I decided to change the diapason…
…everything started working! Why?
Well, it is probably a translation from the OP native language.We borrowed that word into English, but it's used in reference to tuning forks and such, getting an orchestra into tune. What application does it have here, in this context?
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.254
/ip pool
add name=dhcp ranges=192.168.88.100-192.168.88.254
Wireless LAN adapter Wi-Fi:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : xxxx::xxxx:xxxx:xxxx:xxxx%4
IPv4 Address. . . . . . . . . . . : 192.168.88.246
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.88.1
# 2024-08-05 19:09:19 by RouterOS 7.15.3
# software id = XXXX-XXXX
#
# model = RB962UiGS-5HacT2HnT
# serial number = XXXXXXXXXXXX
/interface bridge
add admin-mac=XX:XX:XX:XX:XX:XX auto-mac=no comment=defconf name=bridge
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \
country=ukraine disabled=no distance=indoors frequency=auto installation=\
indoor mode=ap-bridge noise-floor-threshold=-110 ssid=Nab528-2GHz \
wireless-protocol=802.11
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=\
20/40/80mhz-XXXX country=ukraine disabled=no distance=indoors frequency=\
auto installation=indoor mode=ap-bridge ssid=Nab528-5GHz \
wireless-protocol=802.11
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk group-ciphers=\
tkip,aes-ccm mode=dynamic-keys supplicant-identity=MikroTik \
unicast-ciphers=tkip,aes-ccm
/ip pool
add name=dhcp ranges=192.168.88.100-192.168.88.254
/ip dhcp-server
add address-pool=dhcp interface=bridge name=defconf
/disk settings
set auto-media-interface=bridge auto-media-sharing=yes auto-smb-sharing=yes
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=sfp1
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge comment=defconf interface=wlan2
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=\
192.168.88.0
/ip dhcp-client
add comment=defconf interface=ether1
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf dns-server=192.168.88.1 gateway=\
192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
"defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related hw-offload=yes
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=\
icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" \
dst-port=33434-33534 protocol=udp
add action=accept chain=input comment=\
"defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=\
udp src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 \
protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=\
ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=\
ipsec-esp
add action=accept chain=input comment=\
"defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment=\
"defconf: drop everything else not coming from LAN" in-interface-list=\
!LAN
add action=accept chain=forward comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
add action=drop chain=forward comment=\
"defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" \
hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=\
icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=\
500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=\
ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=\
ipsec-esp
add action=accept chain=forward comment=\
"defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment=\
"defconf: drop everything else not coming from LAN" in-interface-list=\
!LAN
/system clock
set time-zone-name=Europe/Kyiv
/system note
set show-at-login=no
/system routerboard settings
set silent-boot=yes
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
/ip arp print
/ip arp remove [ find ]
What is strange is that the Mikrotik DHCP server assign leases (usually) starting from the highest address in the range
# ADDRESS MAC-ADDRESS INTERFACE STATUS
0 DC 192.168.88.252 XX:XX:XX:XX:XX:XX bridge reachable
1 DC 192.168.88.15 XX:XX:XX:XX:XX:XX bridge stale
2 D 192.168.88.22 XX:XX:XX:XX:XX:XX bridge failed
3 D 192.168.88.240 XX:XX:XX:XX:XX:XX bridge failed
4 D 169.254.198.40 XX:XX:XX:XX:XX:XX bridge failed
5 D 192.168.88.247 XX:XX:XX:XX:XX:XX bridge failed
6 D 192.168.88.17 XX:XX:XX:XX:XX:XX bridge failed
7 DC 192.168.88.254 XX:XX:XX:XX:XX:XX bridge stale
8 D 192.168.88.24 bridge failed
9 DC 100.64.0.1 XX:XX:XX:XX:XX:XX ether1 reachable
10 DC 192.168.88.242 XX:XX:XX:XX:XX:XX bridge reachable
11 DC 192.168.88.249 XX:XX:XX:XX:XX:XX bridge reachable
12 D 192.168.88.12 XX:XX:XX:XX:XX:XX bridge failed
13 D 192.168.88.19 XX:XX:XX:XX:XX:XX bridge failed
14 D 192.168.88.237 XX:XX:XX:XX:XX:XX bridge failed
15 D 192.168.88.26 XX:XX:XX:XX:XX:XX bridge failed
16 DC 192.168.88.244 XX:XX:XX:XX:XX:XX bridge stale
17 DC 192.168.88.251 XX:XX:XX:XX:XX:XX bridge reachable
18 D 192.168.88.14 XX:XX:XX:XX:XX:XX bridge failed
19 D 192.168.88.21 bridge failed
20 D 192.168.88.239 bridge failed
21 DC 192.168.88.246 XX:XX:XX:XX:XX:XX bridge reachable
22 DC 192.168.88.253 XX:XX:XX:XX:XX:XX bridge reachable
23 D 192.168.88.16 XX:XX:XX:XX:XX:XX bridge failed
24 D 192.168.88.23 XX:XX:XX:XX:XX:XX bridge failed
25 DC 192.168.88.241 XX:XX:XX:XX:XX:XX bridge stale
26 D 192.168.88.248 XX:XX:XX:XX:XX:XX bridge failed
27 DC 192.168.88.11 XX:XX:XX:XX:XX:XX bridge stale
28 D 192.168.88.18 XX:XX:XX:XX:XX:XX bridge failed
29 DC 192.168.88.236 XX:XX:XX:XX:XX:XX bridge reachable
30 D 192.168.88.25 XX:XX:XX:XX:XX:XX bridge failed
31 DC 192.168.88.243 XX:XX:XX:XX:XX:XX bridge stale
32 DC 192.168.88.250 XX:XX:XX:XX:XX:XX bridge stale
33 D 192.168.88.13 XX:XX:XX:XX:XX:XX bridge failed
34 D 192.168.88.20 XX:XX:XX:XX:XX:XX bridge failed
35 DC 192.168.88.238 XX:XX:XX:XX:XX:XX bridge stale
36 D 192.168.88.27 XX:XX:XX:XX:XX:XX bridge failed
37 DC 192.168.88.245 XX:XX:XX:XX:XX:XX bridge stale
38 D 192.168.88.34 XX:XX:XX:XX:XX:XX bridge failed
# ADDRESS MAC-ADDRESS INTERFACE STATUS
0 DC 100.64.0.1 XX:XX:XX:XX:XX:XX ether1 reachable
1 D 192.168.88.249 bridge incomplete
2 DC 192.168.88.244 XX:XX:XX:XX:XX:XX bridge stale
3 D 192.168.88.246 XX:XX:XX:XX:XX:XX bridge incomplete
4 DC 192.168.88.253 XX:XX:XX:XX:XX:XX bridge stale
5 DC 192.168.88.236 XX:XX:XX:XX:XX:XX bridge reachable
6 DC 192.168.88.238 XX:XX:XX:XX:XX:XX bridge reachable
7 DC 192.168.88.245 XX:XX:XX:XX:XX:XX bridge reachable
8 DC 192.168.88.235 XX:XX:XX:XX:XX:XX bridge reachable
9 DC 192.168.88.243 XX:XX:XX:XX:XX:XX bridge stale
10 DC 192.168.88.242 XX:XX:XX:XX:XX:XX bridge stale
11 DC 192.168.88.250 XX:XX:XX:XX:XX:XX bridge stale
12 DC 192.168.88.254 XX:XX:XX:XX:XX:XX bridge stale
13 DC 192.168.88.251 XX:XX:XX:XX:XX:XX bridge reachable
14 DC 192.168.88.241 XX:XX:XX:XX:XX:XX bridge stale
15 DC 192.168.88.247 XX:XX:XX:XX:XX:XX bridge reachable
16 D 192.168.88.24 bridge failed
The order depends on the size of the subnet and I think also on the actual subnet address. Very frustrating.ISC dhcpd did that. At the time I was last using it, it was the most popular FOSS DHCP server in the world.What is strange is that the Mikrotik DHCP server assign leases (usually) starting from the highest address in the range