DHCP problem

DadoSa · April 26, 2018, 7:58am

Hello all,

I have RB2011UiAS-2HnD installed, simple configuration with all ports tied together via bridge, public WAN (static) IP address, NAT,
and two SSID configured for users (private and guest wireless access).
Everything working fine, except random DHCP server problem.
DHCP server stops leasing addresses, only reboot helps.

Any ideas?

Thanks

pe1chl · April 26, 2018, 8:12am

missing:

version number you are using
export of your configuration, at least he bridge and ip address and dhcp server configuration (/export, preferably NOT a screenshot!)

DadoSa · April 26, 2018, 8:45am

Hi pe1chI,

thanks for help, config export is attached.

\

apr/26/2018 10:34:17 by RouterOS 6.41.3

software id = 4V1I-RJTA

model = 2011UiAS-2HnD

serial number = 7A670816B1E2

/interface bridge
add name=bridge1
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa-psk,wpa2-psk eap-methods=""
management-protection=allowed mode=dynamic-keys name=
"EAA - private" supplicant-identity="" wpa-pre-shared-key=Xxxxxx!
wpa2-pre-shared-key=Xxxxxx!
add authentication-types=wpa-psk,wpa2-psk eap-methods=""
management-protection=allowed mode=dynamic-keys name="EAA - guest"
supplicant-identity="" wpa-pre-shared-key=Yyyyy wpa2-pre-shared-key=
Yyyyy
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-eC
disabled=no frequency=2452 mode=ap-bridge security-profile=
"EAA - private" ssid=EAA wireless-protocol=802.11
add disabled=no keepalive-frames=disabled mac-address=CE:2D:E0:35:7A:F7
master-interface=wlan1 multicast-buffering=disabled name=
"EAA - guest" security-profile="EAA - guest" ssid=
"EAA - guest" wds-cost-range=0 wds-default-cost=0 wps-mode=disabled
/ip pool
add name=dhcp ranges=192.168.0.50-192.168.0.199
add name=dhcp_pool2 ranges=10.10.10.20-10.10.10.199
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge1 lease-time=1d name=
"EAA - private dhcp"
add address-pool=dhcp_pool2 disabled=no interface="EAA - guest"
lease-time=2h name="EAA - guest dhcp"
/queue type
add kind=pcq name="Guest download" pcq-classifier=dst-address
pcq-dst-address6-mask=64 pcq-rate=1M pcq-src-address6-mask=64
add kind=pcq name="Guest upload" pcq-classifier=src-address
pcq-dst-address6-mask=64 pcq-rate=1M pcq-src-address6-mask=64
/queue simple
add name="EascCodes - gueet limit" queue="Guest upload/Guest download"
target="EAA - guest"
/interface bridge port
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
add bridge=bridge1 interface=ether6
add bridge=bridge1 interface=ether7
add bridge=bridge1 interface=ether8
add bridge=bridge1 interface=ether9
add bridge=bridge1 interface=ether10
add bridge=bridge1 interface=sfp1
add bridge=bridge1 interface=wlan1
/interface list member
add interface=ether1 list=WAN
add interface=bridge1 list=LAN
/ip address
add address=a.b.c.d/30 interface=ether1 network=a.b.c.d
add address=192.168.0.1/24 interface=ether2 network=192.168.0.0
add address=10.10.10.1/24 interface="EAA - guest" network=10.10.10.0
/ip dhcp-client
add dhcp-options=hostname,clientid interface=ether1
/ip dhcp-server network
add address=10.10.10.0/24 dns-server=10.10.10.1,8.8.8.8,8.8.4.4 gateway=
10.10.10.1 netmask=24
add address=192.168.0.0/24 dns-server=192.168.0.1,8.8.4.4,8.8.8.8
gateway=192.168.0.1 netmask=24
/ip dns
set allow-remote-requests=yes cache-max-ttl=3d max-concurrent-tcp-sessions=50
servers=8.8.4.4,8.8.8.8
/ip firewall filter
add action=drop chain=forward dst-address=192.168.0.0/24 src-address=
10.10.10.0/24
add action=drop chain=input dst-port=53 in-interface=ether1 protocol=tcp
add action=drop chain=input dst-port=53 in-interface=ether1 protocol=udp
add action=accept chain=input connection-state=established
add action=accept chain=input connection-state=related
add action=drop chain=input connection-state=invalid
add action=accept chain=input protocol=udp
add action=accept chain=input limit=50/5s,2:packet protocol=icmp
add action=drop chain=input protocol=icmp
add action=accept chain=input dst-port=22 protocol=tcp
add action=accept chain=input dst-port=8291 protocol=tcp
add action=accept chain=input src-address=e.f.g.h/23
add action=accept chain=input src-address=192.168.0.0/24
add action=log chain=input disabled=yes log-prefix="Drop Input"
add action=drop chain=input log-prefix="Drop Input"
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN
/ip route
add distance=1 gateway=e.f.g.h1
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/lcd
set default-screen=stats read-only-mode=yes touch-screen=disabled
/system clock
set time-zone-name=Europe/Zagreb
/system identity
set name=EAA
/system logging
add topics=dhcp
/system scheduler
add interval=1d name="Auto reboot - daily" on-event="/system reboot" policy=
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon
start-date=mar/25/2018 start-time=06:30:00

pe1chl · April 26, 2018, 9:48am

update your router to 6.42.1
go to the “bridge1” interface, note the MAC address field and copy the value after that into the “Admin. Mac address” field.

DadoSa · April 26, 2018, 11:47am

Update will be done after working hours, I’ll let you know results.

Thanks,

Best regards!

pe1chl · April 26, 2018, 1:09pm

You can do the setting on the bridge interface during day with little problems when you make sure the MAC is unchanged.
(maybe a down/up flap on the interface but normally no serious interruption)

DadoSa · May 23, 2018, 6:46am

So far no complaints from customer, problem seems resolved.

Thank You very much!!!

Best regards