Unstable DHCP Client on vlan interface

RouterOS General
1

I have a new CRS310-8G-2S+ switch running the latest RouterOS (7.21.3), configuring VLAN 1 as a native vlan and vlan 10 and 20 with tagged port (no other untagged vlan ports as they’re going to other switches). Making use of lists to specify tagged/untagged ports.

The main issue I’m running into is that connectivity to its IPv4 management interface is quite unstable. As an example, here are log entries that show a a delay of over 5 minutes to get an address:

2026-02-25 11:14:41 system,info dhcp client added by ssh:admin@192.168.88.2 (*3 = /ip dhcp-client add interface=MAIN_VLAN_1)
2026-02-25 11:20:07 dhcp,info dhcp-client on MAIN_VLAN_1 got IP address 192.168.1.127

A pcap on the upstream router shows a series of DHCP_DISCOVER and DHCP_OFFER messages going back and forth between the switch and the upstream router, but with the same delay (313 seconds per the pcap) before the switch responds to the offer with a DHCP_REQUEST and acquires its address.

Further testing shows that the above appears to be an outlier, but other attempts always take much longer than expected - some relatively short (15s) but most in the minute-or-more range. With the same pattern of multiple ignored DHCP_OFFERs before one is accepted. I am not noticing any similar delay with other DHCP clients on the network.

However, that connection itself appears to be unstable; after a certain amount of time (typically single-digit minutes), the switch becomes unreachable on this address, despite it still having the lease. Removing the /ip/dhcp-client line and re-adding it makes the device reachable again over IPv4 once the IP is rediscovered again.

Is this a known issue? Relevant sections of config below.

/interface bridge
add admin-mac=xx:xx:xx:xx:xx:xx auto-mac=no comment=main fast-forward=no igmp-snooping=yes multicast-querier=yes name=MAIN_BRIDGE vlan-filtering=yes
add name=MGMT_BRIDGE
/interface vlan
add interface=MAIN_BRIDGE name=GUEST_VLAN_10 vlan-id=10
add interface=MAIN_BRIDGE name=IOT_VLAN_20 vlan-id=20
add interface=MAIN_BRIDGE name=MAIN_VLAN_1 vlan-id=1
add interface=ether8 name=MGMT_VLAN_999 vlan-id=999
/interface list
add include=static name=MAIN_BRIDGE_TAGGED
add include=static name=MAIN_BRIDGE_UNTAGGED_VLAN_1
/interface bridge port
add bridge=MAIN_BRIDGE comment=defconf interface=ether1
add bridge=MAIN_BRIDGE comment=defconf interface=ether2
add bridge=MAIN_BRIDGE comment=defconf interface=ether3
add bridge=MAIN_BRIDGE comment=defconf interface=ether4
add bridge=MAIN_BRIDGE comment=defconf interface=ether5
add bridge=MAIN_BRIDGE comment=defconf interface=ether6
add bridge=MAIN_BRIDGE comment=defconf interface=ether7
add bridge=MGMT_BRIDGE comment=defconf interface=ether8
add bridge=MAIN_BRIDGE comment=defconf interface=sfp-sfpplus1
add bridge=MAIN_BRIDGE comment=defconf interface=sfp-sfpplus2
/interface bridge vlan
add bridge=MAIN_BRIDGE tagged=MAIN_BRIDGE_TAGGED untagged=MAIN_BRIDGE_UNTAGGED_VLAN_1 vlan-ids=1
add bridge=MAIN_BRIDGE tagged=MAIN_BRIDGE_TAGGED vlan-ids=10
add bridge=MAIN_BRIDGE tagged=MAIN_BRIDGE_TAGGED vlan-ids=20
/interface list member
add interface=ether1 list=MAIN_BRIDGE_TAGGED
add interface=ether2 list=MAIN_BRIDGE_TAGGED
add interface=ether6 list=MAIN_BRIDGE_TAGGED
add interface=sfp-sfpplus1 list=MAIN_BRIDGE_TAGGED
add interface=sfp-sfpplus2 list=MAIN_BRIDGE_TAGGED
add interface=ether3 list=MAIN_BRIDGE_UNTAGGED_VLAN_1
add interface=ether4 list=MAIN_BRIDGE_UNTAGGED_VLAN_1
add interface=ether5 list=MAIN_BRIDGE_UNTAGGED_VLAN_1
add interface=ether7 list=MAIN_BRIDGE_UNTAGGED_VLAN_1
/ip address
add address=192.168.88.1/24 comment=MGMT interface=MGMT_BRIDGE network=192.168.88.0
/ip dhcp-client
add interface=MAIN_VLAN_1
1 Like
2

Hmmm.

Rules #1 and #2

The twelve Rules of Mikrotik Club

3

As said by @jaclaz, normally you should NOT explicitly create VLAN 1 interfaces because by default the bridge has the role of the VLAN 1 interface. And in the default configuration all bridge ports are untagged ports of that VLAN.

But in your case, it looks like you need VLAN 1 tagged on a few ports. So, you can keep the configuration with the MAIN_VLAN_1 interface, and apply the simplest fix that is to go to the properties of the bridge MAIN_BRIDGE and change the PVID of that bridge (not of the ports) to a dummy value other than 1, for example 4000.

Also, you should assign proper frame-types values for the ports under /interface bridge port. Currently they all have admit-all and are hybrid ports. Because you already use interface lists MAIN_BRIDGE_TAGGED and MAIN_BRIDGE_UNTAGGED_VLAN_1, you can use them for the port assignment too. Remove all existing entries for MAIN_BRIDGE under /interface bridge port and replace them with two entries:

  • One with interface=MAIN_BRIDGE_UNTAGGED_VLAN_1 and frame-types=admit-only-untagged-and-priority-tagged pvid=1.
  • One with interface=MAIN_BRIDGE_TAGGED and frame-types=admit-only-vlan-tagged.
4

I am dubious about "include=static" in these items.
Seems likely to add almost all interfaces to the list.

1 Like
5

Oh yes, that's true. I didn't notice it. OP, you should remove include=static from the interface list definitions, otherwise the ports will all have the VLANs tagged and untagged at the same time.

6

Schroedinger's VLAN's? :astonished_face: