Community discussions

MikroTik App
 
somu1795
just joined
Topic Author
Posts: 5
Joined: Wed Apr 14, 2021 10:26 am

Rouge DHCP assigned

Thu Sep 02, 2021 9:48 am

I have a very weird issue. I have 2 WAN connections with simple failover setup, nothing fancy. I have setup PPPOE on Ethernet 1 port and have a DCHP client running on ETH2 port for failover. The connection on ETH2 port comes from my local router ( a LHGG LTE6 ), the ETH1 connection comes from ISP. However I keep getting a IP assigned to ETH1 port intermittently ! when that happens, it adds a default route and I lose my internet connection. How do I disable DHCP client for that particular port or is there any other way to prevent this. I'm assuming this is some sort of misconfiguration from ISP's side.


Some more background INFO:
My ISP has contracts of two networks, basically its a small company who has leased connections from two Major ISPs. So earlier I had a static IP connection from my ISP where in I would just setup IP address and I would get internet. Later on I switched on to the PPPOE one (it had better plans) . but after switching I'm getting the aforementioned problems, and the IP that I'm assigned is not the one that I used to have earlier, it's something like 192.168.0.something.

Any help would be appreciable
 
erlinden
Forum Guru
Forum Guru
Posts: 1900
Joined: Wed Jun 12, 2013 1:59 pm
Location: Netherlands

Re: Rouge DHCP assigned

Thu Sep 02, 2021 9:50 am

Can you please share your config:
/export hide-sensitive file=anynameyoulike
 
somu1795
just joined
Topic Author
Posts: 5
Joined: Wed Apr 14, 2021 10:26 am

Re: Rouge DHCP assigned

Thu Sep 02, 2021 10:06 am

Can you please share your config:
/export hide-sensitive file=anynameyoulike
# sep/02/2021 12:30:11 by RouterOS 6.48.4
# software id = YFKI-GAYI
#
# model = RBD52G-5HacD2HnD
# serial number =
/interface bridge
add fast-forward=no name=bridge1
add fast-forward=no name=bridge2
/interface ethernet
set [ find default-name=ether1 ] mac-address=C4:70:0B:54:91:88 name=WAN1
set [ find default-name=ether2 ] advertise="10M-half,10M-full,100M-half,100M-f\
ull,1000M-half,1000M-full,2500M-full,10000M-full" name=WAN2
/interface pppoe-client
add disabled=no interface=WAN1 keepalive-timeout=60 name=pppoe-out1 \
use-peer-dns=yes user=xxxxxx
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa-psk,wpa2-psk eap-methods="" mode=dynamic-keys \
name=xxxxxx supplicant-identity=""
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \
country=no_country_set disabled=no frequency=auto frequency-mode=\
manual-txpower mode=ap-bridge security-profile=xxxxxx ssid=xxxxxx_bak \
wireless-protocol=802.11 wmm-support=enabled wps-mode=disabled
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=\
20/40/80mhz-eCee country=no_country_set frequency=5200 frequency-mode=\
manual-txpower mode=ap-bridge security-profile=xxxxxx ssid=xxxxxx_bak_5G \
wireless-protocol=802.11
/ip pool
add name=dhcp ranges=192.168.88.2-192.168.88.254
add name=dhcp_pool1 ranges=10.2.6.2-10.2.6.254
add name=dhcp_pool2 ranges=192.168.22.2-192.168.22.254
add name=dhcp_pool3 ranges=192.168.22.2-192.168.22.254
add name=dhcp_pool4 ranges=192.168.22.2-192.168.22.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge1 name=dhcp1
add address-pool=dhcp_pool2 disabled=no interface=bridge2 name=dhcp2
/interface bridge port
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether5
add bridge=bridge1 interface=ether4 multicast-router=disabled
add bridge=bridge2 interface=wlan1
add bridge=bridge1 interface=wlan2
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface detect-internet
set detect-interface-list=all
/interface list member
add interface=bridge1 list=LAN
add list=WAN
add list=WAN
/ip address
add address=192.168.88.1/24 interface=bridge1 network=192.168.88.0
add address=192.168.22.1/24 interface=wlan1 network=192.168.22.0
/ip dhcp-client
add add-default-route=no disabled=no interface=WAN2
/ip dhcp-server network
add address=192.168.22.0/24 gateway=192.168.22.1
add address=192.168.88.0/24 gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,1.1.1.1
/ip dns static
add address=104.16.248.249 name=cloudflare-dns.com ttl=2d
add address=104.16.249.249 name=cloudflare-dns.com ttl=2d
add address=8.8.8.8 name=dns.google ttl=2d
add address=8.8.4.4 name=dns.google ttl=2d
/ip firewall filter
add action=accept chain=input protocol=icmp
add action=accept chain=input connection-state=established
add action=accept chain=input connection-state=related
add action=drop chain=input in-interface-list=!LAN
add action=reject chain=forward connection-mark=WAN1_conn out-interface=WAN1 \
reject-with=icmp-network-unreachable
add action=reject chain=forward connection-mark=WAN2_conn out-interface=WAN2 \
reject-with=icmp-network-unreachable
add action=reject chain=forward disabled=yes dst-address=99.83.136.104 \
reject-with=icmp-network-unreachable
add action=drop chain=forward disabled=yes dst-address=75.2.66.166
/ip firewall mangle
add action=accept chain=prerouting comment=\
"Allow wlan1 devices to ping gateway" dst-address=192.168.22.1 \
src-address=192.168.22.0/24
add action=mark-routing chain=prerouting comment="For wlan1 to WAN2 " \
new-routing-mark=to_WAN2 passthrough=yes src-address=192.168.22.0/24
add action=accept chain=prerouting comment="========main config=======" \
in-interface=pppoe-out1
add action=accept chain=prerouting in-interface=WAN2
add action=mark-connection chain=prerouting connection-mark=no-mark \
in-interface=WAN1 new-connection-mark=WAN1_conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark \
in-interface=WAN2 new-connection-mark=WAN2_conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=\
yes dst-address-type=!local in-interface=bridge1 new-connection-mark=\
WAN1_conn passthrough=no per-connection-classifier=both-addresses:2/0
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=\
yes dst-address-type=!local in-interface=bridge1 new-connection-mark=\
WAN2_conn passthrough=yes per-connection-classifier=both-addresses:2/1
add action=mark-routing chain=prerouting connection-mark=WAN1_conn \
in-interface=bridge1 new-routing-mark=to_WAN1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN2_conn \
in-interface=bridge1 new-routing-mark=to_WAN2 passthrough=yes
add action=mark-routing chain=output connection-mark=WAN1_conn \
new-routing-mark=to_WAN1 passthrough=yes
add action=mark-routing chain=output connection-mark=WAN2_conn \
new-routing-mark=to_WAN2 passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat out-interface=pppoe-out1
add action=masquerade chain=srcnat out-interface=WAN2
/ip route
add check-gateway=ping comment=ISP2 distance=1 gateway=192.168.99.1 \
routing-mark=to_WAN2
add check-gateway=ping comment=ISP1 distance=1 gateway=pppoe-out1 \
routing-mark=to_WAN1
add check-gateway=ping comment=Netwatch distance=1 dst-address=1.1.1.1/32 \
gateway=pppoe-out1 routing-mark=to_WAN1 scope=10
add check-gateway=ping comment=ISP1 distance=1 gateway=pppoe-out1
add check-gateway=ping comment=ISP2 distance=2 gateway=192.168.99.1
/system clock
set time-zone-name=Asia/Kolkata
/system logging
add disabled=yes topics=dns
/system scheduler
add interval=10s name=schedule1 on-event=":if ([/ping 1.1.1.1 count=10 size=64\
\_interval=2s]=0) do={\r\
\n\t/ip route disable [find comment=ISP1] \r\
\n :log error \"Script:ISP1 down!!\"\r\
\n} else={\r\
\n :if (/ip route [find comment=ISP1]=enabled) do={\r\
\n :log error \"script:ISP1 up!\";}\r\
\nelse={\r\
\n :log warning \"routes disabled, enabling....\"\r\
\n /ip route enable [find comment=ISP1] \r\
\n:log error \"script:ISP1 up!\"}\r\
\n}" policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-time=startup
/tool graphing interface
add
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
/tool netwatch
add disabled=yes down-script=\
"/ip route disable [find comment=ISP1] \r\
\n:log error \"ISP1 down!!\"" host=1.1.1.1 interval=5s up-script=\
"/ip route enable [find comment=ISP1] \r\
\n:log error \"ISP1 up!!\""
add disabled=yes down-script="/ip route disable [find comment=ISP2] \r\
\n" host=1.0.0.1 interval=10s up-script=\
"/ip route enable [find comment=ISP2] \r\
\n"
/tool sniffer
set filter-ip-address=192.168.88.140/32 filter-stream=yes streaming-enabled=\
yes streaming-server=192.168.88.249
 
sid5632
Long time Member
Long time Member
Posts: 552
Joined: Fri Feb 17, 2017 6:05 pm

Re: Rouge DHCP assigned

Thu Sep 02, 2021 11:59 am

Is the DHCP client dynamic? Turn off detect-internet on all interfaces.
And don't put IP addresses on interfaces that are also bridged (wlan1).
And clean up those DHCP pools.

"/export terse" is much easier to read as well.
 
somu1795
just joined
Topic Author
Posts: 5
Joined: Wed Apr 14, 2021 10:26 am

Re: Rouge DHCP assigned

Fri Sep 03, 2021 7:32 pm

Is the DHCP client dynamic? Turn off detect-internet on all interfaces.
And don't put IP addresses on interfaces that are also bridged (wlan1).
And clean up those DHCP pools.

"/export terse" is much easier to read as well.
Thanks!!
I turned off internet detection.
It hasn't happened since , I'll wait and keep checking on that.
And yes I cleared the extra pools and removed IP from wlan and assigned to bridge.

Who is online

Users browsing this forum: BrianTax, own3r1138, rplant, st3lios and 64 guests