Hello. I am new here and still a beginner on Mikrotik.
I have an SXTSA5 setup as AP bridge and a Tplink CPE605 setup as client. I have stable connection between them however any device connected (wired) to TPlink does not get DHCP. Setting device with static IP works fine.
Also if a device connects on Wifi to SSID of Miktorik it gets DHCP and works fine too. So it seems something is blocking DHCP requests coming from TPLink. Firewall table is empty.
What I noticed is that from Winbox terminal I cannot ping any IP both on local network and internet.
Any ideas?
Re: DHCP not passing through wireless link
Well yes.Any ideas?
.I have an SXTSA5 setup as AP bridge and a Tplink CPE605 setup as client.
By using a non-Mikrotik client you lose the "bridge" function in "AP-brdge". This means the client cannot do "station bridge", but only "station" or "station pseudobridge". This means that there is only one IP and MAC for "station", and there you have to NAT/masquerade the final destination. With "station pseudobridge" you have one MAC only, what might confuse the DHCP server.
A better fit with the SXT SA5 would have been SXTsq 5 (both "ac" or not). "bridge" function would work, and possibly the 2 wifi chains would be active, doubling the interface rate. With the SXTsq 5 in "station-bridge" mode you have a transparant L2 bridged network.
.
.any device connected (wired) to TPlink does not get DHCP.
With the station setup at the TPlink, the devices should get an IP address from the TPlink. Those addresses will be NATed by the TPlink to its own WAN IP address of the SXTSA5 network.
In repeater modus (Mikrotik terminology= "station pseudobridge") the DHCP from the SXTSA5 network might fail, if the DHCP server uses the MAC address instead of ff:ff:ff:ff:ff:ff.
.
.Also if a device connects on Wifi to SSID of Miktorik it gets DHCP and works fine too
Yes they are just another station in the SXTSA5 network
.
.So it seems something is blocking DHCP requests coming from TPLink. Firewall table is empty.
DHCP requests are not forwarded over router or NAT. If it is "pseudo-bridge" it is mostly the DHCP offer from the server that does not reach the client (MAC mismatch)
.
.What I noticed is that from Winbox terminal I cannot ping any IP both on local network and internet.
You cannot find the devices behind a NATting router in the reverse direction.
Not getting to internet is not related to this, unless the path to internet is through the TPlink
-
-
Moonwalker031
just joined
- Posts: 7
- Joined:
Re: DHCP not passing through wireless link
Thanks for clarifying.
The setup is SXTSA5 feeding 4 TPlink CPE510 spread over a wide area at about 500m to 2km distance. Each Tplink has 1 or 2 IP cameras set at 4Mbps.
The mikrotik was configured by someone else before me and DHCP used to work fine. It was having some speed issues lately so I took a backup and upgraded OS. However when restored it was all scrambled and could not get it working again so I had to set it up from scratch. This is where the DHCP problem started.
I am also still having speed issues when uploading from TPlink side (all stations ) (download is quite stable).
I set up a similar setup on another site and there too have same issues so maybe I am doing something wrong. Here is the Mikrotik config :
# jan/06/1970 06:49:55 by RouterOS 6.49.1
# software id = PLI7-PCBQ
#
# model = SXT G-5HPnD r2
# serial number = C7190C*****
/interface bridge
add arp=reply-only name=LANWAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa-psk,wpa2-psk eap-methods="" mode=dynamic-keys \
name=profile1 supplicant-identity="" wpa-pre-shared-key=G********8 \
wpa2-pre-shared-key=G*******8
/interface wireless
set [ find default-name=wlan1 ] band=5ghz-a/n channel-width=20/40mhz-Ce \
country="united states" disabled=no frequency=5220 mode=ap-bridge \
security-profile=profile1 ssid=G*******4 wireless-protocol=802.11 \
wps-mode=disabled
/interface bridge nat
add action=dst-nat chain=dstnat disabled=yes dst-port=68 ip-protocol=udp \
mac-protocol=ip src-port=67 to-dst-mac-address=FF:FF:FF:FF:FF:FF
/interface bridge port
add bridge=LANWAN interface=ether1
add bridge=LANWAN interface=wlan1 point-to-point=yes
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/ip address
add address=192.168.1.50/24 interface=ether1 network=192.168.1.0
/ip dhcp-client
add interface=LANWAN
/ip dhcp-relay
add dhcp-server=192.168.2.1 interface=wlan1 local-address=192.168.1.254 name=\
relay1
/ip dns
set allow-remote-requests=yes
The setup is SXTSA5 feeding 4 TPlink CPE510 spread over a wide area at about 500m to 2km distance. Each Tplink has 1 or 2 IP cameras set at 4Mbps.
The mikrotik was configured by someone else before me and DHCP used to work fine. It was having some speed issues lately so I took a backup and upgraded OS. However when restored it was all scrambled and could not get it working again so I had to set it up from scratch. This is where the DHCP problem started.
I am also still having speed issues when uploading from TPlink side (all stations ) (download is quite stable).
I set up a similar setup on another site and there too have same issues so maybe I am doing something wrong. Here is the Mikrotik config :
# jan/06/1970 06:49:55 by RouterOS 6.49.1
# software id = PLI7-PCBQ
#
# model = SXT G-5HPnD r2
# serial number = C7190C*****
/interface bridge
add arp=reply-only name=LANWAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa-psk,wpa2-psk eap-methods="" mode=dynamic-keys \
name=profile1 supplicant-identity="" wpa-pre-shared-key=G********8 \
wpa2-pre-shared-key=G*******8
/interface wireless
set [ find default-name=wlan1 ] band=5ghz-a/n channel-width=20/40mhz-Ce \
country="united states" disabled=no frequency=5220 mode=ap-bridge \
security-profile=profile1 ssid=G*******4 wireless-protocol=802.11 \
wps-mode=disabled
/interface bridge nat
add action=dst-nat chain=dstnat disabled=yes dst-port=68 ip-protocol=udp \
mac-protocol=ip src-port=67 to-dst-mac-address=FF:FF:FF:FF:FF:FF
/interface bridge port
add bridge=LANWAN interface=ether1
add bridge=LANWAN interface=wlan1 point-to-point=yes
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/ip address
add address=192.168.1.50/24 interface=ether1 network=192.168.1.0
/ip dhcp-client
add interface=LANWAN
/ip dhcp-relay
add dhcp-server=192.168.2.1 interface=wlan1 local-address=192.168.1.254 name=\
relay1
/ip dns
set allow-remote-requests=yes
Re: DHCP not passing through wireless link
Don't fully understand your setup. Is there a DHCP server on 192.169.2.1 that will give leases for 192.168.1.0/24 ?
Entries to check (clock, services can only be assigned to bridge not to interfaces connected to the bridge, reply_only, dhcp_relay, disabled bridge NAT hack)
# jan/06/1970 06:49:55 by RouterOS 6.49.1
/interface bridge
add arp=reply-only name=LANWAN
/interface bridge nat
add action=dst-nat chain=dstnat disabled=yes dst-port=68 ip-protocol=udp \
mac-protocol=ip src-port=67 to-dst-mac-address=FF:FF:FF:FF:FF:FF
/ip address
add address=192.168.1.50/24 interface=ether1 network=192.168.1.0
/ip dhcp-relay
add dhcp-server=192.168.2.1 interface=wlan1 local-address=192.168.1.254 name=\
relay1
Entries to check (clock, services can only be assigned to bridge not to interfaces connected to the bridge, reply_only, dhcp_relay, disabled bridge NAT hack)
# jan/06/1970 06:49:55 by RouterOS 6.49.1
/interface bridge
add arp=reply-only name=LANWAN
/interface bridge nat
add action=dst-nat chain=dstnat disabled=yes dst-port=68 ip-protocol=udp \
mac-protocol=ip src-port=67 to-dst-mac-address=FF:FF:FF:FF:FF:FF
/ip address
add address=192.168.1.50/24 interface=ether1 network=192.168.1.0
/ip dhcp-relay
add dhcp-server=192.168.2.1 interface=wlan1 local-address=192.168.1.254 name=\
relay1
-
-
Moonwalker031
just joined
- Posts: 7
- Joined:
Re: DHCP not passing through wireless link
Oh those entries for DHCP relay, Arp=reply only, are just test I was doing but did not work.
The DHCP server is on 192.168.1.254.
/interface bridge nat
add action=dst-nat chain=dstnat disabled=yes dst-port=68 ip-protocol=udp \
mac-protocol=ip src-port=67 to-dst-mac-address=FF:FF:FF:FF:FF:FF
This was also added after some googling but did not work and so disabled.
The DHCP server is on 192.168.1.254.
/interface bridge nat
add action=dst-nat chain=dstnat disabled=yes dst-port=68 ip-protocol=udp \
mac-protocol=ip src-port=67 to-dst-mac-address=FF:FF:FF:FF:FF:FF
This was also added after some googling but did not work and so disabled.
Re: DHCP not passing through wireless link
Before you posted your config, I was going to ask if you had DHCP snooping enabled but didn't have that link marked as a trusted interface…
…but now I realize it could be the inverse of the same problem: could it be that your WiFi gear is doing DHCP snooping and is rejecting those packets as untrustworthy, on the assumption that only it is supposed to be the one trustworthy source of DHCP? Is there a "trusted" flag you can set on that interface to inform it that DHCP is expected to come in via that path?
…but now I realize it could be the inverse of the same problem: could it be that your WiFi gear is doing DHCP snooping and is rejecting those packets as untrustworthy, on the assumption that only it is supposed to be the one trustworthy source of DHCP? Is there a "trusted" flag you can set on that interface to inform it that DHCP is expected to come in via that path?
Re: DHCP not passing through wireless link
I don't get it./ip dhcp-relay
add dhcp-server=192.168.2.1 interface=wlan1 local-address=192.168.1.254 name=\
relay1
The DHCP server is on 192.168.1.254.
If 192.168.1.254 is the DHCP server, why use a relay here on 192.168.1.254 local address? (same subnet, bridged ?)
..... and the relay points to 192.168.2.1 as DHCP server?
So then ....
DHCP server is on 192.168.2.1 (also distributing leases for network 192.168.1.0/24)
DHCP relay is on 192.168.1.254 (Wlan1 interface should be the bridge interface LANWAN)
Who is online
Users browsing this forum: neki and 42 guests