I have Mikrotik RB2011UiAS-2HnD-IN router.
I have about 45-50 devices connected on this router via other switches. All devices are set to obtain IP address automatically.
Router is set to default gateway 192.168.88.1 and s.mask 255.255.255.0.
For about 30 devices everything was fine , but after that router start to assign address to other devices 192.168.3.X and that devices does have access to the network.
Although, some devices that has static ip assign earlier wont connect to router after disconnection. I tried to manually put ip addresses (the same adress that I assigned in router to be static ) on that devices. On some devices it worked ,but there is still a "waitig" in the router dhcp server even if the device is working.
What to do to make all devices works ?
Best regards
Delevic
Cant get all PCs online
Last edited by delevic on Wed Jul 29, 2020 7:04 pm, edited 1 time in total.
Re: Cant get all PCs online
Either the Mikrotik has been configured to hand out the 192.168.3.x addresses, or more likely someone has plugged another router into your network and that is answering DHCP requests more quickly than the Mikrotik.
You can enable rogue DHCP server detection under /ip dhcp-server alert, or IP > DHCP Server > Alerts tab in Winbox.
You can enable rogue DHCP server detection under /ip dhcp-server alert, or IP > DHCP Server > Alerts tab in Winbox.
Re: Cant get all PCs online
I think none of that. There is router before mikrotik not after. When I plug device into Mikrotik directly , device also get adress 192.168.3.x. weird 
up to a certain number of devices everything works ok. I will check rogue DHCP server detection
up to a certain number of devices everything works ok. I will check rogue DHCP server detection
Re: Cant get all PCs online
Check your DHCP pool or pools. sounds like you have two DHCP pools with the first one set for 30 addresses with a Next Pool set to another address pool. The DHCP pools on one of my routers as seen in WinBox showing most of the pools have only 10 or 20 available addresses and none of the pools have a Next Pool assigned.
Re: Cant get all PCs online
Maybe you have mistakenly configured your router in bridge mode rather than router mode.I think none of that. There is router before mikrotik not after. When I plug device into Mikrotik directly , device also get adress 192.168.3.x. weird
The interface you use for link to the next router (ether1 usually) should NOT be a member of the bridge where all your other ports (ether2-ether10, wlan1) are.
Show us your /export hide-sensitive
Re: Cant get all PCs online
Code: Select all
[admin@MikroTik] > /export
compact file hide-sensitive terse verbose
[admin@MikroTik] > /export hide-sensitive
# jul/29/2020 20:29:29 by RouterOS 6.45.7
# software id = 6U84-YLGL
#
# model = 2011UiAS-2HnD
# serial number = 444A0453C792
/interface bridge
add admin-mac=4C:5E:0C:22:02:85 auto-mac=no comment=defconf name=bridge
/interface ethernet
set [ find default-name=ether1 ] speed=100Mbps
set [ find default-name=ether2 ] name=ether2-master speed=100Mbps
set [ find default-name=ether3 ] speed=100Mbps
set [ find default-name=ether4 ] speed=100Mbps
set [ find default-name=ether5 ] speed=100Mbps
set [ find default-name=ether6 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=\
ether6-master
set [ find default-name=ether7 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether8 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether9 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether10 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce \
disabled=no distance=indoors frequency=auto mode=ap-bridge ssid=\
"Racunarski Centar" wireless-protocol=802.11
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
add exclude=dynamic name=discover
add name=mactel
add name=mac-winbox
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys \
supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
/interface bridge port
add bridge=bridge comment=defconf interface=ether2-master
add bridge=bridge comment=defconf interface=ether6-master
add bridge=bridge comment=defconf hw=no interface=sfp1
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge interface=ether3
add bridge=bridge interface=ether4
add bridge=bridge interface=ether5
add bridge=bridge interface=ether7
add bridge=bridge interface=ether8
add bridge=bridge interface=ether9
add bridge=bridge interface=ether10
/ip neighbor discovery-settings
set discover-interface-list=discover
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
add interface=sfp1 list=discover
add interface=ether2-master list=discover
add interface=ether3 list=discover
add interface=ether4 list=discover
add interface=ether5 list=discover
add interface=ether6-master list=discover
add interface=ether7 list=discover
add interface=ether8 list=discover
add interface=ether9 list=discover
add interface=ether10 list=discover
add interface=wlan1 list=discover
add interface=bridge list=discover
add interface=bridge list=mactel
add interface=bridge list=mac-winbox
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=\
192.168.88.0
/ip arp
add address=192.168.88.54 interface=bridge mac-address=E0:D5:5E:01:E0:8A
add address=192.168.88.58 interface=bridge mac-address=E0:D5:5E:00:1D:C9
add address=192.168.88.31 interface=bridge mac-address=B8:97:5A:42:7F:C7
add address=192.168.2.1 interface=ether1 mac-address=8C:68:C8:8D:99:24
add address=192.168.88.153 interface=bridge mac-address=E0:D5:5E:3D:99:98
add address=192.168.88.107 interface=bridge mac-address=70:85:C2:38:95:CF
add address=192.168.3.57 interface=bridge mac-address=E0:D5:5E:00:26:46
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=ether1
/ip dhcp-server alert
add interface=bridge
add disabled=no interface=bridge valid-server=4C:5E:0C:22:02:85
/ip dhcp-server lease
add address=192.168.88.100 client-id=1:0:1f:2b:ee:58:3b mac-address=\
E0:D5:5E:00:26:46 server=defconf
add address=192.168.88.51 client-id=1:e0:d5:5e:0:1e:80 mac-address=\
E0:D5:5E:00:1E:80 server=defconf
add address=192.168.88.201 client-id=1:d0:50:99:49:6a:36 mac-address=\
D0:50:99:49:6A:36 server=defconf
add address=192.168.88.246 mac-address=E0:D5:5E:3D:1C:2A server=defconf
add address=192.168.88.242 client-id=1:d0:50:99:49:6a:a9 mac-address=\
D0:50:99:49:6A:A9 server=defconf
add address=192.168.88.204 client-id=1:d0:50:99:ad:f1:8d mac-address=\
D0:50:99:AD:F1:8D server=defconf
add address=192.168.88.55 client-id=1:e0:d5:5e:0:1e:8c mac-address=\
E0:D5:5E:00:1E:8C server=defconf
add address=192.168.88.56 client-id=1:e0:d5:5e:1:df:e6 mac-address=\
E0:D5:5E:01:DF:E6 server=defconf
add address=192.168.88.205 client-id=1:70:85:c2:2c:c2:3b mac-address=\
70:85:C2:2C:C2:3B server=defconf
add address=192.168.88.107 client-id=1:70:85:c2:38:95:cf mac-address=\
70:85:C2:38:95:CF server=defconf
add address=192.168.88.241 client-id=1:d0:50:99:49:6a:62 mac-address=\
D0:50:99:49:6A:62 server=defconf
add address=192.168.88.104 client-id=1:e0:d5:5e:0:26:bc mac-address=\
E0:D5:5E:00:26:BC server=defconf
add address=192.168.88.240 client-id=1:0:18:15:1c:92:1e mac-address=\
00:18:15:1C:92:1E server=defconf
add address=192.168.88.108 client-id=1:1c:1b:d:5f:62:2d mac-address=\
1C:1B:0D:5F:62:2D server=defconf
add address=192.168.88.109 client-id=1:1c:1b:d:5f:4f:ed mac-address=\
1C:1B:0D:5F:4F:ED server=defconf
add address=192.168.88.103 client-id=1:e0:d5:5e:0:1e:6a mac-address=\
E0:D5:5E:00:1E:6A server=defconf
add address=192.168.88.244 client-id=1:d0:50:99:49:69:f3 mac-address=\
D0:50:99:49:69:F3 server=defconf
add address=192.168.88.106 client-id=1:70:85:c2:31:81:a7 mac-address=\
70:85:C2:31:81:A7 server=defconf
add address=192.168.88.200 client-id=1:e0:d5:5e:0:1b:55 mac-address=\
E0:D5:5E:00:1B:55 server=defconf
add address=192.168.88.57 client-id=1:e0:d5:5e:1:e0:5 mac-address=\
E0:D5:5E:01:E0:05 server=defconf
add address=192.168.88.52 client-id=1:e0:d5:5e:0:1e:29 mac-address=\
E0:D5:5E:00:1E:29 server=defconf
add address=192.168.88.102 client-id=1:e0:d5:5e:0:26:8f mac-address=\
E0:D5:5E:00:26:8F server=defconf
add address=192.168.88.101 client-id=1:e0:d5:5e:0:26:43 mac-address=\
E0:D5:5E:00:26:43 server=defconf
add address=192.168.88.105 client-id=1:e0:d5:5e:1:e0:cc mac-address=\
E0:D5:5E:01:E0:CC server=defconf use-src-mac=yes
add address=192.168.88.53 client-id=1:e0:d5:5e:1:df:e7 mac-address=\
E0:D5:5E:01:DF:E7 server=defconf
add address=192.168.88.206 client-id=1:e0:d5:5e:0:1d:c6 mac-address=\
E0:D5:5E:00:1D:C6 server=defconf
add address=192.168.88.58 client-id=1:e0:d5:5e:0:1d:c9 mac-address=\
E0:D5:5E:00:1D:C9 server=defconf
add address=192.168.88.207 client-id=1:1c:1b:d:59:60:cd mac-address=\
1C:1B:0D:59:60:CD server=defconf
add address=192.168.88.152 client-id=1:e0:d5:5e:3d:99:96 mac-address=\
E0:D5:5E:3D:99:96 server=defconf
add address=192.168.88.209 client-id=1:e0:d5:5e:0:3:ae mac-address=\
E0:D5:5E:00:03:AE server=defconf
add address=192.168.88.208 client-id=1:d0:50:99:3:9c:52 mac-address=\
D0:50:99:03:9C:52 server=defconf
add address=192.168.88.150 client-id=1:e0:d5:5e:0:3:b0 mac-address=\
E0:D5:5E:00:03:B0 server=defconf
add address=192.168.88.151 client-id=1:e0:d5:5e:0:1c:8 mac-address=\
E0:D5:5E:00:1C:08 server=defconf
add address=192.168.88.75 mac-address=F8:16:54:00:74:EA server=defconf
add address=192.168.88.243 client-id=1:d0:50:99:49:6a:58 mac-address=\
D0:50:99:49:6A:58 server=defconf
add address=192.168.88.245 client-id=1:d0:50:99:49:69:ff mac-address=\
D0:50:99:49:69:FF server=defconf
add address=192.168.88.36 mac-address=34:EA:34:75:A1:72 server=defconf
add address=192.168.88.46 mac-address=34:EA:34:75:C2:6B server=defconf
add address=192.168.88.45 mac-address=34:EA:34:75:B8:38 server=defconf
add address=192.168.88.44 mac-address=34:EA:34:9D:2E:14 server=defconf
add address=192.168.88.43 mac-address=34:EA:34:9D:35:A1 server=defconf
add address=192.168.88.42 mac-address=34:EA:34:75:C3:89 server=defconf
add address=192.168.88.40 mac-address=34:EA:34:79:6D:AB server=defconf
add address=192.168.88.39 mac-address=34:EA:34:9D:31:BA server=defconf
add address=192.168.88.38 mac-address=34:EA:34:9D:2F:29 server=defconf
add address=192.168.88.37 mac-address=34:EA:34:75:BE:A8 server=defconf
add address=192.168.88.199 client-id=1:48:ee:c:7c:6e:55 mac-address=\
48:EE:0C:7C:6E:55 server=defconf
add address=192.168.88.33 client-id=1:ec:8:6b:ea:d1:17 mac-address=\
EC:08:6B:EA:D1:17 server=defconf
add address=192.168.88.30 mac-address=90:02:A9:12:B4:A1 server=defconf
add address=192.168.88.210 mac-address=D0:50:99:49:6A:9A server=defconf
add address=192.168.88.211 mac-address=D0:50:99:49:6A:96 server=defconf
add address=192.168.88.123 client-id=1:b8:97:5a:42:89:6a mac-address=\
B8:97:5A:42:89:6A server=defconf
add address=192.168.88.32 client-id=1:e0:d5:5e:3d:a2:10 mac-address=\
E0:D5:5E:3D:A2:10 server=defconf
add address=192.168.88.54 mac-address=E0:D5:5E:01:E0:8A server=defconf
add address=192.168.88.31 mac-address=B8:97:5A:42:7F:C7 server=defconf
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1 netmask=30
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 name=router.lan
/ip firewall filter
add action=accept chain=input dst-port=8291 protocol=tcp
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=\
invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=\
out,none out-interface-list=WAN
add action=dst-nat chain=dstnat dst-port=2000 protocol=tcp to-addresses=\
192.168.88.208 to-ports=2000
add action=dst-nat chain=dstnat dst-port=2001 protocol=tcp to-addresses=\
192.168.88.51 to-ports=2001
add action=dst-nat chain=dstnat dst-port=2002 protocol=tcp to-addresses=\
192.168.88.52 to-ports=2002
add action=dst-nat chain=dstnat dst-port=2003 protocol=tcp to-addresses=\
192.168.88.53 to-ports=2003
add action=dst-nat chain=dstnat dst-port=2004 protocol=tcp to-addresses=\
192.168.88.54 to-ports=2004
add action=dst-nat chain=dstnat dst-port=2005 protocol=tcp to-addresses=\
192.168.88.55 to-ports=2005
add action=dst-nat chain=dstnat dst-port=2006 protocol=tcp to-addresses=\
192.168.88.56 to-ports=2006
add action=dst-nat chain=dstnat dst-port=2007 protocol=tcp to-addresses=\
192.168.88.57 to-ports=2007
add action=dst-nat chain=dstnat dst-port=2008 protocol=tcp to-addresses=\
192.168.88.58 to-ports=2008
add action=dst-nat chain=dstnat dst-port=1000 protocol=tcp to-addresses=\
192.168.3.57 to-ports=1000
add action=dst-nat chain=dstnat dst-port=1001 protocol=tcp to-addresses=\
192.168.88.107 to-ports=22
add action=dst-nat chain=dstnat dst-port=1002 protocol=tcp to-addresses=\
192.168.88.102 to-ports=1002
add action=dst-nat chain=dstnat dst-port=1003 protocol=tcp to-addresses=\
192.168.88.103 to-ports=1003
add action=dst-nat chain=dstnat dst-port=1004 protocol=tcp to-addresses=\
192.168.88.104 to-ports=1004
add action=dst-nat chain=dstnat dst-port=1005 protocol=tcp to-addresses=\
192.168.88.105 to-ports=1005
add action=dst-nat chain=dstnat dst-port=1006 protocol=tcp to-addresses=\
192.168.88.106 to-ports=1006
add action=dst-nat chain=dstnat dst-port=1007 protocol=tcp to-addresses=\
192.168.88.107 to-ports=1007
add action=dst-nat chain=dstnat dst-port=1008 protocol=tcp to-addresses=\
192.168.88.108 to-ports=1008
add action=dst-nat chain=dstnat dst-port=1009 protocol=tcp to-addresses=\
192.168.88.109 to-ports=1009
add action=dst-nat chain=dstnat dst-port=5000 protocol=tcp to-addresses=\
192.168.88.150 to-ports=5000
add action=dst-nat chain=dstnat dst-port=5001 protocol=tcp to-addresses=\
192.168.88.151 to-ports=5001
add action=dst-nat chain=dstnat dst-port=5002 protocol=tcp to-addresses=\
192.168.88.152 to-ports=5002
add action=dst-nat chain=dstnat dst-port=5003 protocol=tcp to-addresses=\
192.168.88.153 to-ports=5003
add action=dst-nat chain=dstnat dst-port=5004 protocol=tcp to-addresses=\
192.168.3.4 to-ports=5004
add action=dst-nat chain=dstnat dst-port=6000 protocol=tcp to-addresses=\
192.168.88.240 to-ports=6000
add action=dst-nat chain=dstnat dst-port=6001 protocol=tcp to-addresses=\
192.168.88.241 to-ports=6001
add action=dst-nat chain=dstnat dst-port=6002 protocol=tcp to-addresses=\
192.168.88.242 to-ports=6002
add action=dst-nat chain=dstnat dst-port=6003 protocol=tcp to-addresses=\
192.168.88.243 to-ports=6003
add action=dst-nat chain=dstnat dst-port=6004 protocol=tcp to-addresses=\
192.168.88.244 to-ports=6004
add action=dst-nat chain=dstnat dst-port=6005 protocol=tcp to-addresses=\
192.168.88.245 to-ports=6005
add action=dst-nat chain=dstnat dst-port=6006 protocol=tcp to-addresses=\
192.168.88.246 to-ports=6006
add action=dst-nat chain=dstnat dst-port=4003 protocol=tcp to-addresses=\
192.168.88.200 to-ports=4003
add action=dst-nat chain=dstnat dst-port=3009 protocol=tcp to-addresses=\
192.168.88.201 to-ports=3009
add action=dst-nat chain=dstnat dst-port=4001 protocol=tcp to-addresses=\
192.168.88.32 to-ports=4001
add action=dst-nat chain=dstnat dst-port=4002 protocol=tcp to-addresses=\
192.168.88.206 to-ports=4002
add action=dst-nat chain=dstnat dst-port=4004 protocol=tcp to-addresses=\
192.168.88.204 to-ports=4004
add action=dst-nat chain=dstnat dst-port=4000 protocol=tcp to-addresses=\
192.168.88.205 to-ports=4000
add action=dst-nat chain=dstnat dst-port=3303 protocol=tcp to-addresses=\
192.168.88.206 to-ports=3303
add action=dst-nat chain=dstnat dst-port=2009 protocol=tcp to-addresses=\
192.168.88.207 to-ports=2009
add action=dst-nat chain=dstnat dst-port=4005 protocol=tcp to-addresses=\
192.168.88.208 to-ports=4005
add action=dst-nat chain=dstnat dst-port=4006 protocol=tcp to-addresses=\
192.168.88.209 to-ports=4006
add action=dst-nat chain=dstnat dst-port=8080 protocol=tcp to-addresses=\
192.168.88.33 to-ports=8080
add action=dst-nat chain=dstnat dst-port=9000 protocol=tcp to-addresses=\
192.168.88.30 to-ports=9000
add action=dst-nat chain=dstnat dst-port=9001 protocol=tcp to-addresses=\
192.168.88.30 to-ports=9001
add action=dst-nat chain=dstnat dst-port=6011 protocol=tcp src-address-list="" \
to-addresses=192.168.88.245 to-ports=22
add action=dst-nat chain=dstnat dst-port=6010 protocol=tcp to-addresses=\
192.168.88.244 to-ports=22
add action=dst-nat chain=dstnat dst-port=6012 protocol=tcp to-addresses=\
192.168.88.246 to-ports=22
add action=dst-nat chain=dstnat dst-port=4005 protocol=tcp src-port="" \
to-addresses=192.168.88.208 to-ports=4005
add action=dst-nat chain=dstnat dst-port=4006 protocol=tcp src-address-list="" \
to-addresses=192.168.88.209 to-ports=4006
add action=dst-nat chain=dstnat dst-address-list="" dst-port=4007 protocol=tcp \
to-addresses=192.168.88.210 to-ports=4007
add action=dst-nat chain=dstnat dst-port=4008 protocol=tcp to-addresses=\
192.168.88.211 to-ports=4008
add action=dst-nat chain=dstnat dst-port=4009 protocol=tcp to-addresses=\
192.168.88.210 to-ports=22
add action=dst-nat chain=dstnat dst-port=4010 protocol=tcp to-addresses=\
192.168.88.211 to-ports=22
add action=dst-nat chain=dstnat dst-port=4011 protocol=tcp src-port="" \
to-addresses=192.168.88.31 to-ports=4011
add action=dst-nat chain=dstnat dst-port=4012 protocol=tcp src-port="" \
to-addresses=192.168.3.123 to-ports=4012
add action=dst-nat chain=dstnat dst-port=7003 protocol=tcp to-addresses=\
192.168.88.53 to-ports=22
add action=dst-nat chain=dstnat dst-port=7001 protocol=tcp to-addresses=\
192.168.88.51 to-ports=22
add action=dst-nat chain=dstnat dst-port=7000 protocol=tcp to-addresses=\
192.168.88.208 to-ports=22
add action=dst-nat chain=dstnat dst-port=7002 protocol=tcp to-addresses=\
192.168.88.52 to-ports=22
add action=dst-nat chain=dstnat dst-port=7005 protocol=tcp to-addresses=\
192.168.88.55 to-ports=22
add action=dst-nat chain=dstnat dst-port=7007 protocol=tcp to-addresses=\
192.168.88.57 to-ports=22
add action=dst-nat chain=dstnat dst-port=7004 protocol=tcp to-addresses=\
192.168.88.54 to-ports=22
add action=dst-nat chain=dstnat dst-port=7006 protocol=tcp to-addresses=\
192.168.88.56 to-ports=22
add action=dst-nat chain=dstnat dst-port=7008 protocol=tcp to-addresses=\
192.168.88.58 to-ports=22
add action=dst-nat chain=dstnat dst-port=8006 protocol=tcp to-addresses=\
192.168.88.108 to-ports=22
add action=dst-nat chain=dstnat dst-port=8007 protocol=tcp to-addresses=\
192.168.88.109 to-ports=22
add action=dst-nat chain=dstnat dst-port=8001 protocol=tcp to-addresses=\
192.168.88.101 to-ports=22
add action=dst-nat chain=dstnat dst-port=8002 protocol=tcp to-addresses=\
192.168.88.102 to-ports=22
add action=dst-nat chain=dstnat dst-port=8003 protocol=tcp to-addresses=\
192.168.88.103 to-ports=22
add action=dst-nat chain=dstnat dst-port=8004 protocol=tcp to-addresses=\
192.168.88.104 to-ports=22
add action=dst-nat chain=dstnat dst-port=8005 protocol=tcp to-addresses=\
192.168.88.105 to-ports=22
add action=dst-nat chain=dstnat dst-port=9013 protocol=tcp to-addresses=\
192.168.88.153 to-ports=22
add action=dst-nat chain=dstnat dst-port=9010 protocol=tcp to-addresses=\
192.168.88.150 to-ports=22
add action=dst-nat chain=dstnat dst-port=9011 protocol=tcp to-addresses=\
192.168.88.151 to-ports=22
add action=dst-nat chain=dstnat dst-port=9012 protocol=tcp to-addresses=\
192.168.88.152 to-ports=22
add action=dst-nat chain=dstnat dst-port=9017 protocol=tcp to-addresses=\
192.168.88.107 to-ports=22
add action=dst-nat chain=dstnat dst-port=9014 protocol=tcp to-addresses=\
192.168.3.4 to-ports=22
add action=dst-nat chain=dstnat dst-port=8000 protocol=tcp to-addresses=\
192.168.3.57 to-ports=22
/ip service
set www-ssl disabled=no
/lcd
set time-interval=hour
/system clock
set time-zone-name=Europe/Belgrade
/tool mac-server
set allowed-interface-list=mactel
/tool mac-server mac-winbox
set allowed-interface-list=mac-winbox
[admin@MikroTik] >
Re: Cant get all PCs online
... and you can check in the DHCP server "Leases" to see if an 192.168.3.x address has been given out by this DHCP server.Either the Mikrotik has been configured to hand out the 192.168.3.x addresses, or more likely someone has plugged another router into your network and that is answering DHCP requests more quickly than the Mikrotik.
You can enable rogue DHCP server detection under /ip dhcp-server alert, or IP > DHCP Server > Alerts tab in Winbox.
I bet that this entry is not in the Leases table.
Re: Cant get all PCs online
The config looks fine except for the fact that there are fixed (static) ARP entries, two with a wrong IP address.
I would recommend to remove them all.
This is likely not the problem.
So indeed setup a dhcp alert for "bridge" and see what happens.
I would recommend to remove them all.
Code: Select all
/ip arp
remove [find]So indeed setup a dhcp alert for "bridge" and see what happens.
Re: Cant get all PCs online
You won the bet There is no 192.168.3.x in Leases table. I just tried to add bridge in to 192.168.3.1/24 in IP/Adresses. Now devices get connection , but still is not in leases table. When I enter 192.168.3.1 in Browser I got Mikrotik web before that nothing.
There is no 192.168.3.x in Leases table. I just tried to add bridge in to 192.168.3.1/24 in IP/Adresses. Now devices get connection , but still is not in leases table. When I enter 192.168.3.1 in Browser I got Mikrotik web before that nothing. Re: Cant get all PCs online
Are you sure your other router is connected to ether1 and not to some other port, or maybe there is some other crosslink e.g. from one of the other ports also to a port of the other router?
It is obvious that the router is visible from the bridge, which it should not be.
It is obvious that the router is visible from the bridge, which it should not be.
Re: Cant get all PCs online
Or someone has plugged in another router on your LAN without you knowing it. Most likely they were looking for switching only, but left the DHCP server enabled.
Re: Cant get all PCs online
Yes I am sure.Are you sure your other router is connected to ether1 and not to some other port, or maybe there is some other crosslink e.g. from one of the other ports also to a port of the other router?
It is obvious that the router is visible from the bridge, which it should not be.
This is possible. But to check that I have to be there physically. (I am currently working from home due to the current situation)Or someone has plugged in another router on your LAN without you knowing it. Most likely they were looking for switching only, but left the DHCP server enabled.
If DHCP server on other router is left enabled, and that router is not connected to Mikrotik via wan port but via Lan port (to work like a switch) , will that make problem like this ?
Re: Cant get all PCs online
Yes, exactly this situation. The DHCP server alerts are coming from a Netgear device.This is possible. But to check that I have to be there physically. (I am currently working from home due to the current situation)Or someone has plugged in another router on your LAN without you knowing it. Most likely they were looking for switching only, but left the DHCP server enabled.
If DHCP server on other router is left enabled, and that router is not connected to Mikrotik via wan port but via Lan port (to work like a switch) , will that make problem like this ?
You could find which port it is connected to (look for that MAC address in Bridge > Hosts) and disable the corresponding ethernet interface. This will cut off any devices connected to that port, but anything else will pick up a correct address from the Mikrotik when the existing lease from the Netgear expires - could be a day or more, depends what the lease time on the Netgear is set to.
Re: Cant get all PCs online
If switches in your network are managed ones and they support DHCP snooping, it can be possible to solve it without physically finding the device.If DHCP server on other router is left enabled, and that router is not connected to Mikrotik via wan port but via Lan port (to work like a switch) , will that make problem like this ?
https://wiki.mikrotik.com/wiki/Manual:I ... _Option_82
Re: Cant get all PCs online
Yes, exactly this situation. The DHCP server alerts are coming from a Netgear device.
You could find which port it is connected to (look for that MAC address in Bridge > Hosts) and disable the corresponding ethernet interface. This will cut off any devices connected to that port, but anything else will pick up a correct address from the Mikrotik when the existing lease from the Netgear expires - could be a day or more, depends what the lease time on the Netgear is set to.
I found it on eher2 port
But cant disable it because I have a lot of devices that are connected to that port. It will wait until Sunday.Unfortunately switches don't support DHCP snoopoing, but that would be a great solution for this situation.If switches in your network are managed ones and they support DHCP snooping, it can be possible to solve it without physically finding the device.
https://wiki.mikrotik.com/wiki/Manual:I ... _Option_82
It is important that we find who is creating the problem for this situation.
Thank you all for your quick and efficient support. I will update the thread on Sunday when I'm on the field.
Re: Cant get all PCs online
Jut to report that the problem is solved. It was like we predicted. Netgear was connected via lan port but DHCP Server was left enabled. When turned it off the problem is gone.
Thanks!
Thanks!
Re: Cant get all PCs online
It is important to know that when you have a network that should be sort of reliable, you should invest in better switches.
You could prevent these mishaps by having switches that have DHCP snooping, but even with the minimal "managed switches" you could have investigated
what happened further downstream on the ether2 port (probably there now is an unmanaged switch on that port).
With a managed switch you could have manually identified which switchport the bad router was connected, and manually disable that port until you could
find out what happened in detail. And probably the user of that router would have complained or disconnected it.
You could prevent these mishaps by having switches that have DHCP snooping, but even with the minimal "managed switches" you could have investigated
what happened further downstream on the ether2 port (probably there now is an unmanaged switch on that port).
With a managed switch you could have manually identified which switchport the bad router was connected, and manually disable that port until you could
find out what happened in detail. And probably the user of that router would have complained or disconnected it.