Community discussions

MikroTik App
 
michaelahess
just joined
Topic Author
Posts: 17
Joined: Thu Nov 11, 2010 4:56 am

Upgraded CRS125 New Bridge thing Broke DHCP

Tue Feb 06, 2018 9:58 am

My DHCP stopped working after upgrading and having it convert to the bridge thing. I don't know what that means even. Here's my config. Could someone help see what's wrong here? Thank you!
# feb/06/2018 00:45:37 by RouterOS 6.41.1
# software id = RFDS-HPT0
#
# model = CRS125-24G-1S-2HnD
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce \
    country="united states" disabled=no distance=indoors frequency=auto mode=\
    ap-bridge ssid=HA wireless-protocol=802.11
/interface bridge
add admin-mac=D4:CA:6D:CE:29:23 auto-mac=no comment=defconf name=bridge \
    protocol-mode=none
/interface ethernet
set [ find default-name=ether1 ] name="1 - Portal - AP"
set [ find default-name=ether2 ] name="2 - Mike - PC"
set [ find default-name=ether3 ] name="3 - Erin - PC"
set [ find default-name=ether4 ] name="4 - Vaughn - PC"
set [ find default-name=ether5 ] name="5 - Rayne - PC"
set [ find default-name=ether6 ] name="6 - Schwartz - PC"
set [ find default-name=ether7 ] name="7 - Bedroom - Roku 3"
set [ find default-name=ether8 ] name="8 - Insteon Hub - HA"
set [ find default-name=ether9 ] name="9 - Bloomsky Storm - HA"
set [ find default-name=ether10 ] name="10 - Brother MFC9320CW - Printer"
set [ find default-name=ether11 ] name="11 - Workbench - Swirch"
set [ find default-name=ether12 ] name="12 - Workbench Test - PC"
set [ find default-name=ether13 ] name="13 - Unused"
set [ find default-name=ether14 ] name="14 - APC PDU - Network"
set [ find default-name=ether15 ] name="15 - Unused"
set [ find default-name=ether16 ] name="16 - Unused"
set [ find default-name=ether17 ] name="17 - Unused"
set [ find default-name=ether18 ] name="18 - Unused"
set [ find default-name=ether19 ] name="19 - Unused"
set [ find default-name=ether20 ] name="20 - Unused"
set [ find default-name=ether21 ] name="21 - Unused"
set [ find default-name=ether22 ] name="22 - LivingRoom - Switch"
set [ find default-name=ether23 ] name="23 - Understairs - Switch"
set [ find default-name=ether24 ] name="24 - ErinOffice - Switch"
set [ find default-name=sfp1 ] name="WAN - SFP1"
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=\
    dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key=hidden\
    wpa2-pre-shared-key=hidden
/ip pool
add name=dhcp_pool4 ranges=10.54.25.150-10.54.25.180
/ip dhcp-server
add address-pool=dhcp_pool4 disabled=no interface=bridge lease-time=8h name=\
    dhcp1
/snmp community
set [ find default=yes ] addresses=0.0.0.0/0
/interface bridge port
add bridge=bridge comment=defconf interface="2 - Mike - PC"
add bridge=bridge comment=defconf interface="3 - Erin - PC"
add bridge=bridge comment=defconf interface="4 - Vaughn - PC"
add bridge=bridge comment=defconf interface="5 - Rayne - PC"
add bridge=bridge comment=defconf interface="6 - Schwartz - PC"
add bridge=bridge comment=defconf interface="7 - Bedroom - Roku 3"
add bridge=bridge comment=defconf interface="8 - Insteon Hub - HA"
add bridge=bridge comment=defconf interface="9 - Bloomsky Storm - HA"
add bridge=bridge comment=defconf interface="20 - Unused"
add bridge=bridge comment=defconf interface="21 - Unused"
add bridge=bridge comment=defconf interface="22 - LivingRoom - Switch"
add bridge=bridge comment=defconf interface="23 - Understairs - Switch"
add bridge=bridge comment=defconf interface="24 - ErinOffice - Switch"
add bridge=bridge comment=defconf disabled=yes interface="WAN - SFP1"
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge interface="1 - Portal - AP"
/interface list member
add comment=defconf interface=bridge list=LAN
add interface="WAN - SFP1" list=WAN
/ip address
add address=10.54.25.1/24 interface=bridge network=10.54.25.0
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=\
    "WAN - SFP1"
/ip dhcp-server lease
add address=10.54.25.2 comment=Portal mac-address=00:78:CD:00:21:F4
...
lots of leases
...
/ip dhcp-server network
add address=10.54.25.0/24 comment=defconf dns-server=\
    10.54.25.1,8.8.8.8,4.4.4.4 domain=hidden.local gateway=10.54.25.1 \
    netmask=24
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,4.4.4.4
/ip dns static
add address=10.54.25.1 name=router.lan
/ip firewall address-list
add address=0.0.0.0/8 comment=RFC6890 list=NotPublic
add address=10.0.0.0/8 comment=RFC6890 list=NotPublic
add address=100.64.0.0/10 comment=RFC6890 list=NotPublic
add address=127.0.0.0/8 comment=RFC6890 list=NotPublic
add address=169.254.0.0/16 comment=RFC6890 list=NotPublic
add address=172.16.0.0/12 comment=RFC6890 list=NotPublic
add address=192.0.0.0/24 comment=RFC6890 list=NotPublic
add address=192.0.2.0/24 comment=RFC6890 list=NotPublic
add address=192.168.0.0/16 comment=RFC6890 list=NotPublic
add address=192.88.99.0/24 comment=RFC3068 list=NotPublic
add address=198.18.0.0/15 comment=RFC6890 list=NotPublic
add address=198.51.100.0/24 comment=RFC6890 list=NotPublic
add address=203.0.113.0/24 comment=RFC6890 list=NotPublic
add address=224.0.0.0/4 comment=RFC4601 list=NotPublic
add address=240.0.0.0/4 comment=RFC6890 list=NotPublic
/ip firewall filter
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf:  drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
add action=accept chain=input comment="defconf: accept ICMP Limited MH Works" \
    dst-limit=20,20,dst-address/1m40s limit=20,20:packet protocol=icmp
add action=accept chain=input comment="Allow LAN to Router MH Works" \
    src-address=10.54.25.0/24
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=forward comment="Allow all Port Forwards MH" \
    connection-nat-state=dstnat
add action=accept chain=input comment="Allow WinBox Remote Access MH Works" \
    dst-port=8291 protocol=tcp
add action=accept chain=input comment="Allow SSH Remote Access MH Works" \
    disabled=yes dst-port=222 protocol=tcp
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=drop chain=forward comment="drop undesired TCP MH" dst-port=\
    135-139,445,1434,4444 protocol=tcp
add action=drop chain=forward comment="drop undesired UDP MH" dst-port=\
    135-139,445,1434,4444 protocol=udp
add action=drop chain=forward comment="Drop Bogons" dst-address-list=\
    NotPublic src-address-list=NotPublic
add action=drop chain=input dst-port=53 in-interface="WAN - SFP1" protocol=\
    udp
add action=drop chain=input dst-port=53 in-interface="WAN - SFP1" protocol=\
    tcp
add action=drop chain=forward comment="Drop all packets from public internet w\
    hich should not exist in public network MH" in-interface="WAN - SFP1" \
    src-address-list=NotPublic
add action=drop chain=forward comment="Drop all packets from local network to \
    internet which should not exist in public network MH" dst-address-list=\
    NotPublic in-interface=bridge
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN
add action=dst-nat chain=dstnat comment=\
    "Manually Entered - 10.54.25.66 SSL for LetsEncrypt" dst-port=443 \
    in-interface-list=WAN protocol=tcp to-addresses=10.54.25.66
add action=dst-nat chain=dstnat comment=\
    "Manually Entered - 10.54.25.8 Vid Cams" dst-address=!10.54.25.1 \
    dst-address-type=local dst-port=8000 log=yes protocol=tcp to-addresses=\
    10.54.25.8 to-ports=8000
add action=dst-nat chain=dstnat comment=\
    "Manually Entered - 10.54.25.66 Grafana" dst-address=!10.54.25.1 \
    dst-address-type=local dst-port=3000 protocol=tcp to-addresses=\
    10.54.25.66 to-ports=3000
add action=dst-nat chain=dstnat comment=\
    "Manually Entered - 10.54.25.3 Mike RDP" dst-port=3389 in-interface-list=\
    WAN protocol=tcp to-addresses=10.54.25.3 to-ports=3389
add action=masquerade chain=srcnat comment="Hairpin for Cams" dst-address=\
    10.54.25.8 dst-port=8000 out-interface-list=LAN protocol=tcp src-address=\
    10.54.25.0/24
add action=masquerade chain=srcnat comment="Hairpin for Grafana" dst-address=\
    10.54.25.66 dst-port=3000 out-interface-list=LAN protocol=tcp \
    src-address=10.54.25.0/24
add action=masquerade chain=srcnat out-interface=all-ppp
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh port=222
set api disabled=yes
set api-ssl disabled=yes
/ip ssh
set strong-crypto=yes
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=bridge type=internal
add interface="WAN - SFP1" type=external
/lcd
set backlight-timeout=30s color-scheme=light
/lcd pin
set pin-number=9252
/lcd interface pages
set 0 interfaces=wlan1
/system clock
set time-zone-name=America/Denver
/system identity
set name=BlackWidow
/system ntp client
set enabled=yes primary-ntp=204.2.134.164 secondary-ntp=45.76.244.193
/system routerboard settings
set silent-boot=yes
/tool bandwidth-server
set enabled=no
/tool mac-server
set allowed-interface-list=none
/tool mac-server mac-winbox
set allowed-interface-list=none
/tool mac-server ping
set enabled=no
 
p3rad0x
Long time Member
Long time Member
Posts: 606
Joined: Fri Sep 18, 2015 5:42 pm
Location: South Africa
Contact:

Re: Upgraded CRS125 New Bridge thing Broke DHCP

Tue Feb 06, 2018 10:13 am

It looks like some default config is messing with you.

That config you posted should work.

Maybe try removing the dhcp server and create a new one
There you go then you touched something ;-) : it only takes a change in wind direction to screw with your nat :-)
 
michaelahess
just joined
Topic Author
Posts: 17
Joined: Thu Nov 11, 2010 4:56 am

Re: Upgraded CRS125 New Bridge thing Broke DHCP

Tue Feb 06, 2018 7:39 pm

I did try to remove, and recreate it, that failed.

The only change I recall making was taking the 192.168.7.1 IP that was on there by default (in address list) off the bridge interface. I replaced it with my actual gateway/device IP that had been assigned port 1, which was the previous master.

I remember doing that, I had been getting dhcp offers from the 192 address, then after "Swapping" and removing the 192 dhcp leases said they came from my 10. Then it randomly stopped.

I want to say my wifi devices were still getting leases, I need to check that tonight.

Something I saw in the docs said dhcp has to be bound to a physical interface to take in raw ethernet packets. The bridge is virtual, but the physical interfaces are members, so is that good enough?

Also I noted that the dynamic vlan 4095 that was created for the bridge, didn't actually list all the ports that had devices connected. Is that list supposed to have all active ports? Maybe I should manually create a new vlan and dump all the ports and cpu into that?
 
michaelahess
just joined
Topic Author
Posts: 17
Joined: Thu Nov 11, 2010 4:56 am

Re: Upgraded CRS125 New Bridge thing Broke DHCP

Wed Feb 07, 2018 7:03 pm

I did some testing last night. Devices connecting over either of my two Access Points, get IP's instantly. They are plugged directly into the CRS. Plugging the same machine into the switch, gets no DHCP.

I'll try to do a packet capture tonight, see if I can see the dhcp request/offer packets going through.
 
LIV2
newbie
Posts: 31
Joined: Sat Jan 23, 2016 7:42 am

Re: Upgraded CRS125 New Bridge thing Broke DHCP

Thu Feb 08, 2018 4:53 am

Perhaps it's a bug, your config looks fine to me. I also have a CRS125 with DHCP server running on the bridge interface with no issues whatsoever.

I did notice that you had this under the bridge ports config
{noformat}
add bridge=bridge comment=defconf disabled=yes interface="WAN - SFP1"
{noformat}

I'd probably try removing that whole line
 
michaelahess
just joined
Topic Author
Posts: 17
Joined: Thu Nov 11, 2010 4:56 am

Re: Upgraded CRS125 New Bridge thing Broke DHCP

Thu Feb 08, 2018 5:52 pm

I factory defaulted, and put my config in section by section and everything seems to work. Something just got hung up internally I guess.

Who is online

Users browsing this forum: CZFan, MKxTi and 34 guests