Community discussions

MikroTik App
 
jefalm
just joined
Topic Author
Posts: 3
Joined: Wed Apr 26, 2023 5:46 pm

RB2011 can't access between Two DHCP servers

Wed Apr 26, 2023 6:07 pm

Hello all, I have mikrotik router RB2011UAS-RM, I have setup two DHCP servers and three WAN connections in DHCP, its works well, but i can't comunicate between two DHCP servers
this is my full setup config, If someone experienced user can give me some help and hints, thank you all the best.
/interface ethernet
set [ find default-name=ether1 ] name=ether1-WAN1
set [ find default-name=ether2 ] name=ether2-WAN2
set [ find default-name=ether3 ] name=ether3-WAN3
set [ find default-name=ether4 ] name=ether4-LAN1
set [ find default-name=ether5 ] name=ether5-LAN2
/interface list
add name=lan
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_rede-interna ranges=192.168.100.2-192.168.100.254
add name=dhcp_Impressoras ranges=192.169.0.2-192.169.0.254
add name=pool1 ranges=192.168.0.2-192.168.0.254
/ip dhcp-server
add add-arp=yes address-pool=dhcp_rede-interna always-broadcast=yes \
    bootp-support=dynamic interface=ether5-LAN2 name=DHCP_rede-interna
add add-arp=yes address-pool=dhcp_Impressoras always-broadcast=yes \
    bootp-support=dynamic interface=ether4-LAN1 name=DHCP_Impressoras
/port
set 0 name=serial0
/routing table
add fib name=TO_WAN1
add fib name=TO_WAN2
add fib name=TO_WAN3
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface list member
add interface=ether4-LAN1 list=lan
add interface=ether5-LAN2 list=lan
/interface ovpn-server server
set auth=sha1,md5
/ip address
add address=192.168.100.1/24 interface=ether5-LAN2 network=192.168.100.0
add address=192.168.18.50/24 disabled=yes interface=ether1-WAN1 network=\
    192.168.18.0
add address=192.168.102.50/24 disabled=yes interface=ether2-WAN2 network=\
    192.168.102.0
add address=192.168.103.50/24 disabled=yes interface=ether3-WAN3 network=\
    192.168.103.0
add address=192.169.0.1/24 interface=ether4-LAN1 network=192.169.0.0
/ip dhcp-client
add interface=ether1-WAN1
add interface=ether2-WAN2
add interface=ether3-WAN3
/ip dhcp-server network
add address=192.168.100.0/24 dns-server=8.8.8.8 gateway=192.168.100.1 netmask=8
add address=192.169.0.0/24 dns-server=8.8.8.8 gateway=192.169.0.1 netmask=8
/ip firewall address-list
add address=192.168.100.2-192.168.100.254 list=LAN_USERS
add address=192.168.18.0/24 list=WAN_SUBNET
add address=192.168.102.0/24 list=WAN_SUBNET
add address=192.169.0.2-192.169.0.254 list=LAN_USERS
add address=192.168.103.0/24 list=WAN_SUBNET
/ip firewall mangle
add action=accept chain=prerouting dst-address-list=WAN_SUBNET
add action=mark-routing chain=prerouting new-routing-mark=TO_WAN1 passthrough=\
    yes per-connection-classifier=both-addresses-and-ports:3/0 \
    src-address-list=LAN_USERS src-address-type=!local
add action=mark-routing chain=prerouting new-routing-mark=TO_WAN2 passthrough=\
    yes per-connection-classifier=both-addresses-and-ports:3/1 \
    src-address-list=LAN_USERS src-address-type=!local
add action=mark-routing chain=prerouting new-routing-mark=TO_WAN3 passthrough=\
    yes per-connection-classifier=both-addresses-and-ports:3/2 \
    src-address-list=LAN_USERS src-address-type=!local
/ip firewall nat
add action=masquerade chain=srcnat src-address-list=LAN_USERS
/ip route
add disabled=no dst-address=0.0.0.0/0 gateway=192.168.18.1 routing-table=\
    TO_WAN1 suppress-hw-offload=no
add disabled=no dst-address=0.0.0.0/0 gateway=192.168.102.1 routing-table=\
    TO_WAN2 suppress-hw-offload=no
add disabled=no dst-address=0.0.0.0/0 gateway=192.168.103.1 routing-table=\
    TO_WAN3 suppress-hw-offload=no
/system clock
set time-zone-name=America/Sao_Paulo
 
User avatar
Ca6ko
Member
Member
Posts: 498
Joined: Wed May 04, 2022 10:59 pm
Location: Kharkiv, Ukraine

Re: RB2011 can't access between Two DHCP servers

Thu Apr 27, 2023 5:11 pm

but i can't comunicate between two DHCP servers
I don't understand you. What kind of interaction between servers are we talking about?
There will be no interaction between the DHCP server clients in your setup because you gave them the actual netmask /8 and they think they are on the same L2 segment.
/ip dhcp-server network
add address=192.168.100.0/24 dns-server=8.8.8.8 gateway=192.168.100.1
netmask=8
add address=192.169.0.0/24 dns-server=8.8.8.8 gateway=192.169.0.1 netmask=8

Remove the value of the netmask and then the netmask /24 from the address setting will apply.
 
jefalm
just joined
Topic Author
Posts: 3
Joined: Wed Apr 26, 2023 5:46 pm

Re: RB2011 can't access between Two DHCP servers

Thu Apr 27, 2023 9:04 pm

Hi Ca6ko, the communication would be to the file server that is on the 192.168.100.1 network, I tried to do the configuration that you passed here but it still does not access
 
User avatar
Ca6ko
Member
Member
Posts: 498
Joined: Wed May 04, 2022 10:59 pm
Location: Kharkiv, Ukraine

Re: RB2011 can't access between Two DHCP servers

Fri Apr 28, 2023 10:58 am

the communication would be to the file server that is on the 192.168.100.1 network,
I still don't understand you.
Draw a network diagram and post the updated config viewtopic.php?p=908118
 
jefalm
just joined
Topic Author
Posts: 3
Joined: Wed Apr 26, 2023 5:46 pm

Re: RB2011 can't access between Two DHCP servers  [SOLVED]

Mon May 01, 2023 3:57 am

Good evening, I was able to solve it as follows, create an address list for the networks with the LAN_USERS number and then create a firewall rule:
/ip firewall filter
add action=accept chain=forward dst-address=192.169.0.0/24 dst-address-list=\
LAN_USERS src-address=192.168.100.0/24 src-address-list=LAN_USERS
add action=accept chain=forward dst-address=192.168.100.0/24 dst-address-list=\
LAN_USERS src-address=192.169.0.0/24 src-address-list=LAN_USERS

Who is online

Users browsing this forum: GoogleOther [Bot], haedertowfeq, JDF, mozerd, mtest001 and 48 guests