Hi,

(I’ve searched the forums for a couple of days now without stumbling across anything significant looking so I’m posting to find some help.)

I’ve come across a weird issue where my configured static DHCP assignments are not working on some interfaces. When I change the static-only with an appropriate pool the clients get a dynamic lease immediately, so dhcp itself is properly set up.

I’m not seeing any requests come in through the logging (even though dhcp does hand out leases), perhaps I’m not using the log features correctly, being a mikrotik newbie. I’m using routeros 6.0rc11 (and maybe that’s not so smart ).

Does anybody have a pointer for me so I can fix this?

Hi,

I have used the following setup script to connect my RB2011 router to the public internet. Do not use 100.100.100.10 for your public ip address. Use the static IP address assigned by your ISP:

# jan/01/2002 01:17:01 by RouterOS 6.0rc12
# software id = 4IWD-IB27
#
/interface bridge
add l2mtu=1598 name=bridge1 protocol-mode=rstp
/interface wireless
set 0 band=2ghz-b/g disabled=no l2mtu=2290 mode=ap-bridge ssid=\
    mikrotik tx-power=30 tx-power-mode=all-rates-fixed \
    wireless-protocol=802.11
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk eap-methods=\
    passthrough management-protection=allowed mode=dynamic-keys \
    supplicant-identity=mikrotik-rb2011 wpa-pre-shared-key=xxxxx \
    wpa2-pre-shared-key=xxxxx
add authentication-types=wpa-psk,wpa2-psk eap-methods=passthrough \
    management-protection=allowed mode=static-keys-required name=profile1 \
    static-algo-0=40bit-wep static-key-0=aaaaaaaaaa supplicant-identity=""
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m
/ip pool
add name=dhcp_pool2 ranges=192.168.0.2-192.168.0.254
/ip dhcp-server
add address-pool=dhcp_pool2 disabled=no interface=bridge1 name=dhcp2
/tool user-manager customer
add backup-allowed=yes disabled=no login=admin password="" \
    paypal-accept-pending=no paypal-allowed=no paypal-secure-response=no \
    permissions=owner signup-allowed=no time-zone=-00:00
/interface bridge port
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
add bridge=bridge1 interface=ether6
add bridge=bridge1 interface=ether7
add bridge=bridge1 interface=ether8
add bridge=bridge1 interface=ether9
add bridge=bridge1 interface=ether10
add bridge=bridge1 interface=wlan1
/ip address
add address=100.100.100.10/24 interface=ether1 network=100.100.100.0
add address=192.168.0.1/24 interface=wlan1 network=192.168.0.0
/ip dhcp-server network
add address=192.168.0.0/24 dns-server=192.168.0.1 gateway=192.168.0.1
/ip firewall filter
add action=reject chain=input src-address=60.12.251.5
add action=reject chain=input src-address=122.194.113.155
add action=reject chain=input src-address=211.166.59.90
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1 to-addresses=0.0.0.0
/ip route
add distance=1 gateway=100.100.100.1 scope=255
/system lcd
set contrast=0 enabled=no port=parallel type=24x4
/system lcd page
set time disabled=yes display-time=5s
set resources disabled=yes display-time=5s
set uptime disabled=yes display-time=5s
set packets disabled=yes display-time=5s
set bits disabled=yes display-time=5s
set version disabled=yes display-time=5s
set identity disabled=yes display-time=5s
set wlan1 disabled=yes display-time=5s
set bridge1 disabled=yes display-time=5s
set sfp1 disabled=yes display-time=5s
set ether1 disabled=yes display-time=5s
set ether2 disabled=yes display-time=5s
set ether3 disabled=yes display-time=5s
set ether4 disabled=yes display-time=5s
set ether5 disabled=yes display-time=5s
set ether6 disabled=yes display-time=5s
set ether7 disabled=yes display-time=5s
set ether8 disabled=yes display-time=5s
set ether9 disabled=yes display-time=5s
set ether10 disabled=yes display-time=5s
/system ntp client
set enabled=yes primary-ntp=50.19.122.125

Let me know if this helps.

Sincerely,

Don James

Hi donjames, thanks for taking the trouble to reply!

Sadly, I don’t know how this would help me. I’ve connected the RB2011 to the internet without much trouble at all (otherwise I’d not be able to post this ). It’s just that the assignment of a static IP address through the DHCP server on the RB2011 isn’t working for most of my home equipment. When I served the DHCP from my linux server that worked just fine, mac addresses and such are known and correct.

There must be something I’m not understanding about the way RouterOS deals with static DHCP assignments, but I can’t figure that bit out. It seems so simple yet it won’t work properly. I must be missing something, or possibly there’s a bug in there somewhere, or some sort of race condition perhaps.

My PC is able to secure its reserved IP address via DHCP, but things like squeezebox, tablet, phone and xbox (in other subnets) can’t seem to manage that for some weird reason.

Here you go:

Reset a working router to the default configuration.

Connect the router directly to your computer via the ethernet jack on your computer and “eth2” onthe router.
If the router is working and you can access it with Winbox, do the following steps to set it to the default configuration:

1. Start winbox.
2. Click on “…” next to “Connect”.
3. Click on the MAC address.
4. Make sure that you have the correct password and user name. The user name will most likely be “admin”.
5. Click on “Connect”.
6. When the Winbox window appears, click on “System” and then “Reset Configuration”, then “Reset Configuration” again. Answer, “yes” to the prompt.
   The system is now set to the default configuration.
7. The next time you access the router, a window will appear giving you the option of deleting the default configuration. Do not do this, just click “OK”.

Using Quickset

Only use Quickset with the default configuration.

The default configuration is accomplished by manually resetting the router with the switch on the back of the router or by clicking on “system” then “reset configuration” in the Winbox window.

If you remove the default configuration, then quickset will not work.

Creating a router with Quickset
(dynamic IP connected to the public internet)
Connect your computer directly to the router via eth2.
Make sure your computer ethernet is set for DHCP. The default setting of the router is 192.168.88.1. If your computer is not set for DHCP, then it will not be able to talk to the router.
Connect your computer to the router via eth2. Connect eth1 to your modem.

eth1 connected to the cable modem.
eth2 through eth10 and wlan1 make up LAN.
Quickset mode (top-left corner) AP
Address acquisition: DHCP
Configuration mode: router
LAN IP address: 192.168.1.1
DHCP server: yes
At this point the computer will get an IP address from your ISP and a gateway IP address.
DHCP server range: 192.168.1.2-192.168.1.254
NAT: yes
Router identity: Example: mikrotik-whatever.
Password:
Example: xyzabc
Security: WPA, WPA2
Pre-shared key:
Example: abcdeedcba

See if this works for you.

Sincerely,

Don James

for static dhcp lease to work you have to add correct entries in /ip dhcp-server lease

easiest way is - create dynamic confiugration and connect devices, afterwards make leases static and edit those to your liking.

Hi Don, thanks for trying to help.

I’m not having trouble setting up the router - I do that for a living, though with Cisco gear
The weird bit is that static DHCP that just won’t work. I’ll post what I have below:

apr/17/2013 21:55:45 by RouterOS 6.0rc11

software id = RXQ6-HYM7

/ip dhcp-server
add address-pool=default-dhcp interface=bridge-local name=default
add disabled=no interface=br10-trusted lease-time=1d name=trusted
add address-pool=“media pool” disabled=no interface=br20-media lease-time=8h name=media
add address-pool=yggdrasil-pool disabled=no interface=br30-yggdrasil lease-time=3h name=yggdrasil
add address-pool=“guest network” disabled=no interface=br31-guest lease-time=2h name=guest
/ip dhcp-server lease
add address=10.1.1.4 client-id=thor mac-address=8C:89:A5:C1:C5:9E server=trusted
add address=10.1.2.2 client-id=squeezebox mac-address=00:04:20:07:A9:E3 server=media
add address=10.1.1.6 client-id=xbmc mac-address=90:E6:BA:41:2F:16 server=trusted
add address=10.1.2.3 client-id=xbox mac-address=7C:ED:8D:0E:F4:42 server=media
add address=10.1.1.7 client-id=baldur mac-address=00:18:F3:45:0E:76 server=trusted
add address=10.1.1.5 client-id=tyr mac-address=00:1B:38:62:D0:32 server=trusted
add address=10.1.3.10 client-id=tyr mac-address=00:13:E8:5F:0C:B7 server=yggdrasil
add address=10.1.3.15 client-id=squeezebox mac-address=00:04:20:07:A9:E3 server=yggdrasil
add address=10.1.3.16 client-id=wii mac-address=00:1B:EA:DB:3B:5A server=yggdrasil
add address=10.1.3.17 client-id=xbox mac-address=7C:ED:8D:0E:F4:42 server=yggdrasil
/ip dhcp-server network
add address=10.1.1.0/24 comment=“trusted subnet” dns-server=10.1.1.1 domain=feleus.net gateway=10.1.1.1 netmask=24 ntp-server=10.1.1.3
add address=10.1.2.0/24 comment=“media subnet” dns-server=10.1.1.1 domain=feleus.net gateway=10.1.2.1 netmask=24 ntp-server=10.1.1.3
add address=10.1.3.0/24 comment=“yggdrasil wlan” dns-server=10.1.1.1 domain=feleus.net gateway=10.1.3.1 netmask=24 ntp-server=10.1.1.3
add address=10.1.4.0/24 comment=“guest wlan” dns-server=10.1.1.1 domain=feleus.net gateway=10.1.4.1 netmask=24
add address=192.168.88.0/24 comment=“default configuration” dns-server=192.168.88.1 gateway=192.168.88.1(Some stuff edited out - it’s just static assignments that are irrelevant or even working properly.)

Now, take a look at the entries for ‘squeezebox’ (it’s possible to connect it wired and wirelessly). This static entry won’t work with the squeezebox. MAC address is 100% correct, I’ve been using that exact same MAC for years to configure IP for the squeezebox. It won’t pick it up when DHCP is set to static, but will take an address from the pool. NOTE: the pool is just there so the devices get something, at first I didn’t want any pool.

Also, note the entry for ‘thor’. That’s my desktop and it DOES take the static DHCP just fine. There’s no pool for that network as you’ll see. My laptop, tyr, also takes the static DHCP, both wired and wireless, so without and with a pool present.

I’m perfectly ok with having to take a good look at logs and whatnot, but I’m not familiar enough with RouterOS to accomplish that for now, so I need some pointers as to what I should do to increase debugging output for DHCP only, so I can see what the RB2011 thinks is going on.

Off topic: I’m really impressed with what RouterOS can do! I’m seriously considering buying a few low-end devices so I can build a lab with them (say 8 or so, likely the RB750) and I’m trying to get work to do exactly that so we can all learn how to work our new MPLS setup and how to re-create it using other gear, which should really help with understanding the whole setup. I’m so glad I stumbled upon Mikrotik’s existence!

Do you have the ip pools set up to cover those assignments? Something like this…

/ip pool
add name=default-dhcp ranges=192.168.88.1-192.168.88.254
add name="trusted" ranges=10.1.1.2-10.1.1.254
add name="media pool" ranges=10.1.2.2-10.1.2.254
add name="yggdrasil-pool" ranges=10.1.3.2-10.1.3.254
add name="guest network" ranges=10.1.4.2-10.1.4.254

Your gateway settings look a little odd too, I’d expect them all to be the routers IP, 10.1.1.1.

When ‘squeezebox’ gets a dynamic address and you check its properties (double-click the entry in DHCP Server window), does Active Client ID contain “squeezebox”? In other words, do all devices really send specified client ids?

No, it doesn’t. The active client id is basically the mac address prepended with a ‘1:’. How would that impact things? Again, with a general purpose linux server serving the dhcp leases, this used to work, but maybe it’s relevant in the RouterOS implementation in some way that I’m unaware of.

And no, I do not have ip pools set up to cover the static assignments. As I understand it, that would just dynamically assign one of those addresses to the clients, since you’re then using the pool and not the ‘static-only’ pool setting. Am I correct?

The gateways are all correct since they’re all the router’s ip addresses on those subnets. That part is working as expected

It’s because “client-id” is same kind of condition as “mac-address”. You’re telling RouterOS that it should give 10.1.2.2 to client which has mac-address 00:04:20:07:A9:E3 AND sends client id “squeezebox”. Remove client ids and all will work as you need it. To describe entries, use comments (comment=“something” in command line or yellow sheet icon in WinBox).

Certain items here would indicate otherwise: http://wiki.mikrotik.com/wiki/Manual:IP/DHCP_Server

“IP pool, from which to take IP addresses for the clients. If set to static-only, then only the clients that have a static lease (added in lease submenu) will be allowed.”

“A client may free the leased address. The dynamic lease is removed, and the allocated address is returned to the address pool. But the static lease becomes busy until the client will reacquire the address.”

As far as anecdotal evidence goes, my working static assignment config hands out addresses from the pool range.

It’s simple, Address Pool can be set to:
a) some pool - for dynamic addresses with optional static leases
b) static-only - when you want no dynamic addresses at all

Sob, thanks for that tip! That’s the bit of clue that I was looking for! Apparently some devices don’t send their hostname or client-id to a DHCP server. To think I’ve done DHCP for over 10 years and yet I’ve never run into that, mostly because I didn’t use that option before, as I realize now

Thanks a million!

Duh-oh! Didn’t even notice that he had both set. I’ve got a comment with the hostname where he’s got the client-id so they looked similar at a glance.

add address=192.168.1.104 comment=x2 disabled=no mac-address=00:17:31:12:34:77 server=default

Versus:

add address=10.1.1.6 client-id=xbmc mac-address=90:E6:BA:41:2F:16 server=trusted

Turns out that most DHCP clients don’t send the client id, but if you specify it RouterOS requires it.