The CAPsMAN DHCP assigns a wrong address

doomer · Fri Dec 15, 2023 2:24 pm

Hi there!
I have 2 router-network. It is roamed by CAPsMAN (hAP ax^2 and hAP ax lite).
There are 4 networks. Main2.4, Main5, Guest2.4, Guest5 and romed Main2.4 and Guest2.4.
Guest networks are virtual.
There are 2 DHCP pools, 2 DHCP servers, 2 bridges.

Everythins works. But when user devices are connect to GUEST networks DHCP servers assigns wrong network address from MAIN network

CAPsMAN:

 export compact
# 2023-12-15 18:07:53 by RouterOS 7.12.1
# software id = SJPN-HJF3
#
# model = C52iG-5HaxD2HaxD
# serial number = 
/interface bridge
add name=GUEST_NETWORKs_bridge vlan-filtering=yes
add name=MAIN_NETWORK_bridge vlan-filtering=yes
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1 name=pppoe-out1 user=\
  user
/interface wifiwave2 channel
add band=2ghz-ax disabled=no name=MAIN_NETWORK2 skip-dfs-channels=disabled
add band=5ghz-ax disabled=no name=MAIN_NETWORK5 skip-dfs-channels=disabled
/interface wifiwave2 datapath
add bridge=MAIN_NETWORK_bridge disabled=no name=MAIN_NETWORK
add bridge=GUEST_NETWORKs_bridge client-isolation=yes disabled=no name=GUEST_NETWORKs
/interface wifiwave2 security
add authentication-types=wpa2-psk disabled=no encryption=ccmp group-encryption=\
    ccmp group-key-update=30m name=MAIN_NETWORK
add authentication-types=wpa2-psk disabled=no encryption=ccmp group-encryption=\
    ccmp group-key-update=30m name=GUEST_NETWORKs
/interface wifiwave2 configuration
add channel=MAIN_NETWORK2 country=Kyrgyzstan datapath=MAIN_NETWORK disabled=no mode=ap name=\
    MAIN_NETWORK2 security=MAIN_NETWORK ssid=MAIN_NETWORK
add channel=MAIN_NETWORK5 country=Kyrgyzstan datapath=MAIN_NETWORK disabled=no mode=ap name=\
    MAIN_NETWORK5 security=MAIN_NETWORK ssid=MAIN_NETWORK
add channel=MAIN_NETWORK2 country=Kyrgyzstan datapath=GUEST_NETWORKs datapath.bridge=\
    GUEST_NETWORKs_bridge disabled=no mode=ap name=GUEST_NETWORKs2 security=GUEST_NETWORKs ssid=\
    GUEST_NETWORKs tx-power=5
add channel=MAIN_NETWORK5 country=Kyrgyzstan datapath=GUEST_NETWORKs datapath.bridge=\
    GUEST_NETWORKs_bridge disabled=no mode=ap name=GUEST_NETWORKs5 security=GUEST_NETWORKs ssid=\
    GUEST_NETWORKs tx-power=5
/interface wifiwave2
add configuration=MAIN_NETWORK2 configuration.mode=ap disabled=no name=s2 radio-mac=\
    48:A9:8A:9F:7A:D6
set [ find default-name=wifi2 ] configuration=MAIN_NETWORK2 configuration.mode=ap \
    disabled=no name=s2r
set [ find default-name=wifi1 ] configuration=MAIN_NETWORK5 configuration.mode=ap \
    disabled=no name=s5r
add configuration=GUEST_NETWORKs2 configuration.mode=ap datapath=GUEST_NETWORKs \
    datapath.bridge=GUEST_NETWORKs_bridge disabled=no mac-address=4A:A9:8A:9F:7A:D6 \
    master-interface=s2 name=d2
add configuration=GUEST_NETWORKs2 configuration.mode=ap datapath=GUEST_NETWORKs \
    datapath.bridge=GUEST_NETWORKs_bridge disabled=no mac-address=4A:A9:8A:C8:49:20 \
    master-interface=s2r name=d2r
add configuration=GUEST_NETWORKs5 configuration.mode=ap datapath=GUEST_NETWORKs \
    datapath.bridge=GUEST_NETWORKs_bridge disabled=no mac-address=4A:A9:8A:C8:49:1F \
    master-interface=s5r name=d5r
/ip pool
add name=MAIN_NETWORK_pool ranges=192.168.192.1-192.168.192.254
add name=GUEST_NETWORKs_pool ranges=192.168.11.5-192.168.11.250
/ip dhcp-server
add address-pool=MAIN_NETWORK_pool interface=MAIN_NETWORK_bridge name=sky_dhcp \
    server-address=192.168.192.1
add address-pool=GUEST_NETWORKs_pool interface=GUEST_NETWORKs_bridge name=GUEST_NETWORKs_dhcp \
    server-address=192.168.11.1
/interface bridge port
add bridge=MAIN_NETWORK_bridge interface=ether2
add bridge=MAIN_NETWORK_bridge interface=ether3
add bridge=MAIN_NETWORK_bridge interface=ether4
add bridge=MAIN_NETWORK_bridge interface=ether5
add bridge=MAIN_NETWORK_bridge interface=*6
add bridge=MAIN_NETWORK_bridge interface=*7
add bridge=MAIN_NETWORK_bridge interface=*18
add bridge=MAIN_NETWORK_bridge interface=*19
/interface bridge vlan
add bridge=MAIN_NETWORK_bridge vlan-ids=501
/interface wifiwave2 access-list
add action=reject disabled=no interface=d2r signal-range=-120..-80
add action=reject disabled=no interface=s5r signal-range=-120..-80
add action=reject disabled=no interface=s2r signal-range=-120..-80
add action=reject disabled=no interface=d5r signal-range=-120..-80
/interface wifiwave2 cap
set caps-man-addresses=127.0.0.1 discovery-interfaces=MAIN_NETWORK_bridge enabled=yes
/interface wifiwave2 capsman
set enabled=yes package-path="" require-peer-certificate=no upgrade-policy=none
/interface wifiwave2 provisioning
add action=create-enabled disabled=no master-configuration=MAIN_NETWORK5 name-format=\
    cap slave-configurations=GUEST_NETWORKs5 supported-bands=5ghz-ax
add action=create-enabled disabled=no master-configuration=MAIN_NETWORK2 name-format=\
    cap slave-configurations=GUEST_NETWORKs2 supported-bands=2ghz-ax
/ip address
add address=192.168.192.1/24 interface=MAIN_NETWORK_bridge network=192.168.192.0
add address=192.168.11.1/24 interface=GUEST_NETWORKs_bridge network=192.168.11.0
/ip dhcp-server lease
add address=192.168.192.254 client-id=1:94:de:80:a3:cc:f4 mac-address=\
    94:DE:80:A3:CC:F4 server=sky_dhcp
/ip dhcp-server network
add address=192.168.11.0/24 dns-server=192.168.11.1 gateway=192.168.11.1 \
    netmask=24
add address=192.168.192.0/24 dns-server=192.168.192.1 gateway=192.168.192.1 \
    netmask=24
/ip dns
set allow-remote-requests=yes servers=8.8.8.8
/ip firewall nat
add action=masquerade chain=srcnat out-interface=pppoe-out1
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes

CAPsMAN client

# mode: AP, SSID: MAIN_NETWORK, channel: 2452/ax/Ce
set [ find default-name=wifi1 ] configuration.manager=capsman datapath=capdp \
    disabled=no
# managed by CAPsMAN
# mode: AP, SSID: GUEST_NETWORK
add configuration.mode=ap datapath=capdp datapath.vlan-id=502 disabled=no \
    mac-address=4A:A9:8A:9F:7A:D6 master-interface=wifi1 name=wifi3
/port
set 0 name=serial0
/interface bridge port
add bridge=bridgeLocal comment=defconf interface=ether1
add bridge=bridgeLocal comment=defconf interface=ether2
add bridge=bridgeLocal comment=defconf interface=ether3
add bridge=bridgeLocal comment=defconf interface=ether4
/interface wifiwave2 cap
set discovery-interfaces=bridgeLocal enabled=yes slaves-datapath=capdp \
    slaves-static=yes
/ip dhcp-client
add comment=defconf interface=bridgeLocal

Fri Dec 15, 2023 2:30 pm

Restart config on capsman controller only using 1 single bridge.
There is no need to have multiple bridges here.

doomer · Fri Dec 15, 2023 3:09 pm

Restart config on capsman controller only using 1 single bridge.
There is no need to have multiple bridges here.

I have just tried to disable the second bridge and corrected datapasses but still have the same problem. And it sometimes had happened before, but always now.

UPD: It always assingns a wrong address because the second GUEST dhcp server doesn`t work.
2 DHCP servers can`t work together on a single bridge.

gotsprings · Fri Dec 15, 2023 3:39 pm

If you have caps-man man forwarding on. You need to add the interfaces to the bridge with the Guest DHCP server.

If you use local forwarding... It's a VLAN thing.

whatever · Fri Dec 15, 2023 3:48 pm

AX is always local forwarding

gotsprings · Fri Dec 15, 2023 3:51 pm

Put the DHCP server on the VLAN. You should only be using one bridge.

Fri Dec 15, 2023 3:52 pm

UPD: It always assingns a wrong address because the second GUEST dhcp server doesn`t work.
2 DHCP servers can`t work together on a single bridge.

There can only be 1 DHCP server on 1 interface. But in your case you need to attach that DHCP server to the VLAN responsible for handling that guest part.
I have 6 DHCP servers on a single bridge using VLAN here at home. It works without any issue when done correctly.
Check your VLAN settings then.
Use this help page as guidance:
https://help.mikrotik.com/docs/display/ ... ionexample:

I advice to start your config again from scratch to avoid any left-overs causing issues.

doomer · Fri Dec 15, 2023 4:38 pm

UPD: It always assingns a wrong address because the second GUEST dhcp server doesn`t work.
2 DHCP servers can`t work together on a single bridge.
There can only be 1 DHCP server on 1 interface. But in your case you need to attach that DHCP server to the VLAN responsible for handling that guest part.
I have 6 DHCP servers on a single bridge using VLAN here at home. It works without any issue when done correctly.
Check your VLAN settings then.
Use this help page as guidance:
https://help.mikrotik.com/docs/display/ ... ionexample:

I advice to start your config again from scratch to avoid any left-overs causing issues.

Thanks you for your advice. I have managed with my issue. With your help and with help of one women.
https://www.youtube.com/watch?v=LLuGby1ecVM
I don`t know thai language but I untedstood everything by pictures and body language)))

The CAPsMAN DHCP assigns a wrong address [SOLVED]

The CAPsMAN DHCP assigns a wrong address

Re: DHCP assigns wrong address

Re: DHCP assigns wrong address

Re: The CAPsMAN DHCP assigns a wrong address

Re: The CAPsMAN DHCP assigns a wrong address

Re: The CAPsMAN DHCP assigns a wrong address

Re: DHCP assigns wrong address [SOLVED]

Re: DHCP assigns wrong address

Who is online