Community discussions

 
Daguerre101
just joined
Topic Author
Posts: 5
Joined: Fri Aug 16, 2019 3:00 pm

Problem with DHCP

Fri Aug 16, 2019 3:27 pm

Hello everyone,


I work in a company that owns a good number of retirement homes. Almost every resident uses the internet from us. When they come in one of our residence, we install them a router freely so that they can use that service at home.The routers are simple Dlink.

Last year we have started to replace our main routers by Mikrotik products. I am talking here of the MAIN router, the one who manages the whole network of a single retirement home. It all went well but there is one problem that appered and that we never able to solve.

Problem identified: DHCP goes wild when a resident connect the wan link in the wrong port.

So:
1- The main mikrotik router is our DHCP server.
2- The mikrotik router provides an IP address for every DLINK that is added to the network.
3- As you may guess, it is necesseray that the network cable is plugged in the WAN port of the DLINK to be able to connect to the mikrotik and receive is DHCP.

Here is the problem:
Sometimes, a resident will plug the WAN cable in a LAN port instead of the WAN port.

Consequence:
For a reason unknown, the MIkrotik stops working as a DHCP so every single new device in that network does not receive any DHCP!

To correct this we have to find the DLINK router and plug it correctly. To give you an idea, we have over a hundred of Dlink router in some places. Finding it is time consuming and unprofessional.

When we were having our routers from another firm we did not had this kind of problem.

is there a config that we could activate in the mikrotik to solve this?

Thanks in advance for your help!
Dag
 
tdw
Member Candidate
Member Candidate
Posts: 185
Joined: Sat May 05, 2018 11:55 am

Re: Problem with DHCP

Fri Aug 16, 2019 4:14 pm

It is unlikely that DHCP on the Mikrotik stops working - it is often the case that a client router miscabled in this way will answer DHCP requests from other nearby client routers more quickly than your main router as they are closer (less network hops).

On your distribution switches you can either use port isolation (so a client port cannot communicate with any other client port, only the uplink), or DHCP snooping (with the uplink port set as trusted) to prevent this.
 
Kommando
just joined
Posts: 9
Joined: Sat Aug 03, 2019 5:39 pm

Re: Problem with DHCP

Fri Aug 16, 2019 4:28 pm

Fill all the LAN ports with RJ45 dust covers and leave only the WAN port free.
 
Daguerre101
just joined
Topic Author
Posts: 5
Joined: Fri Aug 16, 2019 3:00 pm

Re: Problem with DHCP

Fri Aug 16, 2019 4:30 pm

Thanks for your fast answer tdw!

If I understand correctly, we could configure the DHCP snooping feature in the uplink port directly on the Mikrotik? So we would have only one port to configure to solve this?

If it is the case, in the settings of the port, is it like a checkbox called DHCP snooping that we simply have to check to activate?

Dag
 
tdw
Member Candidate
Member Candidate
Posts: 185
Joined: Sat May 05, 2018 11:55 am

Re: Problem with DHCP

Fri Aug 16, 2019 4:49 pm

You need to configure it on all of the switches which have the final connection to the client routers, not the central Mikrotik. Some info on the wiki https://wiki.mikrotik.com/wiki/Manual:I ... _Option_82 more via the search engine of your choice.

If you are using so-called smart or web-managed switches they may not have DHCP snooping capabilites, so port isolation would work - I don't imagine you require direct client-to-client communications. If you are using unmanaged switches there isn't much you can do without replacing those switches.
 
User avatar
rdelacruz
newbie
Posts: 34
Joined: Thu Jul 14, 2016 8:12 pm

Re: Problem with DHCP

Fri Aug 16, 2019 5:16 pm

You can also try using Carrier-Grade NAT (100.64.0.0/10) on your network. I believe there's another DHCP server on the Dlink device causing the routing and NAT to not work because the same addresses occur on both inside and outside network interfaces.
 
Daguerre101
just joined
Topic Author
Posts: 5
Joined: Fri Aug 16, 2019 3:00 pm

Re: Problem with DHCP

Fri Aug 16, 2019 7:55 pm

Dang I know that we have a good number of unmanaged swiches in our park. So if I understand, if we have this kind of device I will have to remain with that problem unless we replce them? What I do not understand is that we did not have that kind of problem before changing for Mikrotik routers. We still had those unmanaged switches in the past. What could have caused this?
 
tdw
Member Candidate
Member Candidate
Posts: 185
Joined: Sat May 05, 2018 11:55 am

Re: Problem with DHCP

Fri Aug 16, 2019 8:27 pm

Dang I know that we have a good number of unmanaged swiches in our park. So if I understand, if we have this kind of device I will have to remain with that problem unless we replce them?
Yes, if you have a flat unmanaged layer 2 network you are the the mercy of whatever clients plug in.

What I do not understand is that we did not have that kind of problem before changing for Mikrotik routers. We still had those unmanaged switches in the past. What could have caused this?
All I can think of is that the Mikrotik client routers answer DHCP requests more quickly than the previous devices. Did people misconnect the previous devices, or was it more clear which port was which e.g.the ethernet sockets being in different coloured plastic rather than just a colour/symbol/legend on the label?

If replacing the switches isn't an option you could move your distribution network onto a VLAN as most unmanaged switches are transparent to tagged traffic, then if the feed to a particular client router is incorrectly plugged into a LAN port it would offer DHCP untagged and be invisible anything on your tagged WAN network, so preventing other devices from obtaining an incorrect lease. It would, however, require reconfiguring all of your devices - could be scripted and thoroughly tested if you have remote access for deployment.
 
Daguerre101
just joined
Topic Author
Posts: 5
Joined: Fri Aug 16, 2019 3:00 pm

Re: Problem with DHCP

Fri Aug 16, 2019 8:36 pm

OK thanks for your advice. That will be very useful for us to find a solution.
I will present this thread at my meeting next week and see what comes out of it.

Have a great day
Dag
 
Daguerre101
just joined
Topic Author
Posts: 5
Joined: Fri Aug 16, 2019 3:00 pm

Re: Problem with DHCP

Mon Sep 09, 2019 6:59 pm

Good day everyone,

I have made a followup of the information that you provided to our service provider. I was particularly interested in this comment by tdw:
"If replacing the switches isn't an option you could move your distribution network onto a VLAN as most unmanaged switches are transparent to tagged traffic, then if the feed to a particular client router is incorrectly plugged into a LAN port it would offer DHCP untagged and be invisible anything on your tagged WAN network, so preventing other devices from obtaining an incorrect lease. It would, however, require reconfiguring all of your devices - could be scripted and thoroughly tested if you have remote access for deployment."

I confirm you that for now, upgrading these switches to new ones would not be accepted by upper management, so that door is closed altough I have required that all our future switches can be manageable.

So meanwhile we need to find a solution and the advice given by tdw seen above seems the best one to answer our needs.

So if I understand correctly:
1- We create a Vlan called let's say living quarters on our Mikrotik router.
2- in this Vlan
- we specifiy the mikrotik router as our main DHCP.
- we create the IP range as usual.
3- On the mikrotik router, I configure the uplink port that goes to one of our "dumb" switches stating the the only network is the VLAN called living quarters.(These swtiches have only one network anyway)
4- The switch receives this new instruction and apply the new settings on every single port.
5- All the "DLINK" routers reestablished their link with a new IP address provided by the DHCP address provided in the VLAn settings: The mikrotik router. (Here we will have a signal cut.)
6- happy ending where everyone is happy. :)

Does it goes like this?

Have a great day
Dag

Who is online

Users browsing this forum: Majestic-12 [Bot] and 28 guests