Can’t find an answer or an option for this. Do Mikrotik routers check if an address is actually in use before handing one out? We are having issues with duplicate IP’s for both PPPoE and ethernet clients. Occasionally duplicate IP’s appear.
I’d like for the Mikrotik to actually check if an IP is not in use first by doing an ARP. Since some clients will set themselves a static IP within the DHCP range and I suspect this is the issue.
I don’t use the built in Mikrotik DHCP server, I use a separate ISC DHCP server.
I just had a device grab a DHCP address and I wiresharked it and I don’t see an ARP before the address is handed out, but I’m doing static mappings. I don’t know if this changes behavior.
Should be easy enough to just sniff the interface while you set up a device to get a DHCP address (turn wifi off and on for example). Then open the output file in Wireshark and use the filter “arp or bootp” and see if there is an arp before the address gets handed out, whatever address the device ends up getting.
Yes it does check! And it’ll skip that IP.
I tested this last month after I discovered that Microsoft DHCP Server doesn’t check.
If you suspect clients are giving themselves static IPs, you can look into setting the arp-mode to read-only on your interface. This means the Mikrotik will respond to all ARP requests and not allow arp requests to broadcast. Then the following is true:
- Static IPs (and associated MAC) must be manually entered into the ARP table on the Mikrotik
- All others must request an IP via DHCP
- Any unauthorized static IPs are simply ignored.
But does it check when it’s acting as a relay?
What about if it is serving addresses VIA a relay?
Static leases on the DHCP server are not at all viable, dozens of clients going through a hotel a day there’s no way i’m going to be setting static leases.
Plus other businesses with people changing phones/laptops/whatever, it’s just not happening for a number of reasons
However the system needs to deal with the occasional person setting themselves an IP manually. I don’t care if they do it and pick an address already in use, but if they’ve been using a static IP for a few days/weeks/whatever I don’t want a DHCP server to hand out an IP address if it already exists. I have had this happen a few times
Well, that advice about static IP and MAC setting was not correct, you can use arp reply-only with a
special option of the DHCP server “add ARP for leases” where it will automatically add the MAC for a
(dynamic) DHCP entry in the ARP table. So no need for manual work, and still protected against
static addresses.
Well, that advice about static IP and MAC setting was not correct, you can use arp reply-only with a
special option of the DHCP server “add ARP for leases” where it will automatically add the MAC for a
(dynamic) DHCP entry in the ARP table. So no need for manual work, and still protected against
static addresses.
He just said that he doesn’t mind if someone sets up a static address, he just doesn’t want the DHCP server to hand out a duplicate address. So no need to protect against it.
I agree that what you said will work and it’s probably the right solution. But if you want people to be able to randomly grab an address, you either make a part of the subnet that will allow for that and set the DHCP pool to use another part of it, or the DHCP server does DAD before it hands out an address. Would be nice to know if it’s possible.
ZeroByte said “what about relays” which is valid. Would be really nice to have a “do-dad={yes,no}” on the dhcp server. Or dad={ip,arp} or something.
To quote someone smarter than me - “I probably don’t know what I’m talking about.”