Community discussions

MikroTik App
 
ObliteRon
just joined
Topic Author
Posts: 15
Joined: Sun May 02, 2021 6:53 pm

Troubleshooting DHCP client: RB4011 VLAN router-on-a-stick

Mon Aug 02, 2021 1:13 am

Quick summary of setup:
Xfinity Internet: NETGEAR CM2050V eMTA -> Zyxel XGS1250-12 -> RB4011 SPF+

I have the RB4011 configured as a router-on-a-stick. The eMTA comes into the Zyxel switch and gets assigned VLAN 100. VLAN 100 traffic goes to the RB4011 SPF+ and LAN traffic is assigned VLAN 99. LAN and WAN traffic is then sent back over the SPF+ to the Zyxel, which then sends it to the appropriate destination.

It's not fully optimized, but it works except for this occasional issue:

When the eMTA starts up, the RB4011 requests an IP via DHCP on the WAN interface (VLAN 100) and is assigned a local 192.168.100.x IP with a one minute lease. Every 30s, the RB4011 renews; it either gets the same 192.168.100.x IP if the eMTA is still initializing OR it gets an Xfinity public IP if the eMTA is online.

The issue is sometimes after the eMTA is online, it appears that the DHCP client on the RB4011 will not receive a response to the DHCP request. So, the local IP expires and no other IP lease is ever received. Restarting the eMTA and/or the switch and/or the RB4011 sometimes results in a success.
When all that fails, I have to actually connect the eMTA to the RB4011 on eth1 and update the config accordingly to use eth1 for WAN and the SFP+ only for LAN.

What could be the cause for this intermittent failure?
It seems like if the VLANs are configured accordingly (which I assume they are since it works most of the time), the issue would be at the eMTA?
 
ObliteRon
just joined
Topic Author
Posts: 15
Joined: Sun May 02, 2021 6:53 pm

Re: Troubleshooting DHCP client: RB4011 VLAN router-on-a-stick

Tue Aug 03, 2021 5:29 pm

Here's my RB4011 config, if it helps:
# jun/11/2021 04:36:11 by RouterOS 6.47.10
#
# model = RB4011iGS+
/interface bridge
add name=bridge
/interface ethernet
set [ find default-name=sfp-sfpplus1 ] name=sfp1
/interface vlan
add interface=bridge name=VLAN88 vlan-id=88
add interface=bridge name=VLAN99 vlan-id=99
add interface=bridge name=eMTA vlan-id=100
/interface ethernet switch port
set 0 default-vlan-id=0
set 1 default-vlan-id=0
set 2 default-vlan-id=0
set 3 default-vlan-id=0
set 4 default-vlan-id=0
set 5 default-vlan-id=0
set 6 default-vlan-id=0
set 7 default-vlan-id=0
set 8 default-vlan-id=0
set 9 default-vlan-id=0
set 10 default-vlan-id=0
set 11 default-vlan-id=0
/interface list
add name=WAN
add name=LAN
/interface bridge port
add bridge=bridge interface=sfp1
/interface bridge vlan
add bridge=bridge tagged=bridge,sfp1 vlan-ids=99,100
/interface list member
add interface=bridge list=LAN
add interface=eMTA list=WAN
/ip address
add address=192.168.99.1/24 interface=VLAN99 network=192.168.99.0
add address=192.168.88.1/24 interface=VLAN88 network=192.168.88.0
/ip dhcp-client
add disabled=no interface=eMTA
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=drop chain=input comment="Drop ICMP from WAN" in-interface-list=\
    WAN protocol=icmp
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
    "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN
/system clock
set time-zone-name=America/Los_Angeles
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18959
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Troubleshooting DHCP client: RB4011 VLAN router-on-a-stick

Tue Aug 03, 2021 5:33 pm

/interface bridge vlan
add bridge=bridge tagged=bridge,sfp1 vlan-ids=99,100

Shouldnt that be 88 ???
/interface bridge vlan
add bridge=bridge tagged=bridge,sfp1 vlan-ids=88


You have two conflicting input chain firewall rules, one of them is not required.
Recommend you keep the allow rule.
add action=drop chain=input comment="Drop ICMP from WAN" in-interface-list=\
WAN protocol=icmp
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
 
ObliteRon
just joined
Topic Author
Posts: 15
Joined: Sun May 02, 2021 6:53 pm

Re: Troubleshooting DHCP client: RB4011 VLAN router-on-a-stick

Wed Aug 04, 2021 7:32 pm

Thanks for the reply anav.

As I mentioned, my config isn't optimized; I'm not actually using VLAN 88 at this point.

I can remove any references to VLAN 88, but as far as my issue goes, could that unused VLAN be a factor?

(And I can't see the firewall rule being a factor)
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18959
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Troubleshooting DHCP client: RB4011 VLAN router-on-a-stick

Wed Aug 04, 2021 7:48 pm

Sorry thats all I could see potentially wrong with the config??

Who is online

Users browsing this forum: LeoNaXe, NimbuS and 39 guests