If it's known devices, can you give the devices the same DHCP reservation (called Static in Mikrotik) on all three routers?
Yes, I realize that this is a problem with a lot of devices that randomize the device MAC...
I do not want to assign static leases to each of them. There are many hundreds of devices (the subnet is a /22) and I would not want to track each of them to see if they fell out of usage.... and then indeed they could vary the MAC address.
Numbering the same is not something I have originally done (I probably would not have done that) but as it is, it is not that inconvenient.
Note that there is no issue for the connected devices themselves, but the (different manufacturer) WiFi solution has started to complain about it, for no reason at all.
It seems to me that it would be easier to renumber the sites so they each use unique subnets. That would also make it easier for the sites to be able to communicate with each using the vpn (without needing to resort to NAT solutions for overlapping networks, something that may be useful even though you are not currently doing so). Just curious, do all the sites use the same SSID as well?
Yes, they use the same SSID. And the devices normally pick (and get) the same address on all networks. But of course only when it is still available.
When a device picks an address on router #1 (the head office) the same address is normally still available on #2 and #3, and they get it and use it there.
However in some cases (about 5 out of 300) there is a collision and the same address gets used for different devices, especially when the user does not often come to the head office.
Not a problem at all for the network, but the WiFi solution (not MikroTik, of course!) is centrally managed and after an update it started sending alerts "duplicate IP in use", which is a bit annoying. So I am trying to work around it.
Renumbering the networks would mean that "stick to the same IP" would be lost, and there would be no benefit as there is no need whatsoever for these subnets to be routed.
We have different subnets, the "LAN subnets" for the locations, which are routed, and which now are mostly used for some legacy stuff and indeed for the management of the routers, and the "WiFi subnets" which only require routing towards internet, not towards the LAN or to devices on the other locations. "everything in the cloud", you know...
What WiFi solution are you referring to?
It is from the well known competitor with the U.
They try to do all kinds of health monitoring that sometimes goes a bit too far. But unfortunately it does not appear to be configurable.
It needs a config page with a list of checkmarks where you can enable/disable the monitoring of all that stuff....
(e.g. they also alert when a user's DNS request is not replied to within a certain time by the router, but that of course depends on the global DNS speed which is not always fast)
I'm thinking if it would be an option (I have done that before) to setup a "delay threshold" of e.g. 3 seconds in the DHCP servers of the branch routers, and then configure a "dhcp relay" towards the main office router. That should make most requests be handled by that single router, and the branch office DHCP servers be used in case of an outage of the VPN or the head office router.
However, up to now I have only done that with an ISC DHCP server as the main DHCP server, not with the MikroTik DHCP. So I will need to find if it correctly handles those request that are from "a local IP range" but come in from a remote network via VPN on a completely different IP address... (outside that range). Because of course I cannot just route that same range.