DHCP Problem with RB1100AHx4

krafg · Mon Jun 11, 2018 8:45 pm

Hi, I have configured 8 DHCP Servers (One per vlan) and sometimes some computers can't get IP address from DHCP.

Get:

IP:169.254.143.47
Netmask: 255.255.0.0 (Only I have /24 and one /22)
Gateway: 192.168.70.1 (Always the Correct gateway)

ROS 6.42.3 is installed.

What's wrong?

leoservices · Tue Jun 12, 2018 1:08 am

If possible, please paste your colors here.

Use export

krafg · Tue Jun 12, 2018 1:52 am

[admin@RB1100AHx4] > export
# jun/11/2018 18:45:25 by RouterOS 6.42.3
# software id = AQF2-A2M6
#
# model = RouterBOARD 1100x4
# serial number = 7931086A9D80
/interface ethernet
set [ find default-name=ether1 ] name=ether1-WAN
/interface vlan
add interface=ether2 name=vlan10-Salas vlan-id=10
add interface=ether3 name=vlan15-Alumnos vlan-id=15
add interface=ether4 name=vlan20-Administrativos vlan-id=20
add interface=ether5 name=vlan30-Docentes vlan-id=30
add interface=ether6 name=vlan40-CCTV vlan-id=40
add interface=ether7 name=vlan50-Wireless vlan-id=50
add interface=ether8 name=vlan60-TI vlan-id=60
add interface=ether9 name=vlan70-Youtube vlan-id=70
add interface=ether10 name=vlan100-Nativa vlan-id=100
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip firewall layer7-protocol
add name=Facebook regexp="^.+(facebook.com).*\$"
add name=Youtube regexp="^.+(youtube.com).*\$"
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-128-cbc,3des
/ip pool
add name=dhcp_pool0 ranges=10.0.10.2-10.0.10.254
add name=dhcp_pool1 ranges=10.0.15.2-10.0.15.254
add name=dhcp_pool2 ranges=10.0.20.2-10.0.20.254
add name=dhcp_pool3 ranges=10.0.30.2-10.0.30.254
add name=dhcp_pool4 ranges=10.0.40.2-10.0.40.254
add name=dhcp_pool5 ranges=10.0.48.2-10.0.51.200
add name=dhcp_pool6 ranges=10.0.60.5-10.0.60.254
add name=dhcp_pool7 ranges=10.0.70.2-10.0.70.254
add name=pool_vpn ranges=10.0.200.1-10.0.200.10
/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface=vlan10-Salas name=dhcp1
add address-pool=dhcp_pool1 disabled=no interface=vlan15-Alumnos name=dhcp2
add address-pool=dhcp_pool2 disabled=no interface=vlan20-Administrativos name=dhcp3
add address-pool=dhcp_pool3 disabled=no interface=vlan30-Docentes name=dhcp4
add address-pool=dhcp_pool4 disabled=no interface=vlan40-CCTV name=dhcp5
add address-pool=dhcp_pool5 disabled=no interface=vlan50-Wireless name=dhcp6
add address-pool=dhcp_pool6 disabled=no interface=vlan60-TI name=dhcp7
add address-pool=dhcp_pool7 disabled=no interface=vlan70-Youtube name=dhcp8
/ppp profile
add dns-server=10.0.60.2,10.0.100.1 local-address=10.0.100.1 name=profile1 remote-address=pool_vpn
/interface l2tp-server server
set enabled=yes
/ip address
add address=10.0.100.1/24 interface=vlan100-Nativa network=10.0.100.0
add address=10.0.10.1/24 interface=vlan10-Salas network=10.0.10.0
add address=10.0.15.1/24 interface=vlan15-Alumnos network=10.0.15.0
add address=10.0.20.1/24 interface=vlan20-Administrativos network=10.0.20.0
add address=10.0.30.1/24 interface=vlan30-Docentes network=10.0.30.0
add address=10.0.40.1/24 interface=vlan40-CCTV network=10.0.40.0
add address=10.0.48.1/22 interface=vlan50-Wireless network=10.0.48.0
add address=10.0.60.1/24 interface=vlan60-TI network=10.0.60.0
add address=10.0.70.1/24 interface=vlan70-Youtube network=10.0.70.0
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=ether1-WAN
/ip dhcp-server lease
add address=10.0.20.251 comment="Pamela San Mart\EDn" mac-address=4C:72:B9:7C:EC:2D server=dhcp3
add address=10.0.20.252 comment="Porter\EDa" mac-address=00:25:AB:8C:BA:46 server=dhcp3
add address=10.0.30.251 comment="Carlos Zelada" mac-address=10:78:D2:28:92:3F server=dhcp4
add address=10.0.30.252 comment="ComputeStick Publicidad 1" mac-address=50:3E:AA:41:E0:B1 server=dhcp4
add address=10.0.30.253 comment="ComputeStick Publicidad 2" mac-address=50:3E:AA:44:0F:D5 server=dhcp4
add address=10.0.60.253 always-broadcast=yes comment="PC Don Eduardo" mac-address=70:54:D2:C5:38:37 server=dhcp7
add address=10.0.60.254 comment="PC Marcelo" mac-address=70:54:D2:C5:35:CF server=dhcp7
add address=10.0.48.101 comment="Data Movil 01" mac-address=7C:8B:CA:1D:55:F3 server=dhcp6
add address=10.0.48.102 comment="Data Movil 02" mac-address=7C:8B:CA:1B:03:43 server=dhcp6
/ip dhcp-server network
add address=10.0.10.0/24 dns-server=10.0.60.2,10.0.10.1 domain=stdominic.cl gateway=10.0.10.1 wins-server=10.0.60.2
add address=10.0.15.0/24 dns-server=10.0.60.2,10.0.15.1 domain=stdominic.cl gateway=10.0.15.1 wins-server=10.0.60.2
add address=10.0.20.0/24 dns-server=10.0.60.2,10.0.20.1 domain=stdominic.cl gateway=10.0.20.1 wins-server=10.0.60.2
add address=10.0.30.0/24 dns-server=10.0.60.2,10.0.30.1 domain=stdominic.cl gateway=10.0.30.1 wins-server=10.0.60.2
add address=10.0.40.0/24 dns-server=10.0.60.2,10.0.40.1 domain=stdominic.cl gateway=10.0.40.1 wins-server=10.0.60.2
add address=10.0.48.0/22 dns-server=10.0.60.2,10.0.48.1 domain=stdominic.cl gateway=10.0.48.1 wins-server=10.0.60.2
add address=10.0.60.0/24 dns-server=10.0.60.2,10.0.60.1 domain=stdominic.cl gateway=10.0.60.1 wins-server=10.0.60.2
add address=10.0.70.0/24 dns-server=10.0.60.2,10.0.70.1 domain=stdominic.cl gateway=10.0.70.1 wins-server=10.0.60.2
/ip dns
set allow-remote-requests=yes servers=10.0.60.2
/ip dns static
add address=10.0.60.2 name=stdominic.cl
/ip firewall address-list
add address=10.0.10.0/24 list=Youtube
add address=10.0.48.1-10.0.48.100 list=Youtube
add address=10.0.60.1-252 list=Youtube
add address=10.0.10.0/24 list=Facebook
add address=10.0.20.1-250 list=Facebook
add address=10.0.20.252-254 list=Facebook
add address=10.0.30.252-254 list=Facebook
add address=10.0.30.1-250 list=Facebook
add address=10.0.48.0/22 list=Facebook
add address=10.0.60.0/24 list=Facebook
add address=10.0.70.0/24 list=Facebook
add address=10.0.48.103-10.0.51.254 list=Youtube
add address=10.0.20.252-254 list=Youtube
add address=10.0.30.1-250 list=Youtube
add address=10.0.30.252-254 list=Youtube
add address=10.0.20.1-250 list=Youtube
/ip firewall filter
add action=accept chain=forward comment="Vlan 15 - Todos - Permitir Youtube" layer7-protocol=Youtube src-address=10.0.15.0/24
add action=accept chain=forward comment="Vlan 20 - Pamela San Mart\EDn - Permitir Facebook" layer7-protocol=Facebook src-address=10.0.20.251
add action=accept chain=forward comment="Vlan 20 - Pamela San Mart\EDn - Permitir Youtube" layer7-protocol=Youtube src-address=10.0.20.251
add action=accept chain=forward comment="Vlan 30 - Carlos Zelada - Permitir Facebook" layer7-protocol=Facebook src-address=10.0.30.251
add action=accept chain=forward comment="Vlan 30 - Carlos Zelada - Permitir Youtube" layer7-protocol=Youtube src-address=10.0.30.251
add action=accept chain=forward comment="Vlan 50 - Data Movil 01 - Permitir Youtube" layer7-protocol=Youtube src-address=10.0.48.101
add action=accept chain=forward comment="Vlan 50 - Data Movil 02 - Permitir Youtube" layer7-protocol=Youtube src-address=10.0.48.102
add action=accept chain=forward comment="Vlan 60 - Don Eduardo - Permitir Youtube" layer7-protocol=Youtube src-address=10.0.60.253
add action=accept chain=forward comment="Vlan 60 - Marcelo - Permitir Youtube" layer7-protocol=Youtube src-address=10.0.60.254
add action=accept chain=forward comment="Vlan 70 - Todos - Permitir Youtube" layer7-protocol=Youtube src-address=10.0.70.0/24
add action=drop chain=forward comment="Bloquear Youtube" layer7-protocol=Youtube src-address-list=Youtube
add action=drop chain=forward comment="Bloquear Facebook" layer7-protocol=Facebook src-address-list=Facebook
/ip firewall nat
add action=masquerade chain=srcnat comment="Salida a Internet" out-interface=ether1-WAN
add action=dst-nat chain=dstnat comment="NAT Intranet" dst-port=7777 in-interface=ether1-WAN protocol=tcp to-addresses=10.0.60.3 to-ports=81
add action=dst-nat chain=dstnat comment="NAT Portal de Padres y Apoderados" dst-port=7778 in-interface=ether1-WAN protocol=tcp to-addresses=10.0.60.3 to-ports=82
add action=dst-nat chain=dstnat comment="NAT WinBox" dst-port=8291 in-interface=ether1-WAN protocol=tcp to-addresses=10.0.100.1
add action=dst-nat chain=dstnat comment="NAT MikroTik" dst-port=8888 in-interface=ether1-WAN protocol=tcp to-addresses=10.0.100.1 to-ports=80
add action=dst-nat chain=dstnat comment="NAT Nagios" dst-port=8889 in-interface=ether1-WAN protocol=tcp to-addresses=10.0.60.4 to-ports=80
/ip ipsec peer
add address=0.0.0.0/0 dh-group=modp1024 generate-policy=port-override secret="\XXXXXXXXXXXXXXXX"
/ip service
set telnet disabled=yes
set ftp disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ppp secret
add name=XXXXXXXXXXXXXXXX password="XXXXXXXXXXXXXXXX" profile=profile1 service=l2tp
/system clock
set time-zone-name=America/Santiago
/system identity
set name=RB1100AHx4
/system ntp client
set enabled=yes primary-ntp=200.54.149.19 secondary-ntp=200.1.19.4
/system routerboard settings
set silent-boot=no
/system scheduler
add interval=30s name=Dyndns on-event=Dyndns policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=jan/01/2018 start-time=00:00:00
/system script
add name=Dyndns owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":global ddnsuser \"XXXXXXXXXXXXXXXX"\r\
    \n:global ddnspass \"XXXXXXXXXXXXXXXX"\r\
    \n:global theinterface \"ether1-WAN\"\r\
    \n:global ddnshost1 XXXXXXXXXXXXXXXX\r\
    \n:global ipddns\r\
    \n:global ipfresh [ /ip address get [/ip address find interface=\$theinterface ] address ]\r\
    \n:if ([ :typeof \$ipfresh ] = nil ) do={\r\
    \n   :log info (\"DynDNS: No ip address on \$theinterface .\")\r\
    \n} else={\r\
    \n   :for i from=( [:len \$ipfresh] - 1) to=0 do={ \r\
    \n      :if ( [:pick \$ipfresh \$i] = \"/\") do={ \r\
    \n    :set ipfresh [:pick \$ipfresh 0 \$i];\r\
    \n      } \r\
    \n}\r\
    \n \r\
    \n:if (\$ipddns != \$ipfresh) do={\r\
    \n    :log info (\"DynDNS: IP-DynDNS = \$ipddns\")\r\
    \n    :log info (\"DynDNS: IP-Fresh = \$ipfresh\")\r\
    \n   :log info \"DynDNS: Update IP needed, Sending UPDATE...!\"\r\
    \n   :global str1 \"/nic/update\\\?hostname=\$ddnshost1&myip=\$ipfresh&wildcard=NOCHG&mx=NOCHG&backmx=NOCHG\"\r\
    \n   /tool fetch address=members.dyndns.org src-path=\$str1 mode=http user=\$ddnsuser password=\$ddnspass dst-path=(\"/DynDNS.\".\$ddnshost1)\r\
    \n    :delay 1\r\
    \n    :global str1 [/file find name=\"DynDNS.\$ddnshost1\"];\r\
    \n    /file remove \$str1\r\
    \n    :global ipddns \$ipfresh\r\
    \n  :log info \"DynDNS: IP updated to \$ipfresh!\"\r\
    \n    } else={\r\
    \n     :log info \"DynDNS: dont need changes\";\r\
    \n    }\r\
    \n} "
[admin@RB1100AHx4] >

krafg · Thu Jun 14, 2018 2:43 am

With ROS 6.42 the problem persists.

Regards.

krafg · Wed Jan 16, 2019 2:16 pm

I changed all switches to Cisco SF-300 and all it's OK!

Using ROS 6.42.5 and 6.43, all perfect.

Regards.

DHCP Problem with RB1100AHx4 [SOLVED]

DHCP Problem with RB1100AHx4

Re: DHCP Problem with RB1100AHx4

Re: DHCP Problem with RB1100AHx4

Re: DHCP Problem with RB1100AHx4

Re: DHCP Problem with RB1100AHx4 [SOLVED]

Who is online