Community discussions

MikroTik App
 
peeter123
just joined
Topic Author
Posts: 5
Joined: Tue Jul 22, 2014 8:58 pm

[SOLVED] Dual VLAN on WAN DHCP Client Issue

Tue Jul 22, 2014 9:15 pm

I've just received my RB2011UIAS-2HND-IN and started configuring it, however I have ran into an issue with DHCP which I cannot resolve. My setup is as follows:

FTTH --> Genexis Media Converter --> (VLAN4 - IPTV, VLAN34 - Internet) --> RB2011 - PORT1

My ISP requires DHCP on both interfaces. On port 1 I have added two VLAN interfaces(vlan-internet, vlan-iptv) and configured NAT to vlan-internet. So far so good, now DHCP clients are added to both interfaces. The DHCP client on vlan-internet has the add default-route option set and the vlan-iptv has not.

The problem is as follows, internet works perfectly if only the vlan-internet DHCP client is on. The exact moment the vlan-iptv DHCP client is turned on my internet connection goes down. Ping to google.com returns timeout and after a while alternating timeout/ext ip: destination unreachable.

If I renew my lease on vlan-internet internet goes back up until vlan-iptv renews it's IP. I've tried searching for a solution but I am at a loss at this moment. Hopefully someone can help me with this issue :)
Last edited by peeter123 on Wed Aug 13, 2014 5:51 pm, edited 1 time in total.
 
User avatar
jayd2k
newbie
Posts: 45
Joined: Tue Sep 10, 2013 6:46 am
Location: Philippines

Re: Dual VLAN on WAN DHCP Client Issue

Wed Aug 06, 2014 7:55 am

That sounds pretty much like a routing issue.

Check your routing table before and after enabling the dhcp client on VLAN4 and see if the default route changes once the other link comes up.

Checking the routing table via CLI:

ros code

ip route print detail
You also might want to share your config with us.
By 2016 total internet traffic will be 3x 2011
 
peeter123
just joined
Topic Author
Posts: 5
Joined: Tue Jul 22, 2014 8:58 pm

Re: Dual VLAN on WAN DHCP Client Issue

Sun Aug 10, 2014 11:44 pm

Hi thanks for your reply, I've just returned from vacation and are looking into this at the moment. This is more info that should help:

Routes and traceroute:
Before iptv interface dhcp client:
[admin@AquaRouter] > /ip route print detail
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit 
 0 ADS  dst-address=0.0.0.0/0 gateway=82.197.195.1 gateway-status=82.197.195.1 reachable via  vlan-internet distance=1 scope=30 target-scope=10 vrf-interface=vlan-internet 
 1 ADC  dst-address=82.197.195.0/24 pref-src=82.197.195.239 gateway=vlan-internet gateway-status=vlan-internet reachable distance=0 scope=10 
 2 ADC  dst-address=192.168.88.0/24 pref-src=192.168.88.1 gateway=bridge-local gateway-status=bridge-local reachable distance=0 scope=10 

[admin@AquaRouter] > /tool traceroute 8.8.8.8             
 # ADDRESS                          LOSS SENT    LAST     AVG    BEST   WORST
 1 82.197.195.1                       0%   67     3ms       3     2.7     9.8
 2 217.19.16.6                        0%   67   2.9ms     3.1     2.8     7.5
 3 195.69.145.100                   26..   67   3.2ms     3.2       3       4
 4 209.85.254.95                      0%   67   6.9ms     5.1     3.2    29.3
 5 72.14.238.69                       0%   67   3.6ms     4.8     3.4    25.8
 6 209.85.254.231                     0%   67  18.2ms     8.8     6.5      49
 7 209.85.254.189                     0%   67   6.5ms     8.3     6.4    44.4
 8                                  100%   67 timeout
 9 8.8.8.8                            0%   66   6.8ms     6.9     6.6    13.3
 
After iptv interface dhcp client:
[admin@AquaRouter] > /ip route print detail
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit 
 0 ADS  dst-address=0.0.0.0/0 gateway=82.197.195.1 gateway-status=82.197.195.1 reachable via  vlan-internet distance=1 scope=30 target-scope=10 vrf-interface=vlan-internet 
 1 ADC  dst-address=10.10.32.0/22 pref-src=10.10.32.151 gateway=vlan-iptv gateway-status=vlan-iptv reachable distance=0 scope=10 
 2 ADC  dst-address=82.197.195.0/24 pref-src=82.197.195.239 gateway=vlan-internet gateway-status=vlan-internet reachable distance=0 scope=10 
 3 ADC  dst-address=192.168.88.0/24 pref-src=192.168.88.1 gateway=bridge-local gateway-status=bridge-local reachable distance=0 scope=10
 
[admin@AquaRouter] > /tool traceroute 8.8.8.8
 # ADDRESS                          LOSS SENT    LAST     AVG    BEST   WORST
 1                                  100%   17 timeout
 2 82.197.195.239                   93..   17 timeout     988     988     988
 3 82.197.195.239                   87..   16 timeout   987.5   983.8   991.1
 4 82.197.195.239                   93..   16 timeout   989.1   989.1   989.1
 5 82.197.195.239                   87..   16 timeout     510    30.7   989.2
 6                                    0%    0     0ms
Config export:
# aug/10/2014 22:40:19 by RouterOS 6.18
# software id = S62Z-5GTT
#
/interface bridge
add admin-mac=4C:5E:0C:49:43:4A auto-mac=no l2mtu=1598 name=bridge-local
/interface ethernet
set [ find default-name=ether1 ] name=ether1-wan rx-flow-control=auto \
    tx-flow-control=auto
set [ find default-name=ether6 ] name=ether6-master-local
set [ find default-name=ether7 ] master-port=ether6-master-local name=\
    ether7-slave-local
set [ find default-name=ether8 ] master-port=ether6-master-local name=\
    ether8-slave-local
set [ find default-name=ether9 ] name=ether9-slave-local
set [ find default-name=ether10 ] name=ether10-test poe-out=off
set [ find default-name=sfp1 ] disabled=yes
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=\
    20/40mhz-ht-above distance=indoors l2mtu=2290 mode=ap-bridge name=wlan \
    ssid=Aqua wireless-protocol=802.11
/ip neighbor discovery
set ether1-wan discover=no
/interface vlan
add interface=ether1-wan l2mtu=1594 name=vlan-internet vlan-id=34
add interface=ether1-wan l2mtu=1594 name=vlan-iptv vlan-id=4
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" mode=\
    dynamic-keys supplicant-identity=MikroTik
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add add-arp=yes address-pool=default-dhcp disabled=no interface=bridge-local \
    lease-time=10m name=default
/port
set 0 name=serial0
/interface bridge port
add bridge=bridge-local interface=ether3
add bridge=bridge-local interface=ether4
add bridge=bridge-local interface=ether5
add bridge=bridge-local interface=ether6-master-local
add bridge=bridge-local interface=sfp1
add bridge=bridge-local interface=wlan
add bridge=bridge-local interface=ether2
/ip address
add address=192.168.88.1/24 comment="default configuration" interface=\
    bridge-local network=192.168.88.0
/ip dhcp-client
add comment=Internet dhcp-options=hostname,clientid disabled=no interface=\
    vlan-internet use-peer-ntp=no
add add-default-route=no comment=IPTV dhcp-options=hostname,clientid \
    disabled=no interface=vlan-iptv use-peer-dns=no use-peer-ntp=no
/ip dhcp-server network
add address=192.168.88.0/24 comment="default configuration" dns-server=\
    192.168.88.1 gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip dns static
add address=192.168.88.1 name=router
/ip firewall connection tracking
set enabled=yes
/ip firewall filter
add chain=input
add chain=forward
add chain=output
/ip firewall nat
add action=masquerade chain=srcnat comment=Internet out-interface=\
    vlan-internet src-address=192.168.88.0/24
add action=masquerade chain=srcnat comment=IPTV out-interface=vlan-iptv \
    src-address=192.168.88.0/24
/ip route
add distance=1 dst-address=185.6.48.0/26 gateway=vlan-iptv
/ip service
set telnet address=192.168.88.0/24
set ftp address=192.168.88.0/24
set www address=192.168.88.0/24
set ssh address=192.168.88.0/24
set api address=192.168.88.0/24
set winbox address=192.168.88.0/24
set api-ssl address=192.168.88.0/24
/ip smb
set domain=THUIS interfaces=bridge-local
/ip upnp
set allow-disable-external-interface=no
/lcd
set backlight-timeout=5m default-screen=stats
/lcd interface
set sfp1 disabled=yes
set ether1-wan disabled=yes
set ether2 disabled=yes
set ether3 disabled=yes
set ether4 disabled=yes
set ether5 disabled=yes
set ether6-master-local disabled=yes
set ether7-slave-local disabled=yes
set ether8-slave-local disabled=yes
set ether9-slave-local disabled=yes
set ether10-test disabled=yes
set wlan timeout=5s
add interface=bridge-local timeout=5s
add interface=vlan-internet timeout=5s
add interface=vlan-iptv timeout=5s
/lcd interface pages
add interfaces=vlan-internet,vlan-iptv,bridge-local,wlan
/routing igmp-proxy
set query-interval=1m5s quick-leave=yes
/routing igmp-proxy interface
add alternative-subnets=0.0.0.0/0 interface=vlan-iptv upstream=yes
add interface=bridge-local
/system clock
set time-zone-name=Europe/Amsterdam
/system identity
set name=AquaRouter
/system lcd
set contrast=0 enabled=no port=parallel type=24x4
/system lcd page
set time disabled=yes display-time=5s
set resources disabled=yes display-time=5s
set uptime disabled=yes display-time=5s
set packets disabled=yes display-time=5s
set bits disabled=yes display-time=5s
set version disabled=yes display-time=5s
set identity disabled=yes display-time=5s
set vlan-iptv disabled=yes display-time=5s
set vlan-internet disabled=yes display-time=5s
set bridge-local disabled=yes display-time=5s
set wlan disabled=yes display-time=5s
set sfp1 disabled=yes display-time=5s
set ether1-wan disabled=yes display-time=5s
set ether2 disabled=yes display-time=5s
set ether3 disabled=yes display-time=5s
set ether4 disabled=yes display-time=5s
set ether5 disabled=yes display-time=5s
set ether6-master-local disabled=yes display-time=5s
set ether7-slave-local disabled=yes display-time=5s
set ether8-slave-local disabled=yes display-time=5s
set ether9-slave-local disabled=yes display-time=5s
set ether10-test disabled=yes display-time=5s
/system logging
add topics=debug
/system ntp client
set enabled=yes primary-ntp=82.193.117.90
/tool graphing
set store-every=hour
/tool graphing interface
add interface=vlan-internet
add interface=bridge-local
add interface=wlan
add interface=vlan-iptv
/tool graphing resource
add
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=ether2
add interface=ether3
add interface=ether4
add interface=ether5
add interface=ether6-master-local
add interface=ether7-slave-local
add interface=ether8-slave-local
add interface=ether9-slave-local
add interface=ether10-test
add interface=sfp1
add interface=wlan
add interface=bridge-local
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2
add interface=ether3
add interface=ether4
add interface=ether5
add interface=ether6-master-local
add interface=ether7-slave-local
add interface=ether8-slave-local
add interface=ether9-slave-local
add interface=ether10-test
add interface=sfp1
add interface=wlan
add interface=bridge-local
 
xavierc
just joined
Posts: 8
Joined: Mon Apr 21, 2014 8:42 pm

Re: Dual VLAN on WAN DHCP Client Issue

Mon Aug 11, 2014 1:47 pm

I think your nat configuration is wrong for IPTV, the source address ip range should be different.

add action=masquerade chain=srcnat comment=Internet out-interface=\
vlan-internet src-address=192.168.88.0/24
add action=masquerade chain=srcnat comment=IPTV out-interface=vlan-iptv \
src-address=192.168.88.0/24
 
peeter123
just joined
Topic Author
Posts: 5
Joined: Tue Jul 22, 2014 8:58 pm

Re: Dual VLAN on WAN DHCP Client Issue

Mon Aug 11, 2014 6:02 pm

No I don't think that is the problem. The STBs are in my normal LAN and traffic to the the IPTV gateway should be natted. Even if I disable the NAT rules ping from my router to Google does not work. Tonight I will try to do a packet sniff with Wireshark to figure out what is wrong.

BTW Mikrotik support does also not know whats wrong. They fiddled a bit over remote access but ofcourse my internet drops the moment you enable the DHCP client so they cannot really debug.
 
peeter123
just joined
Topic Author
Posts: 5
Joined: Tue Jul 22, 2014 8:58 pm

Re: Dual VLAN on WAN DHCP Client Issue

Wed Aug 13, 2014 5:49 pm

Finally figured out the problem. Turns out my ISP did not allow the same MAC on the IPTV and Internet VLANs. The IP acquired first would be released if another dhcp request came in from the same MAC, even on another VLAN... Who would have thought that, my ISP has just some things misconfigured. Will contact them about this behaviour.

Now I also needed some ugly hack to change my MAC address on one of the interfaces because RouterOS does not allow change of MAC on the VLAN interfaces (correct behaviour I think).

Anyway thanks for your help!
 
User avatar
jayd2k
newbie
Posts: 45
Joined: Tue Sep 10, 2013 6:46 am
Location: Philippines

Re: [SOLVED] Dual VLAN on WAN DHCP Client Issue

Fri Aug 15, 2014 6:11 am

Cool, thanks for sharing your solution and properly resolving your thread :)
By 2016 total internet traffic will be 3x 2011

Who is online

Users browsing this forum: reman6110 and 50 guests