Hello guys,
I'm banging my head with an issue. I have a Mikrotik RB4011iGS+ installed on a Unifi based network that provides ethernet and Wi-Fi connectivity. The problem lies with the DHCP server on the Mikrotik mainly with Apple devices.
They connect to the Wi-Fi network, they have their IP assigned but not the gateway address, thus inhibiting internet connection. I have tried upgrading firmware on both Unifi devices and the router (running 6.47.8 stable). I have some VLANs configured and it happens on all of them. The Unifi devices reside on a dedicated VLAN for their own management.
Do you have any suggestions?
Re: DHCP acting weird
Share your config:
export hide-sensitive
export hide-sensitive
Re: DHCP acting weird
# nov/03/2021 11:55:24 by RouterOS 6.47.8
# software id = NBVD-4KFD
#
# model = RB4011iGS+
# serial number = B8F60A4BBEC5
/interface bridge
add admin-mac=74:4D:28:86:1F:96 auto-mac=no comment=defconf name=bridge
/interface ethernet
set [ find default-name=ether3 ] mtu=1504
/interface vlan
add comment="NX MGMT" disabled=yes interface=ether5 name=vlan32 vlan-id=32
add comment=GUEST interface=ether5 mtu=1504 name=vlan35 vlan-id=35
add comment=CCTV interface=ether5 name=vlan40 vlan-id=40
add comment="TREART MGMT" interface=ether5 name=vlan50 vlan-id=50
/interface ethernet switch port
set 0 default-vlan-id=0
set 1 default-vlan-id=0
set 2 default-vlan-id=0
set 3 default-vlan-id=0
set 4 default-vlan-id=0
set 5 default-vlan-id=0
set 6 default-vlan-id=0
set 7 default-vlan-id=0
set 8 default-vlan-id=0
set 9 default-vlan-id=0
set 10 default-vlan-id=0
set 11 default-vlan-id=0
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip ipsec policy group
add name=norba
/ip ipsec profile
add dh-group=modp2048,modp1536,modp1024 enc-algorithm=aes-256,aes-192,aes-128 \
hash-algorithm=sha256 name=norba
/ip ipsec peer
add exchange-mode=ike2 local-address=5.99.163.50 name=gianpaolo passive=yes \
profile=norba
/ip ipsec proposal
add auth-algorithms=sha512,sha256,sha1 enc-algorithms="aes-256-cbc,aes-256-ctr\
,aes-256-gcm,aes-192-ctr,aes-192-gcm,aes-128-cbc,aes-128-ctr,aes-128-gcm" \
lifetime=8h name=norba pfs-group=modp2048
/ip pool
add comment="DHCP di servizio" name=service ranges=\
192.168.88.201-192.168.88.250
add comment="NX MGMT" name=vlan32-pool ranges=192.168.32.30-192.168.33.230
add comment=GUEST name=vlan35-pool ranges=192.168.35.50-192.168.36.250
add comment="TREART MGMT" name=vlan50-pool ranges=\
192.168.50.10-192.168.50.250
add name=ovpn_pool ranges=192.168.3.10-192.168.3.100
/ip dhcp-server
add address-pool=service bootp-support=none disabled=no interface=ether9 \
lease-time=1d name=service
add address-pool=vlan32-pool bootp-support=none interface=vlan32 lease-time=\
1d name=vlan32-dhcp
add address-pool=vlan35-pool bootp-support=none disabled=no interface=vlan35 \
lease-time=1d name=vlan35-dhcp
add address-pool=vlan50-pool bootp-support=none disabled=no interface=vlan50 \
lease-time=1d name=vlan50-dhcp
add address-pool=vlan32-pool bootp-support=none disabled=no interface=ether3 \
lease-time=1d name=NX-MGMT
/ip ipsec mode-config
add address-pool=ovpn_pool address-prefix-length=32 name=norba split-include=\
0.0.0.0/0 system-dns=no
/ppp profile
set *0 interface-list=all
add local-address=192.168.3.1 name=norba remote-address=ovpn_pool
/interface bridge port
add bridge=bridge comment=defconf disabled=yes interface=ether2
add bridge=bridge comment=defconf disabled=yes interface=ether4
add bridge=bridge comment=defconf disabled=yes interface=ether6
add bridge=bridge comment=defconf disabled=yes interface=ether7
add bridge=bridge comment=defconf disabled=yes interface=ether8
add bridge=bridge comment=defconf disabled=yes interface=ether10
add bridge=bridge comment=defconf interface=sfp-sfpplus1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface l2tp-server server
set authentication=chap,mschap2 default-profile=norba use-ipsec=yes
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/interface ovpn-server server
set auth=sha1 certificate=Server-Norba cipher=aes256 default-profile=norba \
enabled=yes
/interface sstp-server server
set default-profile=norba
/ip address
add address=192.168.33.1/23 comment="NX MGMT" interface=ether3 network=\
192.168.32.0
add address=192.168.33.1/23 disabled=yes interface=vlan32 network=\
192.168.32.0
add address=192.168.35.1/23 comment=GUEST interface=vlan35 network=\
192.168.34.0
add address=192.168.40.1/24 comment=TVCC interface=vlan40 network=\
192.168.40.0
add address=192.168.50.1/24 comment="TREART MGMT" interface=vlan50 network=\
192.168.50.0
add address=5.99.163.50/29 comment=Telecom interface=ether1 network=\
5.99.163.48
add address=192.168.88.1/24 comment=service interface=ether9 network=\
192.168.88.0
/ip dhcp-client
add comment=defconf interface=ether1
/ip dhcp-server lease
add address=192.168.33.29 comment=Denon-Living mac-address=00:05:CD:DF:93:AC \
server=NX-MGMT
add address=192.168.33.30 comment=Denon-Terrace mac-address=00:06:78:5B:D8:B8 \
server=NX-MGMT
add address=192.168.33.31 comment=Projector-Terrace mac-address=\
00:0D:0A:01:B1:E3 server=NX-MGMT
add address=192.168.33.181 comment=LedWall mac-address=A8:AA:62:00:0D:55 \
server=NX-MGMT
add address=192.168.33.182 comment=PC-Touch1 mac-address=00:D8:61:34:77:C1 \
server=NX-MGMT
add address=192.168.33.183 comment=PC-Touch2 mac-address=00:D8:61:AA:6D:FE \
server=NX-MGMT
add address=192.168.33.184 comment=WinSupport mac-address=94:C6:91:19:D8:B6 \
server=NX-MGMT
add address=192.168.33.34 comment="Terrace AV client" lease-time=1d \
mac-address=94:C6:91:A1:FF:97 server=NX-MGMT
add address=192.168.33.38 comment="Party Audio client" lease-time=1d \
mac-address=94:C6:91:1A:47:4A server=NX-MGMT
add address=192.168.33.36 comment="Master bedroom audio client" lease-time=1d \
mac-address=94:C6:91:1A:44:74 server=NX-MGMT
add address=192.168.33.35 comment=Jukebox lease-time=1d mac-address=\
94:C6:91:19:CF:30 server=NX-MGMT
add address=192.168.33.39 comment="Living AV client" lease-time=1d \
mac-address=94:C6:91:1A:48:3B server=NX-MGMT
/ip dhcp-server network
add address=192.168.3.0/24 comment=OpenVPN
add address=192.168.32.0/23 comment="NX MGMT" dns-server=8.8.8.8,8.8.4.4 \
gateway=192.168.33.1
add address=192.168.34.0/23 comment=GUEST dns-server=8.8.8.8,8.8.4.4 gateway=\
192.168.35.1
add address=192.168.50.0/24 comment="TREART MGMT" dns-server=8.8.8.8,8.8.4.4 \
gateway=192.168.50.1
add address=192.168.88.0/24 comment=service dns-server=8.8.8.8,8.8.4.4 \
gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
"defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=accept chain=input comment=OpenVPN dst-port=1194 in-interface=\
ether1 protocol=tcp
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
disabled=yes in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
/ip firewall nat
add action=src-nat chain=srcnat comment="defconf: masquerade" ipsec-policy=\
out,none out-interface-list=WAN to-addresses=5.99.163.50
add action=dst-nat chain=dstnat comment=Allarme1 dst-port=3062 in-interface=\
ether1 protocol=tcp to-addresses=192.168.33.141 to-ports=3062
add action=dst-nat chain=dstnat comment=Allarme2 dst-port=3062 in-interface=\
ether1 protocol=udp to-addresses=192.168.33.141 to-ports=3062
/ip ipsec identity
add auth-method=digital-signature certificate=Server-Norba generate-policy=\
port-strict match-by=certificate mode-config=norba peer=gianpaolo \
policy-template-group=norba remote-certificate=gianpaolo1
/ip ipsec policy
add dst-address=192.168.3.0/24 group=norba proposal=norba src-address=\
0.0.0.0/0 template=yes
/ip route
add distance=1 gateway=5.99.163.49
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
/ppp secret
add name=nextworks profile=norba service=ovpn
add name=gianpaolo profile=norba service=ovpn
/system clock
set time-zone-name=Europe/Rome
/system identity
set name=MASTER
/system logging
set 0 action=disk disabled=yes
set 1 action=disk
set 2 action=disk
set 3 action=disk
/tool e-mail
set address=authsmtp.treart-evolution.com from=backup@treart-evolution.com \
user=backup@treart-evolution.com
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
/tool netwatch
add down-script=":log info \"Ping to 8.8.8.8 FAILED\"" host=8.8.8.8 interval=\
2m up-script=":log info \"Ping to 8.8.8.8 successful\""
# software id = NBVD-4KFD
#
# model = RB4011iGS+
# serial number = B8F60A4BBEC5
/interface bridge
add admin-mac=74:4D:28:86:1F:96 auto-mac=no comment=defconf name=bridge
/interface ethernet
set [ find default-name=ether3 ] mtu=1504
/interface vlan
add comment="NX MGMT" disabled=yes interface=ether5 name=vlan32 vlan-id=32
add comment=GUEST interface=ether5 mtu=1504 name=vlan35 vlan-id=35
add comment=CCTV interface=ether5 name=vlan40 vlan-id=40
add comment="TREART MGMT" interface=ether5 name=vlan50 vlan-id=50
/interface ethernet switch port
set 0 default-vlan-id=0
set 1 default-vlan-id=0
set 2 default-vlan-id=0
set 3 default-vlan-id=0
set 4 default-vlan-id=0
set 5 default-vlan-id=0
set 6 default-vlan-id=0
set 7 default-vlan-id=0
set 8 default-vlan-id=0
set 9 default-vlan-id=0
set 10 default-vlan-id=0
set 11 default-vlan-id=0
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip ipsec policy group
add name=norba
/ip ipsec profile
add dh-group=modp2048,modp1536,modp1024 enc-algorithm=aes-256,aes-192,aes-128 \
hash-algorithm=sha256 name=norba
/ip ipsec peer
add exchange-mode=ike2 local-address=5.99.163.50 name=gianpaolo passive=yes \
profile=norba
/ip ipsec proposal
add auth-algorithms=sha512,sha256,sha1 enc-algorithms="aes-256-cbc,aes-256-ctr\
,aes-256-gcm,aes-192-ctr,aes-192-gcm,aes-128-cbc,aes-128-ctr,aes-128-gcm" \
lifetime=8h name=norba pfs-group=modp2048
/ip pool
add comment="DHCP di servizio" name=service ranges=\
192.168.88.201-192.168.88.250
add comment="NX MGMT" name=vlan32-pool ranges=192.168.32.30-192.168.33.230
add comment=GUEST name=vlan35-pool ranges=192.168.35.50-192.168.36.250
add comment="TREART MGMT" name=vlan50-pool ranges=\
192.168.50.10-192.168.50.250
add name=ovpn_pool ranges=192.168.3.10-192.168.3.100
/ip dhcp-server
add address-pool=service bootp-support=none disabled=no interface=ether9 \
lease-time=1d name=service
add address-pool=vlan32-pool bootp-support=none interface=vlan32 lease-time=\
1d name=vlan32-dhcp
add address-pool=vlan35-pool bootp-support=none disabled=no interface=vlan35 \
lease-time=1d name=vlan35-dhcp
add address-pool=vlan50-pool bootp-support=none disabled=no interface=vlan50 \
lease-time=1d name=vlan50-dhcp
add address-pool=vlan32-pool bootp-support=none disabled=no interface=ether3 \
lease-time=1d name=NX-MGMT
/ip ipsec mode-config
add address-pool=ovpn_pool address-prefix-length=32 name=norba split-include=\
0.0.0.0/0 system-dns=no
/ppp profile
set *0 interface-list=all
add local-address=192.168.3.1 name=norba remote-address=ovpn_pool
/interface bridge port
add bridge=bridge comment=defconf disabled=yes interface=ether2
add bridge=bridge comment=defconf disabled=yes interface=ether4
add bridge=bridge comment=defconf disabled=yes interface=ether6
add bridge=bridge comment=defconf disabled=yes interface=ether7
add bridge=bridge comment=defconf disabled=yes interface=ether8
add bridge=bridge comment=defconf disabled=yes interface=ether10
add bridge=bridge comment=defconf interface=sfp-sfpplus1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface l2tp-server server
set authentication=chap,mschap2 default-profile=norba use-ipsec=yes
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/interface ovpn-server server
set auth=sha1 certificate=Server-Norba cipher=aes256 default-profile=norba \
enabled=yes
/interface sstp-server server
set default-profile=norba
/ip address
add address=192.168.33.1/23 comment="NX MGMT" interface=ether3 network=\
192.168.32.0
add address=192.168.33.1/23 disabled=yes interface=vlan32 network=\
192.168.32.0
add address=192.168.35.1/23 comment=GUEST interface=vlan35 network=\
192.168.34.0
add address=192.168.40.1/24 comment=TVCC interface=vlan40 network=\
192.168.40.0
add address=192.168.50.1/24 comment="TREART MGMT" interface=vlan50 network=\
192.168.50.0
add address=5.99.163.50/29 comment=Telecom interface=ether1 network=\
5.99.163.48
add address=192.168.88.1/24 comment=service interface=ether9 network=\
192.168.88.0
/ip dhcp-client
add comment=defconf interface=ether1
/ip dhcp-server lease
add address=192.168.33.29 comment=Denon-Living mac-address=00:05:CD:DF:93:AC \
server=NX-MGMT
add address=192.168.33.30 comment=Denon-Terrace mac-address=00:06:78:5B:D8:B8 \
server=NX-MGMT
add address=192.168.33.31 comment=Projector-Terrace mac-address=\
00:0D:0A:01:B1:E3 server=NX-MGMT
add address=192.168.33.181 comment=LedWall mac-address=A8:AA:62:00:0D:55 \
server=NX-MGMT
add address=192.168.33.182 comment=PC-Touch1 mac-address=00:D8:61:34:77:C1 \
server=NX-MGMT
add address=192.168.33.183 comment=PC-Touch2 mac-address=00:D8:61:AA:6D:FE \
server=NX-MGMT
add address=192.168.33.184 comment=WinSupport mac-address=94:C6:91:19:D8:B6 \
server=NX-MGMT
add address=192.168.33.34 comment="Terrace AV client" lease-time=1d \
mac-address=94:C6:91:A1:FF:97 server=NX-MGMT
add address=192.168.33.38 comment="Party Audio client" lease-time=1d \
mac-address=94:C6:91:1A:47:4A server=NX-MGMT
add address=192.168.33.36 comment="Master bedroom audio client" lease-time=1d \
mac-address=94:C6:91:1A:44:74 server=NX-MGMT
add address=192.168.33.35 comment=Jukebox lease-time=1d mac-address=\
94:C6:91:19:CF:30 server=NX-MGMT
add address=192.168.33.39 comment="Living AV client" lease-time=1d \
mac-address=94:C6:91:1A:48:3B server=NX-MGMT
/ip dhcp-server network
add address=192.168.3.0/24 comment=OpenVPN
add address=192.168.32.0/23 comment="NX MGMT" dns-server=8.8.8.8,8.8.4.4 \
gateway=192.168.33.1
add address=192.168.34.0/23 comment=GUEST dns-server=8.8.8.8,8.8.4.4 gateway=\
192.168.35.1
add address=192.168.50.0/24 comment="TREART MGMT" dns-server=8.8.8.8,8.8.4.4 \
gateway=192.168.50.1
add address=192.168.88.0/24 comment=service dns-server=8.8.8.8,8.8.4.4 \
gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
"defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=accept chain=input comment=OpenVPN dst-port=1194 in-interface=\
ether1 protocol=tcp
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
disabled=yes in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
/ip firewall nat
add action=src-nat chain=srcnat comment="defconf: masquerade" ipsec-policy=\
out,none out-interface-list=WAN to-addresses=5.99.163.50
add action=dst-nat chain=dstnat comment=Allarme1 dst-port=3062 in-interface=\
ether1 protocol=tcp to-addresses=192.168.33.141 to-ports=3062
add action=dst-nat chain=dstnat comment=Allarme2 dst-port=3062 in-interface=\
ether1 protocol=udp to-addresses=192.168.33.141 to-ports=3062
/ip ipsec identity
add auth-method=digital-signature certificate=Server-Norba generate-policy=\
port-strict match-by=certificate mode-config=norba peer=gianpaolo \
policy-template-group=norba remote-certificate=gianpaolo1
/ip ipsec policy
add dst-address=192.168.3.0/24 group=norba proposal=norba src-address=\
0.0.0.0/0 template=yes
/ip route
add distance=1 gateway=5.99.163.49
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
/ppp secret
add name=nextworks profile=norba service=ovpn
add name=gianpaolo profile=norba service=ovpn
/system clock
set time-zone-name=Europe/Rome
/system identity
set name=MASTER
/system logging
set 0 action=disk disabled=yes
set 1 action=disk
set 2 action=disk
set 3 action=disk
/tool e-mail
set address=authsmtp.treart-evolution.com from=backup@treart-evolution.com \
user=backup@treart-evolution.com
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
/tool netwatch
add down-script=":log info \"Ping to 8.8.8.8 FAILED\"" host=8.8.8.8 interval=\
2m up-script=":log info \"Ping to 8.8.8.8 successful\""
Re: DHCP acting weird
What VLAN are your Apple devices connecting to ?
Re: DHCP acting weird
They are connecting to GUEST and NX MGMT (which as you see is not a VLAN but on a dedicated physical port)
Re: DHCP acting weird
I notice your guest Vlan appears to have a slightly increased MTU but the underlying interface is ether 5 where as you've increased the MTU on ether 3?
This looks odd to me. Also keep in mind any switches you then connect on to will need a correspondingly enlarged MTU.
/interface ethernet
set [ find default-name=ether3 ] mtu=1504
/interface vlan
add comment="NX MGMT" disabled=yes interface=ether5 name=vlan32 vlan-id=32
add comment=GUEST interface=ether5 mtu=1504 name=vlan35 vlan-id=35
add comment=CCTV interface=ether5 name=vlan40 vlan-id=40
add comment="TREART MGMT" interface=ether5 name=vlan50 vlan-id=50
This looks odd to me. Also keep in mind any switches you then connect on to will need a correspondingly enlarged MTU.
/interface ethernet
set [ find default-name=ether3 ] mtu=1504
/interface vlan
add comment="NX MGMT" disabled=yes interface=ether5 name=vlan32 vlan-id=32
add comment=GUEST interface=ether5 mtu=1504 name=vlan35 vlan-id=35
add comment=CCTV interface=ether5 name=vlan40 vlan-id=40
add comment="TREART MGMT" interface=ether5 name=vlan50 vlan-id=50
Re: DHCP acting weird
Are you able to cut the switch out in your testing? Connect a laptop or AP directly to the router?
Re: DHCP acting weird
Eth5 -> interface vlan35 -> GUESTThey are connecting to GUEST and NX MGMT (which as you see is not a VLAN but on a dedicated physical port)
So your wireless (Ubiquity ?) AP devices are set up to work via vlan35 ?
Or am I missing something quite obvious here ?
Re: DHCP acting weird
I dont like the config as its a confused mess.
What happens at all the other ports?
What is the function of the bridge..
What I would do is assign the vlans to the bridge
Bridge port ether5 would be a trunk port etc......
Interface list members
each vlan would part of List=LAN
(bridge entry there now is a waste0
What happens at all the other ports?
What is the function of the bridge..
What I would do is assign the vlans to the bridge
Bridge port ether5 would be a trunk port etc......
Interface list members
each vlan would part of List=LAN
(bridge entry there now is a waste0
Re: DHCP acting weird
I'll try to respond to everyone:
The 1504 MTU is a suggestion I got from Ubiquiti forums for added compatibility with Apple mobile devices.
I could try connecting an AP directly, but the whole structure is big (30+ APs) and I'm not sure it would help, since the problem happens randomly.
My Ubiquity devices have their management on VLAN50 (where they get their IPs and internet connectivity to reach my controller in the cloud). The switch ports that serve the APs are configured to allow the GUEST and TREART VLANs and the NX MGMT. The APs then do the work of providing the respective SSID for each.
I am not using the bridge, I have disabled the ports I don't need from the bridge and configured only the ports I use (since I'm not the only guy accessing this rack and I cannot be certain of what other people would do, even if I have provided ether9 as a "service" port for internet access and some ports on a switch)
The 1504 MTU is a suggestion I got from Ubiquiti forums for added compatibility with Apple mobile devices.
I could try connecting an AP directly, but the whole structure is big (30+ APs) and I'm not sure it would help, since the problem happens randomly.
My Ubiquity devices have their management on VLAN50 (where they get their IPs and internet connectivity to reach my controller in the cloud). The switch ports that serve the APs are configured to allow the GUEST and TREART VLANs and the NX MGMT. The APs then do the work of providing the respective SSID for each.
I am not using the bridge, I have disabled the ports I don't need from the bridge and configured only the ports I use (since I'm not the only guy accessing this rack and I cannot be certain of what other people would do, even if I have provided ether9 as a "service" port for internet access and some ports on a switch)
Re: DHCP acting weird
Apart from disliking the configuration, any ideas about what the issue could be?
Re: DHCP acting weird
Hello, have you been successful with this issue? I have a friend with exactly the same issue (Mikrotik router + Ubiquiti APs) asking me for help with particular mobile phones getting occasionally IPs from uncofigured subnet. I didn't have time to investigate it yet, but googling it lead me here.Apart from disliking the configuration, any ideas about what the issue could be?