Community discussions

MikroTik App
 
mdj2000
just joined
Topic Author
Posts: 23
Joined: Mon Aug 22, 2022 5:50 pm
Location: Italy

DHCP offering lease [ip] for [mac] without success

Fri May 05, 2023 9:54 pm

Hello, I'm writing here to solve a problem I have on an interface to which an alarm system is connected.

The base is RBD52G-5HacD2HnD (hap ac2), and through the winbox side logs I notice these problems:
1) server1 offering IP lease for MAC without success
2) ether2 link down/up (where the alarm interface is connected)
3) server1 deassigned IP from MAC
4) server1 assigned IP from MAC
by IP I mean static ip that assigns to the interface with that MAC address
Alarm interface side, through the logs, at the same known time:
1) IP network failure
2) dhcp failed
I add that it is not a physical problem as I also changed the patch getting the same error. the dhcp server assigns other addresses statically to different clients and all of these I have not found any kind of problem in the logs.

If you need further details of my mikrotik configuration I am at your disposal. What I can tell you is: alarm side ethernet interface get ip automatically via dhcp, router side dhcp lease on the mac address of the alarm.

Where is it that I'm wrong? How can I fix? Thanks to anyone who can help me
 
User avatar
bpwl
Forum Guru
Forum Guru
Posts: 2978
Joined: Mon Apr 08, 2019 1:16 am

Re: DHCP offering lease [ip] for [mac] without success

Sat May 06, 2023 1:02 am

????????????????????? can't follow, don't understand your desciption.
1: what is server1? What MAC is this here ? (alarm, ethernet hAP, which ethernet, bridged? )
2. ether2 down. Because set down/up by command? Or just happens ? Cable disconnect/connect ?
3. deassigned ? It was not assigned. Or has DHCP server given up the offering?
4. assigned. Now it succeeded? Or not ?
Client side
1. Network failure or no traffic because no IP address ?
2. DHCP failed.? It failed in point 2 and/or 3 above. Related failure?

Check:
- is IP address for DHCP lease used already?
- Does alarm have same static IP address already set?
- When as test static IP given to alarm, can you then communicate ?
- Are there other DHCP servers in the network?
- using a wifi repeater or extender between hAP and alarm ?
- what is bridged together? Ether2 on bridge ? What else?
 
Simonej
Frequent Visitor
Frequent Visitor
Posts: 56
Joined: Sun Aug 22, 2021 3:34 am

Re: DHCP offering lease [ip] for [mac] without success

Sat May 06, 2023 2:59 am

Don't know if this is the same case, but I too have received a lot of similar logs.
Are you using v7.9? It should have improved the situation.
 
arm920t
Frequent Visitor
Frequent Visitor
Posts: 61
Joined: Sat Aug 03, 2019 8:02 am

Re: DHCP offering lease [ip] for [mac] without success

Sat May 06, 2023 4:40 am

no soluation
Snipaste_2023-05-06_09-36-25.png
You do not have the required permissions to view the files attached to this post.
 
mdj2000
just joined
Topic Author
Posts: 23
Joined: Mon Aug 22, 2022 5:50 pm
Location: Italy

Re: DHCP offering lease [ip] for [mac] without success

Sat May 06, 2023 4:36 pm

????????????????????? can't follow, don't understand your desciption.
1: what is server1? What MAC is this here ? (alarm, ethernet hAP, which ethernet, bridged? )
2. ether2 down. Because set down/up by command? Or just happens ? Cable disconnect/connect ?
3. deassigned ? It was not assigned. Or has DHCP server given up the offering?
4. assigned. Now it succeeded? Or not ?
Client side
1. Network failure or no traffic because no IP address ?
2. DHCP failed.? It failed in point 2 and/or 3 above. Related failure?

Check:
- is IP address for DHCP lease used already?
- Does alarm have same static IP address already set?
- When as test static IP given to alarm, can you then communicate ?
- Are there other DHCP servers in the network?
- using a wifi repeater or extender between hAP and alarm ?
- what is bridged together? Ether2 on bridge ? What else?
I was actually a bit too general.

1) the "server1" is the dhcp server that offers a static ip to the "MAC" interface of the alarm
2) ethernet2 to which this alarm interface is physically connected has no physical cable problems. Probably, but this is only a guess, the interface of the alarm not having some kind of response from the router, carries out a disabling and a re-enabling of its own interface. Up & Down is not caused by the router in short
3/4) from the attached mikrotik log, I see that at a certain point the IP assigned by DHCP is deassigned, I don't understand why. Sometimes after deassignment the dhcp server reassigns it, other times not by displaying the : without success
for controls:
- the IP address is not already assigned to other devices. In addition, the dhcp dynamically has a range pool from 100 to 199. 200 is part of the static addresses
- the alarm has a dynamic IP ethernet interface configuration. The router through its MAC address (and it is always the same) assigns it the IP address I defined in 200
- when the interface is up, I can communicate until the connection drops, therefore a communication in periods of time that are not very defined and clear
- there are no other DHCP servers in the network, it's at the home level with about ten clients
- the connection between the alarm and hap ac2 is physical, with a few meters long ethernet cable patch, and is physically perfect (already tried and tested also with other cables). There are no repeaters between them
- on the bridge there are all the ethernet interfaces plus the wlan ones (ether1 is the WAN, all the other LANs, public INTERFACE and IP configuration)

Isn't it just for the ether2 interface (alarm) that I have to configure a particular dhcp lease? Anyway, thanks for the help and replies

/interface bridge
add admin-mac=18:FD:*** auto-mac=no name=bridge1
/interface ethernet
set [ find default-name=ether1 ]
set [ find default-name=ether2 ]
set [ find default-name=ether3 ]
set [ find default-name=ether4 ]
set [ find default-name=ether5 ]
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
***
/interface wireless
***
/interface bridge port
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
add bridge=bridge1 interface=wlan5
add bridge=bridge1 interface=wlan2
/interface list member
add interface=ether1 list=WAN
add interface=ether2 list=LAN
add interface=ether3 list=LAN
add interface=ether4 list=LAN
add interface=ether5 list=LAN
add interface=wlan5 list=LAN
add interface=wlan2 list=LAN
add interface=bridge1 list=LAN
/interface wireless access-list
***

/ip pool
add name=pool1 ranges=192.168.88.100-192.168.88.199
/ip dhcp-server
add address-pool=pool1 disabled=no interface=bridge1 lease-time=1h name=server1
/ip dhcp-server lease
***
add address=192.168.88.200 mac-address=00:03:*** server=server1
***
/ip dhcp-server network
add address=192.168.88.0/24 dns-server=192.168.88.1 gateway=192.168.88.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=192.168.88.254
/ip neighbor discovery-settings
set discover-interface-list=all
/ip route
add distance=1 gateway=192.168.88.254
You do not have the required permissions to view the files attached to this post.
 
User avatar
bpwl
Forum Guru
Forum Guru
Posts: 2978
Joined: Mon Apr 08, 2019 1:16 am

Re: DHCP offering lease [ip] for [mac] without success

Sat May 06, 2023 10:40 pm

Just reacting quickly (not fully controlled) because having ether1 (named a your wan) on the lan-bridge is a potential confusion/problem.
Just a quick extra check.
If the uplink wan device (192.168.88.254?) would be offering a DHCP lease ... to ether1 ... it is offering it to the bridge, and to all interfaces and devices on those interfaces connected to the bridge.

ether1 is member of the WAN interface list, however this will not be used. Ether1 is a port on the bridge, and the bridge is member of the interface list LAN. So ... ether1 is a (sub)member of the LAN interface list.

ether1 till ether5 and wlan2 and wlan5, all form just 1 (ONE!) LAN network. There should not be another DHCP server on your ether1 ! (Quick check)

And what is the role of 192.168.88.1 (this AP) and 192.168.88.254 ? This router 192.168.88.1 goes to 192.168.88.254 as default gateway, but clients go to 192.168.88.1 as default gateway, and all are directly connected in the same broadcast domain (L2 network) ???
 
mdj2000
just joined
Topic Author
Posts: 23
Joined: Mon Aug 22, 2022 5:50 pm
Location: Italy

Re: DHCP offering lease [ip] for [mac] without success

Sun May 07, 2023 12:55 am

Just reacting quickly (not fully controlled) because having ether1 (named a your wan) on the lan-bridge is a potential confusion/problem.
Just a quick extra check.
If the uplink wan device (192.168.88.254?) would be offering a DHCP lease ... to ether1 ... it is offering it to the bridge, and to all interfaces and devices on those interfaces connected to the bridge.

ether1 is member of the WAN interface list, however this will not be used. Ether1 is a port on the bridge, and the bridge is member of the interface list LAN. So ... ether1 is a (sub)member of the LAN interface list.

ether1 till ether5 and wlan2 and wlan5, all form just 1 (ONE!) LAN network. There should not be another DHCP server on your ether1 ! (Quick check)

And what is the role of 192.168.88.1 (this AP) and 192.168.88.254 ? This router 192.168.88.1 goes to 192.168.88.254 as default gateway, but clients go to 192.168.88.1 as default gateway, and all are directly connected in the same broadcast domain (L2 network) ???
on ether1 an SRXT is connected which through its LTE interface gives me the connection via internet. That's why it's a WAN (I hope this setting is correct).
The IP address on ether1 is 192.168.88.254 and is assigned by the SXTR itself from the IP address on its bridge interface. No DHCP server configured on SXTR and no DHCP lease on HAP for this interface (bridge). So all clients connected to the HAP ask him for IP (DHCP server), DNS (by redirecting to SXTR), and gateway (always HAP if I want to communicate with another client on the same network).
 
User avatar
bpwl
Forum Guru
Forum Guru
Posts: 2978
Joined: Mon Apr 08, 2019 1:16 am

Re: DHCP offering lease [ip] for [mac] without success

Sun May 07, 2023 2:10 pm

OK. Check is all good.

Just a comment ... when your clients want to connect to internet, they will go to the hAP for routing. The hAP will reply with a ICMP-redirect telling the client to use 192.168.88.254 as gateway.
Not all clients may react equally well on this ICMP-redirect.
viewtopic.php?t=139465&hilit=ICMP+redirect
I want to communicate with another client on the same network
All devices in 192.168.88.0/24 subnet will not need or use a gateway (192.168.88.1 or 192.168.88.254) for communication between them.
For the hAP they are all on the same interface, the bridge interface.
(The other interfaces are slave interfaces to the bridge only.) So for the hAP the SRXT and clients are on the same interface.

And now you may be totally confused:
The clients need the hAP as "bridge" (Layer 2, broadcast domain) to communicate. They do not need the hAP as "router" ( Layer 3, IP routing) to communicate with anything in the same subnet 192.168.88.0/24 , And the router to internet is the SXT (192.168.88.254).
That's why it's a WAN (I hope this setting is correct).
That setting is not used. ether1 is as slave interface part of the LAN interface list., because the bridge is.
Anyway traffic over the bridge interfaces does not use the IP firewall of the hAP, unless set as special option.in the bridge.
 
mdj2000
just joined
Topic Author
Posts: 23
Joined: Mon Aug 22, 2022 5:50 pm
Location: Italy

Re: DHCP offering lease [ip] for [mac] without success

Sun May 07, 2023 8:32 pm

OK. Check is all good.

Just a comment ... when your clients want to connect to internet, they will go to the hAP for routing. The hAP will reply with a ICMP-redirect telling the client to use 192.168.88.254 as gateway.
Not all clients may react equally well on this ICMP-redirect.
viewtopic.php?t=139465&hilit=ICMP+redirect
I want to communicate with another client on the same network
All devices in 192.168.88.0/24 subnet will not need or use a gateway (192.168.88.1 or 192.168.88.254) for communication between them.
For the hAP they are all on the same interface, the bridge interface.
(The other interfaces are slave interfaces to the bridge only.) So for the hAP the SRXT and clients are on the same interface.

And now you may be totally confused:
The clients need the hAP as "bridge" (Layer 2, broadcast domain) to communicate. They do not need the hAP as "router" ( Layer 3, IP routing) to communicate with anything in the same subnet 192.168.88.0/24 , And the router to internet is the SXT (192.168.88.254).
That's why it's a WAN (I hope this setting is correct).
That setting is not used. ether1 is as slave interface part of the LAN interface list., because the bridge is.
Anyway traffic over the bridge interfaces does not use the IP firewall of the hAP, unless set as special option.in the bridge.
I can understand that in ICMP requests not all clients would understand the addressing from the HAP gateway (192.168.88.1) to the SXTR (192.168.88.254). I don't have any filtering enabled on the bridge, nor are there any firewall rules set on the HAP. The ones I have are only on the SXTR and are the default ones.
In the meantime, I'm posting the list of interfaces on the HAP (I hope they're fine as I configured them) and I'm doing some tests on the alarm. That is, I deactivated the dhcp lease on the HAP DHCP server and assigned a static ip address in the alarm interface. This time however the IP is still the same (192.168.88.200) but the DNS and the GATEWAY are pointing directly to the SXTR (192.168.88.254). Let's see how it performs but I have my doubts. I was convinced that I could fix it with some special setting in the DHCP server (lease only for example). Thanks for the reply
You do not have the required permissions to view the files attached to this post.
 
User avatar
bpwl
Forum Guru
Forum Guru
Posts: 2978
Joined: Mon Apr 08, 2019 1:16 am

Re: DHCP offering lease [ip] for [mac] without success

Sun May 07, 2023 10:20 pm

I know. RouterOS allows you to set this Interface list membership on every interface.
But once an interface is a port of a bridge, it is only a port of that bridge, and is not seen anymore as an interface by RouterOS.

viewtopic.php?t=122222#p601238
viewtopic.php?t=191402

This interface will not accept DHCP client, as it is a port on the bridge, not an interface. (correctly blocked by RouterOS mgmt)
Interface will accept an IP address , but that IP address will be used by the bridge instead.
Ethern, being a port of a bridge, added to an "Interface List" as member, that information will not be used in say the Firewall, as that ethern is now a port of the bridge, not a separate interface. All traffic via the bridge for L3 (like for the IP Firewall) comes from the bridge, with the bridge MAC address. The Interface Membership of the bridge will be used in the rules. For the IP Firewall It does not come from the ethern interface as independent interface.
 
mdj2000
just joined
Topic Author
Posts: 23
Joined: Mon Aug 22, 2022 5:50 pm
Location: Italy

Re: DHCP offering lease [ip] for [mac] without success

Wed May 10, 2023 8:58 pm

I know. RouterOS allows you to set this Interface list membership on every interface.
But once an interface is a port of a bridge, it is only a port of that bridge, and is not seen anymore as an interface by RouterOS.

viewtopic.php?t=122222#p601238
viewtopic.php?t=191402

This interface will not accept DHCP client, as it is a port on the bridge, not an interface. (correctly blocked by RouterOS mgmt)
Interface will accept an IP address , but that IP address will be used by the bridge instead.
Ethern, being a port of a bridge, added to an "Interface List" as member, that information will not be used in say the Firewall, as that ethern is now a port of the bridge, not a separate interface. All traffic via the bridge for L3 (like for the IP Firewall) comes from the bridge, with the bridge MAC address. The Interface Membership of the bridge will be used in the rules. For the IP Firewall It does not come from the ethern interface as independent interface.
I write after a few days so at least update you on the situation. I don't think of pulling the ether2 interface out of the bridge and then creating another dhcp server that assigns it just one static ip address. And I don't even think there are any errors at l2 ICMP. In reality, the alarm interface, monitored through the torch, is constantly in communication with its server. These because I know I can manage them remotely via app, think of alerts, notifications, etc. I first set a static IP directly on the alarm with ip 200 and the gateway and dns pointing to 254 (for fear of ICMP requests). Then I redid everything focusing everything on IP 1 or HaP. The result hasn't changed, that's why I discard the ICMP problem. At the moment this is the configuration that I have left. At least I no longer have any DHCP errors in the LOG. All I have left is the interface logs on the HAP that go up and down at unclear times, sometimes every minute and sometimes after hours. How come? Can I remove the port from the bridge? I attach LOG and as usual thank you
 
User avatar
bpwl
Forum Guru
Forum Guru
Posts: 2978
Joined: Mon Apr 08, 2019 1:16 am

Re: DHCP offering lease [ip] for [mac] without success

Wed May 10, 2023 10:29 pm

All I have left is the interface logs on the HAP that go up and down at unclear times, sometimes every minute and sometimes after hours. How come? Can I remove the port from the bridge?
Still guessing what is happening in your setup.

Removing ether2 from the bridge, will change the setup from a single "bridged" L2 network, to a "routed" L3 network, with 2 separate L2 broadcast domains, needing different subnets for each L2, and routing setup.

Issue sits probably somewhere in a detail of your configuration. (If not could be in the connectors, cable or alarm device)
For someone to help, there is a need to have all information. Someone may spot what is the cause.
(Not everything is caused by the config: e.g. duplicate MAC address in the network somewhere, RSTP enabled and spanning tree transition, ...)

So to help following material is needed ("=terminal commands to extract")
1. LOG file :" /log print file=yourfilename"
2. Full config of the HAP." / export hide-sensitive file=yoursecondfilename " . Mask any confidential information if you need to.
But don't leave out if not needed. e.g. what is that wireless log in the line before the ethernet down ?

Download from Files, and use attachments to upload here.
 
mdj2000
just joined
Topic Author
Posts: 23
Joined: Mon Aug 22, 2022 5:50 pm
Location: Italy

Re: DHCP offering lease [ip] for [mac] without success

Thu May 11, 2023 2:49 pm

All I have left is the interface logs on the HAP that go up and down at unclear times, sometimes every minute and sometimes after hours. How come? Can I remove the port from the bridge?
Still guessing what is happening in your setup.

Removing ether2 from the bridge, will change the setup from a single "bridged" L2 network, to a "routed" L3 network, with 2 separate L2 broadcast domains, needing different subnets for each L2, and routing setup.

Issue sits probably somewhere in a detail of your configuration. (If not could be in the connectors, cable or alarm device)
For someone to help, there is a need to have all information. Someone may spot what is the cause.
(Not everything is caused by the config: e.g. duplicate MAC address in the network somewhere, RSTP enabled and spanning tree transition, ...)

So to help following material is needed ("=terminal commands to extract")
1. LOG file :" /log print file=yourfilename"
2. Full config of the HAP." / export hide-sensitive file=yoursecondfilename " . Mask any confidential information if you need to.
But don't leave out if not needed. e.g. what is that wireless log in the line before the ethernet down ?

Download from Files, and use attachments to upload here.
As requested, I hope this will be very helpful in solving my problem. I made some small changes for privacy but if necessary I include more details if needed. Also this round I thank the supporters
You do not have the required permissions to view the files attached to this post.
 
User avatar
bpwl
Forum Guru
Forum Guru
Posts: 2978
Joined: Mon Apr 08, 2019 1:16 am

Re: DHCP offering lease [ip] for [mac] without success

Thu May 11, 2023 6:19 pm

Thank you. Lots of information ...

So first impression only ..

- please remove that "internet-detect" . It is known to give strange things. You have only one L3 interface, and that's the bridge. And that bridge is the LAN, and the path to internet, at the same time.

- "may/07 16:50:44 interface,info ether2 link down
may/07 16:50:50 interface,info ether2 link up (speed 100M, full duplex)
may/07 16:51:11 interface,info ether2 link down
may/07 16:51:14 interface,info ether2 link up (speed 100M, full duplex)
may/07 16:51:15 interface,info ether2 link down
may/07 16:51:16 interface,info ether2 link up (speed 100M, full duplex) "
etc etc etc looks more like a hardware problem, not a software problem. Hardware = ethernet interface, connector, cable, connector other side, alarm device

- "13:19:56 system,info,account user admin logged in from 192.168.88.52 via telnet
13:22:25 interface,info ether3 link down
13:22:28 interface,info ether3 link up (speed 1G, full duplex)
13:22:28 interface,info ether3 detect LAN
13:22:40 interface,info ether3 link down
13:22:43 interface,info ether3 link up (speed 1G, full duplex)
13:22:43 interface,info ether3 detect LAN
13:22:50 dhcp,info server1 deassigned 192.168.88.201 from ***
13:22:50 dhcp,info server1 assigned 192.168.88.201 to *** "

Something changed in the cabling; ether3 to that alarm device, or not? Well it is 1G now, could be other device or other cable.???
That "detect-internet" again.
 
mdj2000
just joined
Topic Author
Posts: 23
Joined: Mon Aug 22, 2022 5:50 pm
Location: Italy

Re: DHCP offering lease [ip] for [mac] without success

Thu May 11, 2023 6:47 pm

Detect internet has been disabled. Is the bridge configuration correct on LAN or should I set it to WAN?
Ether3 is another device (NVR), just today I made some changes and then I had to restart the device, but that's another story. Ether2 is the alarm interface and I assure you that it is not a physical level problem (because I tested the cable at work with a fluke network tester and it is ok).
Now the configuration of the ether2 interface on the alarm is on static ip. I did this so at least I no longer have the dhcp error but I always have and always had interface up and down (ether2)
 
User avatar
bpwl
Forum Guru
Forum Guru
Posts: 2978
Joined: Mon Apr 08, 2019 1:16 am

Re: DHCP offering lease [ip] for [mac] without success

Fri May 12, 2023 1:30 am

OK Thanks for the extra information.

Troubleshooting can take some time, and many checks. When the cause is found, then it is all obvious and simple, and one wonders why it was overlooked.

So what else could it be, that did not appear in the log?

Most direct cause for an interface to go down can be RSTP (spanning tree of the bridge). Why this happens in the middle of the night is yet a mystery.
Fastest check is to set the STP protocol of the bridge to "none".
AFAIK spanning tree transitions are not logged. There should be no loops in this simple setup.
Intermittent problems, like this ether2 down/up, are hard to diagnose. Looking at the data (eg sniffer) is enough for a different behaviour.

STP transition logging ? Not simple: viewtopic.php?t=73621#p527917
Read also: viewtopic.php?t=118150 (suggestions to disable "discovery")

"bridge" is also a possible topic for logging. But I did not find documentation about what this will log.
 
mdj2000
just joined
Topic Author
Posts: 23
Joined: Mon Aug 22, 2022 5:50 pm
Location: Italy

Re: DHCP offering lease [ip] for [mac] without success

Fri May 12, 2023 12:32 pm

OK Thanks for the extra information.

Troubleshooting can take some time, and many checks. When the cause is found, then it is all obvious and simple, and one wonders why it was overlooked.

So what else could it be, that did not appear in the log?

Most direct cause for an interface to go down can be RSTP (spanning tree of the bridge). Why this happens in the middle of the night is yet a mystery.
Fastest check is to set the STP protocol of the bridge to "none".
AFAIK spanning tree transitions are not logged. There should be no loops in this simple setup.
Intermittent problems, like this ether2 down/up, are hard to diagnose. Looking at the data (eg sniffer) is enough for a different behaviour.

STP transition logging ? Not simple: viewtopic.php?t=73621#p527917
Read also: viewtopic.php?t=118150 (suggestions to disable "discovery")

"bridge" is also a possible topic for logging. But I did not find documentation about what this will log.
Ok I'll try to do this last test, setting the STP protocol on the Bridge from RSTP to None. And I set the neighborboard discovery to none. I don't think I'd go any further than enabling STP traffic logging on the Bridge. At this point I think there is a defect in the firmware of the alarm ethernet interface, because in this simple configuration it is the only peripheral that gives me problems of this type. What to tell you? If ever one day I find a solution to the problem I will be the first to post the solution. Thank you, because you made me make some small improvements anyway.
 
mdj2000
just joined
Topic Author
Posts: 23
Joined: Mon Aug 22, 2022 5:50 pm
Location: Italy

Re: DHCP offering lease [ip] for [mac] without success  [SOLVED]

Fri Dec 15, 2023 9:32 pm

It's just an update to this post. Finally the problem was solved. Most likely I also understood the reason that it does not depend on Mikrotik hardware but rather on the alarm interface software. In reality the alarm firmware tries to connect to a server, in order to communicate its status in order to be able to control it remotely. If this connection was not efficient, the firmware itself will reset the network interface to restore the connection. The company responsible for this alarm finally carried out the appropriate checks to make everything more stable, and to date finally no more disconnections. Thanks to those who helped me anyway. Happy holidays and happy new year

Who is online

Users browsing this forum: blejzu, BrateloSlava, Omerik and 64 guests