Community discussions

MikroTik App
 
User avatar
broderick
Member Candidate
Member Candidate
Topic Author
Posts: 242
Joined: Mon Nov 30, 2020 7:44 pm

DHCP lease for the gns3 VM on ether1. Why?

Tue Jan 03, 2023 12:55 pm

Hi and a Happy New Year to everyone,

I created a few Mk virtual devices on GNS3, and the project is growing up over time; I added wireguard tunnels to the original VLAN setup.
I noticed a strange dhcp lease for gns3 on the ether1 which also is the trunk port plugged to the "switch/ap" as shown by the image below:

diagramvlan-wg.jpg

Here is a screenshot of the lease window too:
leases.jpg
As you can see, all the leases are for the green vlan, the first twos as expected, but I didn't understand where the last one comes from, even though the status is on "offered".


My MK setup:
#
/interface bridge
add frame-types=admit-only-vlan-tagged name=BR1 protocol-mode=none \
    vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] comment=TRUNK
/interface wireguard
add listen-port=13231 mtu=1420 name=WG-Mikrotik-A
/interface vlan
add interface=BR1 name=BASE_VLAN vlan-id=99
add interface=BR1 name=Blue_VLAN vlan-id=30
add interface=BR1 name=Green_VLAN vlan-id=10
add interface=BR1 name=Red_VLAN vlan-id=20
/disk
set sata1 disabled=no
/interface list
add name=WAN
add name=VLAN
add name=BASE
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys \
    supplicant-identity=MikroTik
/ip pool
add name=Green_POOL ranges=10.0.10.2-10.0.10.254
add name=Red_POOL ranges=10.0.20.2-10.0.20.254
add name=Blue_POOL ranges=10.0.30.2-10.0.30.254
/ip dhcp-server
add address-pool=Green_POOL interface=Green_VLAN name=Green_DHCP
add address-pool=Red_POOL interface=Red_VLAN name=Red_DHCP
add address-pool=Blue_POOL interface=Blue_VLAN name=Blue_DHCP
/port
set 0 name=serial0
/interface bridge port
add bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged interface=\
    ether3 pvid=10
add bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged interface=\
    ether4 pvid=99
add bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged interface=\
    ether2 pvid=30
add bridge=BR1 frame-types=admit-only-vlan-tagged interface=ether1
/interface bridge vlan
add bridge=BR1 tagged=BR1,ether1 untagged=ether4 vlan-ids=99
add bridge=BR1 tagged=BR1,ether1 untagged=ether2 vlan-ids=30
add bridge=BR1 tagged=BR1,ether1 untagged=ether3 vlan-ids=10
add bridge=BR1 tagged=BR1,ether1 vlan-ids=20
/interface list member
add interface=ether5 list=WAN
add interface=BASE_VLAN list=VLAN
add interface=Blue_VLAN list=VLAN
add interface=Green_VLAN list=VLAN
add interface=Red_VLAN list=VLAN
add interface=BASE_VLAN list=BASE
/interface wireguard peers
add allowed-address=192.168.32.2/32,172.16.11.0/24,172.16.31.0/24 comment=\
    SITE_B interface=WG-Mikrotik-A persistent-keepalive=25s public-key=\
    "VjH/0AdK9cMNdE7ehJ1aFeFjbzCBBpxm9wJVgfQ="
/ip address
add address=10.0.10.1/24 interface=Green_VLAN network=10.0.10.0
add address=10.0.20.1/24 interface=Red_VLAN network=10.0.20.0
add address=10.0.30.1/24 interface=Blue_VLAN network=10.0.30.0
add address=192.168.99.1/24 interface=BASE_VLAN network=192.168.99.0
add address=192.168.32.1/24 interface=WG-Mikrotik-A network=192.168.32.0
/ip dhcp-client
add interface=ether5 use-peer-dns=no
/ip dhcp-server network
add address=10.0.10.0/24 dns-server=192.168.99.1 gateway=10.0.10.1
add address=10.0.20.0/24 dns-server=192.168.99.1 gateway=10.0.20.1
add address=10.0.30.0/24 dns-server=192.168.99.1 gateway=10.0.30.1
/ip dns
set allow-remote-requests=yes servers=1.1.1.1
/ip firewall filter
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related hw-offload=yes
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=accept chain=input in-interface-list=WAN src-address=192.168.3.100
add action=accept chain=input comment="Allow Estab & Related" \
    connection-state=established,related
add action=accept chain=input comment="defconf: accept ICMP" disabled=yes \
    protocol=icmp
add action=accept chain=input comment="Allow DNS services" dst-port=53 \
    in-interface-list=VLAN protocol=udp
add action=accept chain=input comment="Allow DNS services" dst-port=53 \
    in-interface-list=VLAN protocol=tcp
add action=accept chain=input comment="Allow Green_VLAN" in-interface=\
    Green_VLAN
add action=accept chain=input comment="Allow Base_Vlan Full Access" \
    in-interface=BASE_VLAN
add action=accept chain=input comment="WIREGUARD port" dst-port=13231 \
    protocol=udp
add action=accept chain=input comment="input Green_VLAN from WG-B" \
    src-address=172.16.11.0/24
add action=accept chain=forward comment="Allow Estab & Related" \
    connection-state=established,related
add action=accept chain=forward comment="Forward from Green to Green VLANs" \
    dst-address=172.16.11.0/24 src-address=10.0.10.0/24
add action=accept chain=forward comment="Forward from Green to Green VLANs" \
    dst-address=10.0.10.0/24 src-address=172.16.11.0/24
add action=accept chain=forward comment="VLAN Internet Access only" \
    connection-state=new in-interface-list=VLAN out-interface-list=WAN
add action=accept chain=forward in-interface=BASE_VLAN out-interface-list=\
    VLAN
add action=drop chain=input comment="drop all else" log=yes log-prefix=\
    drop_in
add action=drop chain=forward comment=Drop log=yes log-prefix=drop_forw
/ip firewall nat
add action=masquerade chain=srcnat log=yes out-interface-list=WAN
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set irc disabled=yes
/ip route
add disabled=no dst-address=172.16.11.0/24 gateway=WG-Mikrotik-A \
    routing-table=main suppress-hw-offload=no
add disabled=no distance=1 dst-address=172.16.31.0/24 gateway=WG-Mikrotik-A \
    pref-src=0.0.0.0 routing-table=main scope=30 suppress-hw-offload=no \
    target-scope=10
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
/system identity
set name=RouterSwitchAP
/tool mac-server
set allowed-interface-list=none
/tool mac-server mac-winbox
set allowed-interface-list=BASE
/tool romon
set enabled=yes

It is not a big deal actually since everything runs in a virtual environment, but I'd like to understand what is going on nonetheless.
Could you please help figure it out? Thanks
You do not have the required permissions to view the files attached to this post.

Who is online

Users browsing this forum: Semrush [Bot] and 61 guests