DHCP problem

huso1451 · September 22, 2023, 8:20pm

There are 4 Mikrotik devices in our business, 1 RB750 and 3 RB951-2hnd.
The cable coming from the ISP ends on ether1 in RB750, and the internet is output from ether5. ether5 IP address is 192.168.10.1, gateway is 192.168.10.1, there is no DHCP server.
There is a wired connection from RB750’s ether5 to the switch and from there to the RB951’s ether1 port.
Different IP addresses of 192.168.10.x are given to the ether1 ports of RB951 devices.
I want to set up DHCP on the wlan1 interface of the RB951s, but I want the DHCP server to distribute a certain number of IPs over the 192.168.10.0/24 network. For example, RB951 device number 1 is 192.168.10.11-20, rb951 number 2 is 192.168.10.21-30, etc.
When I configure the settings in this way, the connected devices receive IP but cannot access the internet.
When I define a different network address to the Wlan1 interface and set up DHCP, everything works normally. When wlan1 and ether1 addresses are the same, then I have a problem. Is there anything wrong with this structure? Is it normal for it not to work?

mkx · September 23, 2023, 6:44am

Your post doesn’t contain all the details. So I’ll assume that you want to have single 192.168.10.9/24 IP subnet on all devices. Do your APs also use same SSID (and security parameters) to allow wireless clients roam around? If this is so, then the problem with your layout is that what you want can not be done.

Single ethernet broadcast domain, which is what you get if all wired and wireless interfaces are bridged together, can only host single DHCP server (without too much fuss). And in this case DHCP server doesn’t really know where in physical topology is the client (asking for lease).
Also if clients can roam between APs, seeing same SSID they assume they are remaining inside same IP network and don’t try to get a new DHCP lease after connecting another AP … that’s by design to speed-up roaming.

So describe (in plain English) what kind of behaviour you woukd like to achive in your network (current configuration doesn’t matter, obviously it’s not helping or you wouldn’t be asking questions here) and we’ll get to some plan (and implementation details) based on that.

huso1451 · September 23, 2023, 10:37am

First of all, I apologize for my bad English, I wrote this post using translate.

I have correctly configured all the necessary settings in the wlan1 interface.
While setting up DHCP on the wlan1 interface on Mikrotik RB951 devices, when I give an IP other than the RB750’s subnet, everything works smoothly, and clients connected to the wlan1 interface access the internet.

If I were to give details, RB750 is the device where the cable coming from the ISP ends (ether2), the port where we can receive the internet is ether5.
ether5 IP: 192.168.10.1/24, Gateway: 192.168.10.1

One patch cable from Ether5 goes to the HP brand unmanaged switch. Cables run from this switch to the rooms of our office. There are desktop computers, a shared network printer and a total of 3 RB951 devices in the rooms, one in each room. Desktop computers and the printer connect to the network with static IP and access the internet. Since the rooms are large, we needed to position one RB951 in each room.

I want to set up a DHCP server on RB750. The IP address of the DHCP server can be 192.168.10.2/24 and the IP pool needs to be 192.168.10.151-192.168.10.200. But I do not want this DHCP server to distribute IP directly to the network via ether5. That is, I do not want any machine that will be connected to the HP switch via cable to automatically get an IP and access the internet.

I only want the clients that will connect to the RB951’s WLAN1 interface to receive an IP belonging to the 192.168.10.0/24 network from the DHCP server on the RB750, for example, a connecting laptop or phone should receive the address 192.168.10.200 from the pool I mentioned above.

After writing this post yesterday, I tried to configure this structure with vlan and I think it was successful. But the rule of this structure, what should happen, how to configure such scenarios.

I want all company-related devices in my network (computer, laptop, printer, tablet, mobile phone, etc.) to be on a single network (192.168.10.0/24). When this happens, it becomes easier to manage. When I set up a different DHCP on each Mikrotik device in different networks and connect the clients to the devices, it becomes more difficult to manage, since the devices are on different networks. For example, if the laptop in one room receives 192.168.15.253, the laptop in the other room will receive 192.168.16.253 from the DHCP server installed on the Mikrotik device in the room.

In the second stage, I will create a virtual WLAN to which company employees can connect their personal phones and I will define another DHCP server to this virtual network, for example 10.5.5.0/24. Devices connected to the virtual network will access the internet by obtaining an IP address between 10.5.5.101 and 10.5.5.200.

I hope I was clear enough, sorry if I didn’t explain my opinion clearly due to incomplete information.

mkx · September 23, 2023, 7:35pm

I’m not sure that I fully understand what you want to achieve. Is it that you want that some device connecting to any of your APs uses same IP address (regardless the AP in use) from same subnet as wired devices?

anav · September 23, 2023, 7:58pm

Me neither please draw a detailed diagram.

huso1451 · September 24, 2023, 8:12am

Yes exactly

mkx · September 24, 2023, 9:24am

In this case you should reconfigure your AP devices into AP+switch combo. Unfortunately there isn’t a QuickSet profile ready for that config, so you’ll have to do it manually. It’s not too difficult though:

download winbox - it’s a windows exe file and allows to connect to ROS device even if that one doesn’t have IP set up. It’ll help a lot with next steps. Even though it’s a windows application, it works just fine under Linux or OSx in wine environment.
connect to one of RB951Gs … use any of ports ether2-5 (ether1 is currently configured as WAN and doesn’t alliw management access). Use winbox, browse to Neighbors tab, click device’s MAC address and “Connect”
go to System → Reset configuration, select “No default configuration” … optionally select “Keep users” if you’d like to keep admin username and password. Then click “Reset Configuration”
after device reboots, connect to it again (if winbox doesn’t do it automatically)
open Bridge, under Bridge creaze a new one
under Ports, add all ports to the bridge, created in previous step. Interfaces to add: ether1-5 and wlan1
add IP setup under “IP”, select interface “bridge” (not individual bridge ports). Those settings will be used only for AP management. Don’t forget to include subnet mask with address (e.g. /24). You can go with DHCP-client, personalky I’m always usong static IP settings on network infrastructure devices.
set up wireless - country, frequency channels (try to stick to 1-6-11 scheme), security settings. If you
connect any of wired ports to main router. Test if things work as expected … both wireless and wired clients should receive IP settings from DHCP server running on hEX router.

Repeat the actions 2-9 for other two APs. If you’re going to set up IP manually, don’t forget to set different addresses. If setting wifi frequency manually (it’s recomended), set frequencies on APs to different channels but stick to channel layout 1-6-11 (the only combination where channels don’t partially overlap. Actualky it’s posdible to use 1-5-9-13 in ETSI countries (EU) but most on-line recipes recomend 1-6-11, hence many ETSI installations folliw this channel layout as well; use smart phone with a wifi scanning app to see channel utilization and decide which layout will see less channel overlap). Only use 20MHz channel width, there isn’t enough frequency space available in 2.4GHz band to use wider channels when there are multiple APs operating in vicinity. Do keep other wireless security settings identical on all APs (SSID, authentication types, …) to allow clients to roam between APs with least interruption (there will be short gaps in connectivity, legacy MT wireless driver doesn’t support any of modern WiFi mobility features).

Wired ports will act as switch … so it even allows you to “daisy-chain” APs if that makes laying UTP cables easier for you.

huso1451 · September 27, 2023, 5:37am

In this case you should reconfigure your AP devices into AP+switch combo. Unfortunately there isn’t a QuickSet profile ready for that config, so you’ll have to do it manually. It’s not too difficult though:

download winbox - it’s a windows exe file and allows to connect to ROS device even if that one doesn’t have IP set up. It’ll help a lot with next steps. Even though it’s a windows application, it works just fine under Linux or OSx in wine environment.

connect to one of RB951Gs … use any of ports ether2-5 (ether1 is currently configured as WAN and doesn’t alliw management access). Use winbox, browse to Neighbors tab, click device’s MAC address and “Connect”

go to System → Reset configuration, select “No default configuration” … optionally select “Keep users” if you’d like to keep admin username and password. Then click “Reset Configuration”

after device reboots, connect to it again (if winbox doesn’t do it automatically)

open Bridge, under Bridge creaze a new one

under Ports, add all ports to the bridge, created in previous step. Interfaces to add: ether1-5 and wlan1

add IP setup under “IP”, select interface “bridge” (not individual bridge ports). Those settings will be used only for AP management. Don’t forget to include subnet mask with address (e.g. /24). You can go with DHCP-client, personalky I’m always usong static IP settings on network infrastructure devices.

set up wireless - country, frequency channels (try to stick to 1-6-11 scheme), security settings. If you

connect any of wired ports to main router. Test if things work as expected … both wireless and wired clients should receive IP settings from DHCP server running on hEX router.

Repeat the actions 2-9 for other two APs. If you’re going to set up IP manually, don’t forget to set different addresses. If setting wifi frequency manually (it’s recomended), set frequencies on APs to different channels but stick to channel layout 1-6-11 (the only combination where channels don’t partially overlap. Actualky it’s posdible to use 1-5-9-13 in ETSI countries (EU) but most on-line recipes recomend 1-6-11, hence many ETSI installations folliw this channel layout as well; use smart phone with a wifi scanning app to see channel utilization and decide which layout will see less channel overlap). Only use 20MHz channel width, there isn’t enough frequency space available in 2.4GHz band to use wider channels when there are multiple APs operating in vicinity. Do keep other wireless security settings identical on all APs (SSID, authentication types, …) to allow clients to roam between APs with least interruption (there will be short gaps in connectivity, legacy MT wireless driver doesn’t support any of modern WiFi mobility features).

Wired ports will act as switch … so it even allows you to “daisy-chain” APs if that makes laying UTP cables easier for you.

Hello, unfortunately the settings you suggested do not suit my infrastructure. My wired connected devices have a static IP, so I do not need a DHCP server for my wired connected devices and I want them not to receive IP from DHCP. I think I solved my problem in a different way. I’ll handle it with VlANs. I first tried it in a lab environment and it worked successfully. I will apply the same solution to the existing network, I hope I will get the same efficiency.

I will take into consideration the settings you suggested regarding wifi settings. I would like to thank everyone who is interested and trying to support. If I get stuck somewhere, I’ll ask for help again.