Community discussions

MikroTik App
 
robkampen
newbie
Topic Author
Posts: 32
Joined: Mon Aug 05, 2019 10:44 pm

router port does not give correct dhcp address

Thu Jun 24, 2021 3:23 am

I am setting up a new network and have an RB4011iGS+5HacQ2HnD running RouterOS 6.45.9
I have three bridges set up for three vlans (10,20 and 30)
I have three address pools - 192.168.128.32-192.168.128.191 for bridge10, 192.168.131.32-192.168.131.191 for bridge20, and 192.168.130.32-192.168.130.191 for bridge30
I have added various interfaces to the bridges via /interface>bridge>port.
Thus interface ether6-IOT is added to bridge30 and thus I expect the connected device to get a dhcp address in the 192.168.130.0/24 subnet - but I get 192.168.128.191
I am confused about the switch component that is visible on the ethernet interfaces.
My searches about disabling switch only show up solutions about master-port but that no longer exists in ROS v6.45
RB4011sanitised.rsc
What have I missed / messed up?
TIA
Rob
You do not have the required permissions to view the files attached to this post.
 
robkampen
newbie
Topic Author
Posts: 32
Joined: Mon Aug 05, 2019 10:44 pm

Re: router port does not give correct dhcp address <solved>

Thu Jun 24, 2021 3:28 am

Sorry for the noise - I miss traced the cables and what was connected where.
All DHCP is working as expected.
Not enough sleep in the last few days.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: router port does not give correct dhcp address

Thu Jun 24, 2021 3:39 am

Your config is one big bloated mess though LOL. (your config has diabetes)
One bridge
identify all vlans with interface to the single bridge
Vlans require ip address, dhcp server, dhcp server network and IP pool
Assign bridge ports'
Assign bridge vlan settings
Reduce simplify firewall rules simply atrocious.
Set bridge vlan filtering to enabled.
also simplify all nat rules (including hairpin nat rule).

PPPOE doesnt need to be on any vlan unless the ISP demands it, otherwise its just plain vanilla setup for either cable, fiber or pppoe.

What is the purpose of the mangling.......
Last edited by anav on Thu Jun 24, 2021 3:41 am, edited 1 time in total.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: router port does not give correct dhcp address

Thu Jun 24, 2021 3:40 am

If you accept some suggestion, move estabilished and related on top of chain rules.......... oh...
anav the pleasure is all yours... ;)
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: router port does not give correct dhcp address

Thu Jun 24, 2021 4:13 am

Jajaja I was tempted to reconfigure it for the poor soul but the idea of sleep is much more alluring at the moment, so I can dream about rowing through the canals of Venice!!!
 
robkampen
newbie
Topic Author
Posts: 32
Joined: Mon Aug 05, 2019 10:44 pm

Re: router port does not give correct dhcp address

Sun Aug 01, 2021 12:28 pm

Your config is one big bloated mess though LOL. (your config has diabetes)
One bridge
identify all vlans with interface to the single bridge
Vlans require ip address, dhcp server, dhcp server network and IP pool
Assign bridge ports'
Assign bridge vlan settings
Reduce simplify firewall rules simply atrocious.
Set bridge vlan filtering to enabled.
also simplify all nat rules (including hairpin nat rule).

PPPOE doesnt need to be on any vlan unless the ISP demands it, otherwise its just plain vanilla setup for either cable, fiber or pppoe.

What is the purpose of the mangling.......
OK, accepted its large, just not sure where or how I can trim.
Both the ISP need to have vlan = 10 for their pppoe - hence the setup as it is.
The mangle is for tagging connections/packets for bandwidth limiting the wifi and IOT client devices, so the server doesn't get left with insufficient bandwidth to serve our internet clients.
I have four hAPac devices throughout the site and need to keep LAN / WIFI / IOT traffic for the connected devices separate - hence three vlans and bridges for that. Also have an ultra secure admin-bridge that I access via an OpenVPN client so I can securely access the IMM interface on the server. I also use a similar kind of setup on a site I manage half way around the planet with 10 MT devices across three buildings - it works, never touch it, totally reliable and secure since 2016 - even did a remote upgrade of the main router from a CRS226-24G-2S+-IN to a CCR1036-12G-4S - just had someone on site to swap cables one at a time as instructed.
As you can no doubt tell, this setup is the result of many different google / wiki / forum examples, It would be great if the wiki actually had some "best practice" examples that covered more than a single simple topic, because as you stitch them all together you get something like what I currently have.
At the moment I am in the "let's get it going" phase. refinement is on my to-do list.
Thanks for looking and responding.
Since I posted this I have tried adding dual stack for IPv6, (first time playing with IPv6) so now it REALLY IS big.
IPv6 seems flaky and unreliable, whereas the IPv4 "just works" - that's probably down to my inexperience with IPv6. I can get it up and working, for a while, and then it fails, some random time after a reboot. Reboot and all is well again...rinse and repeat - needless to say - this is unacceptable.
I have watched numerous MUM youtube videos in an effort to understand better, but find most of them difficult to follow, and for some cannot read the slides thus get lost along the way.
Not sure where to from here, happy to research, read, learn and try things, but I am finding it hard to find reliable input and examples.
e.g. for multi AP wifi at a single client site - 1 example says use same SSID for all AP, another says also use single SSID for both 2GHz and 5GHz but different frequencies for each AP.
another example says use the same frequencies on every AP and same SSID, yet another says handover from one AP to another drops packets if you do this, another says use CAPS-MAN and so I am left wondering what to do, with limited time and ability to test different setups.
Sorry for the rant, just finding it really difficult to get this new client's setup working like it should - close, but not reliable like it should be, yet.
Thanks for your time.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: router port does not give correct dhcp address

Sun Aug 01, 2021 4:53 pm

Hi there,
Appreciate you have a large scenario to deal with and many moving parts.
How bout the approach be to setup the config WITHOUT MANGLING to start.
In other words get it up and running and clean without bandwidth limitations and mangling first.
Then introduce that afterwards from a good base - working config.
 
robkampen
newbie
Topic Author
Posts: 32
Joined: Mon Aug 05, 2019 10:44 pm

Re: router port does not give correct dhcp address

Mon Aug 02, 2021 1:01 pm

Hi there,
Appreciate you have a large scenario to deal with and many moving parts.
How bout the approach be to setup the config WITHOUT MANGLING to start.
In other words get it up and running and clean without bandwidth limitations and mangling first.
Then introduce that afterwards from a good base - working config.
That is exactly what I did, thus the IP4 side of things seems to be doing just what I want, then I added the mangling to constrain the bandwidth and the change-mss
Then after a few days I started adding IPv6 and after much learning and many wrong turns got it mostly working.
I say mostly, because there is just one(?) major issue remaining.
Our server cannot reach the outside world (WAN) via IPv6. It can when I reboot the router (RB4011) but then it fails after a few minutes.
I can always ping6 in and out of the router - local and WAN, Initially I can still ping6 from WAN to router and other workstation connected on a ether-trunk connected hAPac. I can even ping6 to the server for a bit longer, but then that stops, as does the ping6 from WAN into the LAN. Unfortunately I cannot just keep rebooting the router so it is difficult to say just how long the degradation process takes, as doing all the tests takes some time.
The server then gives

PING 2620:fe::fe(2620:fe::fe) 56 data bytes
From 2406:e100:a900:c080::1 icmp_seq=2 Time exceeded: Hop limit

but a ping from the router itself or from the other workstation behind the hAPac works just fine.
A simple router reboot and all is fine again ... for a short while.
Both the server and the other workstation are CentOS 7 with identical network config for IPv6 other than actual address.
The IPv6 routing remains identical throughout.
A traceroute6 from the server then gives

traceroute to 2620:fe::fe (2620:fe::fe), 30 hops max, 80 byte packets
1 ID_RB4011 (2406:e100:a900:c080::1) 0.430 ms 0.371 ms 0.322 ms
2 ID_AP3 (2406:e100:a900:c080::5) 0.289 ms 0.299 ms 0.292 ms
3 * * *

no idea why it tries to route via the AP (this is the device that hosts the other workstation).
Attached is a new sanitised export for the router.
sanitised_export.rsc
At a bit of a loss about how to proceed from this point.
Oops, just found that the ping6 from WAN to all devices is working again .... unsure what makes this fail and then work ...
The ping6 from server to WAN remains as shown above unless I reboot the router.
Any ideas appreciated.
You do not have the required permissions to view the files attached to this post.

Who is online

Users browsing this forum: Bing [Bot], holvoetn and 88 guests