Erratic DHCP server

tuxtlequino · March 11, 2016, 1:57am

I just recently bought five routers to overhaul the network we have. I have a CCR1009 as the main router, a CRS109 as a switch of sorts, and three “hAP ac lite”. The VLANs work as expected, and when one is connecting using one of the ethernet ports in the other routes, it is possible to get an IP. If one uses WiFi, it is like flipping a coin whether an IP will be served or not. If the clients pick an IP themselves (manual IP), they have no problem having a good connection. Any ideas of what is happening? I will include my minimal configuration with three of the devices.

Main Router - CCR1009

/interface ethernet
set [ find default-name=ether1 ] comment="Office Trunk - VLAN 10,30,40"
set [ find default-name=ether2 ] comment="Gym Trunk - VLAN 10,20,30" master-port=ether1
set [ find default-name=ether3 ] comment="Direct - VLAN10" master-port=ether1
set [ find default-name=ether4 ] comment="Sign - VLAN40" master-port=ether1
set [ find default-name=ether5 ] comment=Disabled disabled=yes
set [ find default-name=ether6 ] comment=Disabled disabled=yes
set [ find default-name=ether7 ] comment=Direct
set [ find default-name=ether8 ] comment=WAN
set [ find default-name=sfp1 ] disabled=yes

/interface vlan
add interface=ether1 name=VLAN10-Work vlan-id=10
add interface=ether1 name=VLAN20-Housing vlan-id=20
add interface=ether1 name=VLAN30-Guest vlan-id=30
add interface=ether1 name=VLAN40-Sign vlan-id=40

/interface ethernet switch port
set 0 vlan-header=add-if-missing vlan-mode=secure
set 1 vlan-header=add-if-missing vlan-mode=secure
set 2 default-vlan-id=10 vlan-header=always-strip vlan-mode=secure
set 3 default-vlan-id=40 vlan-header=always-strip vlan-mode=secure
set 4 vlan-mode=secure

/ip pool
add name=pool-vlan10 ranges=192.168.1.10,192.168.1.100
add name=pool-vlan20 ranges=10.10.20.10,10.10.20.100
add name=pool-vlan30 ranges=10.10.30.10,10.10.30.100
add name=pool-vlan40 ranges=10.10.40.10,10.10.40.100

/ip dhcp-server
add add-arp=yes address-pool=pool-vlan10 always-broadcast=yes authoritative=after-3sec-delay disabled=no interface=VLAN10-Work lease-time=3d name=DHCPVLAN10
add address-pool=pool-vlan20 disabled=no interface=VLAN20-Housing lease-time=3d name=DHCPVLAN20
add add-arp=yes address-pool=pool-vlan30 always-broadcast=yes authoritative=after-3sec-delay disabled=no interface=VLAN30-Guest name=DHCPVLAN30
add add-arp=yes address-pool=pool-vlan40 always-broadcast=yes authoritative=after-3sec-delay disabled=no interface=VLAN40-Sign lease-time=3d name=DHCPVLAN40

/interface ethernet switch vlan
add independent-learning=yes ports=ether1,ether2,ether3,switch1-cpu switch=switch1 vlan-id=10
add independent-learning=yes ports=ether2,switch1-cpu switch=switch1 vlan-id=20
add independent-learning=yes ports=ether1,ether2,switch1-cpu switch=switch1 vlan-id=30
add independent-learning=yes ports=ether1,ether4,switch1-cpu switch=switch1 vlan-id=40

/ip address
add address=192.168.1.1/24 interface=VLAN10-Work network=192.168.1.0
add address=10.10.20.1/24 interface=VLAN20-Housing network=10.10.20.0
add address=10.10.30.1/24 interface=VLAN30-Guest network=10.10.30.0
add address=10.10.40.1/24 interface=VLAN40-Sign network=10.10.40.0

/ip dhcp-server network
add address=10.10.20.0/24 dns-server=208.67.222.222,208.67.222.220 gateway=10.10.20.1
add address=10.10.30.0/24 dns-server=208.67.222.222,208.67.222.220 gateway=10.10.30.1
add address=10.10.40.0/24 dns-server=208.67.222.222,208.67.222.220 gateway=10.10.40.1
add address=192.168.1.0/24 dns-server=208.67.222.222,208.67.222.220 gateway=192.168.1.1

Gym Router - CRS109

/interface ethernet
set [ find default-name=ether1 ] comment="MainRouter trunk"
set [ find default-name=ether2 ] comment="BackRouter trunk" master-port=ether1
set [ find default-name=ether3 ] comment="OutDoorRouter trunk" master-port=ether1
set [ find default-name=ether4 ] comment="Direct - VLAN10" master-port=ether1
set [ find default-name=ether5 ] comment="Direct - VLAN20" master-port=ether1
set [ find default-name=ether6 ] comment="Direct - VLAN20" master-port=ether1
set [ find default-name=ether7 ] comment="Direct - VLAN20" master-port=ether1
set [ find default-name=ether8 ] comment=Disabled disabled=no
set [ find default-name=sfp1 ] disabled=yes

/interface vlan
add name=VLAN10-Work vlan-id=10 interface=ether1
add name=VLAN20-Housing vlan-id=20 interface=ether1
add name=VLAN30-Guest vlan-id=30 interface=ether1

/interface ethernet switch vlan
add ports=ether1,ether2,ether3,ether4,switch1-cpu vlan-id=10
add ports=ether1,ether5,ether6,ether7 vlan-id=20
add ports=ether1,ether2,ether3 vlan-id=30

/interface ethernet switch ingress-vlan-translation
add ports=ether4 new-customer-vid=10
add ports=ether5,ether6,ether7 new-customer-vid=20

/interface ethernet switch egress-vlan-tag
add vlan-id=10 tagged-ports=ether1,ether2,ether3,switch1-cpu
add vlan-id=20 tagged-ports=ether1
add vlan-id=30 tagged-ports=ether1,ether2,ether3

/ip address
add address=10.10.10.3/24 interface=VLAN10-Work network=10.10.10.0
add address=10.10.20.3/24 interface=VLAN20-Housing network=10.10.20.0
add address=10.10.30.3/24 interface=VLAN30-Guest network=10.10.30.0

/interface wireless
set [ find default-name=wlan1 ] disabled=yes mode=ap-bridge ssid=Gym-Work

/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=Mikrotik

/interface bridge
add name=br-vlan10

/interface bridge port
add bridge=br-vlan10 interface=VLAN10-Work
add bridge=br-vlan10 interface=wlan1

Office Router - hAP ac lite

/interface ethernet
set [ find default-name=ether1 ] comment=“Main Trunk - 10, 30, 40” master-port=ether1
set [ find default-name=ether2 ] comment=“VLAN10 - Direct link” master-port=ether1
set [ find default-name=ether3 ] comment=“VLAN10 - Direct link” master-port=ether1
set [ find default-name=ether4 ] comment=“VLAN40 - Direct link” master-port=ether1
set [ find default-name=ether5 ] comment=“Direct Link”

/interface vlan
add name=VLAN10-Work vlan-id=10 interface=ether1
add name=VLAN30-Guest vlan-id=30 interface=ether1
add name=VLAN40-Sign vlan-id=40 interface=ether1

/interface ethernet switch port
set ether1 vlan-mode=secure vlan-header=add-if-missing
set ether2 vlan-mode=secure vlan-header=always-strip default-vlan-id=10
set ether3 vlan-mode=secure vlan-header=always-strip default-vlan-id=10
set ether4 vlan-mode=secure vlan-header=always-strip default-vlan-id=40
set switch1-cpu vlan-mode=secure vlan-header=leave-as-is

/interface ethernet switch vlan
add ports=ether1,ether2,ether3, switch1-cpu switch=switch1 vlan-id=10
add ports=ether1,switch1-cpu switch=switch1 vlan-id=30
add ports=ether1,ether4,switch1-cpu switch=switch1 vlan-id=40

/ip address
add address=10.10.10.2/24 interface=VLAN10-Work network=10.10.10.0
add address=10.10.30.2/24 interface=VLAN30-Guest network=10.10.30.0
add address=10.10.40.2/24 interface=VLAN40-Sign network=10.10.40.0

/ip route
add gateway=10.10.10.1
add gateway=10.10.30.1
add gateway=10.10.40.1

/interface wireless
set [ find default-name=wlan1 ] disabled=no mode=ap-bridge ssid=Office-Work
set [ find default-name=wlan2 ] disabled=no mode=ap-bridge ssid=Office-Guest

/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=Mikrotik

/interface bridge
add name=br-vlan10
add name=br-vlan30

/interface bridge port
add bridge=br-vlan10 interface=VLAN10-Work
add bridge=br-vlan10 interface=wlan1
add bridge=br-vlan30 interface=VLAN30-Housing
add bridge=br-vlan30 interface=wlan2

tuxtlequino · March 11, 2016, 3:40am

I am not making this up. I first set up the thing using the DHCP setup. Now, using Winbox there is a little button where you can add additional addresses. My problem was that I thought that it meant that I was picking a range. But NO!!. I was picking TWO addresses. Things were supper erratic, because once a lease was over, another connection could complete the transaction and get another of the TWO possible addresses. So, if you see my configuration, everything can be solve by changing the coma by a dash. Talk about wasting about two days at work! I am pretty sure this is the case, but will make sure of it tomorrow when I go by work