Community discussions

MikroTik App
 
mix359
just joined
Topic Author
Posts: 15
Joined: Fri Jan 04, 2013 8:20 pm

Invalid Arp Entries in 7.4 version

Thu Jul 21, 2022 5:31 pm

Hi to All,

I've updated the main router in my school this week from the 6.x to last 7.x version (7.4) and I've started noticing some problem that I haven't noticed in my lab environment:

I'm using from many years the "reply-only" arp option on the interfaces of the laboratories of my school, to increase the security, assigning all the ips from the mikrotik's dhcp (static leases), and with the 6.x version, and previous versions, have ever worked perfectly.
Now the "reply-only" option seam still working, but I've some problem on the arp table: many of the record of the table from those interfaces are marked as invalid, like this one:
mikrotik_arp_problem_example.png

I've tried deleting one of those invalid records from the arp table and made the computer to do a new dhcp request. I can see the leases on the dhcp server that is bound, but nothing appear on the arp table for that device.
I've double checked in the dhcp server configuration and the "Add ARP for leases" option is flagged.

Here's are part of the configuration of one of the interfaces and the relative dhcp server:
/interface vlan
add arp=reply-only interface="LAN (sfp-sfpplus2)" name="lab_6 (24)" vlan-id=24
/ip dhcp-server
add add-arp=yes authoritative=after-2sec-delay interface="lab_6 (24)" \
    lease-time=3d name=lab_6
/ip dhcp-server network
add address=10.1.24.0/23 dns-server=10.1.100.101,10.1.100.102,10.1.24.254 \
    gateway=10.1.24.254 netmask=23 wins-server=10.1.100.102
/ip dhcp-server lease
add address=10.1.25.8 comment="igroove - L33-PC08" mac-address=\
    xx:xx:xx:xx:xx:xx server=lab_6

Does something have changed on this arp/dhcp server part in the 7.x releases? Could be a bug?

Thanks to all
Best regards
Daniele
You do not have the required permissions to view the files attached to this post.
 
mrkacg
just joined
Posts: 12
Joined: Wed May 08, 2019 9:12 pm

Re: Invalid Arp Entries in 7.4 version

Thu Jan 19, 2023 5:33 pm

I have the same problem with version 7.7
 
grosnico
just joined
Posts: 5
Joined: Tue Feb 21, 2023 2:57 pm

Re: Invalid Arp Entries in 7.4 version

Tue Feb 21, 2023 3:03 pm

Same problem too. Searched a little after upgrading from 6.4 why hotspot was not working....
Is there a solution except set enable arp on interface?
Last edited by grosnico on Tue Feb 21, 2023 3:42 pm, edited 1 time in total.
 
vasilii
just joined
Posts: 12
Joined: Fri May 14, 2021 12:41 pm

Re: Invalid Arp Entries in 7.4 version

Thu Feb 23, 2023 8:02 am

hello
the same for me but it happens from time to time. all arp are invalid. devices are getting dhcp but have no internet access.
I was tryiung to make supout file but each time ccr is been rebooting after 32%.
I use hotspot on the bridge where bonding and vlans are setupped. and I had no such issue before upgrading from 6 ROS to 7
 
ThienVo
just joined
Posts: 3
Joined: Thu Feb 09, 2023 11:15 am

Re: Invalid Arp Entries in 7.4 version

Fri May 12, 2023 1:34 pm

I also had the same problem on version 7.9 when I turned on Reply-only ARP, then the Hotspot login page didn't work, I checked the ARP table and it said Invalid
 
User avatar
antosusan
just joined
Posts: 11
Joined: Mon Apr 03, 2023 7:37 am
Location: Indonesia

Re: Invalid Arp Entries in 7.4 version

Wed Jun 07, 2023 5:03 am

Hi to All,

I've updated the main router in my school this week from the 6.x to last 7.x version (7.4) and I've started noticing some problem that I haven't noticed in my lab environment:

I'm using from many years the "reply-only" arp option on the interfaces of the laboratories of my school, to increase the security, assigning all the ips from the mikrotik's dhcp (static leases), and with the 6.x version, and previous versions, have ever worked perfectly.
Now the "reply-only" option seam still working, but I've some problem on the arp table: many of the record of the table from those interfaces are marked as invalid, like this one:
mikrotik_arp_problem_example.png


I've tried deleting one of those invalid records from the arp table and made the computer to do a new dhcp request. I can see the leases on the dhcp server that is bound, but nothing appear on the arp table for that device.
I've double checked in the dhcp server configuration and the "Add ARP for leases" option is flagged.

Here's are part of the configuration of one of the interfaces and the relative dhcp server:
/interface vlan
add arp=reply-only interface="LAN (sfp-sfpplus2)" name="lab_6 (24)" vlan-id=24
/ip dhcp-server
add add-arp=yes authoritative=after-2sec-delay interface="lab_6 (24)" \
    lease-time=3d name=lab_6
/ip dhcp-server network
add address=10.1.24.0/23 dns-server=10.1.100.101,10.1.100.102,10.1.24.254 \
    gateway=10.1.24.254 netmask=23 wins-server=10.1.100.102
/ip dhcp-server lease
add address=10.1.25.8 comment="igroove - L33-PC08" mac-address=\
    xx:xx:xx:xx:xx:xx server=lab_6

Does something have changed on this arp/dhcp server part in the 7.x releases? Could be a bug?

Thanks to all
Best regards
Daniele
do you have to try reboot your router? maybe will work for you
 
grosnico
just joined
Posts: 5
Joined: Tue Feb 21, 2023 2:57 pm

Re: Invalid Arp Entries in 7.4 version

Wed Aug 30, 2023 2:20 pm

Seem still the same in 7.11
 
miguelos
just joined
Posts: 18
Joined: Wed Mar 09, 2011 2:15 pm

Re: Invalid Arp Entries in 7.4 version

Wed Oct 18, 2023 2:29 pm

Issue still there in 7.11
Anyone have it running in 7.x ? Can't mikrotik fix this ?
 
grosnico
just joined
Posts: 5
Joined: Tue Feb 21, 2023 2:57 pm

Re: Invalid Arp Entries in 7.4 version

Wed Nov 01, 2023 11:13 pm

Didn't see anything related in 7.12RC changelog...so should still be there in 7.12
 
User avatar
Kentzo
Long time Member
Long time Member
Posts: 512
Joined: Mon Jan 27, 2014 3:35 pm
Location: California

Re: Invalid Arp Entries in 7.4 version

Sat Dec 16, 2023 12:35 am

Had the similar problem with 7.12.1 on RB952Ui (MIPSBE) but not C53UiG (arm64). The reboot fixed invalid static entries, as they became valid.

SUP-137777 (cool number)
 
grosnico
just joined
Posts: 5
Joined: Tue Feb 21, 2023 2:57 pm

Re: Invalid Arp Entries in 7.4 version

Thu Dec 21, 2023 9:37 am

Still the same with 7.13
 
User avatar
Kentzo
Long time Member
Long time Member
Posts: 512
Joined: Mon Jan 27, 2014 3:35 pm
Location: California

Re: Invalid Arp Entries in 7.4 version

Wed Jan 10, 2024 9:10 am

Same on 7.13.1

Except this time the ARP record remains invalid even after a reboot. To get this fixed I had to remove and re-add the entry. Rebooted after each action, for good measure.
 
User avatar
Kentzo
Long time Member
Long time Member
Posts: 512
Joined: Mon Jan 27, 2014 3:35 pm
Location: California

Re: Invalid Arp Entries in 7.4 version

Tue Jan 16, 2024 10:44 pm

Smooth upgrade from 7.13.1 to 7.13.2: the static ARP record was not marked as invalid. Fixed?
 
networkadmin33
just joined
Posts: 3
Joined: Sun Dec 26, 2021 4:22 pm

Re: Invalid Arp Entries in 7.4 version

Fri Jan 19, 2024 10:28 am

For me, the problem seems to occur immediately after the hotspot user appears in the active list. As a workaround, disabling the ARP entry and then enabling it using the following hotspot user-profiles On-Login script has solved the problem for now.
:local arplist [/ip arp find where disabled =no]
:foreach i in=$arplist do={
  if ([/ip arp get $i address] = $address) do={
/ip arp disable $i
/ip arp enable $i
}
}
To add the script to all Hotspot users (removes current On-Login scripts):
updated below
Last edited by networkadmin33 on Sat Jan 20, 2024 1:22 pm, edited 1 time in total.
 
networkadmin33
just joined
Posts: 3
Joined: Sun Dec 26, 2021 4:22 pm

Re: Invalid Arp Entries in 7.4 version

Sat Jan 20, 2024 1:10 pm

The above script works only for static ARP entries. A workaround for dynamic entries is to disable and enable add-arp-for-leases on the DHCP server.
Here is a script that works for both (removes current On-Login scripts):
/ip hotspot user profile set [find] on-login="Fix_arp_schedule"


/system script add dont-require-permissions=no name=Fix_arp owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":lo\
    cal darplist [/ip arp find where invalid=yes and dynamic=yes]\r\
    \nif ( [:len \$darplist] > 0 ) do={ \r\
    \n:log info [:len \$darplist]\r\
    \n:local dlist [/ip dhcp-server find where add-arp=yes and disabled=no]; \r\
    \n/ip dhcp-server set \$dlist add-arp=no; \r\
    \n/ip dhcp-server set \$dlist add-arp=yes; }\r\
    \n\r\
    \n\r\
    \n:local sarplist [/ip arp find where invalid=yes and dynamic=no and disable\
    d=no]\r\
    \nif ( [:len \$sarplist] > 0 ) do={ \r\
    \n/ip arp disable \$sarplist;\r\
    \n/ip arp enable \$sarplist;\r\
    \n}"

/system script add dont-require-permissions=no name=Fix_arp_schedule owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="/\
    system scheduler add name=Fix_arp interval=00:00:01 on-event=\"/system sch\
    eduler remove Fix_arp;/system script run Fix_arp;\""
    
/system scheduler add disabled=no interval=5s name=FixArp on-event=Fix_arp policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon

Last edited by networkadmin33 on Mon Jan 29, 2024 6:04 pm, edited 2 times in total.
 
User avatar
Kentzo
Long time Member
Long time Member
Posts: 512
Joined: Mon Jan 27, 2014 3:35 pm
Location: California

Re: Invalid Arp Entries in 7.4 version

Thu Jan 25, 2024 8:34 pm

The 7.13.2 -> 7.13.3 upgrade broke the ARP record, it's "invalid" upon the first boot. Had to delete the record, reboot, and add then re-add it.
 
User avatar
Kentzo
Long time Member
Long time Member
Posts: 512
Joined: Mon Jan 27, 2014 3:35 pm
Location: California

Re: Invalid Arp Entries in 7.4 version

Mon Feb 12, 2024 10:09 pm

The 7.13.3 -> 7.13.4 upgrade broke the ARP record, it's "invalid" upon the first boot. Toggling the enabled status fixed the issue.

Who is online

Users browsing this forum: adimihaix, Google [Bot] and 73 guests