IP Range Extend

pap169 · May 24, 2022, 2:01am

Hi,

I am a newbie on Mikrotik routers and I want some help. The situation is this. I want to expand the ip range (IPV4) on dhcp network to /23. I have put on IP-> DHCP Server>Networks on Address /23 and on Pool 192.168.0.10-192.168.1.254 (example 192.168.0,0/23 but the leases are still on /24 subnet (254 IP range). I can not figure what I am doing wrong. A little help would be appreciated.

kevinds · June 1, 2022, 7:33pm

You need to make more changes..

IP Addresses and Firewall for example.

mkx · June 1, 2022, 8:00pm

Agree with @kevinds that you need to verify that new subnet mask length is configured everywhere where needed.

As to IP address assignment: devices which are part of network, will try to extend DHCP lease of already used IP address and DHCP server will try to grant that. Only devices without valid lease will receive new leases from the extended address pool. Whether those will be from the lower (old) part or higher (new) part depends on how many addresses from pool are occupied and on the pool allocation strategy (some servers allocate addresses from lower end of pool, I don’t remember what strategy is used by MT DHCP server). So it might take a while before you see used addresses from the pool extension.

aesmith · June 3, 2022, 12:04pm

Have you also changed the subnet mask on the interface routing to 192.168.0.0/23 ?

pap169 · June 5, 2022, 4:47am

Thank you for your responses. I have done everything correct is working. But only one issue I have, when a device is new get a lease 192.168.0.255 is not having internet connection. How to disable the .255 to not forward this lease.

Also on IP Pool what is the correct scenario? To extend the IP range (example 192.168.0.10-192.168.1.254) or to create a second pool with (example one pool with this 192.168.0.10-254 and one with 192.168.1.2-200 with the next pool enabled on Winbox)?

@kevinds on IP adresses I have put 192.168.0.1/23 on Address and network 192.168.0.0 is that correct?

Regards.

Buckeye · June 5, 2022, 4:55am

What is the dhcp client? As long as it obtained a lease for 192.168.0.255/23 that should be a valid usable address and likewise 192.168.1.0/23 should be a valid usable address as well.

If it is a windows client, can you post output of

ipconfig /all

pap169 · June 5, 2022, 5:10am

It is obtained from Android device and it cause problems like no internet. On Windows/Linux not having an issue so far.

kevinds · June 5, 2022, 7:58am

Both pools are valid.

If you just want have 192.168.0.255 not to be given out, could static assign it to a device that will never connect, MAC address 11:11:11:11:11:11 for example, or use two pools.

Yes, the IP address 192.168.0.1/23 would be correct. Make sure you have also adjusted the Firewall NAT rule as well.

pap169 · June 5, 2022, 9:30am

Ok I understand about the pools. On Firewall NAT what rule would exactly should be customize?

Regards.

kevinds · June 5, 2022, 9:42am

The mascaraed rule.. Default was 192.168.88.0/24? Would need to be adjusted to /23 as well.

rextended · June 5, 2022, 4:19pm

Post your config on forum, is mostly rapid than ask continuosly what and where.
export with /export command, but remove sensible data from the config before posting it on forum (serial number, email, username and passwords)

If you want using 192.168.0.10-192.168.1.254
you must set two address interval inside the pool:
192.168.0.10-192.168.0.254 and 192.168.1.1-192.168.1.254
Some OS do not like IPs (even if are perfectly valids) than end with .0 or with .255
And I not mean 192.168.0.0 and 192.168.1.255 (than are invalid for other reason) but 192.168.0.255 and 192.168.1.0

pap169 · June 5, 2022, 7:29pm

Ok here is the export:

/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/ip pool
add name=Pool2 ranges=192.168.1.1-192.168.1.254
add name=dhcp next-pool=Pool2 ranges=192.168.0.10-192.168.0.254
/ip dhcp-server
add address-pool=dhcp disabled=no insert-queue-before=bottom interface=bridge lease-time=1h name=defconf
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=192.168.0.1/23 comment=defconf interface=bridge network=192.168.0.0
add address=192.56.10.1/24 interface=ether1 network=192.56.10.0
/ip dhcp-client
add comment=defconf interface=ether1
/ip dhcp-server config
set store-leases-disk=never
/ip dhcp-server network
add address=192.168.0.0/23 comment=defconf dns-server=192.168.0.1 gateway=192.168.0.1 netmask=23
/ip dns
set allow-remote-requests=yes servers=192.56.10.1
/ip dns static
add address=192.168.0.1 comment=defconf name="Test1"
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked disabled=yes
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid disabled=yes
add action=accept chain=input comment="defconf: accept ICMP" disabled=yes protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" disabled=yes dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" disabled=yes in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" disabled=yes ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" disabled=yes ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked disabled=yes
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN

/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
/ip route
add distance=1 gateway=192.56.10.1

@kevinds on NAT there was nothing related to /24

@rextended Please take a look I have configured with 2 pools

Thank you guys.

mkx · June 6, 2022, 5:16am

I’m not sure that it’s OK to use own IP address as default gateway … you should be using your upstream gateway … or, if that IP address actually belongs to upstream gateway, you should assign ether1 different IP address.

The rest looks fine to me.

pap169 · June 11, 2022, 3:56am

It is under test so far that is the reason that is configured like this way. I think the same for the rest that are ok.

Thank you for your response.