Community discussions

MikroTik App
 
User avatar
axe50397
Trainer
Trainer
Topic Author
Posts: 39
Joined: Sat Jun 18, 2016 1:47 pm
Location: Paris, France
Contact:

CHR blocking DHCP offers on bridge ports

Sun Dec 23, 2018 8:30 pm

I'm trying to replicate my company's network on GNS3, using only CHR routers (for all our physical RB951), and I'm having an odd issue where CHR router with bridged port (so it should act as a switch) is forwarding DHCP Requests, but blocking DHCP Offers, and when setting a host IP address manually, the gateway (not the next hop) is unreachable.

Here is the topology:
Image

Explanations:
- GW has 1 DHCP-server for each port (eth3, eth4, eth5), the range is written in the top left corner of the colored rectangle boxes.
- GW has NO firewall rules, in filter, NAT or mangle, except: src-nat / masquerade in NAT.
- VPCS in TRH and Office subnets can communicate with GW, with each other and outside.
- The problem is in the Wifi subnet. As you can see, there are 3 IPs on ether5 on GW (10.10.5.1/30, 10.10.5.5/30, 192.168.0.1/24)
-- Wifi-1 has default route set to: 0.0.0.0/0 -> 10.10.5.1 . It can be pinged, can ping GW and outside.
-- Wifi-1 has all its ports bridged together (ether1 [trusted] and ether2), DHCP-snooping enabled.
-- Wifi-1 only has 1 IP on ether1 (10.10.5.2/30).
-- PC-Wifi-1 sends DHCP-Requests to Wifi-1 which forwards them to GW. (Captured between Wifi-1 and GW)
-- GW sends back DHCP-Offers broadcasted (Captured between Wifi-1 and GW)
-- DHCP-Offers aren't forwarded back to PC-Wifi-1 (Only discovers are captured)

Something else odd, after setting manually an IP on PC-Wifi-1 (192.168.0.250/24, gateway 192.168.0.1), 192.168.0.1 and 10.10.5.1, 5.2 are all unreachable.

Did I miss anything? I thought bridging all ports would let everything passthrough Wifi-1, including L2 broadcast packets...

IRL, the Wifi-1 and Wifi-2 (and many others) are wireless routers (RB951) connected the same way but configured as CAPs to CAPSMAN on GW, and are currently perfectly working. IRL, Wifi-1 also has a ptp IP on a different subnet than what CAPSMAN is giving to wifi clients, gateway also being the GW IP and not the CAP's IP.

Thanks for your assistance
You do not have the required permissions to view the files attached to this post.

Who is online

Users browsing this forum: No registered users and 18 guests