Community discussions

MikroTik App
 
idanmikos
just joined
Topic Author
Posts: 19
Joined: Thu Nov 01, 2018 2:45 pm
Location: Bucharest

DHCP server problem

Tue Mar 10, 2020 8:56 pm

Hi all,

I am using a RB2011 routerboard with dhcp server range configured as 192.168.1.10-192.168.1.254
I have attached here some winbox print screens that hope will help.

Unfortunately some LAN clients (windows 10 desktops) acquire their IP from the old default range 192.168.88.10/254
It all started a day ago, with one particular desktop, and today (after a RB reboot) another desktop went on this old 88 IP.
Obviously, having this IP they have no access to internet...

How is this possible and how can I fix this?
There is the very same wrong IP acquired if I reboot the desktops, reset their network or disable/enable this adapter.

In order to have a working network I had to manually assign fixed IP's for these crazy desktops.

Thank you for any advice.
Dan
PS. I am quite novice in Mkt configuration.
You do not have the required permissions to view the files attached to this post.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 5107
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: DHCP server problem

Tue Mar 10, 2020 9:23 pm

Oh its definitely you LOL or at least your config.
Please post config
open up terminal window.
type
/export hide-sensitive file=yourconfig

Then go to the file menu, download the file
Open it in wordpadd++
Copy and paste the text here using the code tags above (black square with white brackets)

ensure you delete your WANIP if still noted in DHCP Client. ( i also remove mac address of my router etc...)
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
MTUNA Certified, by the Ascerbic Llama!
 
idanmikos
just joined
Topic Author
Posts: 19
Joined: Thu Nov 01, 2018 2:45 pm
Location: Bucharest

Re: DHCP server problem

Tue Mar 10, 2020 10:07 pm

Thank you for your support, Anav.
Here is my config. Hope it is fine...
# mar/10/2020 21:49:25 by RouterOS 6.46.4
# software id = 1T8G-P35U
#
# model = 2011UiAS-2HnD
# serial number = 63FA05E5DABF
/caps-man channel
add band=2ghz-g/n control-channel-width=20mhz name=channel2
add band=5ghz-n/ac control-channel-width=20mhz name=channel5
/interface bridge
add admin-mac=E5:5D:5C:05:5E:65 arp=proxy-arp auto-mac=no fast-forward=no \
    name=bridge-local
/interface ethernet
set [ find default-name=ether1 ] comment="ISP 1" name=ether1-ISP1 speed=\
    100Mbps
set [ find default-name=ether2 ] name=ether2-master-local speed=100Mbps
set [ find default-name=ether3 ] name=ether3-slave-local speed=100Mbps
set [ find default-name=ether4 ] name=ether4-slave-local speed=100Mbps
set [ find default-name=ether5 ] comment="ISP 2" name=ether5-ISP2 speed=\
    100Mbps
set [ find default-name=ether6 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=\
    ether6-master-local
set [ find default-name=ether7 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=\
    ether7-slave-local
set [ find default-name=ether8 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=\
    ether8-slave-local
set [ find default-name=ether9 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=\
    ether9-slave-local
set [ find default-name=ether10 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=\
    ether10-slave-local
/interface wireless
# managed by CAPsMAN
# channel: 2447/20-Ce/gn(16dBm), SSID: netis, CAPsMAN forwarding
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce \
    country=romania distance=indoors frequency=auto mode=ap-bridge ssid=netis \
    wireless-protocol=802.11
/caps-man datapath
add bridge=bridge-local name=datapath1
/caps-man security
add authentication-types=wpa-psk,wpa2-psk encryption=aes-ccm name=security1
/caps-man configuration
add channel=channel2 channel.band=2ghz-g/n comment="idan capsman config" \
    country=romania datapath=datapath1 datapath.bridge=bridge-local distance=\
    indoors hw-retries=4 max-sta-count=20 name=cfg1 security=security1 \
    security.authentication-types=wpa-psk,wpa2-psk security.encryption=\
    aes-ccm ssid=netis
add channel=channel5 channel.band=5ghz-n/ac comment=\
    "idan capsman config 5GHz" country=romania datapath=datapath1 \
    datapath.bridge=bridge-local distance=indoors hw-retries=4 max-sta-count=\
    40 name=cfg2 security=security1 ssid=netis5
/interface list
add exclude=dynamic name=discover
add name=mactel
add name=mac-winbox
add name=WAN
/interface wireless channels
add band=2ghz-b/g/n frequency=2412 list=1 name=ch1 width=20
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys \
    supplicant-identity=MikroTik
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-128-cbc
/ip pool
add name=dhcp ranges=192.168.1.10-192.168.1.254
add name=VPN_pool ranges=192.168.1.90-192.168.1.98
/ip dhcp-server
add address-pool=dhcp authoritative=after-2sec-delay disabled=no interface=\
    bridge-local name=default
/ppp profile
add dns-server=193.231.236.25,193.231.236.30 local-address=VPN_pool name=\
    VPN_profile remote-address=VPN_pool
/snmp community
set [ find default=yes ] addresses=0.0.0.0/0
/caps-man access-list
add action=accept allow-signal-out-of-range=10s disabled=yes signal-range=\
    -70..120 ssid-regexp=""
add action=reject allow-signal-out-of-range=10s disabled=yes signal-range=\
    -120..71 ssid-regexp=""
/caps-man manager
set enabled=yes
/caps-man manager interface
set [ find default=yes ] forbid=yes
add comment="idan config" disabled=no interface=bridge-local
/caps-man provisioning
add action=create-dynamic-enabled comment="idan configuration" \
    hw-supported-modes=gn master-configuration=cfg1 name-format=identity
add action=create-dynamic-enabled hw-supported-modes=ac,an \
    master-configuration=cfg2 name-format=identity
/interface bridge port
add bridge=bridge-local interface=ether2-master-local
add bridge=bridge-local interface=ether6-master-local
add bridge=bridge-local hw=no interface=sfp1
add bridge=bridge-local interface=wlan1
add bridge=bridge-local interface=ether3-slave-local
add bridge=bridge-local interface=ether4-slave-local
add bridge=bridge-local interface=ether7-slave-local
add bridge=bridge-local interface=ether8-slave-local
add bridge=bridge-local interface=ether9-slave-local
add bridge=bridge-local interface=ether10-slave-local
/ip neighbor discovery-settings
set discover-interface-list=discover
/interface list member
add interface=sfp1 list=discover
add interface=ether2-master-local list=discover
add interface=ether3-slave-local list=discover
add interface=ether4-slave-local list=discover
add interface=ether5-ISP2 list=discover
add interface=ether6-master-local list=discover
add interface=ether7-slave-local list=discover
add interface=ether8-slave-local list=discover
add interface=ether9-slave-local list=discover
add interface=ether10-slave-local list=discover
add interface=wlan1 list=discover
add interface=bridge-local list=discover
add interface=ether2-master-local list=mactel
add interface=ether3-slave-local list=mactel
add interface=ether2-master-local list=mac-winbox
add interface=ether4-slave-local list=mactel
add interface=ether3-slave-local list=mac-winbox
add interface=ether5-ISP2 list=mactel
add interface=ether4-slave-local list=mac-winbox
add interface=ether6-master-local list=mactel
add interface=ether5-ISP2 list=mac-winbox
add interface=ether7-slave-local list=mactel
add interface=ether6-master-local list=mac-winbox
add interface=ether8-slave-local list=mactel
add interface=ether7-slave-local list=mac-winbox
add interface=ether9-slave-local list=mactel
add interface=ether10-slave-local list=mactel
add interface=sfp1 list=mactel
add interface=ether8-slave-local list=mac-winbox
add interface=wlan1 list=mactel
add interface=ether9-slave-local list=mac-winbox
add interface=bridge-local list=mactel
add interface=ether10-slave-local list=mac-winbox
add interface=sfp1 list=mac-winbox
add interface=wlan1 list=mac-winbox
add interface=bridge-local list=mac-winbox
add interface=ether1-ISP1 list=WAN
/interface pptp-server server
set authentication=chap,mschap1,mschap2 default-profile=VPN_profile enabled=\
    yes mrru=1500
/interface wireless cap
# 
set bridge=bridge-local discovery-interfaces=bridge-local enabled=yes \
    interfaces=wlan1
/ip address
add address=192.168.1.1/24 comment="default configuration" interface=\
    ether2-master-local network=192.168.1.0
add address=8x.xxx.251./25 interface=ether1-ISP1 network=8x.xxx.xxx.128
/ip arp
add address=192.168.1.99 interface=bridge-local mac-address=Ex:Dx:xx:xx:xx:9D
/ip dhcp-client
add comment="default configuration" interface=ether1-ISP1
add add-default-route=no disabled=no interface=ether5-ISP2
/ip dhcp-server lease
add address=192.168.1.33 client-id=1:18:60:24:99:fd:96 comment=\
    "Desktop HP" mac-address=1x:xx:xx:xx:xx:xx server=default
add address=192.168.1.110 comment="Xeorx WorkCenter" mac-address=\
    9x:xx:xx:xx:xx:xx server=default
add address=192.168.1.12 client-id=1:cx:xx:xx:xx:xx:13 comment=\
    "CAP_ac Ground floor" mac-address=Cx:xx:xx:xx:3x:13 server=default
add address=192.168.1.11 client-id=1:6x:xx:xx:xx:xx:15 mac-address=\
    6x:xx:xx:xx:xx:15 server=default
add address=192.168.1.22 client-id=1:cx:xx:xx:xx:xx:5b comment=\
    "CAP_ac First floor" mac-address=Cx:xx:xx:xx:xx:5B server=default
/ip dhcp-server network
add address=192.168.1.0/24 comment="default configuration" gateway=\
    192.168.1.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=\
    193.231.236.25,193.231.236.30,193.231.100.134,193.231.100.130
/ip dns static
add address=192.168.1.1 name=router
/ip firewall filter
add action=accept chain=input comment="default configuration" protocol=icmp
add action=accept chain=input comment="PPTP VPN" dst-port=1723 protocol=tcp
add action=accept chain=input comment="default configuration" \
    connection-state=established,related
add action=accept chain=input comment=Winbox dst-port=8291 protocol=tcp
add action=drop chain=input comment="default configuration" in-interface=\
    ether1-ISP1
add action=fasttrack-connection chain=forward comment="default configuration" \
    connection-state=established,related
add action=accept chain=forward comment="default configuration" \
    connection-state=established,related
add action=drop chain=forward comment="default configuration" \
    connection-state=invalid
add action=drop chain=forward comment="default configuration" \
    connection-nat-state=!dstnat connection-state=new in-interface=\
    ether1-ISP1
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" \
    out-interface=ether1-ISP1
add action=masquerade chain=srcnat out-interface=ether5-ISP2
/ip route
add distance=1 gateway=86.120.134.129
add check-gateway=ping distance=2 gateway=192.168.100.1
/ip ssh
set allow-none-crypto=yes forwarding-enabled=remote
/lcd interface pages
set 0 interfaces="sfp1,ether1-ISP1,ether2-master-local,ether3-slave-local,ethe\
    r4-slave-local,ether5-ISP2,ether6-master-local,ether7-slave-local,ether8-s\
    lave-local,ether9-slave-local,ether10-slave-local"
/ppp secret
add name=ppp1 profile=VPN_profile service=pptp
/system clock
set time-zone-name=Europe/Bucharest
/system identity
set name=netis
/tool mac-server
set allowed-interface-list=mactel
/tool mac-server mac-winbox
set allowed-interface-list=mac-winbox
 
mkx
Forum Guru
Forum Guru
Posts: 4620
Joined: Thu Mar 03, 2016 10:23 pm

Re: DHCP server problem

Wed Mar 11, 2020 11:00 am

I'd look for another DHCP server in your network ... if you do a wireshark trace on one of windows clients that reverted to 192.168.88.x, then you should be able to find out DHCP server's MAC address which should lead you to the device in question.

BTW, you may want to change this setting:
/ip dhcp-server
add address-pool=dhcp authoritative=after-2sec-delay disabled=no interface=bridge-local name=default
The highlighted part only delays assignment (and leaves room for other DHCP server to kick in). Or even lets DHCP clients to freak out as if there wasn't any DHCP server available). You can try to set it to authoritative=yes ...
BR,
Metod
 
idanmikos
just joined
Topic Author
Posts: 19
Joined: Thu Nov 01, 2018 2:45 pm
Location: Bucharest

Re: DHCP server problem

Wed Mar 11, 2020 4:40 pm

Thanks, Mkx.

I have changed authoritative to YES, as you suggested.

There is no other dhcp server on this network. We have just one router - the RB2011.
From where does this zombie 88 dhcp might come I have no idea.
Could it be something related to CAP's?
 
mkx
Forum Guru
Forum Guru
Posts: 4620
Joined: Thu Mar 03, 2016 10:23 pm

Re: DHCP server problem

Wed Mar 11, 2020 4:48 pm

If there's some "zombie" DHCP server, you should be able to find it according to its MAC address.
The other possibility for those 192.168.88.x addresses is that they're cached in devices and DHCP server isn't able to reject those leases and send out new leases ... due to many reasons. I don't want to start guessing which it is ....
BR,
Metod
 
idanmikos
just joined
Topic Author
Posts: 19
Joined: Thu Nov 01, 2018 2:45 pm
Location: Bucharest

Re: DHCP server problem

Wed Mar 11, 2020 6:12 pm

Apparently there is a faulty CAP.
Since I do not have direct access at this location I have just noticed (via winbox) that one of the CAP's has no IP in the lease list of RB2011.
It may have lost its configuration due to ac-electric power failure.
Starting a winbox via a local computer have shown that this cap has the default 88.1 IP.
Is it possible that this cap may act as dhcp?
How could I revert it remotely at the normal config?
 
mkx
Forum Guru
Forum Guru
Posts: 4620
Joined: Thu Mar 03, 2016 10:23 pm

Re: DHCP server problem

Thu Mar 12, 2020 10:45 am

Is it possible that this cap may act as dhcp?
How could I revert it remotely at the normal config?
It sure can be DHCP server, SOHO models by default run DHCP server on their LAN devices by default.

Can you connect to that CAP using winbox MAC connectivity? (On the list of discovered devices, click device's MAC address instead of its IP address.) If not, then configure management PC with IP address 192.168.88.x and use it to connect to offending CAP.

It could be that somebody rebooted that CAP while holding reset button pressed - making it to reset to factory defaults.
BR,
Metod
 
idanmikos
just joined
Topic Author
Posts: 19
Joined: Thu Nov 01, 2018 2:45 pm
Location: Bucharest

Re: DHCP server problem

Sat Mar 14, 2020 2:28 am

I had to pull out this Cap and make a hardware reset, since it wasn't showing up with its mac in winbox, no ssid broadcasting (like it should).
It is very unlikely that someone would have been able to make a reset. All colleagues are nice and the device was fixed in a highly unaccesibile location.
Thank you for all your assistance.
 
User avatar
macsrwe
Forum Veteran
Forum Veteran
Posts: 969
Joined: Mon Apr 02, 2007 5:43 am
Location: Arizona, USA
Contact:

Re: DHCP server problem

Mon Mar 16, 2020 9:55 pm

I have found that very dirty power failures (where power fluctuates off/on several times close together at just the right delay) can scramble configurations of many devices, including MikroTiks, up to and including full factory reset.
 
User avatar
ctop
just joined
Posts: 18
Joined: Tue Sep 03, 2019 11:13 pm
Location: Edmonton

Re: DHCP server problem

Wed Apr 01, 2020 7:16 am

Apparently there is a faulty CAP.
Since I do not have direct access at this location I have just noticed (via winbox) that one of the CAP's has no IP in the lease list of RB2011.
It may have lost its configuration due to ac-electric power failure.
Starting a winbox via a local computer have shown that this cap has the default 88.1 IP.
Is it possible that this cap may act as dhcp?
How could I revert it remotely at the normal config?
Can't beleive it but this just happened to me - found the bad Metal52 giving out default IP's

Who is online

Users browsing this forum: Baidu [Spider], LSan83, tdw and 55 guests