Community discussions

MikroTik App
just joined
Topic Author
Posts: 11
Joined: Fri Dec 25, 2020 9:21 pm

DHCP Client on CRS interface got IP once, then expired..

Wed Jan 06, 2021 2:55 am

.. now it just sits on 'searching' without renewing/getting new lease.. manual release/renew doesn't help.

Where do I look? Interface is on a VLAN, link is connected to an untagged port.

/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=VL10-WAN
Forum Guru
Forum Guru
Posts: 5252
Joined: Thu Mar 03, 2016 10:23 pm

Re: DHCP Client on CRS interface got IP once, then expired..

Wed Jan 06, 2021 9:31 am

Show us complete config (execute /export hide-sensitive in terminal window) and explain expected setup in plain words.
just joined
Topic Author
Posts: 11
Joined: Fri Dec 25, 2020 9:21 pm

Re: DHCP Client on CRS interface got IP once, then expired..

Sat Jan 09, 2021 5:36 am

Well it seems a lot isn't working regarding DHCP, both client & server.

- the WAN interface still won't get an IP, after previously receiving it and eventually expiring. I can plug a host into an access port on that VLAN on the Mikrotik and it gets an IP just fine.

- The DHCP server interfaces aren't giving out IPs either - except for one VLAN. That VLAN (VLAN 99) happens to be the one I tagged with the bridge, because it's the mgmt VLAN so I needed the switch IP here, but I have since also tagged the bridge on the other DHCP vlans and that hasn't made anythign better, i.e. clients still don't get IPs from the DHCPd. This one also works across all of my trunks.

Expected setup is for the switch to hand out IPs on all internal VLANs (not VL10) to local clients and clients on switches at the end of any of the trunks; and to ask for an address on the VL10 (WAN interface). All of the trunks carry all of the VLANs. I've posted an image below for reference. I'm still setting up the APs also.

So here's the full config:
add admin-mac=48:8F:5A:91:4E:D8 auto-mac=no ingress-filtering=yes name=br01-Core vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] name=gi1
set [ find default-name=ether2 ] mac-address=48:8F:5A:91:4E:D8 name=gi2
set [ find default-name=ether3 ] name=gi3
set [ find default-name=ether4 ] name=gi4
set [ find default-name=ether5 ] name=gi5
set [ find default-name=ether6 ] name=gi6
set [ find default-name=ether7 ] name=gi7
set [ find default-name=ether8 ] name=gi8
set [ find default-name=ether9 ] name=gi9
set [ find default-name=ether10 ] name=gi10
set [ find default-name=ether11 ] name=gi11
set [ find default-name=ether12 ] l2mtu=10218 mtu=10218 name=gi12
set [ find default-name=ether13 ] l2mtu=10218 mac-address=48:8F:5A:91:4E:E3 mtu=10218 name=gi13
set [ find default-name=ether14 ] name=gi14
set [ find default-name=ether15 ] name=gi15
set [ find default-name=ether16 ] name=gi16
set [ find default-name=ether17 ] name=gi17
set [ find default-name=ether18 ] name=gi18
set [ find default-name=ether19 ] l2mtu=10218 mtu=10218 name=gi19
set [ find default-name=ether20 ] l2mtu=10218 mtu=10218 name=gi20
set [ find default-name=ether21 ] l2mtu=10218 mtu=10218 name=gi21
set [ find default-name=ether22 ] l2mtu=10218 mtu=10218 name=gi22
set [ find default-name=ether23 ] l2mtu=10218 mtu=10218 name=gi23
set [ find default-name=ether24 ] l2mtu=10218 mac-address=48:8F:5A:91:4E:EE mtu=10218 name=gi24
set [ find default-name=sfp-sfpplus1 ] l2mtu=10218 mtu=10218 name=xg1
set [ find default-name=sfp-sfpplus2 ] l2mtu=10218 mtu=10218 name=xg2
/interface vlan
add interface=br01-Core name=VL10-WAN vlan-id=10
add interface=br01-Core name=VL13-Home vlan-id=13
add interface=br01-Core name=VL22-Secure vlan-id=22
add interface=br01-Core name=VL25-Smart vlan-id=25
add interface=br01-Core name=VL99-Mgmt vlan-id=99
add interface=br01-Core name=VL200-Spare vlan-id=200
/interface bonding
add mode=802.3ad name=bo01-WANUplink slaves=gi1,gi2
add mode=802.3ad mtu=10218 name=bo02-Trunk slaves=gi23,gi24
add mode=802.3ad mtu=10218 name=bo10-Brontos slaves=gi12,gi13
/interface list
add name=WAN
add name=LAN
add name=VPNtraffic
add name=VPNexcluded
add name=Private
add name=routed
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=dhcp_pool0 ranges=
add name=dhcp_pool1 ranges=
add name=dhcp_pool2 ranges=
add name=dhcp_pool3 ranges=
add name=dhcp_pool4 ranges=
/ip dhcp-server
add address-pool=dhcp_pool0 interface=VL13-Home lease-time=1d name=dhcp-VL13
add address-pool=dhcp_pool1 disabled=no interface=VL22-Secure lease-time=1d name=dhcp-VL22
add address-pool=dhcp_pool2 disabled=no interface=VL25-Smart lease-time=1d name=dhcp-VL25
add address-pool=dhcp_pool3 disabled=no interface=VL99-Mgmt lease-time=30m name=dhcp-VL99
add address-pool=dhcp_pool4 disabled=no interface=VL200-Spare name=dhcp-VL200
/interface bridge port
add bridge=br01-Core comment=VL99-Mgmt interface=gi3 pvid=99
add bridge=br01-Core comment="static mgmt - VL99-Mgmt" interface=gi18 pvid=99
add bridge=br01-Core comment=Alloce-10Gbe ingress-filtering=yes interface=xg1 pvid=13
add bridge=br01-Core comment=Brontos-10Gbe ingress-filtering=yes interface=xg2 pvid=13
add bridge=br01-Core comment=TrunkUplink-1Gbe-LACP frame-types=admit-only-vlan-tagged interface=bo02-Trunk
add bridge=br01-Core comment=Brontos-1Gbe-LACP frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes \
    interface=bo10-Brontos pvid=13
add bridge=br01-Core comment=VL13-Home interface=gi4 pvid=13
add bridge=br01-Core comment=VL10-WAN interface=gi5 pvid=10
add bridge=br01-Core comment=VL10-WAN interface=gi6 pvid=10
add bridge=br01-Core comment=VL13-Home interface=gi7 pvid=13
add bridge=br01-Core comment=VL13-Home interface=gi8 pvid=13
add bridge=br01-Core comment=VL13-Home interface=gi9 pvid=13
add bridge=br01-Core comment=VL22-Secure interface=gi10 pvid=22
add bridge=br01-Core comment=VL13-Home interface=gi11 pvid=13
add bridge=br01-Core comment=VL13-Home interface=gi14 pvid=13
add bridge=br01-Core comment=VL13-Home interface=gi15 pvid=13
add bridge=br01-Core comment=VL99-Mgmt interface=gi16 pvid=99
add bridge=br01-Core comment=VL13-Home interface=gi17 pvid=13
add bridge=br01-Core comment=TrunkUplink frame-types=admit-only-vlan-tagged interface=gi19
add bridge=br01-Core comment=TrunkUplink frame-types=admit-only-vlan-tagged interface=gi20
add bridge=br01-Core comment=TrunkUplink frame-types=admit-only-vlan-tagged interface=gi21
add bridge=br01-Core comment=TrunkUplink frame-types=admit-only-vlan-tagged interface=gi22
add bridge=br01-Core comment=Trunk-WANUplink interface=bo01-WANUplink pvid=10
/interface bridge vlan
add bridge=br01-Core tagged=bo02-Trunk,bo01-WANUplink,br01-Core untagged=gi3,gi18 vlan-ids=99
add bridge=br01-Core tagged=bo02-Trunk,bo01-WANUplink,bo10-Brontos untagged=gi5,gi6 vlan-ids=10
add bridge=br01-Core tagged=bo02-Trunk,bo01-WANUplink,br01-Core,gi19,gi20,gi21,gi22 untagged=\
    gi3,gi7,gi8,gi9,gi10,gi11,gi12,gi13,gi14,gi15,gi16,gi17,bo10-Brontos vlan-ids=13
add bridge=br01-Core tagged=bo02-Trunk,br01-Core,gi19,gi20,gi21,gi22 untagged=gi10 vlan-ids=22
add bridge=br01-Core tagged=bo02-Trunk,bo01-WANUplink,gi19,gi20,gi21,gi22 vlan-ids=25
add bridge=br01-Core tagged=bo02-Trunk,gi19,gi20,gi21,gi22 vlan-ids=200
/interface list member
add interface=VL13-Home list=LAN
add interface=VL22-Secure list=LAN
add interface=VL10-WAN list=WAN
add interface=VL99-Mgmt list=LAN
add interface=VL25-Smart list=LAN
add interface=br01-Core list=LAN
add interface=VL22-Secure list=VPNexcluded
add interface=VL10-WAN list=VPNexcluded
add interface=VL13-Home list=VPNtraffic
add interface=VL200-Spare list=VPNtraffic
add interface=VL13-Home list=routed
add interface=VL22-Secure list=routed
add interface=VL25-Smart list=routed
/ip address
add address= interface=VL200-Spare network=
add address= interface=VL13-Home network=
add address= interface=VL22-Secure network=
add address= interface=VL25-Smart network=
add address= interface=VL99-Mgmt network=
/ip dhcp-client
add default-route-distance=2 dhcp-options=clientid_duid,hostname interface=VL10-WAN use-peer-dns=no
/ip dhcp-server network
add address= dns-none=yes gateway=
add address= dns-server= gateway=
add address= gateway=
add address= dns-server=
add address= gateway=
/ip dns
set servers=,,2a10:50c0::ad1:ff,2a10:50c0::ad2:ff
/ip route
add disabled=yes distance=1 gateway=
/system clock
set time-zone-name=Europe/Amsterdam
/system identity
set name=Swikros
/system routerboard settings
set boot-os=router-os
You do not have the required permissions to view the files attached to this post.
Forum Guru
Forum Guru
Posts: 5252
Joined: Thu Mar 03, 2016 10:23 pm

Re: DHCP Client on CRS interface got IP once, then expired..

Sat Jan 09, 2021 1:21 pm

One of problems is that single bridge (L2 interconnect) has ports members with different MTUs ... which is not exactly wrong per-se. L2 device does not perform segmentation, so all L3 interfaces and devices within single L3 sub-domain should use exactly same MTU value. The problem is that L3 interface can inherit MTU size from underlying hardware while bridge interface MTU can change if MTU of any bridge port changes.
You should check it (/interface print on router and similar commands on other LAN devices).
just joined
Topic Author
Posts: 11
Joined: Fri Dec 25, 2020 9:21 pm

Re: DHCP Client on CRS interface got IP once, then expired..

Sat Jan 09, 2021 1:59 pm

Does the Mikrotik behave like a switch or a L2 client in this regard? In Cisco gear, I just set all port MTUs to their highest values, because that maximises throughput for any clients (Windows, ISCSI SAN) that -are- using larger frames. The router only needs to segment if a client sends a larger frame, but if no clients are configured to use those larger frames (Windows of course locked to 1500 generally) then it has no impact, just avoids some future issue.

If the Mikrotik sees this larger frame value and decides to use it itself for things like DHCP then yes that could be problematic.. However DHCP spec requires clients to advertise their maximum message size to the server so this shouldn't be the culprit, unless the port setting is both affecting the internal daemon -and- the daemon is ignoring the client message, which seems an unlikely cross-occurence.
Forum Guru
Forum Guru
Posts: 5252
Joined: Thu Mar 03, 2016 10:23 pm

Re: DHCP Client on CRS interface got IP once, then expired..

Sat Jan 09, 2021 2:17 pm

CRS behaves like a switch as long as it simply passes unaltered frames between its ether ports. When it starts to route (between VLANs and towards internet, when it performs other L3 duties such as DHCP client/server), then it's IP device. So if you have a device in one of VLANs with MTU of (say) 9000, it can nicely communicate with other devices within same VLAN with other devices having MTU set to 9000.
But if any of those devices comunicates with CRS because it's configured as their IP gateway (or us used as DHCP server or what not) and L3 interface on CRS (e.g. VL13-Home) uses MTU lower than 9000, there will be a problem.
Similarly if device connected to gi15 (MTU left at default, whatever it is) tries to communicate with device behind gi19 (with MTU set to non-default value) it may have problems.

The thing about jumbo-frames is this: larger MTU sizes nowadays are not worth the complication. They were fairly popular 20 years ago with early 100Mbps ethernet cards (or FDDI cards with slightly higher datarates) because at that time devices were severely limited with packet rate and longer packets meant considerable throughput increase. With current devices, which easily flood wirespeed even at high packet rate it is not worth to change MTUs ... not the L3 MTUs that is. But if L3 MTUs are kept at standard 1500, then setting L2 MTUs larger than something between 1540 and 1600 doesn't make any difference (L2 MTU needs to be slightly higher than 1500 when some L2.x layer is in use, e.g. VLAN or MPLS, because these add some overhead but not much).
just joined
Topic Author
Posts: 11
Joined: Fri Dec 25, 2020 9:21 pm

Re: DHCP Client on CRS interface got IP once, then expired..

Mon Jan 11, 2021 12:46 pm

I never change my device MTUs (except on iSCSI NICs which isn't set up here yet). I just raise the MTUs on all the switch config to avoid any issue. Clients are -always- set at default.
So could this still be a factor?
Long time Member
Long time Member
Posts: 632
Joined: Sat May 05, 2018 11:55 am

Re: DHCP Client on CRS interface got IP once, then expired..

Mon Jan 11, 2021 5:27 pm

A bridge has two roles - its is both like a switch connecting various ethernet ports together, and also like an ethernet port to pass traffic to services on the Mikrotik itself.

Whilst you have br01-Core as a tagged member for VLAN IDs 99, 13 & 22 under /interface bridge vlan it is missing for VLAN IDs 10, 25 & 200 so any CPU services (IP address, routing, DHCP client, DHCP server, etc.) attached to those VLANs will be inaccessible.

As an aside it is possible to leave out the untagged= membership under /interface bridge vlan, these will be added dynamically from the pvid= settings under /interface bridge port so you do not have to remember to update both when changing the PVID on a port.
just joined
Topic Author
Posts: 11
Joined: Fri Dec 25, 2020 9:21 pm

Re: DHCP Client on CRS interface got IP once, then expired..

Tue Jan 12, 2021 4:58 pm

Right but it is VLANs 13 & 22 for which I'm testing the DHCP at the moment.. 99 works it seems, although it also had an issue completing an address assignment to my Ubuntu box.. the lease was offered but never confirmed. 13 & 22 are the other VLANs I'm now trying to enable for DHCP, that are tagged with br01-Core but where the DHCP doesn't appear to work.

Who is online

Users browsing this forum: No registered users and 64 guests