Community discussions

MikroTik App
 
underdog
just joined
Topic Author
Posts: 21
Joined: Fri Nov 05, 2021 2:00 pm

CSS610-8P-2S+IN DHCP Settings issue [SOLVED]

Sat Aug 13, 2022 11:12 am

Hi,
I got the new PoE Switch CSS610-8P-2S+IN and there seem to be a bug in the GUI that prevents me from (re-)enabling the DHCP & PPPoE snooping settings. Let me explain.

1. Reset Configuration; go to system tab DHCP & PPPoE Snooping Trusted Ports are all checked. Everything is fine.
2. System tab: disable and enable Watchdog, just do something to be able to get the "Apply All" Button. Then click the "Apply All" Button. All looks good.
3. Go to any other tab and back to the System tab: In DHCP & PPPoE Snooping all Trusted Ports are unchecked.

And the Switch blocks my DHCP Server on the SFP1 Port.

Also I cannot enable the Trusted Ports. I checked them all, pressed the "Apply All" Button, all looks good, but after switching tabs the Trusted Ports are all unchecked.

A reset configuration re-enables the DHCP Trusted Ports.
Last edited by underdog on Mon Sep 26, 2022 11:12 am, edited 2 times in total.
 
User avatar
k6ccc
Forum Guru
Forum Guru
Posts: 1065
Joined: Fri May 13, 2016 12:01 am
Location: Glendora, CA, USA (near Los Angeles)

Re: CSS610-8P-2S+IN DHCP Settings issue

Mon Aug 15, 2022 9:49 pm

Unable to duplicate on any of my three CSS326-24G-2S+RM switches running SwOS 2.13 or with my CRS326-24G-2S+RM that is running SwOS 2.13
What version of SwOS are you running?
RB4011iGS+, RB750Gr3, RB750r2, CRS326-24G-2S (in SwitchOS), CSS326-24G-2S, CSS106-5G-1S, RB260GS
Not sure if I beat them into submission, or they beat me into submission

Warning: I know enough to be dangerous...

Jim
 
underdog
just joined
Topic Author
Posts: 21
Joined: Fri Nov 05, 2021 2:00 pm

Re: CSS610-8P-2S+IN DHCP Settings issue

Mon Aug 15, 2022 11:49 pm

The CSS610-8P-2S+IN runs SwOS Lite 2.15
I know it is otherwise unreleased.
 
User avatar
k6ccc
Forum Guru
Forum Guru
Posts: 1065
Joined: Fri May 13, 2016 12:01 am
Location: Glendora, CA, USA (near Los Angeles)

Re: CSS610-8P-2S+IN DHCP Settings issue

Tue Aug 16, 2022 12:50 am

Ah.
RB4011iGS+, RB750Gr3, RB750r2, CRS326-24G-2S (in SwitchOS), CSS326-24G-2S, CSS106-5G-1S, RB260GS
Not sure if I beat them into submission, or they beat me into submission

Warning: I know enough to be dangerous...

Jim
 
underdog
just joined
Topic Author
Posts: 21
Joined: Fri Nov 05, 2021 2:00 pm

Re: CSS610-8P-2S+IN DHCP Settings issue

Tue Aug 16, 2022 7:13 am

Thanks for your confirmation that it should normally work.
So it is either a bug, or a hardware defect.

It would be good if an other owner of this box, or somebody from the Mikrotik team, could check if it is software issue or not.
 
becs
MikroTik Support
MikroTik Support
Posts: 493
Joined: Thu Jul 07, 2011 8:26 am

Re: CSS610-8P-2S+IN DHCP Settings issue

Tue Aug 16, 2022 11:00 am

Hello,
We can confirm this DHCP & PPPoE snooping software problem. It is specific to the CSS610-8P-2S+IN model and SwOS Lite 2.15 version.
Please contact MikroTik support via Support Help Desk System (https://mikrotik.com/support) to solve this issue until the new SwOS Lite version is released.
 
underdog
just joined
Topic Author
Posts: 21
Joined: Fri Nov 05, 2021 2:00 pm

Re: CSS610-8P-2S+IN DHCP Settings issue

Tue Aug 16, 2022 2:33 pm

@becs thanks for confirmation. It is great that this problem could be reproduced by you guys and is being worked on.
 
gwynbleidd
just joined
Posts: 2
Joined: Sun Mar 13, 2022 4:32 pm

Re: CSS610-8P-2S+IN DHCP Settings issue

Sun Aug 28, 2022 7:57 pm

This seems like a problem only in GUI. As a workaround, I've managed to fix it by inspecting the request in the browser and re-sending it with the correct values.

For trusted ports, look for i13 field in the request and change the value to a hexadecimal bit mask of ports you want to be checked. You can get the correct value by changing temporarily mikrotik discovery protocol and inspecting the value sent (field i08), then just copy it over to the i13. Remember to pad it to full 1, 2 or 4 bytes (2, 4 or 8 chars), otherwise you'll get an unexpected result.

For the add information option, just pass 0x01 in the field i14 to switch it on.

Remember that you have to manually fix the whole request when changing anything on this page that is above those fields (changing password, managing backup or rebooting the device is not affected)
 
underdog
just joined
Topic Author
Posts: 21
Joined: Fri Nov 05, 2021 2:00 pm

Re: CSS610-8P-2S+IN DHCP Settings issue

Mon Aug 29, 2022 4:18 pm

@gwynbleidd thanks for that info. I also wondered, if I could just save/backup the configuration, edit the values as you described, and then load the patched backup file up to the switch.
 
User avatar
k6ccc
Forum Guru
Forum Guru
Posts: 1065
Joined: Fri May 13, 2016 12:01 am
Location: Glendora, CA, USA (near Los Angeles)

Re: CSS610-8P-2S+IN DHCP Settings issue

Mon Aug 29, 2022 6:16 pm

Note that the switch backup is not exactly overly human readable. It's not binary, but it's not plain text. I have little doubt that with a fair amount of effort, it could be reverse engineered. May or may not be easy.
RB4011iGS+, RB750Gr3, RB750r2, CRS326-24G-2S (in SwitchOS), CSS326-24G-2S, CSS106-5G-1S, RB260GS
Not sure if I beat them into submission, or they beat me into submission

Warning: I know enough to be dangerous...

Jim
 
underdog
just joined
Topic Author
Posts: 21
Joined: Fri Nov 05, 2021 2:00 pm

Re: CSS610-8P-2S+IN DHCP Settings issue

Mon Aug 29, 2022 9:29 pm

The backup file doesn't look too bad
... i0f:0x00,i13:0x00,i14:0x00,i1c:0x00, ...
I can edit it.

Edit:
I didn't contact support yet. And I was kind of surprised by @gwynbleidd detailed information. But I could just modify i13 to create a bitmask for the trusted ports ...

Edit2:
i08 is 0x03ff which is 0000 0011 1111 1111 

So it is 10 '1's one for each port ....

Edit3:
The bit order seems to be reverse to the GUI, bit0 = ehernet 1 ... bit 10 = sfp2

Edit4:
Well it did what it was supposed to do. It blocked PPPoE and DHCP from those ports.
But what I actually wanted to do is to restrict admin access to the switch to exclude port 1 and 2. As simple as that. I still don't know how to do that.
 
peterbarlabas
just joined
Posts: 4
Joined: Sun Jun 16, 2019 7:38 am
Location: Hungary

Re: CSS610-8P-2S+IN DHCP Settings issue

Wed Sep 14, 2022 3:02 pm

Hello!

I have the same problem. The SW OS version 2.15p.
Is there solution for it?

Thanks: Péter
 
underdog
just joined
Topic Author
Posts: 21
Joined: Fri Nov 05, 2021 2:00 pm

Re: CSS610-8P-2S+IN DHCP Settings issue

Wed Sep 14, 2022 11:57 pm

Moderator: Why do you quote preceding post? Use Post Replay button instead of Quote one.
Not officially.
I have: "2.15 (built at Thu Mar 10 2022 07:58:58 GMT+0100 (Central European Standard Time))"
Not sure what 2.15p is.
The GUI says: "ERROR: Could not determine latest version, probably no internet connection. Use manual upgrade."
SwOS does not seem to get as many updates as RouterOS .

I have not contacted support yet since this is a low priority thing for me. But I might get impatient soon.
 
peterbarlabas
just joined
Posts: 4
Joined: Sun Jun 16, 2019 7:38 am
Location: Hungary

Re: CSS610-8P-2S+IN DHCP Settings issue

Thu Sep 15, 2022 9:47 am

Hi, thanks!
But it's a big problem, the switch blockoed all DHCP request. :(
I have contacted with Mikrotik Support yesterday, I'm waiting the answer!
 
underdog
just joined
Topic Author
Posts: 21
Joined: Fri Nov 05, 2021 2:00 pm

Re: CSS610-8P-2S+IN DHCP Settings issue

Sat Sep 17, 2022 10:38 am

Moderator: Why do you quote preceding post? Use Post Replay button instead of Quote one.
Yes that's what DHCP snooping means I suppose.
I just did a reset, and then you can change the other settings, and it is fine, as long as you don't change the things in the system tab.
Please share what you've learned from the support guys. Thanks.
 
gwynbleidd
just joined
Posts: 2
Joined: Sun Mar 13, 2022 4:32 pm

Re: CSS610-8P-2S+IN DHCP Settings issue

Sat Sep 17, 2022 6:37 pm

Edit4:
Well it did what it was supposed to do. It blocked PPPoE and DHCP from those ports.
But what I actually wanted to do is to restrict admin access to the switch to exclude port 1 and 2. As simple as that. I still don't know how to do that.
Blocking admin access is done by the "Allow From Ports" option in "General" section. Simply uncheck ports that shouldn't have access to admin interface.

Remember that bug still affects DHCP settings, so you'll have to fix them manually after changing anything on this page.
 
underdog
just joined
Topic Author
Posts: 21
Joined: Fri Nov 05, 2021 2:00 pm

Re: CSS610-8P-2S+IN DHCP Settings issue

Thu Sep 22, 2022 10:39 pm

Blocking admin access is done by the "Allow From Ports" option in "General" section. Simply uncheck ports that shouldn't have access to admin interface.
Remember that bug still affects DHCP settings, so you'll have to fix them manually after changing anything on this page.

Yes. I want to limit the switch getting its ip from Ports 1 and 2 as well. That's why I tried DHCP snooping.

My idea was to use ports 1 & 2 as a "wire" connection, just providing power to both ports,
but preventing admin access to the switch, and getting its IP from those 2 ports.
 
User avatar
k6ccc
Forum Guru
Forum Guru
Posts: 1065
Joined: Fri May 13, 2016 12:01 am
Location: Glendora, CA, USA (near Los Angeles)

Re: CSS610-8P-2S+IN DHCP Settings issue

Thu Sep 22, 2022 11:01 pm

I don't believe that disallowing admin access to the switch removes the capability to get a DHCP address from that port. One of those things I likely could test if needed... I set mine to static because there are several VLANs on each switch and it could randomly get addresses from any one of several VLANs.
RB4011iGS+, RB750Gr3, RB750r2, CRS326-24G-2S (in SwitchOS), CSS326-24G-2S, CSS106-5G-1S, RB260GS
Not sure if I beat them into submission, or they beat me into submission

Warning: I know enough to be dangerous...

Jim
 
underdog
just joined
Topic Author
Posts: 21
Joined: Fri Nov 05, 2021 2:00 pm

Re: CSS610-8P-2S+IN DHCP Settings issue

Thu Sep 22, 2022 11:10 pm

Yes VLANs and static IP are good and valid options. I am not a network engineer by trade, so I don't know what best practices are.

I would prefer to have 1 port as dedicated management port, for admin access and IP ...
So if I isolate one port, put it on a separate VLAN, and use this one as a trusted port, it should work ...

But I am still waiting for a SwOS update. My version is from March ...
I seems like RouterOS gets more frequent updates.
 
User avatar
k6ccc
Forum Guru
Forum Guru
Posts: 1065
Joined: Fri May 13, 2016 12:01 am
Location: Glendora, CA, USA (near Los Angeles)

Re: CSS610-8P-2S+IN DHCP Settings issue

Thu Sep 22, 2022 11:25 pm

Yes, RouterOS gets far more attention than SwitchOS. I have five permanently installed Mikrotik switches at my house. All are on 2.13 except one old RB260 that can't take the 2.x firmware. All are carrying multiple VLANs and the static IP is on a dedicated management VLAN. Admin access is limited to the port used for a VLAN trunk on each switch and on a couple of them, also a dedicated port on the management VLAN. Other than VLANs, I'm not doing anything fancy. The only real issue I have had with any of them was a bug that was fixed several years ago that resulted in the switch dropping all except small packets (standard pings would work, but normal traffic packets would not).
RB4011iGS+, RB750Gr3, RB750r2, CRS326-24G-2S (in SwitchOS), CSS326-24G-2S, CSS106-5G-1S, RB260GS
Not sure if I beat them into submission, or they beat me into submission

Warning: I know enough to be dangerous...

Jim
 
underdog
just joined
Topic Author
Posts: 21
Joined: Fri Nov 05, 2021 2:00 pm

Re: CSS610-8P-2S+IN DHCP Settings issue

Sat Sep 24, 2022 11:16 am

I contacted support and I got a reply:
Hello,

Thank you for contacting MikroTik Support.
The problem is already fixed in the newer SwOS lite version. It is not publicly available yet, but the version will be installed on newer CSS610-8P-2S+ devices.

<I removed the private download link>

Let us know if the issue is solved.
Best regards,
I upgraded my box. The SwOS Lite version is 2.16 dated 18. July. 2022.
So there was a beta version all the time. I wonder why MT is so hesitant to make it available.

At first glance the problem is fixed. I will do more testing over the weekend, or beginning of next week.

If you have the same issue, then do contact support to get the beta version.
 
underdog
just joined
Topic Author
Posts: 21
Joined: Fri Nov 05, 2021 2:00 pm

Re: CSS610-8P-2S+IN DHCP Settings issue

Mon Sep 26, 2022 11:11 am

I did a few quick tests.

My setup:
  • CSS610 Port 1 Modem with PoE
  • CSS610 Port 2 RB5009UG with PoE IN (1st 1Gb Port)
  • CSS610 Port 6 Client
  • CSS610 SFP+ 1 connected to RB5009 SFP+
Settings:
  • Port 1 and 2 are Connected, but isolated from the rest via port isolation
  • Port 1 and 2 are marked as "not allowed", and Mirotik discovery is disabled on port 1 and 2
  • CSS610 gets it's IP via the SFP+ 1 port from RB5009

Test 1 DHCP snooping all port are trusted. Client gets IP, as expected.

Test 2 DHCP snooping: Port 6 marked as untrusted.
This test did not work before hand. I guess, it was because all ports were marked as untrusted.
Now with 2.16 the client gets its IP address as expected. I also confirmed it using wireshark.

Test 3 DHCP snooping: Only SFP+ 1 port is trusted.
This blocks the PPPoE from my modem on Port 1, as expected. I just wanted to try out if blocking works as well.

Test 4 DHCP snooping SFP+ 1 and Port 1 are trusted.
The RB5009 can connect to my ISP using PPPoE, as expected. And the client still works as well.

So for my use case this problem is fixed.
Well done!
 
User avatar
benlg
just joined
Posts: 8
Joined: Mon Jan 31, 2022 2:50 pm

Re: CSS610-8P-2S+IN DHCP Settings issue [SOLVED]

Fri Oct 14, 2022 6:32 pm

Hi,
Please provide fixed firmware link ?
Same issue here on a production site...
Thank you !
 
arfoll
newbie
Posts: 28
Joined: Mon Sep 24, 2012 8:24 pm

Re: CSS610-8P-2S+IN DHCP Settings issue [SOLVED]

Sat Oct 15, 2022 4:46 pm

This is pretty crazy - how is this thing on sale for so long with a completely broken firmware?

If someone can share the firmware quicker than support can would really appreciate it, I rewired everything form the old switch and now this. I'm super annoyed, serve me right to not test everything is working before wiring....

In the meantime as above just save a backup, modify field i13 to 0x3ff (everything trusted) and the UI should update itself.
 
oskarsk
MikroTik Support
MikroTik Support
Posts: 32
Joined: Mon May 13, 2019 9:41 am

Re: CSS610-8P-2S+IN DHCP Settings issue [SOLVED]

Mon Oct 17, 2022 8:01 am

 
Mallory
just joined
Posts: 1
Joined: Mon Oct 17, 2022 8:28 am

Re: CSS610-8P-2S+IN DHCP Settings issue [SOLVED]

Mon Oct 17, 2022 8:30 am

I have also just discovered this problem today after weeks of faffing around.

@oskarsk - Is the 2.17rc1 firmware that you have post a link to the fix for this issue?

I have just installed the new version and it appears to fix the bug. I will need to run this firmware for a while to ensure that there are no new bugs.

Please Mikrotik test the software more thoroughly, these sorts of issues cause engineers to lose faith in your product and damage your brand.
Last edited by Mallory on Mon Oct 17, 2022 8:34 am, edited 1 time in total.
 
User avatar
benlg
just joined
Posts: 8
Joined: Mon Jan 31, 2022 2:50 pm

Re: CSS610-8P-2S+IN DHCP Settings issue [SOLVED]

Mon Oct 17, 2022 8:59 am

Many thanks @oskarsk, works as expected !
 
gabacho4
Member Candidate
Member Candidate
Posts: 161
Joined: Mon Dec 28, 2020 12:30 pm
Location: Earth

Re: CSS610-8P-2S+IN DHCP Settings issue [SOLVED]

Tue Oct 25, 2022 9:55 pm

Many thanks to all who suffered before me and to @oskarsk for providing the link to 2.17rc. After beating my head for a number of hours trying to figure out what I was doing wrong on this device versus my css610-8G-2S+IN, I was relieved to see it wasn’t me at all. Now I can finally put this thing into service.
An idiot can ask more questions than a wise man can answer. Running: 1 x RB750Gr3, 2x RB5009UG+S+IN, 1 x RBLtAP-2HnD&R11e-LTE6, 1 x CRS328-24P-4S+RM, 1 x CSS610-8G-2S+IN, 1 x CSS610-8P-2S+IN
 
User avatar
JoSchaap
just joined
Posts: 10
Joined: Fri Jan 29, 2021 10:20 am
Location: Amsterdam
Contact:

Re: CSS610-8P-2S+IN DHCP Settings issue [SOLVED]

Thu Nov 24, 2022 3:46 pm

Thanks for providing the updated version. Will this also run on the CS610G?
This as I'd like to keep my versions in alignment (home use not for critical systems)
Had a life.. Got a modem..
CCR1009-7G-1C-1S+ | CS610-8P-2S+ | CS610-8G-2S+ | MikroTik cAP ac
 
gabacho4
Member Candidate
Member Candidate
Posts: 161
Joined: Mon Dec 28, 2020 12:30 pm
Location: Earth

Re: CSS610-8P-2S+IN DHCP Settings issue [SOLVED]

Thu Nov 24, 2022 4:24 pm

Don't believe it will run on your other device. There is very specific SWOS versions for each of the CSS610 devices. What I would REALLY like to see however is a final version for the CSS610-8P rather than a beta version. I'm still a bit salty that I bought a device that was non-functional right out of the box. Mikrotik needs to invest the time/effort to get us a stable version.
An idiot can ask more questions than a wise man can answer. Running: 1 x RB750Gr3, 2x RB5009UG+S+IN, 1 x RBLtAP-2HnD&R11e-LTE6, 1 x CRS328-24P-4S+RM, 1 x CSS610-8G-2S+IN, 1 x CSS610-8P-2S+IN

Who is online

Users browsing this forum: No registered users and 2 guests