Community discussions

MikroTik App
  4. RouterOS
  5. General

DHCP server decline IP address lease to clients

Post Reply
 
mmgareth
just joined
Topic Author
Posts: 18
Joined: Wed Oct 22, 2014 11:48 am

DHCP server decline IP address lease to clients

Tue Apr 07, 2015 11:06 am

CCR1036-12G-4S
v 6.27

Some local clients on my network no longer get an IP address from our Mikrotik router. This problem first occured last week, and is affecting more and more clients. The only solution I have found is to give them a static IP address.

The clients are a mixture of Windows 7 workstations and HP thin clients.

From logs on the Mikrotik, I can see the discovery message, the request from the client - but then there is a decline message.

The logs also show a mention of an IP address 192.168.168.100 or 192.168.168.1 - these IP addresses do not form part of our network, and they are not mentioned in the Mikrotik config anywhere.

I have tried setting static addresses on the Mikrotik but the clients do not pickup these either.
08:52:55 dhcp,debug,packet dhcp1 received discover with id 4062872225 from 0.0.0.0
08:52:55 dhcp,debug,packet ciaddr = 0.0.0.0
08:52:55 dhcp,debug,packet chaddr = 00:1C:C4:29:F2:E3
08:52:55 dhcp,debug,packet Msg-Type = discover
08:52:55 dhcp,debug,packet Unknown(116) = 01
08:52:55 dhcp,debug,packet Client-Id = 01-00-1C-C4-29-F2-E3
08:52:55 dhcp,debug,packet Host-Name = "HP-L4480AN2O4KX"
08:52:55 dhcp,debug,packet Class-Id = "MSFT 5.0"
08:52:55 dhcp,debug,packet Parameter-List = Subnet-Mask,Domain-Name,Router,Domain-Server,NETBIOS-Nam
e-Server,NETBIOS-Node-Type,NETBIOS-Scope,Router-Discovery,Static-Route,MS-Classless-Route,Vendor-Specifi
c,Unknown(171),Unknown(172)
08:52:55 dhcp,debug,packet dhcp1 received request with id 4062872225 from 0.0.0.0
08:52:55 dhcp,debug,packet ciaddr = 0.0.0.0
08:52:55 dhcp,debug,packet chaddr = 00:1C:C4:29:F2:E3
08:52:55 dhcp,debug,packet Msg-Type = request
08:52:55 dhcp,debug,packet Client-Id = 01-00-1C-C4-29-F2-E3
08:52:55 dhcp,debug,packet Address-Request = 192.168.168.100
08:52:55 dhcp,debug,packet Server-Id = 192.168.168.1
08:52:55 dhcp,debug,packet Host-Name = "HP-L4480AN2O4KX"
08:52:55 dhcp,debug,packet Client-FQDN = 00-00-00-48-50-2D-4C-34-34-38-30-41-4E-32-4F-34-4B-58-2E
08:52:55 dhcp,debug,packet Class-Id = "MSFT 5.0"
08:52:55 dhcp,debug,packet Parameter-List = Subnet-Mask,Domain-Name,Router,Domain-Server,NETBIOS-Nam
e-Server,NETBIOS-Node-Type,NETBIOS-Scope,Router-Discovery,Static-Route,MS-Classless-Route,Vendor-Specifi
c,Unknown(171),Unknown(172)
08:52:55 dhcp,debug,packet dhcp1 received decline with id 4062872225 from 0.0.0.0
08:52:55 dhcp,debug,packet ciaddr = 192.168.168.100
08:52:55 dhcp,debug,packet chaddr = 00:1C:C4:29:F2:E3
08:52:55 dhcp,debug,packet Msg-Type = decline
08:52:55 dhcp,debug,packet Client-Id = 01-00-1C-C4-29-F2-E3
08:52:55 dhcp,debug,packet Address-Request = 192.168.168.100
08:52:55 dhcp,debug,packet Server-Id = 192.168.168.1
Can anyone suggest a reason for this? There have been no recent changes to the Mikrotik that coincide with this problem.
Top
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4047
Joined: Wed May 11, 2011 6:08 pm

Re: DHCP server decline IP address lease to clients

Tue Apr 07, 2015 3:13 pm

Sounds like you might have a rogue DHCP server on your network. If your dhcp server interface is ether2, then one way to find it is to go into dhcp-client and add interface ether2 ---NOTE--- MAKE SURE TO UN-CHECK USE DEFAULT GW and USE DNS. If there is a rogue dhcp server and your Mikrotik grabs a new default GW and DNS setting from it, then you very well might be driving to the location....

Another option is to add a dhcp server alert for the interface. If any DHCP server is seen other than the Mikrotik itself, it logs an event and runs a script (which can send email, add items to firewalls, whatever you like)

If you find one, and you have managed switches, follow its MAC address to find out which port it's connected to. You can disable that port until you can go to the other end of the wire and use a sledge hammer on whatever's plugged into it. :)

Usually, it's a user who thought it would be a great idea to plug in their own wireless router and they plugged it in wrong / forgot to disable DHCP server on the LAN side.
Top
 
mmgareth
just joined
Topic Author
Posts: 18
Joined: Wed Oct 22, 2014 11:48 am

Re: DHCP server decline IP address lease to clients

Thu Apr 09, 2015 9:13 am

Sounds like you might have a rogue DHCP server on your network.
Thanks for the tip. I used dhcploc.exe (from Microsoft: http://www.microsoft.com/en-us/download ... x?id=18546) to monitor.

Ping the rogue IP from an affected PC, then 'arp -a 192.168.168.1' gave the mac address. I was able to locate this to a specific switch port from the MAC table on the switch (thanks for the tip!).

Found out it was a network camera that had gone into some sort of firmware recovery mode and was giving out the 192.168.168.100 IP address to all.
Top
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4047
Joined: Wed May 11, 2011 6:08 pm

Re: DHCP server decline IP address lease to clients

Thu Apr 09, 2015 1:24 pm

I've never heard of dhcploc.exe - interesting.

That's basically what the dhcp alert feature does on Mikrotik - it gives a list of detected rogue dhcp IP/MAC addresses, and can run a script whenever a new one is detected. (e.g. send an email alert)
Top
 
hunteratharbor
just joined
Posts: 1
Joined: Thu Apr 09, 2015 9:02 pm

Re: DHCP server decline IP address lease to clients

Thu Apr 09, 2015 9:11 pm

Sounds like you might have a rogue DHCP server on your network. If your dhcp server interface is ether2, then one way to find it is to go into dhcp-client and add interface ether2 ---NOTE--- MAKE SURE TO UN-CHECK USE DEFAULT GW and USE DNS. If there is a rogue dhcp server and your Mikrotik grabs a new default GW and DNS setting from it, then you very well might be driving to the location....

Another option is to add a dhcp server alert for the interface. If any DHCP server is seen other than the Mikrotik itself, it logs an event and runs a script (which can send email, add items to firewalls, whatever you like)

If you find one, and you have managed switches, follow its MAC address to find out which port it's connected to. You can disable that port until you can go to the other end of the wire and use a sledge hammer on whatever's plugged into it. :)

Usually, it's a user who thought it would be a great idea to plug in their own wireless router and they plugged it in wrong / forgot to disable DHCP server on the LAN side.
Same issue here and I have tried this already and i'm still stuck. Seems like half of the devices at the particular property that i'm having the issue at are declining ip's and making them busy. Not sure where to go from here but i'm going bald from pulling my hair out on it. What would you suggest?
Top
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4047
Joined: Wed May 11, 2011 6:08 pm

Re: DHCP server decline IP address lease to clients

Fri Apr 10, 2015 2:33 pm

Same issue here and I have tried this already and i'm still stuck. Seems like half of the devices at the particular property that i'm having the issue at are declining ip's and making them busy. Not sure where to go from here but i'm going bald from pulling my hair out on it. What would you suggest?
I recommend using the alerts feature of the DHCP server.
If there's a rogue dhcp server, then it will be shown right there.
Top
 
petpluta
just joined
Posts: 3
Joined: Wed Aug 08, 2018 2:45 pm

Re: DHCP server decline IP address lease to clients

Thu Dec 21, 2023 8:18 pm

Code: Select all
 /interface wireless set multicast-helper=default wlan1
This fixed the issue for me
Previously it was "full"
Top
Post Reply

Who is online

Users browsing this forum: johnson73 and 34 guests
  4. RouterOS
  5. General