DHCP Server on VLAN Issue

midsizewisp · September 21, 2011, 7:59pm

I am running V5.7 and have VLAN 2 configured on ether2. There is an IP address on VLAN 2 and one on ether2. A DHCP server is setup on both the VLAN and ether2.

I have another Mikrotik plugged into ether2 with VLAN2 set and DHCP client setup on the VLAN. It will not pull an IP address for some reason. Putting it on the ethernet port give me an IP from the DHCP server that isn’t on the VLAN.

Any idea as to why I am unable to get an IP address from the VLAN DHCP server?

fewi · September 21, 2011, 8:07pm

Post the following output from the DHCP server router: “/interface print detail”, “/ip address print detail”, “/ip route print detail”, “/ip pool export”, “/ip dhcp-server export”, “/interface vlan export”
Post the following output from the DHCP client router: “/interface print detail”, “/ip address print detail”, “/ip route print detail”, “/ip dhcp-client print detail”, “/ip dhcp-client export”, “/interface vlan export”
Label clearly which router is which, and wrap all output in

 tags.

midsizewisp · September 21, 2011, 8:44pm

In the config, you’ll notice the static address on the client for VLAN 2.
I can ping and get to the static address, DHCP just isn’t working over the
VLAN.

RB750 Server Config:

 > inter print detail
Flags: D - dynamic, X - disabled, R - running, S - slave
 0  R  name="ether1" type="ether" mtu=1500 l2mtu=1526 max-l2mtu=1526

 1  R  name="ether2" type="ether" mtu=1500 l2mtu=1524 max-l2mtu=1524

 2     name="ether3" type="ether" mtu=1500 l2mtu=1524 max-l2mtu=1524

 3     name="ether4" type="ether" mtu=1500 l2mtu=1524 max-l2mtu=1524

 4     name="ether5" type="ether" mtu=1500 l2mtu=1524 max-l2mtu=1524

 5  R  name="vlan2" type="vlan" mtu=1500 l2mtu=1520

 6  X  name="bridge1" type="bridge" mtu=1500

] > /ip route print detail
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
 0 ADS  dst-address=0.0.0.0/0 gateway=208.74.37.129
        gateway-status=208.74.37.129 reachable ether1 distance=0 scope=30
        target-scope=10 vrf-interface=ether1

 1 ADC  dst-address=10.10.10.0/24 pref-src=10.10.10.1 gateway=vlan2
        gateway-status=vlan2 reachable distance=0 scope=10

 2 ADC  dst-address=192.168.88.0/24 pref-src=192.168.88.1 gateway=ether2
        gateway-status=ether2 reachable distance=0 scope=10

/ip pool
add name=dhcp_pool1 ranges=192.168.88.2-192.168.88.254
add name=dhcp_pool2 ranges=10.10.10.2-10.10.10.254

/ip dhcp-server
add address-pool=dhcp_pool1 authoritative=after-2sec-delay bootp-support=\
    static disabled=no interface=ether2 lease-time=3d name=dhcp1
add address-pool=dhcp_pool2 authoritative=after-2sec-delay bootp-support=\
    static disabled=no interface=vlan2 lease-time=3d name=dhcp2
/ip dhcp-server config
set store-leases-disk=5m
/ip dhcp-server network
add address=10.10.10.0/24 dns-server=8.8.8.8 gateway=10.10.10.1
add address=192.168.88.0/24 dns-server=8.8.8.8 gateway=192.168.88.1

/interface vlan
add arp=enabled disabled=no interface=ether2 l2mtu=1520 mtu=1500 name=vlan2 \
    use-service-tag=no vlan-id=2

RB493AH Client Config:

/inter print detail
Flags: D - dynamic, X - disabled, R - running, S - slave
 0  R  name="ether1-Public" type="ether" mtu=1500 l2mtu=1526

 8  R  name="vlan2" type="vlan" mtu=1500 l2mtu=1522

/ip addr print detail
12   address=10.10.10.2/24 network=10.10.10.0 broadcast=10.10.10.255
     interface=vlan2 actual-interface=vlan2

/ip route print detail
 1 ADC  dst-address=10.10.10.0/24 pref-src=10.10.10.2 gateway=vlan2
        gateway-status=vlan2 reachable distance=0 scope=10

/ip dhcp-client print detail
Flags: X - disabled, I - invalid
 0   interface=vlan2 use-peer-dns=yes use-peer-ntp=yes status=searching...

/ip dhcp-client export
# dec/31/2001 20:13:07 by RouterOS 4.4
# software id = UU6B-ETYB
#
/ip dhcp-client
add comment="" disabled=no interface=vlan2 use-peer-dns=yes use-peer-ntp=yes

/inter vlan export
add arp=enabled comment="" disabled=no interface=ether1-Public l2mtu=1522 \
    mtu=1500 name=vlan2 use-service-tag=no vlan-id=2

fewi · September 21, 2011, 9:41pm

Works for me out of the box in a lab on 5.7 between an RB750G as the router, and an RB433 as the client.

Here the server config:

/interface vlan
add arp=enabled disabled=no interface=433 l2mtu=1516 mtu=1500 name=433-vlan use-service-tag=no vlan-id=20
/ip dhcp-server
add address-pool=test authoritative=after-2sec-delay bootp-support=static disabled=no interface=433-vlan lease-time=3d name=dhcp1
/ip dhcp-server network
add address=192.168.90.0/24 gateway=192.168.90.1
/ip pool
add name=test ranges=192.168.90.10-192.168.90.20
/ip address
add address=10.255.255.241/30 disabled=no interface=433 network=10.255.255.240
add address=192.168.90.1/24 disabled=no interface=433-vlan network=192.168.90.0

Here the client config:

/interface vlan
add arp=enabled disabled=no interface=750 l2mtu=1522 mtu=1500 name=750-vlan use-service-tag=no vlan-id=20
/ip address
add address=10.255.255.242/30 disabled=no interface=750 network=10.255.255.240
add address=192.168.90.2/24 disabled=no interface=750-vlan network=192.168.90.0
/ip dhcp-client
add add-default-route=yes default-route-distance=1 disabled=no interface=750-vlan use-peer-dns=yes use-peer-ntp=yes

And here’s the result:

/ip dhcp-client> print
Flags: X - disabled, I - invalid 
 #   INTERFACE   USE-PEER-DNS ADD-DEFAULT-ROUTE STATUS    ADDRESS           
 0   750-vlan    yes          yes               bound     192.168.90.20/24  
/ip address print
Flags: X - disabled, I - invalid, D - dynamic 
 #   ADDRESS            NETWORK         INTERFACE                                                                                                            
 0   10.255.255.242/30  10.255.255.240  750                                                                                                                  
 1   192.168.90.2/24    192.168.90.0    750-vlan                                                                                                             
 2 D 192.168.90.20/24   192.168.90.0    750-vlan

I don’t see why yours isn’t working, your config looks OK. Maybe consider upgrading, at least to 4.17? 4.4 is very outdated.

viktorc · October 6, 2011, 2:44pm

There is bug(?) on 5.7 at x86:

if you have first dhcp server (dhcp1) on ethernet interface and second dhcp server (dhcp2) on vlan interface attached to this ethernet, both dhcp servers catches (and replies to) dhcp requests comming to vlan interface. Is on client choice which of this two offered ip’s will use.
If dhcp requests comes from ethernet interface (no vlan tag), only dhcp1 server replies to this.

Enable debugging dhcp server to log (/system logging add topics=dhcp,debug action=memory) and you will see.

Solution:

you can try to set authoritative=after-2sec-delay on dhcp1 server (but sometimes this doesn’t work), or
move all dhcp servers to vlan interfaces (and change interfaces at /ip address too, and change configuration of connected devices - switches, …)

This config at RB5xx works correct.

I think it’s related to thread http://forum.mikrotik.com/t/vlan-sniffing-problem/48348/1 which will be solved on 5.8.
(Sniffing on ethernet interface at x86 catches both no tagged and tagged packets and stores them without 802.1q header. RB5xx catches both packets and tagged packets stores with 802.1q header.)

Chupaka · October 6, 2011, 6:02pm

viktorc, did you see this behaviour before v5.7? I faced this in some v3.x, I believe - then we moved DHCP servers to vlans-only, so we haven’t localized the bug - support@ couldn’t repeat this…

viktorc · October 7, 2011, 10:44am

I downgraded my lab router to 4.17, then 4.10 and behaviour is the same (dhcp server on physical ethernet responds to queries incomming on vlan + stripping 802.1q tags by packet sniffer).

Maybe it’s hardware related. It’s Intel Core, MB Asus P7550 Pro, NIC Intel 1000 PT and integrated on MB (same behaviour).

I will try to send supout to support.