DHCP problem with Chinese wireless repeater connected to Mikrotik AP

ventusz · November 18, 2023, 9:33pm

Hello,

I came across an issue when I connected my Chinese wireless extender/repeater to my Mikrotik via wifi.

The clients connecting to the repeater try to get an IP address but the DHCP lease is stuck at “offered” status.

In the logs the following can be seen: dhcp_iot offering lease 10.49.0.236 for EA:41:17:xx:xx:xx to eth 22:BF:CE:xx:xx:xx without success
The EA:41:17:xx:xx:xx is the client connected to the repeater: 22:BF:CE:xx:xx:xx

If I set up a static IP address on the client machine everything works fine.

When I use my phone’s hotspot as the source for the repeater to connect to, clients connected to the repeater are fine. They get IP and they can reach the internet.

Could you please help me find the culprit?

mkx · November 19, 2023, 9:49am

Try to sniff DHCP traffic to see actual hanshake … I guess that final DHCP ACK comes back from repeater’s MAC while MT expects to see client’s MAC … or the other way around.

My guess is that repeater works similarly to station-bridge mode and that can cause all kinds of random problems, see mikrotik’s article on station modes.

If repeater would perform proxy ARP properly (that would solve the problem of multiple MACs behind repeater), then you wouldn’t see repeater’s MAC in DHCP server logs (but I guess that proxy ARP would mess with station roaming big time).

ventusz · November 20, 2023, 10:08pm

I can’t really see a DHCP Request or ACK at all, only Discover and Offer. With my phone hotspot as a router I can see the 4-way dhcp.

I hacked myself into the repeater via serial connection and it’s running OpenWRT. Now that may be well beyond the scope of this forum, however I might ask if there was anything I could check there in the configs? I have never worked with OpenWRT.

rplant · November 21, 2023, 12:39am

Hi,

You could try turning off rstp on the mikrotik’s bridge, it seems to cause issues in this case sometimes.

ventusz · November 21, 2023, 7:47am

Hi,

I tried this but to no avail. Also checked numerous things that I have never touched like DHCP Snooping, ARP settings on both the bridge and the wireless interface, multicast helper, still nothing.

erlinden · November 21, 2023, 8:05am

Can you please share your config, just to make sure…?

/export file=anynameyoulike

Remove serial and any other private information, and place the output here between code tags (</> button)

ventusz · November 21, 2023, 9:52am

Of course, that's the least I can do.
I omitted some parts of the config, e.g. firewall rules, ppp configuration as I deemed them irrelevant of the topic. I basically let everything through the firewall with these as the first three rules, but that didnt help either.

add action=accept chain=input
add action=accept chain=forward
add action=accept chain=output

Here's the config: (If you're searching for something specific that's missing from the below script, please let me know)

# 2023-11-21 10:26:07 by RouterOS 7.10.2
# software id = WWBA-6SKN
#
# model = RBD52G-5HacD2HnD

/interface bridge
add name=br_iot
add arp=proxy-arp name=br_private

/interface ethernet
set [ find default-name=ether1 ] advertise=1000M-full
set [ find default-name=ether2 ] 
set [ find default-name=ether3 ] 
set [ find default-name=ether5 ] 

/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1

/interface list
add name=LAN
add name=WAN

/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa2-psk disable-pmkid=yes eap-methods="" management-protection=allowed mode=dynamic-keys name="Wifi 2GHz" supplicant-identity=""
add authentication-types=wpa2-psk disable-pmkid=yes eap-methods="" management-protection=allowed mode=dynamic-keys name="Wifi 5GHz" supplicant-identity=""
add authentication-types=wpa2-psk disable-pmkid=yes eap-methods="" mode=dynamic-keys name=IoT supplicant-identity=""

/interface wireless
set [ find default-name=wlan1 ] antenna-gain=0 band=2ghz-b/g/n country=no_country_set disabled=no frequency-mode=manual-txpower mode=ap-bridge security-profile="Wifi 2GHz" ssid="Wifi 2GHz" station-roaming=enabled wps-mode=disabled
set [ find default-name=wlan2 ] antenna-gain=0 band=5ghz-a/n/ac channel-width=20/40/80mhz-XXXX country=no_country_set disabled=no frequency=5260 frequency-mode=manual-txpower mode=ap-bridge security-profile="Wifi 5GHz" ssid="Wifi 5GHz" station-roaming=enabled wps-mode=disabled
add disabled=no keepalive-frames=disabled mac-address=C6:AD:34:xx:xx:xx master-interface=wlan1 multicast-buffering=disabled name=w1_iot security-profile=IoT ssid=ProblematicWifi wds-cost-range=0 wds-default-cost=0 wps-mode=disabled

/ip pool
add name=dhcp_trusted_pool ranges=10.48.1.2-10.48.1.254
add name=dhcp_iot_pool ranges=10.49.0.2-10.49.0.254

/ip dhcp-server
add address-pool=dhcp_trusted_pool interface=br_private lease-time=1w name=dhcp_trusted
add address-pool=dhcp_iot_pool interface=br_iot lease-time=10m name=dhcp_iot

/interface bridge port
add bridge=br_private ingress-filtering=no interface=ether2
add bridge=br_private ingress-filtering=no interface=ether3
add bridge=br_private ingress-filtering=no interface=ether4
add bridge=br_private ingress-filtering=no interface=ether2
add bridge=br_private ingress-filtering=no interface=wlan1
add bridge=br_private ingress-filtering=no interface=wlan2
add bridge=br_iot interface=w1_iot

/ip firewall connection tracking
set loose-tcp-tracking=no

/ip neighbor discovery-settings
set discover-interface-list=!dynamic

/ip settings
set max-neighbor-entries=8192

/interface list member
add interface=ether2 list=LAN
add interface=ether3 list=LAN
add interface=ether4 list=LAN
add interface=wlan1 list=LAN
add interface=wlan2 list=LAN
add interface=br_private list=LAN
add interface=w1_iot list=LAN

/ip address
add address=10.48.1.1/24 interface=br_private network=10.48.1.0
add address=10.49.0.1/24 interface=br_iot network=10.49.0.0