Need help to setup DHCP Server

asus · March 27, 2009, 7:58am

I have successfully setup a DHCP server with radius authenciation but i need help for route it

I want to setup a network like this

                               windows 2008 server IP 172.16.0.111
                                                        |
                                        Mikrotik WAN IP 172.16.0.5
                                     DHCP SERVER LAN IP 172.16.0.1
                                                        |
                                                 cisco switch
                                        __________|________
                                       |                   |
                                  DHCP client          DHCP client
                                 172.16.0.2            172.16.0.3

In this design clients have successfully connected to DHCP server but can anyone help me to connect them to windows server 172.16.0.111

I have not done any kind of route yet please tell me if necessary

DHCP network print
0 address=172.16.0.0/16 gateway=172.16.0.5 dns-server=172.16.0.111

Thanks alot

asus · March 27, 2009, 9:23am

professionals please help me with solution

also i have four cisco 2950 switch can i configure them as relay in 1 dhcp server?

skillful · March 27, 2009, 10:19am

This will not work because your wan and lan interfaces on the mikrotik are in the same contiguous IP Network. You either bridge the wan and lan and place their common IP on the bridge interface or use different IP subnets for the wan and lan.

A little reading on TCP/IP will also do some good.

asus · March 27, 2009, 10:44am

Thanks skillfull for reply. i have understood that same subnet will not work on both interfaces.
but if i bridge then all users (manully ip configured) will get connected to 2008 server & i want only dhcp connected users can only get connected.

I am lil confused about it so can you help me further…
I am ready to change any ips & subnet but please help me so my dhcp users can get connected to 2008 server.

is there any need to do static route in 2008 server???

thanks for the help

skillful · March 27, 2009, 12:35pm

You can retain the 172.16.0.* ip range on the wan but change the subnet mask to /24.

I assume you have changed the names of your interfaces to wan and lan respectively.

Use 172.16.1.0/24 range on your lan. Set lan ip to 172.16.1.1/24

/ip address
add address=172.16.1.1/24 broadcast=172.16.1.255 comment="" disabled=no interface=lan network=172.16.1.0

Configure DNS on mikrotik and set primary dns to 172.16.0.111. Also, allow remote request.

/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB max-udp-packet-size=512 primary-dns=172.16.0.111 secondary-dns=208.67.222.222

Configure DHCP server for lan interface and set add-arp=yes

/ip dhcp-server
add add-arp=yes address-pool=dhcp_pool1 authoritative=yes bootp-support=static disabled=no interface=lan lease-time=5d name=dhcp1

Set the lan interface to arp=reply-on

/interface ethernet
set lan arp=reply-only

With these settings, only DHCP connected users can have access the router and any network on its wan interface

asus · March 27, 2009, 8:33pm

                              windows 2008 server IP 172.16.1.1/255.255.255.0
                                                        |
                                 Mikrotik WAN IP 172.16.1.111/255.255.255.0
                         DHCP SERVER [172.16.0.0/16] LAN IP 172.16.0.1/255.255.255.0
                  _____________________________________|____________________________
                 |                      |                         |                 |
         172.16.0.5/24            172.16.0.6/24         172.16.0.7/24        172.16.0.8/24
       cisco 2950 switch        cisco 2950 switch      cisco 2950 switch     cisco 2950 switch
               VLAN1                    VLAN1                VLAN1              VLAN1
                 |                      |                     |                    |
          DHCP CLIENTS              DHCP CLIENTS         DHCP CLIENTS        DHCP CLIENTS
        172.16.0.100/16            172.16.0.101/16      172.16.0.102/16      172.16.0.103/16

 0   name="webbox" interface=LAN lease-time=5d address-pool=webbox bootp-support=static add-arp=yes authoritative=yes 
     always-broadcast=yes use-radius=yes

ip dhcp-server network> print detail
 0 address=172.16.0.0/16 gateway=172.16.0.1 dns-server=172.16.1.1

I have setup my network like this also i have configured cisco switches as per describe here http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_19_ea1/configuration/guide/swdhcp82.html

now my users are connected to some other DHCP servers running on my networks. so, can you help me to configure multiple relay on 1 dhcp servers i have more then 3000 users on my LAN so this design will be safe???

still m not getting ping reply from 172.16.1.111 & 172.16.1.1

please comment & any help will be appreciateable

Thanks skillful i tried but nothing happen coz i want /16 for my dhcp network

asus · March 28, 2009, 7:18pm

please someone help!!!

i just want my LAN DHCP users should connect WAN Interface servers

skillful · March 28, 2009, 8:41pm

You cannot have 172.16.0.0/16 on your lan interface if you have 172.16.1.0/24 on your wan.

Follow the instructions in my earlier post but change your wan address range to 192.168.1.0/24 if you must retain 172.16.0.0/16 on your lan. For instance, replace all 172.16.1.1/24 with 192.168.1.1/24 and 172.16.1.111/24 with 192.168.1.111/24. Furthermore, all your 172.16.x.x IP addresses must have a /16 subnet. The DHCP Server should not lease out /16 range while the lan interface is /24.

All you need to do is contained in my earlier post, just replace the IP address with the appropriate one.

From your post, it is obvious that your knowledge of IP Networking is very poor. Do yourself some good by reading up IP Networking and sub-netting.

asus · March 29, 2009, 11:06am

[admin@AXiS] interface> print
Flags: X - disabled, D - dynamic, R - running 
 #    NAME                                                                     TYPE             RX-RATE    TX-RATE    MTU  
 0  R LAN                                                                      ether            0          0          1500 
 1  R WAN                                                                      ether            0          0          1500

[admin@AXiS] ip address> print detail
Flags: X - disabled, I - invalid, D - dynamic 
 0   address=172.16.0.1/16 network=172.16.0.0 broadcast=172.16.255.255 interface=LAN actual-interface=LAN 

 1   address=192.168.202.111/24 network=192.168.202.0 broadcast=192.168.202.255 interface=WAN actual-interface=WAN

[admin@AXiS] ip dns> print       
            primary-dns: 192.168.202.1
          secondary-dns: 208.67.222.222
  allow-remote-requests: yes
             cache-size: 2048KiB
          cache-max-ttl: 1w
             cache-used: 18KiB

[admin@AXiS] ip dhcp-server> print detail
Flags: X - disabled, I - invalid 
 0   name="webbox" interface=LAN lease-time=5d address-pool=webbox bootp-support=static add-arp=yes authoritative=yes 
     always-broadcast=yes use-radius=yes

[admin@AXiS] ip pool> print detail
 0 name="webbox" ranges=172.16.0.2-172.16.255.254

[admin@AXiS] ip dhcp-server network> print detail
 0 address=172.16.0.0/16 gateway=172.16.0.1

[admin@AXiS] radius> print detail
Flags: X - disabled 
 0   service=dhcp called-id="" domain="" address=127.0.0.1 secret="XXXX" authentication-port=1812 accounting-port=1813 
     timeout=300ms accounting-backup=no realm=""

still unlucky i have setup everything as you said please let me know if i missed anything

I can ping 192.168.202.111 [wan ipaddress] from client end

I cannot ping 192.168.202.1 [2008 Server ip address] from dhcp client.

also i have a pppoe server running on lan when users connect to it they get disconnect from 192.168.202.111 ping

pppoe server gateway is 10.0.0.1
network address is 192.168.1.0/24
192.168.2.0/24
192.168.3.0/24
up to
192.168.112.0/24
Thanks alot for your support

skillful · March 29, 2009, 1:25pm

What IP address do you have on the windows server? Can you ping 192.168.222.1 from the Router? Make sure there is no firewall blocking ICMP on the windows 2008 system.

asus · March 30, 2009, 4:39am

i can ping 192.168.202.111 from 192.168.202.1

i can ping 192.168.202.1 from 192.168.202.111

[admin@AXiS] ip route> print detail 
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf 
 0 ADC dst-address=172.16.0.0/16 pref-src=172.16.0.1 interface=LAN scope=10 target-scope=0 

 1 ADC dst-address=192.168.202.0/24 pref-src=192.168.202.111 interface=WAN scope=10 target-scope=0

[admin@AXiS] ip arp> print detail
Flags: X - disabled, I - invalid, H - DHCP, D - dynamic 
 0 H address=172.16.0.68 mac-address=XX:00:XX:18:XX:75 interface=LAN 

 1 H address=172.16.0.67 mac-address=00:XX:2E:0B:XX:B3 interface=LAN 

 2 H address=172.16.0.64 mac-address=00:02:XX:8C:XX:CD interface=LAN 

 3 H address=172.16.0.62 mac-address=00:15:XX:E0:XX:13 interface=LAN 

 4 H address=172.16.0.63 mac-address=00:01:XX:12:22:XX interface=LAN 

 5 H address=172.16.0.65 mac-address=XX:15:XX:28:XX:09 interface=LAN 

 6 H address=172.16.0.69 mac-address=00:19:XX:9D:B6:XX interface=LAN 

 7 H address=172.16.0.60 mac-address=00:1C:XX:31:01:XX interface=LAN 

 8 H address=172.16.0.59 mac-address=00:1D:XX:45:XX:A3 interface=LAN 

 9 H address=172.16.0.58 mac-address=00:01:XX:13:XX:76 interface=LAN 

10 D address=192.168.202.1 mac-address=00:XX:20:XX:15:XX interface=WAN

Thanks for support

skillful · March 30, 2009, 10:23am

You will need to activate a routing protocol on you Mikrotik Router. My preferred internal routing protocol is OSPF.

/routing ospf area
add area-id=0.0.0.0 authentication=none disabled=no name=backbone type=default

/routing ospf
set distribute-default=if-installed-as-type-2 metric-bgp=20 metric-connected=20 metric-default=1 \
    metric-rip=20 metric-static=20 mpls-te-area=unspecified mpls-te-router-id=unspecified \
    redistribute-bgp=no redistribute-connected=as-type-2 redistribute-rip=no redistribute-static=\
    as-type-2 router-id=0.0.0.0

/routing ospf interface
add authentication=none authentication-key="" authentication-key-id=1 cost=10 dead-interval=40s \
    disabled=no hello-interval=10s interface=all network-type=broadcast passive=no priority=1 \
    retransmit-interval=5s transmit-delay=1s

/routing ospf network
add area=backbone disabled=no network=0.0.0.0/0

asus · March 30, 2009, 7:06pm

[admin@AXiS] routing ospf area> print detail
Flags: X - disabled 
 0   area-id=0.0.0.0 name="backbone" type=default translator-role=translate-candidate authentication=none 
     prefix-list-import="" prefix-list-export=""

[admin@AXiS] routing ospf> print
               router-id: 0.0.0.0
      distribute-default: if-installed-as-type-2
  redistribute-connected: as-type-2
     redistribute-static: as-type-2
        redistribute-rip: no
        redistribute-bgp: no
          metric-default: 1
        metric-connected: 20
           metric-static: 20
              metric-rip: 20
              metric-bgp: 20

[admin@AXiS] routing ospf interface> print detail
 0 interface=all cost=10 priority=1 authentication-key="" network-type=broadcast retransmit-interval=5s transmit-delay=1s 
   hello-interval=10s dead-interval=40s

[admin@AXiS] routing ospf network> print detail
Flags: X - disabled, I - invalid 
 0   network=0.0.0.0/0 area=backbone

Thanks for reply but still unlucky

asus · March 31, 2009, 8:57pm

skillful please help me

skillful · March 31, 2009, 11:52pm

You don’t have a default route in place. Add a default route

/ip route
add comment="Default Route" disabled=no distance=1 dst-address=0.0.0.0/0 \
    gateway=192.168.202.1 scope=30 target-scope=10

Tracert 192.168.202.1 from the client and paste result here

asus · April 1, 2009, 5:54am

C:\Documents and Settings\Administrator>Tracert 192.168.202.1

Tracing route to 192.168.202.1 over a maximum of 30 hops

1 <1 ms <1 ms <1 ms 172.16.0.1
2 * * * Request timed out.
3 * * * Request timed out.
4 * * * Request timed out.
5 * * * Request timed out.
6 * * * Request timed out.
7 * * * Request timed out.
8 * * * Request timed out.
9 * * * Request timed out.
10 * * * Request timed out.
11 * * * Request timed out.
12 * * * Request timed out.
13 General failure.

Trace complete.

ospf debug Hello sent to 224.0.0.5 via [eth1:192.168.202.111]
ospf debug Hello sent to 224.0.0.5 via [eth1:192.168.202.111]
ospf debug Hello sent to 224.0.0.5 via [eth0:172.16.0.1]
ospf debug Hello sent to 224.0.0.5 via [eth0:172.16.0.1]

[admin@AXiS] ip route> print detail
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf 
 0 ADC dst-address=172.16.0.0/16 pref-src=172.16.0.1 interface=LAN scope=10 target-scope=0 

 1  Do dst-address=172.16.0.0/16 scope=20 target-scope=10 

 2 ADC dst-address=192.168.202.0/24 pref-src=192.168.202.111 interface=WAN scope=10 target-scope=0 

 3  Do dst-address=192.168.202.0/24 scope=20 target-scope=10 

 4 A S ;;; Default Route
       dst-address=0.0.0.0/0 gateway=192.168.202.1 interface=WAN gateway-state=reachable distance=1 scope=30 
       target-scope=1

skillful · April 1, 2009, 12:32pm

I don’t know why your router is not forwarding packets from 172.16.0.0/16 to 192.168.202.1.

I suggest that you reset the router and configure afresh.

/system reset-configuration

asus · April 2, 2009, 10:36am

Reseted & Setup again but still same DHCP client cannot ping 192.168.202.1

Please Help!!!

skillful · April 2, 2009, 11:54am

Let us experiment with masquerading 172.16.0.0/16

/ip firewall nat
add action=masquerade chain=srcnat comment="" disabled=no src-address=172.16.0.0/16

asus · April 3, 2009, 5:50am

Thanks alot its done

Thanks For Your Efforts, Good Work!!!