I factory reset an L009 and do QuickSet router mode, and I run DHCP Client and attach it to interface 'bridge' - and I don't get an IP.
I have a device connected to ether8 and it's assigned an IP just fine.
Should the DHCP Client be working in this circumstance?
I'm trying to find a minimal test case for the DHCP Client, as a baseline for using it to debug VLAN DHCP issues - but I'm having problems with Very Basic things, so just want a sanity check.
-
-
gigabyte091
Forum Guru
- Posts: 1226
- Joined:
- Location: Croatia
Re: Fresh DHCP Client Test
Post your config please. Also tinkering with quickset and then tinkering with settings in other menus can cause unwanted behaviour.
If you reset router to factory default then default configuration will have DHCP client enabled on ether1.
If you reset router to factory default then default configuration will have DHCP client enabled on ether1.
Re: Fresh DHCP Client Test
I reset to default with no changes again (no quickset) and made only this change - assigning dhcp client to bridge:
The DHCP client does not get an IP (stays in 'searching' mode), but the computer I have connected to ether8 does get an IP.
I would expect the DHCP client to have gotten an IP as well?
Here is the full config (all default except for the above line):
I downgraded to 7.13.5 from 7.14.1 after starting this thread, to debug some stuff, but that should not be relevant here - that's just why it's that version.
Code: Select all
/ip dhcp-client
add comment=defconf interface=bridgeI would expect the DHCP client to have gotten an IP as well?
Here is the full config (all default except for the above line):
Code: Select all
# 1970-01-02 00:06:39 by RouterOS 7.13.5
# software id = xxxxxxxxxxxx
#
# model = L009UiGS
# serial number = xxxxxxxxxxxxxx
/interface bridge
add admin-mac=xxxxxxxxxx auto-mac=no comment=defconf name=bridge
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=default-dhcp interface=bridge lease-time=10m name=defconf
/port
set 0 name=serial0
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=ether6
add bridge=bridge comment=defconf interface=ether7
add bridge=bridge comment=defconf interface=ether8
add bridge=bridge comment=defconf interface=sfp1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=\
192.168.88.0
/ip dhcp-client
add comment=defconf interface=bridge
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf dns-server=192.168.88.1 gateway=\
192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
"defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related hw-offload=yes
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=\
icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" \
dst-port=33434-33534 protocol=udp
add action=accept chain=input comment=\
"defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=\
udp src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 \
protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=\
ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=\
ipsec-esp
add action=accept chain=input comment=\
"defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment=\
"defconf: drop everything else not coming from LAN" in-interface-list=\
!LAN
add action=accept chain=forward comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
add action=drop chain=forward comment=\
"defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" \
hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=\
icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=\
500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=\
ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=\
ipsec-esp
add action=accept chain=forward comment=\
"defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment=\
"defconf: drop everything else not coming from LAN" in-interface-list=\
!LAN
/system note
set show-at-login=no
/system routerboard settings
set enter-setup-on=delete-key
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
Re: Fresh DHCP Client Test
I would expect the DHCP client to have gotten an IP as well?
Where from? That would work only if you had another DHCP server running on network, attached to bridge. But then I'm why woukd you need anotger DHCP server (running on your L009).
No, it doesn't have any sense to run both DHCP server and client on the same interface. If not for other things, DHCP server needs fully functional IP address on the interface before it can answer any lease request. But if you already have IP address on bridge (according to your config you do), why would you want to get another one (in same IP subnet)?
-
-
gigabyte091
Forum Guru
- Posts: 1226
- Joined:
- Location: Croatia
Re: Fresh DHCP Client Test
If you are using your device as router then you need some WAN interface, so you can connect your device that is acting as router to the internet.
In that case default configuration configure ether1 as WAN port and enable DHCP client on it. If you connect that port to your existing network then IF you have DHCP server enabled on it router will receive IP address from your other network.
You must decide are you using your device as a switch or router...
In that case default configuration configure ether1 as WAN port and enable DHCP client on it. If you connect that port to your existing network then IF you have DHCP server enabled on it router will receive IP address from your other network.
You must decide are you using your device as a switch or router...
Re: Fresh DHCP Client Test
Okey, that makes sense, thanks for the replies - I was misusing the DHCP Client so (was looking to use it as a debugging tool to check DHCP availability of interfaces), and it should not function this way - so there is nothing wrong/amiss here.
-
-
gigabyte091
Forum Guru
- Posts: 1226
- Joined:
- Location: Croatia
Re: Fresh DHCP Client Test
Well, you can check DHCP leases under IP/DHCP Server/Leases. Here you will find all leases issued by your DHCP server. IP addresses, MAC addresses etc.
Re: Fresh DHCP Client Test
EDIT: Ahh, typical - moments after I post about a problem I've been trying to sort out for 2 days, I sort it out almost immediately after 
Turned out to be this SwOS setting, missing a 'trusted' selection for the trunk port - preventing DHCP from getting through from the router:
Thanks - yes, have confirmed leases aren't showing in that, have been running Wireshark on the computer trying to get a DHCP IP and can see the DHCP Discovery sent from computer but nothing else - and have gone as far as mining through the packet sniffer and such to try and trace where it all breaks.
The situation I have is that with a VLAN and untagged ports, computer plugged directly into router, DHCP works fine - but when I use tagged ports, with a computer plugging into switch, which plugs into a router trunk port - I have management access by MAC address, but no DHCP (and I've made sure both trunk port and bridge are together marked as tagged).
I have actually copied the router.rsc from here, clean-wiping the router and importing it:
viewtopic.php?f=23&t=143620
Yet I still don't have DHCP when trunking in through the (SwOS) switch - so am presently trying to figure out why. Here are the SwOS settings, for wrapping the computer connection into VLAN 10 (non-management), but which doesn't receive DHCP (don't have a plaintext way to export SwOS settings):
https://i.imgur.com/DOvwEOM.jpeg
https://i.imgur.com/vN6hrnV.jpeg
https://i.imgur.com/8f8veeG.jpeg
(ignore 'membership' selections at end of last image - it is correct, just cut/pasted to reduce image size)
Turned out to be this SwOS setting, missing a 'trusted' selection for the trunk port - preventing DHCP from getting through from the router:
Thanks - yes, have confirmed leases aren't showing in that, have been running Wireshark on the computer trying to get a DHCP IP and can see the DHCP Discovery sent from computer but nothing else - and have gone as far as mining through the packet sniffer and such to try and trace where it all breaks.
The situation I have is that with a VLAN and untagged ports, computer plugged directly into router, DHCP works fine - but when I use tagged ports, with a computer plugging into switch, which plugs into a router trunk port - I have management access by MAC address, but no DHCP (and I've made sure both trunk port and bridge are together marked as tagged).
I have actually copied the router.rsc from here, clean-wiping the router and importing it:
viewtopic.php?f=23&t=143620
Yet I still don't have DHCP when trunking in through the (SwOS) switch - so am presently trying to figure out why. Here are the SwOS settings, for wrapping the computer connection into VLAN 10 (non-management), but which doesn't receive DHCP (don't have a plaintext way to export SwOS settings):
https://i.imgur.com/DOvwEOM.jpeg
https://i.imgur.com/vN6hrnV.jpeg
https://i.imgur.com/8f8veeG.jpeg
(ignore 'membership' selections at end of last image - it is correct, just cut/pasted to reduce image size)
Who is online
Users browsing this forum: tritor and 22 guests