Hi,
firstly let me explain my network diagram.
There is a mikrotik router in which port 2 is connected to a d link manageable switch. users are connected from that switch via dummy switch. Recently users are not getting their ip through dhcp.
dhcp server has been configured properly on the router. users were getting ip through dhcp. but now without any changing in the configuration of mikrotik router, users aren’t getting ip.
again if a tplink router is connected to the d link switch, users are getting ip through dhcp.
I would start with Tools > Packet sniffer. Set it to save to a file and only capture UDP packets. Click Apply, then Start and renew the IP on a client. Wait 10 seconds and stop the packet capture. Copy the file to your computer and open it with Wireshark. In the list of packets, you should see a Discovery, Offer, Request, Ack. Do you see all 4?
The Discovery is your client looking for DHCP Servers on the network. There should only be 1.
The Offer is your mikrotik offering an IP.
The client will then deny or request the IP. If denying, maybe the client detects an IP conflict however RouterOS detects conflicts too and skips bad IPs.
The Mikrotik will then acknowledge that the client accepted the IP.
Also double check the basics:
IP > Pool, check the “Used IPs”. You out of IPs?
IP > DHCP Server, is the entry red which denotes a misconfig?
DHCP is on the correct interface?
Enable log topic DHCP and renew a client, anything interesting in the log?
Finally if still no success, set a static IP and ping the Mikrotik. If you can’t ping or do an ARP lookup to find the router, then possibly a physical connection issue or your smart switch is blocking the MAC of the mikrotik.
All Mikrotik products that i have presents these issue… All starts working great but after a while, DHCP Server stop working. Since 6.3X I have this problem and I don’t found any solution, just unplug and plug power cable… A simple tplink router does not have these problems and even a 16-core CCR does. Is incredible. A year waiting for solutions.
Mikrotik products have serious problems with DHCP: FIX THEM!
does really dhcp stop working? Unless you have data from packet sniffer and log, you cant prove that it is mikrotik’s fault and such blind blaming is ridiculous - I had never such issue on any of my routers. My ISP has CCRs and also don’t have this problem. I am sure that there many other customers who never saw your issue. The issue must be related to your environment/setting.
If you got problem, you cant just say “mikrotik must fix it”. You need to point out where exactly is the problem with logs and packet captures.
Van9018 gave you excellent guide so you can debug it and write good bug report. With good bug report, developers will understand where is issue and they can fix it. Without proper bug report, they cant fix it because they dont know where the issue is.
I have lots of Mikrotik Routers on my network and that of my clients running DHCP server. I have not come across this issue for once. I think the issue must have to do with the specific network. Just like Van said, take more steps to troubleshoot and I’m sure you would see the problem somewhere.
We manage 6 mikrotik routers, different models and different RouterOS version, all version up 6.X, and with all of them got problem with DHCP, specially with leased IP address
Hello,
same here, we have DHCP Problems!
I set up a Kids Control, that based on IP Adresses. But some times the wrong System get the wrong ip.
Happened on Fire TV Sticks (Cable not Wlan) and iMac!
Same problem here.
I have two separate clients, both with RB1100AhX4 router and CRS354-48P-4S+2Q+RM switch, connected to ether2 of the router. All client devices use the router dhcp server, but through the switch.
In the beginning everything was working, but two weeks later problems started. In both routers log files I saw many dhcp deassign and reassign but thought it was because of the lease time.
Today, at 5 in the morning, according to the logs, one of the routers suddenly deassigned all dhcp clients and nothing could make them get again IP address.
The switch is divided in two bridges - one is used for the LAN, where it lost the dhcp, and the last 8 ports are in bridge and used for IPTV - they are working perfectly.
I would be grateful for any ideas!
@Buelo, Kid Control is MAC Address based. You might run into problems because a lot of devices are using random MAC addresses for privacy purposes. @borislav, can you share your config (/export hide-sensitive file=anythingyoulike)? Only situation where I ran into DHCP problems, it was because of misconfiguration.
below is the router config.
The switch config was blank, now I have configured it as a second router, because there must be some internet.
So, switch settings were without dhcp client and server, IP pool and firewall masquerade rule.
# jan/18/2021 12:21:09 by RouterOS 6.48
# software id = LDD6-9T84
#
# model = RB1100Dx4
# serial number = D0BF0B953F24
/interface bridge
add name=bridge
/interface ethernet switch port
set 0 default-vlan-id=0
set 1 default-vlan-id=0
set 2 default-vlan-id=0
set 3 default-vlan-id=0
set 4 default-vlan-id=0
set 5 default-vlan-id=0
set 6 default-vlan-id=0
set 7 default-vlan-id=0
set 8 default-vlan-id=0
set 9 default-vlan-id=0
set 10 default-vlan-id=0
set 11 default-vlan-id=0
set 12 default-vlan-id=0
set 13 default-vlan-id=0
set 14 default-vlan-id=0
set 15 default-vlan-id=0
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool1 ranges=192.168.1.11-192.168.1.254
/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=bridge name=dhcp1
/system logging action
set 1 disk-file-count=5 disk-file-name=logg disk-lines-per-file=10000 \
disk-stop-on-full=yes
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
sword,web,sniff,sensitive,api,romon,dude,tikapp"
/interface bridge port
add bridge=bridge interface=ether2
add bridge=bridge interface=ether3
add bridge=bridge interface=ether4
add bridge=bridge interface=ether5
add bridge=bridge interface=ether6
add bridge=bridge interface=ether7
add bridge=bridge interface=ether8
add bridge=bridge interface=ether9
add bridge=bridge interface=ether10
add bridge=bridge interface=ether11
add bridge=bridge interface=ether12
add bridge=bridge interface=ether13
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/ip address
add address=192.168.1.1/24 comment=defconf interface=bridge network=\
192.168.1.0
/ip dhcp-client
add !dhcp-options disabled=no interface=ether1
/ip dhcp-server config
set store-leases-disk=12h
/ip dhcp-server network
add address=192.168.1.0/24 gateway=192.168.1.1 netmask=24
/ip dns
set servers=192.168.1.1
/ip firewall address-list
add address=192.168.1.2-192.168.1.254 list=allowed_to_router
add address=78.83.52.228 list=allowed_to_router
add address=0.0.0.0/8 comment=RFC6890 list=not_in_internet
add address=172.16.0.0/12 comment=RFC6890 list=not_in_internet
add address=192.168.0.0/16 comment=RFC6890 list=not_in_internet
add address=10.0.0.0/8 comment=RFC6890 list=not_in_internet
add address=169.254.0.0/16 comment=RFC6890 list=not_in_internet
add address=127.0.0.0/8 comment=RFC6890 list=not_in_internet
add address=224.0.0.0/4 comment=Multicast list=not_in_internet
add address=198.18.0.0/15 comment=RFC6890 list=not_in_internet
add address=192.0.0.0/24 comment=RFC6890 list=not_in_internet
add address=192.0.2.0/24 comment=RFC6890 list=not_in_internet
add address=198.51.100.0/24 comment=RFC6890 list=not_in_internet
add address=203.0.113.0/24 comment=RFC6890 list=not_in_internet
add address=100.64.0.0/10 comment=RFC6890 list=not_in_internet
add address=240.0.0.0/4 comment=RFC6890 list=not_in_internet
add address=192.88.99.0/24 comment=" 6to4 relay Anycast [RFC 3068]" list=\
not_in_internet
/ip firewall filter
add action=accept chain=input comment="default configuration" \
connection-state=established,related
add action=accept chain=input src-address-list=allowed_to_router
add action=accept chain=input protocol=icmp
add action=drop chain=input disabled=yes
add action=fasttrack-connection chain=forward comment=FastTrack \
connection-state=established,related
add action=accept chain=forward comment=" Established, related" \
connection-state=established,related
add action=drop chain=forward comment=" Drop Invalid" connection-state=\
invalid disabled=yes log=yes log-prefix=invalid
add action=drop chain=forward comment=\
" Drop tries to reach not public addresses from LAN" disabled=yes \
dst-address-list=not_in_internet in-interface=bridge log=yes log-prefix=\
!public_from_LAN out-interface=!bridge
add action=drop chain=forward comment=\
" Drop incoming packets that are not NATted" connection-nat-state=\
!dstnat connection-state=new disabled=yes in-interface=ether1 log=yes \
log-prefix=!NAT
add action=drop chain=forward comment=\
" Drop incoming from internet which is not public IP" disabled=\
yes in-interface=ether1 log=yes log-prefix=!public src-address-list=\
not_in_internet
add action=drop chain=forward comment=\
" Drop packets from LAN that do not have LAN IP" disabled=yes \
in-interface=bridge log=yes log-prefix=LAN_!LAN src-address=\
!192.168.1.0/24
/ip firewall nat
add action=dst-nat chain=dstnat disabled=yes dst-port=xxx protocol=tcp \
to-addresses=xxx to-ports=xxx
add action=dst-nat chain=dstnat dst-port=xxx protocol=udp to-addresses=\
xxx to-ports=xxx
add action=dst-nat chain=dstnat dst-port=xxx protocol=tcp to-addresses=\
xxx to-ports=xxx
add action=dst-nat chain=dstnat dst-port=xxx protocol=tcp to-addresses=\
xxx to-ports=xxx
add action=dst-nat chain=dstnat dst-port=xxx protocol=tcp to-addresses=\
xxx to-ports=xxx
add action=dst-nat chain=dstnat dst-port=xxx protocol=tcp to-addresses=\
xxx to-ports=xxx
add action=dst-nat chain=dstnat dst-port=xxx protocol=tcp to-addresses=\
xxx to-ports=xxx
add action=dst-nat chain=dstnat dst-port=xxx protocol=tcp to-addresses=\
xxx to-ports=xxx
add action=masquerade chain=srcnat out-interface=ether1
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set winbox address=192.168.1.0/24,xxxxxx
set api-ssl disabled=yes
/system clock
set time-zone-name=Europe/Sofia
/system logging
add action=disk topics=info
add action=disk topics=warning
add action=disk topics=firewall
add action=disk topics=pptp
Didn’t see anything that would point to a dhcp server problem. I guess you know your firewall is pretty wide open, don’t you?
Just out of curiosity: do your udp dst-nat rules include port 67 and/or 68?
What’s the actual mac address of your 1100’s bridge? I see a duplicated mac address in your switch config, just curious if there might be some fragments from earlier config attempts around.
A good idea would be hooking up problematic devices to the router directly and see if the problem persists.
-Chris
No, I do not udp dst-nat port 67 and 68
Actual mac address of the 1100’s bridge is as the mac address of the first port in the bridge.
I fixed the duplicating mac addresses in the switch, but the same problem occurs.
I have the same problem. But only with 1 TV. All other devices connected to that AP work fine. That TV, working just fine, no connection or IP problems, but the router log spam is ever 10 seconds or 1 minute on average.
Interesting thread. I landed on this because I ran into a similar problem with my hap ax^3 in my home network.
I made a simple change to the queue tree for one interface-- changed it from “only-hardware-queue” to fqcodel and before long, most DHCP clients could no longer renew their leases.
As far as packet captures taken on the mikrotik, they showed the dhcp discover and offer happening, but the clients didn’t appear to get the offers. Multiple reboots didn’t help. In the end, only a restore of configuration from backup helped. IPv6 continued to work, and any statically configured clients also worked fine on ipv4. I wonder if the packet capture happens before the frame actually leaves the interface and if I was seeing a “false” picture.
For full context, I haven’t been able to reproduce this. I was running 7.16.2, and used the Mikrotik Android app to make the change that triggered the problem. I have upgraded to 7.18.0.