Community discussions

MikroTik App
 
milomak
just joined
Topic Author
Posts: 19
Joined: Fri Oct 25, 2019 10:13 pm

ip addresses outside of pool being served

Sat Mar 18, 2023 8:44 pm

i have a RB951Ui-2HnD running RouterOS v6.45.6 (stable). it is running in bridge mode.

the router it is connected has set a static internal addres of 192.168.0.102 for a mac address. this has been working without issue for probably the last 2 years. i have not updated neither router since then.

it had been serving the mac address with that address until about 2 days ago. now it is serving 192.168.88.240 to that mac address.

the pool
Image

the dhcp server
Image

don't know if arp will be useful
Image

what am i missing?

oh and let me add. sometimes it serves the expected ip.
 
WN1X
just joined
Posts: 6
Joined: Fri Mar 10, 2023 5:03 pm

Re: ip addresses outside of pool being served

Sun Mar 19, 2023 1:45 am

Have you confirmed the MAC address for 192.168.0.102 has not changed. You need to check when the wrong IP address is being served out.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11444
Joined: Thu Mar 03, 2016 10:23 pm

Re: ip addresses outside of pool being served

Sun Mar 19, 2023 11:23 am

Could be some other device on same network that acts as DHCP server. You should be able to verify on client, which receives wrong IP address to see which DHCP server offered the wrong IP address.
 
milomak
just joined
Topic Author
Posts: 19
Joined: Fri Oct 25, 2019 10:13 pm

Re: ip addresses outside of pool being served

Sun Mar 19, 2023 1:47 pm

Have you confirmed the MAC address for 192.168.0.102 has not changed. You need to check when the wrong IP address is being served out.
mac address has not changed
 
milomak
just joined
Topic Author
Posts: 19
Joined: Fri Oct 25, 2019 10:13 pm

Re: ip addresses outside of pool being served

Sun Mar 19, 2023 1:48 pm

Could be some other device on same network that acts as DHCP server. You should be able to verify on client, which receives wrong IP address to see which DHCP server offered the wrong IP address.
no new device that serves ip addresses has been added in the last 2 years. it receives the ip via ethernet as well.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11444
Joined: Thu Mar 03, 2016 10:23 pm

Re: ip addresses outside of pool being served

Sun Mar 19, 2023 2:13 pm

Could be some other device on same network that acts as DHCP server. You should be able to verify on client, which receives wrong IP address to see which DHCP server offered the wrong IP address.
no new device that serves ip addresses has been added in the last 2 years. it receives the ip via ethernet as well.
I've never seen MT DHCP server to "invent" IP address range to serve devices. I've seen cases where some device acted as DHCP server without network admin being aware of that. You seem like you're not willing to verify ideas of people you asked for help, which to me is a bit rude (to put it mildly).
 
holvoetn
Forum Guru
Forum Guru
Posts: 5413
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: ip addresses outside of pool being served

Sun Mar 19, 2023 4:17 pm

The fact sometimes the correct IP address is given, indicates it's a simple matter of who answers first to the request.

Simple test.
Disable DHCP on your Mikrotik.
Reboot the client router (or release the lease and renew) and see what happens. If it gets a valid IP address (the wrong one), something happened in your network without you knowing (to put it mildly :lol: )

Wireshark may help to find the culprit.
 
milomak
just joined
Topic Author
Posts: 19
Joined: Fri Oct 25, 2019 10:13 pm

Re: ip addresses outside of pool being served

Sun Mar 19, 2023 4:29 pm



no new device that serves ip addresses has been added in the last 2 years. it receives the ip via ethernet as well.
I've never seen MT DHCP server to "invent" IP address range to serve devices. I've seen cases where some device acted as DHCP server without network admin being aware of that. You seem like you're not willing to verify ideas of people you asked for help, which to me is a bit rude (to put it mildly).
i'm not sure how it is rude pointing out that there has been no change in 2 years in how the system is setup.

so what i have noticed is that when i disable the ip reserved on the main router, the deivice seems to get 192.168.0.109 consistently on the few reboots i have done.

even though it seems i have set the mikrotik to reserve the mac address for 192.168.0.102

Image
 
milomak
just joined
Topic Author
Posts: 19
Joined: Fri Oct 25, 2019 10:13 pm

Re: ip addresses outside of pool being served

Sun Mar 19, 2023 4:58 pm

The fact sometimes the correct IP address is given, indicates it's a simple matter of who answers first to the request.

Simple test.
Disable DHCP on your Mikrotik.
Reboot the client router (or release the lease and renew) and see what happens. If it gets a valid IP address (the wrong one), something happened in your network without you knowing (to put it mildly :lol: )

Wireshark may help to find the culprit.
how do i disable dhcp on the mikrotik?
 
holvoetn
Forum Guru
Forum Guru
Posts: 5413
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: ip addresses outside of pool being served

Sun Mar 19, 2023 5:02 pm

Ip
Dhcp server
Select your dhcp server
Disable ( don't delete)
 
milomak
just joined
Topic Author
Posts: 19
Joined: Fri Oct 25, 2019 10:13 pm

Re: ip addresses outside of pool being served

Sun Mar 19, 2023 5:34 pm

Ip
Dhcp server
Select your dhcp server
Disable ( don't delete)
you sir are a scholar and a gentlemen

edit - apologies, i don't mean to assume your gender. it's just that's the quote i know,
 
WN1X
just joined
Posts: 6
Joined: Fri Mar 10, 2023 5:03 pm

Re: ip addresses outside of pool being served

Sun Mar 19, 2023 5:40 pm

Knowing that a rogue DHCP server is the culprit is good, but using wireshark would allow you to learn the IP address of the rogue.
 
milomak
just joined
Topic Author
Posts: 19
Joined: Fri Oct 25, 2019 10:13 pm

Re: ip addresses outside of pool being served

Sun Mar 19, 2023 6:45 pm

Knowing that a rogue DHCP server is the culprit is good, but using wireshark would allow you to learn the IP address of the rogue.
i would like to learn more about this wireshark

edit - in all honestly i think i bought a sledgehammer to fix what needed a far smaller tool. i just needed a bridge and i seem to have got something with a lot more bells and whistles.
Last edited by milomak on Sun Mar 19, 2023 6:48 pm, edited 2 times in total.
 
User avatar
k6ccc
Forum Guru
Forum Guru
Posts: 1490
Joined: Fri May 13, 2016 12:01 am
Location: Glendora, CA, USA (near Los Angeles)
Contact:

Re: ip addresses outside of pool being served

Sun Mar 19, 2023 6:45 pm

A couple of additional notes. First is that you are running an ancient version of RouterOS. Second is that RouterOS has the ability to detect rogue DHCP servers. You appear to be using WebFig, but it should at least be somewhat similar to WinBox. Under DHCP server > Alerts, you can set which interface you want to monitor for rogue DHCP server and set some parameters. When a rogue DHCP server is detected, you can trigger a script for what to do about it. In my case, the script sends me an E-Mail telling me about it.
/ip dhcp-server alert
add disabled=no interface=E02-pB4_101 on-alert="DHCP Alert" valid-server=\
    6C:3B:6B:7E:99:86
add disabled=no interface=E03-pB6_103 on-alert="DHCP Alert" valid-server=\
    6C:3B:6B:7E:99:87
And in case you really want it, here's the script that tells me about it.
:log info "Starting Rogue DHCP server script"
/tool e-mail send to="jim@<redacted>" body="$[/system clock get date] at $[/system clock get time]  MikroTik RB4011 router has detected a rogue DHCP server.  See event log." \
   subject="RB4011 router found rogue DHCP server"
:delay 00:00:10
/tool e-mail send to="k6ccc@<redacted>" body="$[/system clock get date] at $[/system clock get time]  MikroTik RB4011 router has detected a rogue DHCP server.  See event log." \
   subject="RB4011 router found rogue DHCP server"
:log info "DHCP alert script completed"
 
milomak
just joined
Topic Author
Posts: 19
Joined: Fri Oct 25, 2019 10:13 pm

Re: ip addresses outside of pool being served

Sun Mar 19, 2023 6:55 pm

A couple of additional notes. First is that you are running an ancient version of RouterOS.
i tried to update but get a dns error. don't know if this is related to bridge mode
Image

Second is that RouterOS has the ability to detect rogue DHCP servers. You appear to be using WebFig, but it should at least be somewhat similar to WinBox. Under DHCP server > Alerts, you can set which interface you want to monitor for rogue DHCP server and set some parameters. When a rogue DHCP server is detected, you can trigger a script for what to do about it. In my case, the script sends me an E-Mail telling me about it.
/ip dhcp-server alert
add disabled=no interface=E02-pB4_101 on-alert="DHCP Alert" valid-server=\
    6C:3B:6B:7E:99:86
add disabled=no interface=E03-pB6_103 on-alert="DHCP Alert" valid-server=\
    6C:3B:6B:7E:99:87
And in case you really want it, here's the script that tells me about it.
:log info "Starting Rogue DHCP server script"
/tool e-mail send to="jim@<redacted>" body="$[/system clock get date] at $[/system clock get time]  MikroTik RB4011 router has detected a rogue DHCP server.  See event log." \
   subject="RB4011 router found rogue DHCP server"
:delay 00:00:10
/tool e-mail send to="k6ccc@<redacted>" body="$[/system clock get date] at $[/system clock get time]  MikroTik RB4011 router has detected a rogue DHCP server.  See event log." \
   subject="RB4011 router found rogue DHCP server"
:log info "DHCP alert script completed"
thanks. so i need to add all mac addresses that are valid on the mikrotik?

Who is online

Users browsing this forum: blue, jaclaz and 81 guests