As off a few days my Hex-S Router has stopped assigning an IP address to my Canon printer. All other devices connect seamlessly to the router and are assigned IP addresses. The printer shows a 169.254.xxx.xxx address each time it tries to connect.
I tried to connect the printer to my phone hotspot and another TP Link router I had lying around and it was able to successfully connect to both and get an IP address so I know the printer is OK.
My wifi is through 3 TP Link EAP access points connected to the router.
I would be grateful if someone can help diagnose the problem. Thanks.
Get the mac address of the printer.
Then turn the printer off.
Go to dhp leases for the appropriate subnet.
Look for any old dhcp leases for the printer, may still be attempting to connect and DELETE.
Add dhcp lease manually,
give it the IP you want to give it and use the mac address.
make the Lease STATIC.
connect your pc directly to the printer like its new etc…
-assign manually the IP address and the subnet mask etc…
Hi,
Thank you for your reply.
I did the following as advised:
Went to IP - Dhcp Server - Leases and checked the printer mac. It was not assigned.
Setup the unassigned static IP 192.168.0.100 for the printer.
Reset the printer, disabled dhcp on it and manually entered the IP, subnet and gateway.
Connected the printer to the wifi but no luck accessing the printer. It does not show as active in mikrotik.
However, when I log into the tplink access point interface, I can see it connected to the wifi network with the IP 19.168.0.100.
Specifically you were supposed to connect to the printer after adjusting the Mikrotik Router and BEFORE attaching the printer back onto to the network.
You needed to either
a. attach your laptop to the printer directly to setup the printer
b. use the interface available on the printer
For the purposes of manually setting the IP address on the printer and subnetmask.
Another point, that nobody mentioned so far: make sure that printer succeeds to connect to wireless AP … for starters check log on wifi AP to see if there’s anything about printer connecting to AP (log messages will reference MAC address of printer’s wireless interface). Perhaps printer doesn’t support all the latest wireless technologies and thus AP has to be configured a bit more conservatively (e.g. allow 802.11b with WPA/TKIP or something).
Hi all,
The only dhcp server active is the mikrotik.
I did set the IP address, etc. on the printer display prior to correcting it to the wifi.
It is connecting to the AP, just not being recognised by the mikrotik .
I must add that it worked before with the exact same configuration. The only thing that changed recently was an os update on the mikrotik. Could that have caused this?
Dont see anything on the surface that would be an issue.
(1) THis should all be set to none as it has been known to cause issues in the past.
/interface detect-internet
set detect-interface-list=WAN internet-interface-list=WAN wan-interface-list=WAN
(2) I dont use arp what is the purpose for these… maybe I will learn something!
/ip arp
add address=192.168.0.102 interface=bridge mac-address=94:DE:80:E3:01:E3
add address=192.168.0.5 interface=bridge mac-address=74:4D:28:45:8E:DA
(3) Recommend replacing this rule with a better and clearer set of rules… add action=drop chain=forward comment=“defconf: drop all from WAN not DSTNATed” connection-nat-state=!dstnat connection-state=new in-interface-list=WAN add action=accept chain=forward comment=“allow internet traffic” in-interface-list=LAN out-interface-list=WAN
add action=accept chain=forward comment=“allow port forwarding” connection-nat-state=dstnat
add action=drop chain=forward
This drops all wan to lan, lan to wan and lan to lan traffic (at L3) not desired, and thus why you need to add in the LAN to WAN rule for internet. The rules implicitly allowed such traffic before and now you are more clearly showing what is allowed as everythiing else is blocked by the last rule… better security footing.
(4) Why do you have TWO source nat rules ??
All you need is the default rule - add action=masquerade chain=srcnat out-interface-list=WAN
If your WANIP is static/fixed, then the format of that rule would change.
(5) Set this to NONE, as mac by itself does not use a secure protocol!
/tool mac-server
set allowed-interface-list=LAN
Try setting the IP address on the AP manually and then go to your router and remove any leases for it and add a manual lease with the ethernet mac address of the AP, and the make it a static lease.
I had not made any custom entries, so decided to reset the router.
The only changes I have now made are:
a) Changed the default IP of 192.168.88.1 to 192.168.0.1 and accordingly the dhcp range.
b) Added the printer mac as a static IP - 192.168.0.100
Same results.. printer connects to the wifi access point but does not show up as active in mikrotik. I have attached some screenshots. Every other device connects without a problem. The same printer used to work on this router so I cant understand whats happened. Should I try connecting the printer via an ethernet cable to the router to see if its assigned an IP?
My new config:
# sep/16/2022 07:47:52 by RouterOS 7.5
# software id = X8CM-VMWT
#
# model = RB760iGS
# serial number =
/interface bridge
add admin-mac=C4:AD:34:6B:D4:83 auto-mac=no comment=defconf name=bridge
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.0.2-192.168.0.254
/ip dhcp-server
add address-pool=dhcp interface=bridge name=defconf
/port
set 0 name=serial0
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=sfp1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface detect-internet
set detect-interface-list=all
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=192.168.0.1/24 comment=defconf interface=bridge network=192.168.0.0
/ip dhcp-client
add comment=defconf interface=ether1
/ip dhcp-server lease
add address=192.168.0.100 mac-address=F0:03:8C:AF:6F:DF server=defconf
/ip dhcp-server network
add address=192.168.0.0/24 gateway=192.168.0.1 netmask=24
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.0.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related \
hw-offload=yes
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" port=33434-33534 protocol=udp
add action=accept chain=input comment="defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=udp \
src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=ipsec-esp
add action=accept chain=input comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=ipsec-esp
add action=accept chain=forward comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN
/system clock
set time-zone-name=Asia/Kolkata
/system routerboard settings
set auto-upgrade=yes
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
One thing is missing from big picture: what kind of AP are you using? RB760iGS is not an AP, it doesn’t have wireless interface.
Another thing: if you set IP address on printer itself (via pannel on printer or via web UI on printer), it won’t “register” with (Mikrotik) DHCP server … because printer will not ask for IP address, it already has one. So you should try to connect to it (either management UI or try to print something or ping it …) to verify whether it’s responding or not.
I use 4 x TPlink EAP245 Access points for wifi. These are connected to the 4 ports of the Mikrotik router.
Yes, I have tried to access the printers’ web gui, ping the printer and print to it. None of them work.
As mentioned earlier, I was able to connect the printer via dhcp to 2 different wifi routers to test and was able to access the web gui through them.
It used to work perfectly with the same setup and I made no change other than the Mikrotik OS update.
(1) Not that it will likely do anything to fix the problems but this should be set to NONE, as its known to have caused issues in the past. /interface detect-internet
set detect-interface-list=all
(2) Same with this one, mac by itself is not secure and thus should be set to NONE. /tool mac-server
set allowed-interface-list=LAN
(3) Dont see anything that would be causing issues on the MT config.
I use TPLINK EAP245s and 660HD without issue but they are smart APs and I use vlans with them.
Those settings are all default, but I will make the changes you recommend.
The EAP245’s are setup as simple wifi access points and I have the omada controller running off of a raspberry pi. I don’t think there are any vlans in use.
