So when I was trying to add a new DHCP Client for interfface: bridge, it just shows me status searching…
Logs are not showing any error, just loop messages of sending discover by dhcp-client.

Here is my config:

# 2024-05-30 16:24:11 by RouterOS 7.14.3
# software id = 62SF-2GZX
#
# model = D53G-5HacD2HnD
/interface bridge
add admin-mac=2C:C8:1B:BC:24:1E auto-mac=no comment=defconf name=bridge
/interface lte
set [ find default-name=lte1 ] allow-roaming=no band="" nr-band="" sms-read=no
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wifi channel
add band=5ghz-ac disabled=no frequency=5540 name=5G-AC skip-dfs-channels=all width=20/40/80mhz
add band=2ghz-n disabled=no frequency=2412,2437,2462 name=2G-N skip-dfs-channels=all width=20mhz
/interface wifi datapath
add bridge=bridge disabled=no name=datapath1
/interface wifi security
add authentication-types=wpa2-psk,wpa3-psk disabled=no ft=yes ft-over-ds=yes group-encryption=ccmp group-key-update=1h management-protection=allowed name=sec2G
add authentication-types=wpa3-psk disable-pmkid=yes disabled=no ft=yes ft-over-ds=yes group-encryption=ccmp group-key-update=5m management-encryption=cmac management-protection=required name=sec5G
/interface wifi configuration
add channel=5G-AC country=Latvia datapath=datapath1 disabled=no mode=ap name=5G-AC-CFG security=sec5G security.ft=yes .ft-over-ds=yes ssid=mikroTik
add channel=2G-N country=Latvia datapath=datapath1 disabled=no mode=ap name=2G-N-CFG security=sec2G security.ft=yes .ft-over-ds=yes ssid=mikroTik
/interface wifi
# no connection to CAPsMAN
add channel=2G-N channel.band=2ghz-n .skip-dfs-channels=10min-cac .width=20/40mhz configuration=2G-N-CFG configuration.country=Latvia .manager=capsman .mode=ap .ssid=MikroTik-BC2423 datapath=datapath1 disabled=no radio-mac=2C:C8:1B:BC:24:23 \
    security=sec2G security.ft=yes .ft-over-ds=yes
# no connection to CAPsMAN
add channel=5G-AC channel.band=5ghz-ac .skip-dfs-channels=10min-cac .width=20/40/80mhz configuration=5G-AC-CFG configuration.country=Latvia .manager=capsman .mode=ap .ssid=MikroTik-BC2424 datapath=datapath1 disabled=no radio-mac=2C:C8:1B:BC:24:24 \
    security=sec5G security.ft=yes .ft-over-ds=yes
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=default-dhcp interface=bridge lease-time=1h name=defconf
/interface bridge port
add bridge=bridge comment=defconf interface=ether1
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=wifi1
add bridge=bridge comment=defconf interface=wifi2
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=lte1 list=WAN
/interface wifi cap
set caps-man-addresses="" enabled=yes slaves-datapath=datapath1
/interface wifi capsman
set ca-certificate=WiFi-CAPsMAN-CA-2CC81BBC241E certificate=WiFi-CAPsMAN-2CC81BBC241E enabled=yes interfaces=bridge package-path="" require-peer-certificate=yes upgrade-policy=none
/interface wifi provisioning
add action=create-dynamic-enabled disabled=no identity-regexp=.*AC.* master-configuration=5G-AC-CFG name-format=5GHz-%I-AC supported-bands=5ghz-ac
add action=create-dynamic-enabled disabled=no identity-regexp=.*AC.* master-configuration=2G-N-CFG name-format=2GHz-%I-N supported-bands=2ghz-n
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=192.168.88.0
/ip dhcp-client
add interface=bridge
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf dns-server=192.168.88.1,8.8.8.8,9.9.9.9 gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input dst-port=67-68 protocol=udp
add action=accept chain=forward dst-port=67-68 protocol=udp
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related hw-offload=yes
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
add action=accept chain=input dst-port=67-68 protocol=udp
add action=accept chain=input protocol=udp src-port=67-68
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=icmpv6
add action=drop chain=input comment="Drop (invalid)" connection-state=invalid
add action=accept chain=input comment="Accept (established, related)" connection-state=established,related
add action=reject chain=input comment="Reject everything else"
add action=accept chain=output comment="Accept all"
add action=drop chain=forward comment="Drop (invalid)" connection-state=invalid
add action=accept chain=forward comment="Accept (established, related)" connection-state=established,related
add action=reject chain=forward comment="Reject everything else"
/ipv6 nd
set [ find default=yes ] disabled=yes
/system clock
set time-zone-name=Europe/Stockholm
/system logging
add topics=dhcp
/system note
set show-at-login=no
/system routerboard settings
set auto-upgrade=yes

Waiting for your answers!

2

you have both dhcp-client & dhcp-server on the interface bridge

3

Sorry, I am beginner here. What should I do to fix this problem?

4

describe your network diagram and desired result, how you are connected to the ISP and how your devices are connected to the Tik

5

So right now my interface list looks like this:

Flags: R - RUNNING; S - SLAVE
Columns: NAME, TYPE, ACTUAL-MTU, L2MTU, MAX-L2MTU, MAC-ADDRESS
#    NAME    TYPE      ACTUAL-MTU  L2MTU  MAX-L2MTU  MAC-ADDRESS      
0 RS ether1  ether           1500   1598       9214  2C:C8:1B:BC:24:1E
1  S ether2  ether           1500   1598       9214  2C:C8:1B:BC:24:1F
2  S ether3  ether           1500   1598       9214  2C:C8:1B:BC:24:20
3  S ether4  ether           1500   1598       9214  2C:C8:1B:BC:24:21
4  S ether5  ether           1500   1598       9214  2C:C8:1B:BC:24:22
;;; defconf
5 R  bridge  bridge          1500   1560             2C:C8:1B:BC:24:1E
6 R  lo      loopback       65536                    00:00:00:00:00:00
7 R  lte1    lte             1500                    02:50:F4:00:00:00
8  S wifi1   wifi            1500   1560       1560  2C:C8:1B:BC:24:23
9 RS wifi2   wifi            1500   1560       1560  2C:C8:1B:BC:24:24

On ether1 is connected main PC right now through LAN cable, and other ethers are free.

                      name: ether1
                    status: link-ok
          auto-negotiation: done
                      rate: 1Gbps
               full-duplex: yes
           tx-flow-control: no
           rx-flow-control: no
                 supported: 10M-baseT-half,10M-baseT-full,100M-baseT-half,
                            100M-baseT-full,1G-baseT-half,1G-baseT-full
               advertising: 10M-baseT-half,10M-baseT-full,100M-baseT-half,
                            100M-baseT-full,1G-baseT-half,1G-baseT-full
  link-partner-advertising: 10M-baseT-half,10M-baseT-full,100M-baseT-half,
                            100M-baseT-full,1G-baseT-full

Both of WIFI's are used for other devices like phones and etc.

All ethers and wifi's are defined in bridge ports.They are connected in Bridge to main bridge (#5 in interfaces).
Nothing else has been done.

My goal is to get working DHCP-Client, so I can get gateway address to connect CAPsMAN.

6

what is your WAN interface? LTE?
can you show “ip address print” and “ip route print”?

7

Yes the internet is from SIM, so WAN is LTE.

ip address print:

[admin@MikroTik] > ip address print
Flags: D - DYNAMIC
Columns: ADDRESS, NETWORK, INTERFACE
#   ADDRESS            NETWORK         INTERFACE
;;; defconf
0   192.168.88.1/24    192.168.88.0    bridge   
1 D 83.178.208.192/32  83.178.208.192  lte1

ip route print:"

[admin@MikroTik] > ip route print
Flags: D - DYNAMIC; A - ACTIVE; c - CONNECT, m - MODEM
Columns: DST-ADDRESS, GATEWAY, DISTANCE
    DST-ADDRESS        GATEWAY  DISTANCE
DAm 0.0.0.0/0          lte1            2
DAc 83.178.208.192/32  lte1            0
DAc 192.168.88.0/24    bridge          0
8

So, you are already have 192.168.88.1/24 assigned to your bridge, you don’t need a dhcp-client on the bridge because there is nowhere to get ip address via dhcp-client in this interface. If you want your PC (and wifi devices) to got and ip address you need only dhcp-server on the bridge interface.
Your LAN gateway is your bridge ip address = 192.168.88.1
disable dhcp-client on the bridge:
“ip dhcp-client disable [find]”

9

Okay, thanks for explaining! I tried to put gateway address, but it is still showing no connection to CAPsMAN.

10

You are trying to connect to CapsMan (running on your Chateau) from another Tik AP connected to your Chateau via LAN cable?
Can you ping 192.168.88.1 from this AP?

If these two statements are correct, try to temporary disable your firewall rules at Chateau and see if AP connects to CapsMan.
If yes, enable your firewall rules back and post here: “ip firewall export”

11 



[admin@MikroTik] > ping 192.168.88.1
  SEQ HOST                                     SIZE TTL TIME       STATUS        
    0 192.168.88.1                               56  64 424us     
    1 192.168.88.1                               56  64 345us     
    2 192.168.88.1                               56  64 350us     
    3 192.168.88.1                               56  64 333us     
    4 192.168.88.1                               56  64 429us     
    sent=5 received=5 packet-loss=0% min-rtt=333us avg-rtt=376us max-rtt=429us

Pinging fine.
I am using one router.

I tried disabling all my firewall rules at router, but it is still showing no connection to CAPsMAN.

12

if you are using only Chateu, you don’t need a CapsMan, setup as regular router with wifi.

13

But I have used CAPsMAN before I got qcom package update. You mean that CAPsMAN is not needed when there is just router, PC connected to lan, and mobile devices connected to WIFI?

14

Yes. Setup via WiFi menu your wireless settings.