Community discussions

 
User avatar
politick
newbie
Topic Author
Posts: 42
Joined: Sat Jul 14, 2012 9:41 am

DHCPd specific IP addresses to specific physical ETHx ports.

Tue Jun 25, 2019 12:12 am

Hi there,

I have an RB2011 iL-IN that will be deploying in the field by installers (i.e. not network people)
and I'd need specific IP addresses given to specific devices plugged into specific labeled RJ45 ports.

Let's say the RB2011 still has its 192.168.88.0/24 network.And I'd like :
port eth6 (labeled camera) to be given IP Address 192.168.88.36 through DHCPd
port eth7 (labeled panel) to be given IP Address 192.168.88.37 through DHCPd
port eth8 (labeled Door Lock) to be given IP Address 192.168.88.38 through DHCPd

I don't have the MAC addresses of the devices being connected into these ports because there will be 100 of these installs.
The installers will take the thing that looks like a camera and will connect it into the port that is labeled camera, and so on ...

How would I configure the RB2011 to hand out these specific IP addresses to these specific HW ports and retain the ability to have all the ports on the same 192.168.88.0/24 subnet?

Kind Regards,
Martin Politick. June 2019
 
User avatar
vecernik87
Long time Member
Long time Member
Posts: 642
Joined: Fri Nov 10, 2017 8:19 am

Re: DHCPd specific IP addresses to specific physical ETHx ports.

Tue Jun 25, 2019 7:07 am

DHCP is L2 protocol. To give IP based on port, you will need to separate those ports from bridge (break L2 segment and therefore L2 broadcast/multicast). Next you create separate DHCP server per each port. Last (optional) step is to set ARP proxy for your LAN. That way, it will look like it is still on the same L2 segment, although it is not.
You don't need to set the ARP proxy, but in that case you need to have each port on its own subnet. In that case, traffic will be L3 routed and you don't need to spoof ARP
 
User avatar
politick
newbie
Topic Author
Posts: 42
Joined: Sat Jul 14, 2012 9:41 am

Re: DHCPd specific IP addresses to specific physical ETHx ports.

Wed Jun 26, 2019 2:33 am

OK, I will try this.
I'll remove the bridge & the ports from the switch and have them managed by the CPU (i.e. alone on their ethernet segment). I understand ARP, but I've never used the ARP proxy functionality before. So if the ports are CPU managed, you're saying that ARP requests will be proxied and yield the right MAC for a particular IP even if they are not on the same Ethernet segment. Then the CPU will automatically "L2 switch" the packets to the port with the correct MAC when the ports are just CPU managed ?
 
User avatar
politick
newbie
Topic Author
Posts: 42
Joined: Sat Jul 14, 2012 9:41 am

Re: DHCPd specific IP addresses to specific physical ETHx ports.

Wed Jul 10, 2019 2:13 am

Hi vecernik87,
I'm running RouterOS v6.45.1 (stable)

I can't get the ARP Proxy to work the way you describe it (simulating a single ethernet segment),
and/or the way I believe you want me to configure the DHCP makes the RB2011 unstable, see code #2 below.
Can you help further ?

This is the way I understand I should configure the DHCP-Server (after a fresh reset of the configuration)
# Remove Ether3 and Ether4 from the HW switch (I think) by removing from bridge
/interface bridge port remove 2
/interface bridge port remove 1

# Set some IP addresses for ether3&4
/ip address add address=192.168.88.21/30 interface=ether3
/ip address add address=192.168.88.25/30 interface=ether4

# Specify a specific IP Address to handout on DHCP 
/ip pool add name=MyPool1 ranges=192.168.88.22
/ip pool add name=MyPool2 ranges=192.168.88.26

/ip dhcp-server network add address=192.168.88.20/30 dns-server=192.168.88.1 gateway=192.168.88.21
/ip dhcp-server network add address=192.168.88.24/30 dns-server=192.168.88.1 gateway=192.168.88.25
 
/ip dhcp-server add disabled=no name=dhch_gnss1 interface=ether3 address-pool=MyPool1 authoritative=yes  lease-time=22h bootp-support=static use-framed-as-classless=yes conflict-detection=yes
/ip dhcp-server add disabled=no name=dhch_gnss2 interface=ether4 address-pool=MyPool2 authoritative=yes  lease-time=22h bootp-support=static use-framed-as-classless=yes conflict-detection=yes

/interface ethernet set ether3 arp=proxy-arp
/interface ethernet set ether4 arp=proxy-arp

# Also tried  LOCAL-Proxy-arp
#/interface ethernet set ether3 arp=local-proxy-arp
#/interface ethernet set ether4 arp=local-proxy-arp

This is what I think you meant, setup on the same /24 subnet address=192.168.88.21/24,
but this does not work and makes the RB go into an infinite loops when I connect on the DHCP port:
# Remove Ether3 and Ether4 from the HW switch (I think) by removing from bridge 
/interface bridge port remove 2
/interface bridge port remove 1

# Set some IP addresses for ether3&4
/ip address add address=192.168.88.21/24 interface=ether3
/ip address add address=192.168.88.25/24 interface=ether4

# Specify a specific IP Address to handout on DHCP 
/ip pool add name=MyPool1 ranges=192.168.88.22
/ip pool add name=MyPool2 ranges=192.168.88.26

/ip dhcp-server network add address=192.168.88.20/30 dns-server=192.168.88.1 gateway=192.168.88.21
/ip dhcp-server network add address=192.168.88.24/30 dns-server=192.168.88.1 gateway=192.168.88.25
 
/ip dhcp-server add disabled=no name=dhch_gnss1 interface=ether3 address-pool=MyPool1 authoritative=yes  lease-time=22h bootp-support=static use-framed-as-classless=yes conflict-detection=yes
/ip dhcp-server add disabled=no name=dhch_gnss2 interface=ether4 address-pool=MyPool2 authoritative=yes  lease-time=22h bootp-support=static use-framed-as-classless=yes conflict-detection=yes

/interface ethernet set ether3 arp=proxy-arp
/interface ethernet set ether4 arp=proxy-arp
Thank you in advance &
Kind Regards,
Martin Politick. July 2019.
 
User avatar
politick
newbie
Topic Author
Posts: 42
Joined: Sat Jul 14, 2012 9:41 am

Re: DHCPd specific IP addresses to specific physical ETHx ports.

Thu Jul 11, 2019 2:22 am

It was a routing issue with configuration #1.
# Remove Ether3 and Ether4 from the HW switch (I think) by removing from bridge
/interface bridge port remove 2
/interface bridge port remove 1

# Reduce the network range of the bridge from a /24 to a /25
/ip address set 0 address=192.168.88.1/25

# Set some IP addresses for ether3&4
/ip address add address=192.168.88.129/30 interface=ether3
/ip address add address=192.168.88.133/30 interface=ether4


# because the network is now smaller, need to edit the DHCP pool to use lower addresses
/ip pool set default-dhcp ranges=192.168.88.80-192.168.88.100

# Specify a specific IP Address to handout on DHCP 
/ip pool add name=MyPool1 ranges=192.168.88.130
/ip pool add name=MyPool2 ranges=192.168.88.134


/ip dhcp-server network set 0 address=192.168.88.0/25

/ip dhcp-server option add code=249 value=0x19c0a85880c0a85801 name=dhcp_route
/ip dhcp-server option add code=249 value=0x19c0a85800c0a85801 name=dhcp_route_low

/ip dhcp-server network add address=192.168.88.128/30 dns-server=192.168.88.1 gateway=192.168.88.129
/ip dhcp-server network add address=192.168.88.132/30 dns-server=192.168.88.1 gateway=192.168.88.133
/ip dhcp-server network set 0 dhcp-option=dhcp_route
/ip dhcp-server network set 1 dhcp-option=dhcp_route_low
/ip dhcp-server network set 2 dhcp-option=dhcp_route_low
 
/ip dhcp-server add disabled=no name=dhcp_1 interface=ether3 address-pool=MyPool1 authoritative=yes  lease-time=22h bootp-support=static use-framed-as-classless=yes conflict-detection=yes
/ip dhcp-server add disabled=no name=dhcp_2 interface=ether4 address-pool=MyPool2 authoritative=yes  lease-time=22h bootp-support=static use-framed-as-classless=yes conflict-detection=yes

/interface ethernet set ether3 arp=proxy-arp
/interface ethernet set ether4 arp=proxy-arp
But since then I've turned on many other things, like proxy-arp on every ethernet interface not sure it it's the only thing that was missing, but probably.
Configuration #1 does not act as a single ethernet segment though, but it does work and hands out the single known IP Address on the DHCPd on ether3 and ether4 and they are reachable from the 192.168.88.0/25 subnet.

I've added pushing an extra route to DHCP clients connecting to the 192.168.88.0/25 so they know hot to reach the 192.168.88.128/25, so that's what allowed reaching the ether3&4 addresses:
/ip dhcp-server option add code=249 value=0x19c0a85880c0a85801 name=dhcp_route
249 = push route
0x=hexadecimal to follow
19= 25 decimal = /25 of the 192.168.88.128
c0=192
a8=168
58=88
80=128
all together = /25 of 192.168.88.128 then follows the gateway address with the same encoding 192.168.88.1. Resulting on my windows computer routes:
   192.168.88.0  255.255.255.128           On-link    192.168.88.100    276
   192.168.88.100  255.255.255.255         On-link    192.168.88.100    276
   192.168.88.127  255.255.255.255         On-link    192.168.88.100    276
   192.168.88.128  255.255.255.128     192.168.88.1   192.168.88.100     21
You also need to enable this option in the network section of the dhcp-server

I will dig further and see if I can trick the different segments into thinking that they are all on the same ethernet segment...
But my RB2011 always locks up when I cheat (misconfigure) the subnet mask and then plug a cable in the ether3 or ether4.
The funny thing is that it does not lock up if the devices are already powered when the RB2011 is powered up. But if not, then the RB2011 locks up after issuing the DHCP address on either ether3 or 4

Martin Politick, July 2019.
 
mducharme
Trainer
Trainer
Posts: 788
Joined: Tue Jul 19, 2016 6:45 pm

Re: DHCPd specific IP addresses to specific physical ETHx ports.

Thu Jul 11, 2019 3:54 am

I don't believe proxy ARP is a good solution for your needs, it is a bit of a hack. You are better off assigning subnets to each port (i.e. allocate a bunch of /30 subnets) and set up a dhcp server for each.

Who is online

Users browsing this forum: No registered users and 72 guests