New clients have IP but unable to access internet

I have a MikroTik RouterBoard RB2011UiAS-IN. I have setup the DHCP server to assign ip addresses. I have static ip addresses set up for most of the devices on the network via the leases table. When a new device is added to the network, the MikroTik router assigns a dynamic ip address but the device is not able to access the internet. The only way I can get around this is to make the address static and assign an ip address in the higher range..example - the router assigns 192.168.20.17 and then I make it static and change the address to 192.168.20.110. Once I do this all works fine. If there is a wifi mac, I have to do the same for that mac address as well or the device cannot connect. I am not sure what I am doing wrong in this setup. Can anyone help me?

Thanks for your time.

You need to include your configuration with your question or else no meaningful response can be given.

Thanks for the suggestion but how do I download and send the configuration? I searched the forum and could not find any clear instructions.

Hi,

You can use system export from terminal - or u can explain us what is your DHCP setup - what network you use on which interface, what is DHCP server config (network, gateway) - and your nat setup also.
What is you IP pool for DHCP server ?

Is this mikrotik your gateway router? (connects to internet directly).

Do you use /25 or smaller subnets inside 192.168.20.0/24 network ?

DHCP gives adresees - NAT allows Computer behind router (lan) to go out (wan) with routers IP… when I try to put it simple.

But we need more info to help you - it looks you have networking not mikrotik issue

Ok, that was a learning opportunity. I got the config downloaded and attached here. Except for the stripped mac addresses, the rest of the file is as-is. Can you please take a look and let me know what I am doing wrong?

Thanks

Go to IP DHCP-server Network and add 192.168.55.1 as the DNS server.

OK, I have added the DNS server to the entry that was already present under “IP=DHCP server-Networks”,
Hope this what you meant.- thx

Yes, this is what was missing. Probably because you changed the network address.
Does it work OK now?

Thanks for the confirmation. Seems to be working fine, I will know when I add a new device. .

Thanks for your patience and help.

Here is an update. I had a new device on the network today and I ran into the same issue. The device had an ip and the DNS was pointing to 192.168.55.1 but no internet access. As soon as I assigned it a static ip and rebooted, everything is fine. Anything else that could be missing?

Thanks. I have attached the export file.

What do you mean with “no internet access”? How did you test that?
Did you try “ping 8.8.8.8” and “ping google.com” and was there any difference between those?
What does “ipconfig /all” output about the adapter you are using?
Is the static address you assign in any way different from what you see there?

Hi,

Sorry guys for the late reply, been away from home. I am still having the issue. The device gets the DHCP address from the router correctly but is not able to connect to the internet. No response to Ping to external sites. The IP config /all shows the correct DHCP address from the router and correct gateway of 192.168.55.1.

In the firewall “connections” table, I found something interesting and maybe this would help someone point me in the right direction. In the attached screen shot, the device that is having the issue is the one with Src. Address of 192.168.55.22, as you can see this device always shows a Dst address of 192.168.55.1:53 for all connections. You can also see that the next device in the list with IP of 192.168.55.21 shows an external Dst address and is working fine. One other thing I have noticed is the first column shows “SAC” for all connections for the device having the issue. This is the only device that has SAC, rest of them have SACF’s, SC, Cs etc., but none of the working ones have SAC. What is this SAC? Hope someone can throw some light on this issue.

I am attaching images of the Firewall Connections table, Detail view of one of the connections on the problem device and the firewall rules in place.

Thanks for your time

.

Hi,

One other interesting thing is when I assign the same device an IP of 192.168.55.23, everything is fine. I move the IP back to 192.168.55.22, there is no net access again. Is it possible that specific IP addresses are getting blocked?

Pete

Under IP>DNS do you have DNS Servers listed and do you have “Allow Remote Request” checked?

Yes, I have the Open DNS servers listed ..here is how it looks. I tried with the ISP provided DNS servers, same issue..

Under IP>Firewall>NAT do you have a masquerade rule?

If you post the result from /export from new terminal that would be helpful!

On the screen shot of your Connection Tab, all the connections from that IP to the router are DNS queries…

No problem here is the export. Thanks for your time.

/interface ethernet switch host
add mac-address=01:80:C2:00:00:00 redirect-to-cpu=yes share-vlan-learned=no switch=switch1 vlan-id=1

As long as this is not the device in question I do not see any thing that would block that .22 IP…

You might try setting Add Arp to yes under IP>DHCP Server…

Did you change the default setting to your scheme or did you reset it to a blank state first? If you just changed the default my next suggestion would be to do an export, then reset the router and remove default configuration, then import your settings. If you didn’t know, you can do:

/export filename=export

and it will make a export.rsc (or any filename you choose) file that you can drag and drop to your desktop from Files in winbox.
I have seen weird things happen when just changing the default configuration.

I added the ARP. Still same issue. I have used default config, except for changing the LAN IP. It is just a few of these DHCP assigned IPs that seem to have this issue. The rest seem to work fine. Weird.