Community discussions

MikroTik App
 
underdog
just joined
Topic Author
Posts: 19
Joined: Fri Nov 05, 2021 2:00 pm

CSS610-8P-2S+IN DHCP Settings issue

Sat Aug 13, 2022 11:12 am

Hi,
I got the new PoE Switch CSS610-8P-2S+IN and there seem to be a bug in the GUI that prevents me from (re-)enabling the DHCP & PPPoE snooping settings. Let me explain.

1. Reset Configuration; go to system tab DHCP & PPPoE Snooping Trusted Ports are all checked. Everything is fine.
2. System tab: disable and enable Watchdog, just do something to be able to get the "Apply All" Button. Then click the "Apply All" Button. All looks good.
3. Go to any other tab and back to the System tab: In DHCP & PPPoE Snooping all Trusted Ports are unchecked.

And the Switch blocks my DHCP Server on the SFP1 Port.

Also I cannot enable the Trusted Ports. I checked them all, pressed the "Apply All" Button, all looks good, but after switching tabs the Trusted Ports are all unchecked.

A reset configuration re-enables the DHCP Trusted Ports.
 
User avatar
k6ccc
Forum Guru
Forum Guru
Posts: 1015
Joined: Fri May 13, 2016 12:01 am
Location: Glendora, CA, USA (near Los Angeles)

Re: CSS610-8P-2S+IN DHCP Settings issue

Mon Aug 15, 2022 9:49 pm

Unable to duplicate on any of my three CSS326-24G-2S+RM switches running SwOS 2.13 or with my CRS326-24G-2S+RM that is running SwOS 2.13
What version of SwOS are you running?
RB4011iGS+, RB750Gr3, RB750r2, CRS326-24G-2S (in SwitchOS), CSS326-24G-2S, CSS106-5G-1S, RB260GS
Not sure if I beat them into submission, or they beat me into submission

Warning: I know enough to be dangerous...

Jim
 
underdog
just joined
Topic Author
Posts: 19
Joined: Fri Nov 05, 2021 2:00 pm

Re: CSS610-8P-2S+IN DHCP Settings issue

Mon Aug 15, 2022 11:49 pm

The CSS610-8P-2S+IN runs SwOS Lite 2.15
I know it is otherwise unreleased.
 
User avatar
k6ccc
Forum Guru
Forum Guru
Posts: 1015
Joined: Fri May 13, 2016 12:01 am
Location: Glendora, CA, USA (near Los Angeles)

Re: CSS610-8P-2S+IN DHCP Settings issue

Tue Aug 16, 2022 12:50 am

Ah.
RB4011iGS+, RB750Gr3, RB750r2, CRS326-24G-2S (in SwitchOS), CSS326-24G-2S, CSS106-5G-1S, RB260GS
Not sure if I beat them into submission, or they beat me into submission

Warning: I know enough to be dangerous...

Jim
 
underdog
just joined
Topic Author
Posts: 19
Joined: Fri Nov 05, 2021 2:00 pm

Re: CSS610-8P-2S+IN DHCP Settings issue

Tue Aug 16, 2022 7:13 am

Thanks for your confirmation that it should normally work.
So it is either a bug, or a hardware defect.

It would be good if an other owner of this box, or somebody from the Mikrotik team, could check if it is software issue or not.
 
becs
MikroTik Support
MikroTik Support
Posts: 493
Joined: Thu Jul 07, 2011 8:26 am

Re: CSS610-8P-2S+IN DHCP Settings issue

Tue Aug 16, 2022 11:00 am

Hello,
We can confirm this DHCP & PPPoE snooping software problem. It is specific to the CSS610-8P-2S+IN model and SwOS Lite 2.15 version.
Please contact MikroTik support via Support Help Desk System (https://mikrotik.com/support) to solve this issue until the new SwOS Lite version is released.
 
underdog
just joined
Topic Author
Posts: 19
Joined: Fri Nov 05, 2021 2:00 pm

Re: CSS610-8P-2S+IN DHCP Settings issue

Tue Aug 16, 2022 2:33 pm

@becs thanks for confirmation. It is great that this problem could be reproduced by you guys and is being worked on.
 
gwynbleidd
just joined
Posts: 2
Joined: Sun Mar 13, 2022 4:32 pm

Re: CSS610-8P-2S+IN DHCP Settings issue

Sun Aug 28, 2022 7:57 pm

This seems like a problem only in GUI. As a workaround, I've managed to fix it by inspecting the request in the browser and re-sending it with the correct values.

For trusted ports, look for i13 field in the request and change the value to a hexadecimal bit mask of ports you want to be checked. You can get the correct value by changing temporarily mikrotik discovery protocol and inspecting the value sent (field i08), then just copy it over to the i13. Remember to pad it to full 1, 2 or 4 bytes (2, 4 or 8 chars), otherwise you'll get an unexpected result.

For the add information option, just pass 0x01 in the field i14 to switch it on.

Remember that you have to manually fix the whole request when changing anything on this page that is above those fields (changing password, managing backup or rebooting the device is not affected)
 
underdog
just joined
Topic Author
Posts: 19
Joined: Fri Nov 05, 2021 2:00 pm

Re: CSS610-8P-2S+IN DHCP Settings issue

Mon Aug 29, 2022 4:18 pm

@gwynbleidd thanks for that info. I also wondered, if I could just save/backup the configuration, edit the values as you described, and then load the patched backup file up to the switch.
 
User avatar
k6ccc
Forum Guru
Forum Guru
Posts: 1015
Joined: Fri May 13, 2016 12:01 am
Location: Glendora, CA, USA (near Los Angeles)

Re: CSS610-8P-2S+IN DHCP Settings issue

Mon Aug 29, 2022 6:16 pm

Note that the switch backup is not exactly overly human readable. It's not binary, but it's not plain text. I have little doubt that with a fair amount of effort, it could be reverse engineered. May or may not be easy.
RB4011iGS+, RB750Gr3, RB750r2, CRS326-24G-2S (in SwitchOS), CSS326-24G-2S, CSS106-5G-1S, RB260GS
Not sure if I beat them into submission, or they beat me into submission

Warning: I know enough to be dangerous...

Jim
 
underdog
just joined
Topic Author
Posts: 19
Joined: Fri Nov 05, 2021 2:00 pm

Re: CSS610-8P-2S+IN DHCP Settings issue

Mon Aug 29, 2022 9:29 pm

The backup file doesn't look too bad
... i0f:0x00,i13:0x00,i14:0x00,i1c:0x00, ...
I can edit it.

Edit:
I didn't contact support yet. And I was kind of surprised by @gwynbleidd detailed information. But I could just modify i13 to create a bitmask for the trusted ports ...

Edit2:
i08 is 0x03ff which is 0000 0011 1111 1111 

So it is 10 '1's one for each port ....

Edit3:
The bit order seems to be reverse to the GUI, bit0 = ehernet 1 ... bit 10 = sfp2

Edit4:
Well it did what it was supposed to do. It blocked PPPoE and DHCP from those ports.
But what I actually wanted to do is to restrict admin access to the switch to exclude port 1 and 2. As simple as that. I still don't know how to do that.
 
peterbarlabas
just joined
Posts: 4
Joined: Sun Jun 16, 2019 7:38 am
Location: Hungary

Re: CSS610-8P-2S+IN DHCP Settings issue

Wed Sep 14, 2022 3:02 pm

Hello!

I have the same problem. The SW OS version 2.15p.
Is there solution for it?

Thanks: Péter
 
underdog
just joined
Topic Author
Posts: 19
Joined: Fri Nov 05, 2021 2:00 pm

Re: CSS610-8P-2S+IN DHCP Settings issue

Wed Sep 14, 2022 11:57 pm

Moderator: Why do you quote preceding post? Use Post Replay button instead of Quote one.
Not officially.
I have: "2.15 (built at Thu Mar 10 2022 07:58:58 GMT+0100 (Central European Standard Time))"
Not sure what 2.15p is.
The GUI says: "ERROR: Could not determine latest version, probably no internet connection. Use manual upgrade."
SwOS does not seem to get as many updates as RouterOS .

I have not contacted support yet since this is a low priority thing for me. But I might get impatient soon.
 
peterbarlabas
just joined
Posts: 4
Joined: Sun Jun 16, 2019 7:38 am
Location: Hungary

Re: CSS610-8P-2S+IN DHCP Settings issue

Thu Sep 15, 2022 9:47 am

Hi, thanks!
But it's a big problem, the switch blockoed all DHCP request. :(
I have contacted with Mikrotik Support yesterday, I'm waiting the answer!
 
underdog
just joined
Topic Author
Posts: 19
Joined: Fri Nov 05, 2021 2:00 pm

Re: CSS610-8P-2S+IN DHCP Settings issue

Sat Sep 17, 2022 10:38 am

Moderator: Why do you quote preceding post? Use Post Replay button instead of Quote one.
Yes that's what DHCP snooping means I suppose.
I just did a reset, and then you can change the other settings, and it is fine, as long as you don't change the things in the system tab.
Please share what you've learned from the support guys. Thanks.
 
gwynbleidd
just joined
Posts: 2
Joined: Sun Mar 13, 2022 4:32 pm

Re: CSS610-8P-2S+IN DHCP Settings issue

Sat Sep 17, 2022 6:37 pm

Edit4:
Well it did what it was supposed to do. It blocked PPPoE and DHCP from those ports.
But what I actually wanted to do is to restrict admin access to the switch to exclude port 1 and 2. As simple as that. I still don't know how to do that.
Blocking admin access is done by the "Allow From Ports" option in "General" section. Simply uncheck ports that shouldn't have access to admin interface.

Remember that bug still affects DHCP settings, so you'll have to fix them manually after changing anything on this page.
 
underdog
just joined
Topic Author
Posts: 19
Joined: Fri Nov 05, 2021 2:00 pm

Re: CSS610-8P-2S+IN DHCP Settings issue

Thu Sep 22, 2022 10:39 pm

Blocking admin access is done by the "Allow From Ports" option in "General" section. Simply uncheck ports that shouldn't have access to admin interface.
Remember that bug still affects DHCP settings, so you'll have to fix them manually after changing anything on this page.

Yes. I want to limit the switch getting its ip from Ports 1 and 2 as well. That's why I tried DHCP snooping.

My idea was to use ports 1 & 2 as a "wire" connection, just providing power to both ports,
but preventing admin access to the switch, and getting its IP from those 2 ports.
 
User avatar
k6ccc
Forum Guru
Forum Guru
Posts: 1015
Joined: Fri May 13, 2016 12:01 am
Location: Glendora, CA, USA (near Los Angeles)

Re: CSS610-8P-2S+IN DHCP Settings issue

Thu Sep 22, 2022 11:01 pm

I don't believe that disallowing admin access to the switch removes the capability to get a DHCP address from that port. One of those things I likely could test if needed... I set mine to static because there are several VLANs on each switch and it could randomly get addresses from any one of several VLANs.
RB4011iGS+, RB750Gr3, RB750r2, CRS326-24G-2S (in SwitchOS), CSS326-24G-2S, CSS106-5G-1S, RB260GS
Not sure if I beat them into submission, or they beat me into submission

Warning: I know enough to be dangerous...

Jim
 
underdog
just joined
Topic Author
Posts: 19
Joined: Fri Nov 05, 2021 2:00 pm

Re: CSS610-8P-2S+IN DHCP Settings issue

Thu Sep 22, 2022 11:10 pm

Yes VLANs and static IP are good and valid options. I am not a network engineer by trade, so I don't know what best practices are.

I would prefer to have 1 port as dedicated management port, for admin access and IP ...
So if I isolate one port, put it on a separate VLAN, and use this one as a trusted port, it should work ...

But I am still waiting for a SwOS update. My version is from March ...
I seems like RouterOS gets more frequent updates.
 
User avatar
k6ccc
Forum Guru
Forum Guru
Posts: 1015
Joined: Fri May 13, 2016 12:01 am
Location: Glendora, CA, USA (near Los Angeles)

Re: CSS610-8P-2S+IN DHCP Settings issue

Thu Sep 22, 2022 11:25 pm

Yes, RouterOS gets far more attention than SwitchOS. I have five permanently installed Mikrotik switches at my house. All are on 2.13 except one old RB260 that can't take the 2.x firmware. All are carrying multiple VLANs and the static IP is on a dedicated management VLAN. Admin access is limited to the port used for a VLAN trunk on each switch and on a couple of them, also a dedicated port on the management VLAN. Other than VLANs, I'm not doing anything fancy. The only real issue I have had with any of them was a bug that was fixed several years ago that resulted in the switch dropping all except small packets (standard pings would work, but normal traffic packets would not).
RB4011iGS+, RB750Gr3, RB750r2, CRS326-24G-2S (in SwitchOS), CSS326-24G-2S, CSS106-5G-1S, RB260GS
Not sure if I beat them into submission, or they beat me into submission

Warning: I know enough to be dangerous...

Jim
 
underdog
just joined
Topic Author
Posts: 19
Joined: Fri Nov 05, 2021 2:00 pm

Re: CSS610-8P-2S+IN DHCP Settings issue

Sat Sep 24, 2022 11:16 am

I contacted support and I got a reply:
Hello,

Thank you for contacting MikroTik Support.
The problem is already fixed in the newer SwOS lite version. It is not publicly available yet, but the version will be installed on newer CSS610-8P-2S+ devices.

<I removed the private download link>

Let us know if the issue is solved.
Best regards,
I upgraded my box. The SwOS Lite version is 2.16 dated 18. July. 2022.
So there was a beta version all the time. I wonder why MT is so hesitant to make it available.

At first glance the problem is fixed. I will do more testing over the weekend, or beginning of next week.

If you have the same issue, then do contact support to get the beta version.

Who is online

Users browsing this forum: No registered users and 4 guests