IP Conflicts - but nobody using the IP

Lonecrow · May 6, 2009, 1:24pm

I’m using a routerboard as an office router with VPN and proxy arp turned on. Ether1 is the WAN and ether 2-5 is the LAN.

I am using DHCP in the LAN. But if I have ANY of my computers in the LAN try and set a static IP to ANY IP it comes back with an error “The static IP address that was just configured is already in use on the network. Please reconfigure a different IP Address”

But those addresses are defintiely not in use.

If I unplug from the router and change IP’s it works. But we need to change all day long so this is really annoying.

Anyone know what the problem could be?

This is 3.10 I believe..

Lonecrow · May 6, 2009, 1:33pm

Also I just upgraded the firmware to be sure. It still does it..

Lonecrow · May 6, 2009, 2:06pm

The fix is to add large subnets to the ip addresses list. If the subnet doesn’t exist it wont let you change to that IP. This is crap of course but I just had to add a whole bunch of large subnets that we use like 10.0.0.0/8 to allow us to change IP’s without problems.

BUT - this creates a huge problem for us because when we try and contact anything out in the 10.0.0.0/8 out in our network it won’t work because it thinks it exists inside the lan.

So this is a glaringly big problem with the OS.

NAB · May 6, 2009, 2:39pm

Perhaps you could provide your configuration - I don’t understand how what you’re saying can be happening and I think that RouterOS would be a laughing stock if you couldn’t assign a static IP to any device connected.

The only thing I can think of is if you’re trying to assign a static IP to a device when that address is a member of the pool of addresses RouterOS is DHCP serving.

Anyway, your configuration would help diagnose the problem.

Nick.

Lonecrow · May 6, 2009, 6:38pm

How do you output all configs?

SurferTim · May 6, 2009, 7:02pm

Hi Lonecrow,

Probably all settings would confuse the issue. To get started, just the output of the following would help:
/ip address print
/ip pool print
/ip dhcp-server print

and this (if it is not too long):
/ip dhcp-server lease print detail

Lonecrow · May 6, 2009, 7:17pm

Ahh I knew about print just didnt know if there was a quick way to do all. I’ll get those now thanks..

SurferTim · May 6, 2009, 7:25pm

Just so you know:
Any ip address you see in
/ip dhcp-server lease print detail
is being used, even though the computer that it is assigned to is not online, or even on.

Lonecrow · May 6, 2009, 7:33pm

(Changing the public ip’s I know they will be incorrect but they are correct in our network and everything works on the wan side)

ADDRESS NETWORK BROADCAST INTERFACE

0 123.123.123.120/25 123.123.123.128 123.123.123.128 ether1
1 192.168.20.1/24 192.168.20.0 192.168.20.255 bridge1

NAME RANGES

0 DHCP-Pool 192.168.20.100-192.168.20.198
1 pptp 192.168.20.50-192.168.20.99
2 dhcp_pool1 123.123.123.110-123.123.123.123
(I dont know why he added pool1)

NAME INTERFACE RELAY ADDRESS-POOL LEASE-TIME ADD-ARP

0 server1 bridge1 DHCP-Pool 3d

[admin@MikroTik] > /ip dhcp-server lease print detail
Flags: X - disabled, R - radius, D - dynamic, B - blocked
0 D address=192.168.20.113 mac-address=00:1B:B9:5F:6F:24 client-id=“1:0:1b:b9:5f:6f:24” server=server1 status=bound expires-after=2d19h14m51s
active-address=192.168.20.113 active-mac-address=00:1B:B9:5F:6F:24 active-client-id=“1:0:1b:b9:5f:6f:24” active-server=server1
host-name=“companypc”

1 D address=192.168.20.197 mac-address=00:1D:92:E6:2A:23 client-id=“1:0:1d:92:e6:2a:23” server=server1 status=bound expires-after=2d19h14m40s
active-address=192.168.20.197 active-mac-address=00:1D:92:E6:2A:23 active-client-id=“1:0:1d:92:e6:2a:23” active-server=server1 host-name=“susan”

2 D address=192.168.20.130 mac-address=00:1B:B9:72:E1:F9 client-id=“1:0:1b:b9:72:e1:f9” server=server1 status=bound expires-after=2d19h14m5s
active-address=192.168.20.130 active-mac-address=00:1B:B9:72:E1:F9 active-client-id=“1:0:1b:b9:72:e1:f9” active-server=server1 host-name=“test2”

3 D address=192.168.20.107 mac-address=00:1C:F0:D9:96:47 server=server1 status=bound expires-after=2d19h13m6s active-address=192.168.20.107
active-mac-address=00:1C:F0:D9:96:47 active-server=server1 host-name=“PS-D99647\00”

4 D address=192.168.20.196 mac-address=00:1B:38:91:C7:EC client-id=“1:0:1b:38:91:c7:ec” server=server1 status=bound expires-after=2d19h11m43s
active-address=192.168.20.196 active-mac-address=00:1B:38:91:C7:EC active-client-id=“1:0:1b:38:91:c7:ec” active-server=server1 host-name=“test”

5 D address=192.168.20.102 mac-address=00:1E:52:B2:C5:C3 client-id=“1:0:1e:52:b2:c5:c3” server=server1 status=bound expires-after=2d19h12m29s
active-address=192.168.20.102 active-mac-address=00:1E:52:B2:C5:C3 active-client-id=“1:0:1e:52:b2:c5:c3” active-server=server1 host-name=“Dans-iPod”

6 D address=192.168.20.111 mac-address=00:1F:3B:5E:AF:C1 client-id=“1:0:1f:3b:5e:af:c1” server=server1 status=bound expires-after=2d19h12m15s
active-address=192.168.20.111 active-mac-address=00:1F:3B:5E:AF:C1 active-client-id=“1:0:1f:3b:5e:af:c1” active-server=server1
host-name=“mickeymouse”

7 D address=192.168.20.103 mac-address=00:0C:F1:B1:59:81 client-id=“1:0:c:f1:b1:59:81” server=server1 status=bound expires-after=2d19h11m51s
active-address=192.168.20.103 active-mac-address=00:0C:F1:B1:59:81 active-client-id=“1:0:c:f1:b1:59:81” active-server=server1
host-name=“yadayada”

8 D address=192.168.20.127 mac-address=00:03:25:10:8C:8F client-id=“1:0:3:25:10:8c:8f” server=server1 status=bound expires-after=2d19h15m19s
active-address=192.168.20.127 active-mac-address=00:03:25:10:8C:8F active-client-id=“1:0:3:25:10:8c:8f” active-server=server1 host-name=“Shop-Laptop”

9 D address=192.168.20.101 mac-address=00:15:6D:AA:AB:7A client-id=“1:0:15:6d:aa:ab:7a” server=server1 status=bound expires-after=2d19h15m41s
active-address=192.168.20.101 active-mac-address=00:15:6D:AA:AB:7A active-client-id=“1:0:15:6d:aa:ab:7a” active-server=server1

10 D address=192.168.20.116 mac-address=00:13:E8:EB:34:B1 client-id=“1:0:13:e8:eb:34:b1” server=server1 status=bound expires-after=2d19h11m58s
active-address=192.168.20.116 active-mac-address=00:13:E8:EB:34:B1 active-client-id=“1:0:13:e8:eb:34:b1” active-server=server1 host-name=“my-laptop”

11 D address=192.168.20.109 mac-address=00:21:E9:5F:3F:90 client-id=“1:0:21:e9:5f:3f:90” server=server1 status=bound expires-after=2d19h12m15s
active-address=192.168.20.109 active-mac-address=00:21:E9:5F:3F:90 active-client-id=“1:0:21:e9:5f:3f:90” active-server=server1
[admin@MikroTik] >

Ether1 = wan
Ether2,3, is bridged
pptp is set up and working fine on ether1
Proxy arp is on all the interfaces to allow talk with devices inside the network.
There are 3 port forwards into devices.

When i try and change IP’s and I get the error message I watch the ARP table and it assigned the MAC of the router to the actual new IP I tried to statically enter. I thought that was odd.

Could this be something to do with the arp not timing out fast enough?

Lonecrow · May 6, 2009, 7:34pm

Right yeah I know leases don’t expire right away, sometimes days.

I’ll give you an example .. we are in the 192.168.20.1 network but if I change to 192.168.1.100 it will give an error. if I change to 10.10.10.10 it gives an error.. any ip at all..

Chupaka · May 6, 2009, 11:01pm

disable proxy-arp

when you change your computer’s address to 192.168.1.100, it sends an ARP request like ‘is there anybody with IP 192.168.1.100?’ RouterOS receives this request on the interface where proxy-arp is enabled, sees that this address is available on other interface (via default route, I believe), so ROS sends ARP response with his own MAC. that’s for what proxy-arp was developed. do you need it at all?

Lonecrow · May 7, 2009, 4:56pm

The reason why we turned on proxy arp was because when we VPN from home outside a different network with PPTP we need to be able to contact other users in the 192.168.20.0/24 network. We have several PC’s inside we wish to VNC or grab files etc.

When I turned on proxy arp it fixed that. Or do I need proxy arp only for the ether1 port (wan) ?

Ibersystems · May 7, 2009, 5:27pm

I use 10.10.10.x to the PPTP and I can ping all the machines in the office subnet, and access all Rboards by it’s real IP (192.168.1.x).

I think proxy arp is disabled.

Lonecrow · May 7, 2009, 7:03pm

So you are saying to assign pptp clients a 10.x.x.x ip address instead of the 192.168.20.x that the office actually uses?

Lonecrow · May 7, 2009, 7:11pm

Actually PROXY ARP is the problem. I disabled it and I can change IP’s once more.

BUT that gives me the same problem now. When I VPN into the network I get assigned a 192.168.20.50-99 and I can’t talk to other people in the same subnet 192.168.20.x/24 at all.. but I have internet and everything works.

Is there another way around this with a static route or something? Maybe i’ll assign 172.x.x.x numebrs to pptp people and have some static route between those to the 192.168.20.x network.. ?

changeip · May 7, 2009, 11:34pm

yes, since PPTP is Point to Point, no one else knows about them except the router. It is best to route them, so assign your VPN dialins a completely different subnet and route them. The only hard part is with clients dialing in, if the vpn server isnt the default gateway for all traffic then you need some static routes to get the traffic to where it needs to go.

Ibersystems · May 8, 2009, 6:50am

Hi,

you can use 10.10.10.x or 172… subnet. The static route is not necessary because PPTP gives you a static IP and creates another static to itself… as it has the 10.10.10.x and the 192… the pings and access works fine.

Lonecrow · May 9, 2009, 4:04pm

Thanks I’ll try it out on Monday.

heavenlyangel · September 6, 2022, 9:56am

Did it work?

rextended · September 6, 2022, 10:18am

This is the mother of all necropost …

The user do not login from years…