Community discussions

MikroTik App
 
gushhnet
just joined
Topic Author
Posts: 7
Joined: Fri Aug 07, 2020 11:17 pm

DHCP leasing to base address (offered, results without success)

Fri Apr 21, 2023 6:41 pm

Hi,
I'm trying a "defconf" from the wiki to get things started. I noticed both in the DHCP Server and the Logs that the base address is being offered a lease but it is obviously ignored.

"defconf offering lease 192.168.0.100 for XX:XX:XX:XX:XX:XX without success"

My DHCP pool is: 192.168.0.100-192.168.0.254 and 192.168.0.100 is being leased (attempted) to the router itself.

I searched the forums but I couldn't find a working solution, why is this happening?
Noticed because after seeing a few ARP addresses that were showing without a MAC address (different issue) so I entered the logs to figure it out and I stumbled upon a plethora of these dhcp warnings... Any pointers?

Also I'm not sure why the defconf starts with a bridge, isn't this a bad idea generally speaking?

Thanks in advance!
 
gushhnet
just joined
Topic Author
Posts: 7
Joined: Fri Aug 07, 2020 11:17 pm

Re: DHCP leasing to base address (offered, results without success)

Fri Apr 21, 2023 6:54 pm

I forgot to mention, in the bridge interface my "admin MAC" is the same as the routerboard, is this wrong?
Running version 6.49.6
 
User avatar
chechito
Forum Guru
Forum Guru
Posts: 2989
Joined: Sun Aug 24, 2014 3:14 am
Location: Bogota Colombia
Contact:

Re: DHCP leasing to base address (offered, results without success)

Fri Apr 21, 2023 7:17 pm

in most cases, this symptom reflects that there are problems in the access network. Not the router
 
gushhnet
just joined
Topic Author
Posts: 7
Joined: Fri Aug 07, 2020 11:17 pm

Re: DHCP leasing to base address (offered, results without success)

Fri Apr 21, 2023 8:06 pm

Hi, could you elaborate more on the subject?, this is not an issue with my configuration? even when RouterBoard issues the DHCP address to itself?
 
gushhnet
just joined
Topic Author
Posts: 7
Joined: Fri Aug 07, 2020 11:17 pm

Re: DHCP leasing to base address (offered, results without success)

Sun Apr 23, 2023 1:27 am

The DHCP Server offers this lease to the "bridge" interface, the ARP list shows no MAC address to this point. the lease attempt repeats every second (expiration from 30 to 31 seconds it shows) it is always in the state of "offered". Doesn't matter if i make it static in the ARP list, the DHCP still attempts to offer it.

No matter what I try the DHCP server still wants to offer a lease to the base LAN IP, surely there ought to be a way to prevent this? my log is full of errors. Thanks
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: DHCP leasing to base address (offered, results without success)

Sun Apr 23, 2023 1:52 am

How are we supposed to figure it out if you dont provide your config??
/export file=anynameyouwish ( minus router serial number and any public WANIP information )
 
gushhnet
just joined
Topic Author
Posts: 7
Joined: Fri Aug 07, 2020 11:17 pm

Re: DHCP leasing to base address (offered, results without success)

Sun Apr 23, 2023 7:00 am

I haven't yet because the raw output is over 3KB now that I loaded a few unwanted DNS addresses to block and there are other things I was testing, but here's a condensed version:
# apr/22/2023 20:51:49 by RouterOS 6.49.6
# software id = XXXX-XXXX
#
# model = RB3011UiAS
# serial number = XXXXXXXXXXXX
/interface bridge
add admin-mac=C4:AD:34:D5:BA:3B auto-mac=no comment=defconf dhcp-snooping=yes \
    igmp-snooping=yes name=bridge
/interface ethernet
set [ find default-name=ether3 ] advertise=\
    100M-half,100M-full,1000M-half,1000M-full rx-flow-control=auto \
    tx-flow-control=auto
set [ find default-name=ether7 ] comment=AP
set [ find default-name=ether9 ] comment=EXT
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.0.100-192.168.0.254
/ip dhcp-server
add address-pool=dhcp bootp-support=dynamic disabled=no interface=bridge \
    name=defconf
/queue simple
add disabled=yes max-limit=1G/1G name=ALL target=192.168.0.0/25
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
    sword,web,sniff,sensitive,api,romon,dude,tikapp"
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=ether6
add bridge=bridge comment=defconf interface=ether7
add bridge=bridge comment=defconf interface=ether8
add bridge=bridge comment=defconf interface=ether9
add bridge=bridge comment=defconf interface=ether10
add bridge=bridge comment=defconf interface=sfp1
/interface bridge settings
set use-ip-firewall=yes use-ip-firewall-for-vlan=yes
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface detect-internet
set detect-interface-list=all
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
add comment=wanagg interface=ether2 list=WAN
/ip address
add address=192.168.0.1/24 comment=defconf interface=ether2 network=\
    192.168.0.0
add address=143.X.X.X/24 comment="  " interface=ether1 network=143.x.x.x
/ip arp
add address=192.168.0.109 comment="AP/ROUTER EXT" interface=bridge \
    mac-address=14:EB:XX:XX:XX:XX
add address=192.168.0.100 interface=bridge mac-address=C4:AD:XX:XX:XX:XX
/ip dhcp-client
add comment=defconf interface=ether1
/ip dhcp-server lease
add address=192.168.0.104 client-id=1:b0:95:XX:XX:XX:XX comment=EAP245 \
    mac-address=B0:95:XX:XX:XX:XX server=defconf
add address=192.168.0.101 client-id=1:54:3a:XX:XX:XX:XX mac-address=\
    54:3A:XX:XX:XX:XX server=defconf
add address=192.168.0.110 client-id=1:84:1b:XX:XX:XX:XX comment="" \
    mac-address=84:1B:XX:XX:XX:XX server=defconf
add address=192.168.0.121 client-id=1:74:d4:XX:XX:XX:XX mac-address=\
    74:D4:XX:XX:XX:XX server=defconf
add address=192.168.0.115 client-id=1:8:11:XX:XX:XX:XX mac-address=\
    08:11:XX:XX:XX:XX server=defconf
/ip dhcp-server network
add address=192.168.0.0/24 dns-server=192.168.0.1 gateway=192.168.0.1 \
    netmask=24
add address=192.168.88.0/24 comment=defconf dns-server=192.168.0.1 gateway=\
    192.168.88.1 netmask=24
/ip dns
set allow-remote-requests=yes cache-max-ttl=1d cache-size=500000KiB \
    max-concurrent-queries=2000 max-concurrent-tcp-sessions=200 \
    query-server-timeout=3s servers=8.8.8.8,192.168.0.1
/ip dns static
add address=192.168.0.1 comment=defconf name=router.lan
add address=240.0.0.1 name=0.0.0.0
/ip firewall filter
add action=reject chain=forward dst-address=240.0.0.1 protocol=udp \
    reject-with=icmp-network-unreachable
add action=reject chain=forward dst-address=240.0.0.1 log=yes log-prefix=\
    ADBLOCK protocol=tcp reject-with=tcp-reset
add action=drop chain=forward comment=adblock dst-address=240.0.0.1
add action=reject chain=forward disabled=yes dst-port=80,443 layer7-protocol=\
    Pinterest port="" protocol=tcp reject-with=tcp-reset
add action=reject chain=forward disabled=yes dst-port=80,443 layer7-protocol=\
    Facebook protocol=tcp reject-with=tcp-reset
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=drop chain=forward comment=\
    "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
    "defconf: accept to local loopback (for CAPsMAN)" disabled=yes \
    dst-address=127.0.0.1
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    disabled=yes ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    disabled=yes ipsec-policy=out,ipsec
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
/ip firewall nat
add action=redirect chain=dstnat comment="dns redirect (udp)" dst-address=\
    !192.168.0.1 dst-port=53 in-interface=all-ethernet protocol=udp to-ports=\
    53
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN
add action=dst-nat chain=dstnat comment=WebServer dst-address=143.X.X.X \
    dst-port=81 protocol=tcp to-addresses=192.168.0.119 to-ports=81
add action=dst-nat chain=dstnat dst-address=143.X.X.X dst-port=10554 \
    protocol=tcp to-addresses=192.168.0.119 to-ports=10554
add action=dst-nat chain=dstnat dst-address=143.X.X.X dst-port=10080 \
    protocol=tcp to-addresses=192.168.0.119 to-ports=10080
add action=masquerade chain=srcnat connection-limit=100,32 disabled=yes \
    dst-address=143.X.X.X dst-port=81 protocol=tcp src-address=\
    192.168.0.1-192.168.0.255
add action=dst-nat chain=dstnat dst-address=143.X.X.X dst-port=443 \
    protocol=tcp src-port="" to-addresses=192.168.0.0/24 to-ports=0
add action=dst-nat chain=dstnat dst-address=143.X.X.X dst-port=1935 \
    protocol=tcp src-port="" to-addresses=192.168.0.1-192.168.0.255 to-ports=\
    1935
add action=dst-nat chain=dstnat dst-address=143.X.X.X dst-port=14567 port=\
    "" protocol=udp src-port="" to-addresses=192.168.0.114 to-ports=14567
add action=dst-nat chain=dstnat dst-address=143.X.X.X dst-port=14690 \
    protocol=udp to-addresses=192.168.0.114 to-ports=14690
add action=dst-nat chain=dstnat dst-address=143.X.X.X dst-port=23000-23009 \
    protocol=udp to-addresses=192.168.0.121 to-ports=23000-23009
/ip proxy
set always-from-cache=yes anonymous=yes cache-on-disk=yes cache-path=\
    disk1/proxy max-cache-object-size=409600KiB max-fresh-time=2d
/ip proxy access
add action=deny disabled=yes dst-host=facebook.com
/ip route
add distance=1 gateway=143.X.X.X
add distance=1 dst-address=143.X.X.X/32 gateway=143.X.X.X
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www port=27787
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ip smb
set allow-guests=no domain=WORKGROUP enabled=yes
/ip smb shares
add directory=disk1/ name=usb
/ip upnp
set enabled=yes
/lcd
set backlight-timeout=50m default-screen=stats
/snmp
set enabled=yes
/system clock
set time-zone-name=XXXXXXX
/system note
set note="smb\r\
    \nweb proxy"
/system ntp client
set enabled=yes primary-ntp=118.67.201.10 secondary-ntp=31.193.144.2
/system script
add dont-require-permissions=no name=script1 owner=admin policy=\
    ftp,read,write,policy,test,password,sniff,sensitive,romon source="add chai\
    n=input protocol=tcp dst-port=21 src-address-list=ftp_blacklist action=dro\
    p \\\r\
    \ncomment=\"drop ftp brute forcers\"\r\
    \n\r\
    \nadd chain=output action=accept protocol=tcp content=\"530 Login incorrec\
    t\" dst-limit=1/1m,9,dst-address/1m\r\
    \n\r\
    \nadd chain=output action=add-dst-to-address-list protocol=tcp content=\"5\
    30 Login incorrect\" \\\r\
    \naddress-list=ftp_blacklist address-list-timeout=3h"
/tool bandwidth-server
set enabled=no
/tool graphing interface
add
/tool graphing resource
add
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
/tool netwatch
add down-script=":for i from=0 to=15 step=5 do={ :beep frequency=1000 length=8\
    0ms; :delay 600ms; }" host=192.168.0.109 interval=30s timeout=2s \
    up-script=":beep frequency=2000 length=100ms; :delay 100ms;:beep frequency\
    =1000 length=100ms; :delay 250ms;"
I cleaned it up to remove unneeded data.
 
User avatar
Buckeye
Forum Veteran
Forum Veteran
Posts: 883
Joined: Tue Sep 11, 2018 2:03 am
Location: Ohio, USA

Re: DHCP leasing to base address (offered, results without success)

Sun Apr 23, 2023 7:28 am

/ip address
add address=143.X.X.X/24 comment=" " interface=ether1 network=143.x.x.x
/ip dhcp-client
add comment=defconf interface=ether1

Is it valid to set a static address on an interface that is also a dhcp-client?

I have never tried, but I would expect either one or the other. On Ubuiquiti EdgeOS it isn't allowed, the only way to do something similar is by creating a pseudoethernet interface sharing the physical port.

Also in post #1 you have this: "My DHCP pool is: 192.168.0.100-192.168.0.254 and 192.168.0.100 is being leased (attempted) to the router itself."

Do you have some loop that is letting the the LAN side connect to the WAN side?
 
holvoetn
Forum Guru
Forum Guru
Posts: 5319
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: DHCP leasing to base address (offered, results without success)

Sun Apr 23, 2023 9:30 am

It is possible to do so. Only when that interface is part of bridge you will get an error, I believe.

Is it sensible to do so ? That's another question.

Who is online

Users browsing this forum: Google [Bot], JDF, qatar2022 and 46 guests