Community discussions

MikroTik App
  4. RouterOS
  5. Wireless Networking

No DHCP address over Wifi: Lease expired  [SOLVED]

Post Reply
 
granjow
newbie
Topic Author
Posts: 33
Joined: Sat Jul 24, 2021 11:27 pm

No DHCP address over Wifi: Lease expired

Thu Jul 04, 2024 12:29 pm

Hi all,

I cannot get a DHCP address on my Wifi.

My setup is an ax³ connected to a RouterBoard, I'm using wifi with Wifi CAPsMAN.
So far I have followed mikrotik_maxslug configuration.

For now, I have two networks which are relevant:
  • VLAN 99 is the management VLAN
  • VLAN 10 is the main VLAN
When connecting to a VLAN 10 port, I get a DHCP address from VLAN 10.

When connecting to the VLAN 10 Wifi network, I don't get an address for some reason even though I'm offered one.

Here is the output from nmcli (journalctl -fu NetworkManager):
Code: Select all
Jul 04 11:16:00 simon-T14-4TB NetworkManager[2297]: <info>  [1720084560.1113] device (wlp3s0): supplicant interface state: associating -> 4way_handshake
      Jul 04 11:16:00 simon-T14-4TB NetworkManager[2297]: <info>  [1720084560.1114] device (p2p-dev-wlp3s0): supplicant management interface state: associating -> 4way_handshake
      Jul 04 11:16:00 simon-T14-4TB NetworkManager[2297]: <info>  [1720084560.1539] device (wlp3s0): supplicant interface state: 4way_handshake -> completed
      Jul 04 11:16:00 simon-T14-4TB NetworkManager[2297]: <info>  [1720084560.1604] device (wlp3s0): ip:dhcp4: restarting
      Jul 04 11:16:00 simon-T14-4TB NetworkManager[2297]: <info>  [1720084560.1605] dhcp4 (wlp3s0): canceled DHCP transaction
      Jul 04 11:16:00 simon-T14-4TB NetworkManager[2297]: <info>  [1720084560.1606] dhcp4 (wlp3s0): activation: beginning transaction (timeout in 45 seconds)
      Jul 04 11:16:00 simon-T14-4TB NetworkManager[2297]: <info>  [1720084560.1606] dhcp4 (wlp3s0): state changed no lease
      Jul 04 11:16:00 simon-T14-4TB NetworkManager[2297]: <info>  [1720084560.1607] dhcp4 (wlp3s0): activation: beginning transaction (timeout in 45 seconds)
      Jul 04 11:16:00 simon-T14-4TB NetworkManager[2297]: <info>  [1720084560.1609] device (p2p-dev-wlp3s0): supplicant management interface state: 4way_handshake -> completed
      Jul 04 11:16:00 simon-T14-4TB NetworkManager[2297]: <info>  [1720084560.1948] dhcp4 (wlp3s0): state changed new lease, address=10.10.10.188
      Jul 04 11:16:26 simon-T14-4TB NetworkManager[2297]: <info>  [1720084586.3504] device (wlp3s0): disconnecting for new activation request.
      Jul 04 11:16:26 simon-T14-4TB NetworkManager[2297]: <info>  [1720084586.3504] device (wlp3s0): state change: activated -> deactivating (reason 'new-activation', sys-iface-state: 'managed')
      Jul 04 11:16:26 simon-T14-4TB NetworkManager[2297]: <info>  [1720084586.3520] audit: op="connection-activate" uuid="7cd7ab53-85de-46ed-8d22-0202549c68a8" name="SuperGame5" pid=8421 uid=1000 result="success"
      Jul 04 11:16:26 simon-T14-4TB NetworkManager[2297]: <info>  [1720084586.5954] device (wlp3s0): supplicant interface state: completed -> disconnected
      Jul 04 11:16:26 simon-T14-4TB NetworkManager[2297]: <info>  [1720084586.5954] device (p2p-dev-wlp3s0): supplicant management interface state: completed -> disconnected
      Jul 04 11:16:26 simon-T14-4TB NetworkManager[2297]: <info>  [1720084586.5957] device (wlp3s0): state change: deactivating -> disconnected (reason 'new-activation', sys-iface-state: 'managed')
      Jul 04 11:16:26 simon-T14-4TB NetworkManager[2297]: <info>  [1720084586.5974] dhcp4 (wlp3s0): canceled DHCP transaction
      Jul 04 11:16:26 simon-T14-4TB NetworkManager[2297]: <info>  [1720084586.5974] dhcp4 (wlp3s0): activation: beginning transaction (timeout in 45 seconds)
      Jul 04 11:16:26 simon-T14-4TB NetworkManager[2297]: <info>  [1720084586.5975] dhcp4 (wlp3s0): state changed no lease
      Jul 04 11:16:26 simon-T14-4TB NetworkManager[2297]: <info>  [1720084586.6751] device (wlp3s0): Activation: starting connection 'SuperGame5' (7cd7ab53-85de-46ed-8d22-0202549c68a8)
      Jul 04 11:16:26 simon-T14-4TB NetworkManager[2297]: <info>  [1720084586.6769] device (wlp3s0): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed')
      Jul 04 11:16:26 simon-T14-4TB NetworkManager[2297]: <info>  [1720084586.6773] manager: NetworkManager state is now CONNECTING
      Jul 04 11:16:26 simon-T14-4TB NetworkManager[2297]: <info>  [1720084586.6778] device (wlp3s0): state change: prepare -> config (reason 'none', sys-iface-state: 'managed')
      Jul 04 11:16:26 simon-T14-4TB NetworkManager[2297]: <info>  [1720084586.6784] device (wlp3s0): Activation: (wifi) access point 'SuperGame5' has security, but secrets are required.
      Jul 04 11:16:26 simon-T14-4TB NetworkManager[2297]: <info>  [1720084586.6784] device (wlp3s0): state change: config -> need-auth (reason 'none', sys-iface-state: 'managed')
      Jul 04 11:16:26 simon-T14-4TB NetworkManager[2297]: <info>  [1720084586.6787] sup-iface[da49ecdeb2db920f,1,wlp3s0]: wps: type pbc start...
      Jul 04 11:16:26 simon-T14-4TB NetworkManager[2297]: <info>  [1720084586.6808] device (wlp3s0): state change: need-auth -> prepare (reason 'none', sys-iface-state: 'managed')
      Jul 04 11:16:26 simon-T14-4TB NetworkManager[2297]: <info>  [1720084586.6814] device (wlp3s0): state change: prepare -> config (reason 'none', sys-iface-state: 'managed')
      Jul 04 11:16:26 simon-T14-4TB NetworkManager[2297]: <info>  [1720084586.6819] device (wlp3s0): Activation: (wifi) connection 'SuperGame5' has security, and secrets exist.  No new secrets needed.
      Jul 04 11:16:26 simon-T14-4TB NetworkManager[2297]: <info>  [1720084586.6820] Config: added 'ssid' value 'SuperGame5'
      Jul 04 11:16:26 simon-T14-4TB NetworkManager[2297]: <info>  [1720084586.6821] Config: added 'scan_ssid' value '1'
      Jul 04 11:16:26 simon-T14-4TB NetworkManager[2297]: <info>  [1720084586.6821] Config: added 'bgscan' value 'simple:30:-70:86400'
      Jul 04 11:16:26 simon-T14-4TB NetworkManager[2297]: <info>  [1720084586.6821] Config: added 'key_mgmt' value 'WPA-PSK WPA-PSK-SHA256 FT-PSK SAE FT-SAE'
      Jul 04 11:16:26 simon-T14-4TB NetworkManager[2297]: <info>  [1720084586.6821] Config: added 'auth_alg' value 'OPEN'
      Jul 04 11:16:26 simon-T14-4TB NetworkManager[2297]: <info>  [1720084586.6821] Config: added 'psk' value '<hidden>'
      Jul 04 11:16:26 simon-T14-4TB NetworkManager[2297]: <info>  [1720084586.7901] device (wlp3s0): supplicant interface state: disconnected -> authenticating
      Jul 04 11:16:26 simon-T14-4TB NetworkManager[2297]: <info>  [1720084586.7902] device (p2p-dev-wlp3s0): supplicant management interface state: disconnected -> authenticating
      Jul 04 11:16:26 simon-T14-4TB NetworkManager[2297]: <info>  [1720084586.8780] device (wlp3s0): supplicant interface state: authenticating -> associating
      Jul 04 11:16:26 simon-T14-4TB NetworkManager[2297]: <info>  [1720084586.8781] device (p2p-dev-wlp3s0): supplicant management interface state: authenticating -> associating
      Jul 04 11:16:26 simon-T14-4TB NetworkManager[2297]: <info>  [1720084586.9231] device (wlp3s0): supplicant interface state: associating -> associated
      Jul 04 11:16:26 simon-T14-4TB NetworkManager[2297]: <info>  [1720084586.9232] device (p2p-dev-wlp3s0): supplicant management interface state: associating -> associated
      Jul 04 11:16:27 simon-T14-4TB NetworkManager[2297]: <info>  [1720084587.0267] device (wlp3s0): supplicant interface state: associated -> 4way_handshake
      Jul 04 11:16:27 simon-T14-4TB NetworkManager[2297]: <info>  [1720084587.0268] device (p2p-dev-wlp3s0): supplicant management interface state: associated -> 4way_handshake
      Jul 04 11:16:27 simon-T14-4TB NetworkManager[2297]: <info>  [1720084587.1587] device (wlp3s0): supplicant interface state: 4way_handshake -> completed
      Jul 04 11:16:27 simon-T14-4TB NetworkManager[2297]: <info>  [1720084587.1588] device (wlp3s0): Activation: (wifi) Stage 2 of 5 (Device Configure) successful. Connected to wireless network "SuperGame5"
      Jul 04 11:16:27 simon-T14-4TB NetworkManager[2297]: <info>  [1720084587.1588] device (p2p-dev-wlp3s0): supplicant management interface state: 4way_handshake -> completed
      Jul 04 11:16:27 simon-T14-4TB NetworkManager[2297]: <info>  [1720084587.1591] device (wlp3s0): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed')
      Jul 04 11:16:27 simon-T14-4TB NetworkManager[2297]: <info>  [1720084587.1603] dhcp4 (wlp3s0): activation: beginning transaction (timeout in 45 seconds)
      Jul 04 11:17:12 simon-T14-4TB NetworkManager[2297]: <info>  [1720084632.0657] device (wlp3s0): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed')
      Jul 04 11:17:12 simon-T14-4TB NetworkManager[2297]: <info>  [1720084632.0663] manager: NetworkManager state is now CONNECTED_LOCAL
      Jul 04 11:17:12 simon-T14-4TB NetworkManager[2297]: <warn>  [1720084632.0669] device (wlp3s0): Activation: failed for connection 'SuperGame5'
      Jul 04 11:17:12 simon-T14-4TB NetworkManager[2297]: <info>  [1720084632.0673] device (wlp3s0): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed')
      Jul 04 11:17:12 simon-T14-4TB NetworkManager[2297]: <info>  [1720084632.0697] dhcp4 (wlp3s0): canceled DHCP transaction
      Jul 04 11:17:12 simon-T14-4TB NetworkManager[2297]: <info>  [1720084632.0698] dhcp4 (wlp3s0): activation: beginning transaction (timeout in 45 seconds)
      Jul 04 11:17:12 simon-T14-4TB NetworkManager[2297]: <info>  [1720084632.0698] dhcp4 (wlp3s0): state changed no lease
      Jul 04 11:17:12 simon-T14-4TB NetworkManager[2297]: <info>  [1720084632.3554] device (wlp3s0): supplicant interface state: completed -> disconnected
And this is the output of /log/print follow on the RouterBoard:
Code: Select all
11:16:27 wireless,info E0:2B:E9:1B:9E:19@cap-wifi1 connected, signal strength -33
11:16:27 dhcp,debug dhcp_vlan10 received discover id 1377072291 from 0.0.0.0 '1:e0:2b:e9:1b:9e:19'
11:16:27 dhcp,debug,packet     secs = 1
11:16:27 dhcp,debug,packet     ciaddr = 0.0.0.0
11:16:27 dhcp,debug,packet     chaddr = E0:2B:E9:1B:9E:19
11:16:27 dhcp,debug,packet     Host-Name = "simon-T14-4TB"
11:16:27 dhcp,debug,packet     Msg-Type = discover
11:16:27 dhcp,debug,packet     Parameter-List = Subnet-Mask,Unknown(2),Domain-Server,Host-Name,Domain-Name,Interface-MTU,Broadcast-Address,Classless-Route,Router,Static-Route,Unknown(40),Unknown(41),NTP-Server,Domain-Search,MS-Classless-Route,Auto-Proxy-Config,Unknown(17)
11:16:27 dhcp,debug,packet     Max-DHCP-Message-Size = 576
11:16:27 dhcp,debug,packet     Client-Id = 01-E0-2B-E9-1B-9E-19
11:16:27 dhcp,debug lease not found, new lease, acquire
11:16:27 dhcp,debug ping 10.94.94.248
11:16:27 dhcp,debug ping done 10.94.94.248
11:16:27 dhcp,debug dhcp_vlan10 sending offer with id 1377072291 to 10.94.94.248
11:16:27 dhcp,debug,packet     ciaddr = 0.0.0.0
11:16:27 dhcp,debug,packet     yiaddr = 10.94.94.248
11:16:27 dhcp,debug,packet     siaddr = 10.94.94.1
11:16:27 dhcp,debug,packet     chaddr = E0:2B:E9:1B:9E:19
11:16:27 dhcp,debug,packet     Subnet-Mask = 255.255.255.0
11:16:27 dhcp,debug,packet     Router = 10.94.94.1
11:16:27 dhcp,debug,packet     Domain-Server = 10.94.94.1,192.168.178.1
11:16:27 dhcp,debug,packet     NTP-Server = 192.168.178.1
11:16:27 dhcp,debug,packet     Address-Time = 1800
11:16:27 dhcp,debug,packet     Msg-Type = offer
11:16:27 dhcp,debug,packet     Server-Id = 10.94.94.1
11:16:57 dhcp,debug lease 10.94.94.248 expired
11:17:12 wireless,info E0:2B:E9:1B:9E:19@cap-wifi1 disconnected, connection lost, signal strength -34
RB configuration:
Code: Select all
# https://forum.mikrotik.com/viewtopic.php?p=982625#p982644

# Variables:
#:global myPassword .....;

# Config:
# 1: Upstream
# 2: Direct
# 3-6: VLAN 10
# 7-8: VLAN 99

/system identity
set name=router-eg

/ip/address
add interface=ether2 address=192.168.99.1/24

# At this point, disconnect and connect to the new .99 address

/interface/vlan
add interface=bridge name=vlan10 vlan-id=10
add interface=bridge name=vlanGuest vlan-id=20
add interface=bridge name=vlanBase vlan-id=99

/ip/pool
remove [ find where name=default-dhcp ]
add name=pool_home ranges=192.168.99.160-192.168.99.254
add name=pool_vlan10 ranges=10.94.94.200-10.94.94.254
add name=pool_vlanGuest ranges=10.10.20.100-10.94.94.254
add name=pool_base ranges=10.10.99.160-10.10.99.199

/ip/dhcp-server
remove [ find where name=defconf ]
add address-pool=pool_vlan10 interface=vlan10 name=dhcp_vlan10
add address-pool=pool_vlanGuest interface=vlanGuest name=dhcp_vlanGuest
add address-pool=pool_base interface=vlanBase name=dhcp_base

/ip dhcp-server network
add address=10.94.94.0/24 gateway=10.94.94.1
add address=10.10.20.0/24 gateway=10.10.20.1
add address=10.10.99.0/24 gateway=10.10.99.1
add address=192.168.99.0/24 gateway=192.168.99.1

/interface/bridge
set bridge protocol-mode=none

/interface/bridge/port
remove [ find where interface=ether2 ]
remove [ find where interface=ether3 ]
remove [ find where interface=ether4 ]
remove [ find where interface=ether5 ]
remove [ find where interface=ether6 ]
remove [ find where interface=ether7 ]
remove [ find where interface=ether8 ]
add bridge=bridge interface=ether3 frame-types=admit-only-untagged-and-priority-tagged pvid=10
add bridge=bridge interface=ether4 frame-types=admit-only-untagged-and-priority-tagged pvid=10
add bridge=bridge interface=ether5 frame-types=admit-only-untagged-and-priority-tagged pvid=10
add bridge=bridge interface=ether6 frame-types=admit-only-untagged-and-priority-tagged pvid=10
add bridge=bridge interface=ether7 frame-types=admit-only-vlan-tagged
add bridge=bridge interface=ether8 frame-types=admit-only-vlan-tagged

/interface/bridge/vlan
add bridge=bridge tagged=bridge,ether7,ether8 vlan-ids=10
add bridge=bridge tagged=bridge,ether7,ether8 vlan-ids=20
add bridge=bridge tagged=bridge,ether7,ether8 vlan-ids=99

/ip address
remove [ find where comment=defconf ]
add address=10.10.99.1/24 interface=vlanBase
add address=10.10.20.1/24 interface=vlanGuest
add address=10.94.94.1/24 interface=vlan10

/ip dns static
remove [ find ]
add address=192.168.99.1 name=router.lan

/interface list
add name=BASE

/interface list member
add interface=vlan10 list=LAN
add interface=vlanBase list=LAN
add interface=vlanBase list=BASE
remove [ find where interface=bridge ]

/ip neighbor discovery-settings
set discover-interface-list=BASE

# Disable because insecure
/tool mac-server
set allowed-interface-list=none

# Only allow WinBox access from trunk ports
/tool mac-server mac-winbox
set allowed-interface-list=BASE

/ip firewall filter
remove [ find where comment="defconf: drop all not coming from LAN" ]
add action=accept chain=input comment="Allow management access" in-interface-list=BASE
add action=accept chain=input comment="Allow emergency port access" in-interface=ether2
add action=accept chain=input comment="Users: Services access" in-interface-list=LAN dst-port=53 protocol=tcp
add action=accept chain=input comment="Users: Services access" in-interface-list=LAN dst-port=53 protocol=udp
add action=drop chain=input comment="Drop all other traffic"

remove [ find where comment="defconf: drop all from WAN not DSTNATed" ]
add action=accept chain=forward comment="internet traffic" in-interface-list=LAN out-interface-list=WAN
add action=accept chain=forward comment="port forwarding" connection-nat-state=dstnat disabled=yes
add action=drop chain=forward comment="drop all else"

/ipv6 settings set disable-ipv6=yes max-neighbor-entries=8192

# From https://help.mikrotik.com/docs/display/ROS/WiFi#WiFi-CAPsMAN-CAPsimpleconfigurationexample:

/interface/wifi/datapath
add bridge=bridge name=DP_10 client-isolation=no     vlan-id=10
add bridge=bridge name=DP_Guest client-isolation=yes vlan-id=20

/interface wifi security
add authentication-types=wpa2-psk,wpa3-psk ft=yes ft-over-ds=yes name=SEC_GAME passphrase=$myPassword
add authentication-types=wpa2-psk,wpa3-psk ft=yes ft-over-ds=yes name=SEC_GUEST passphrase=supergut

# Creating a common configuration profile and linking the security profile to it
/interface wifi configuration
add datapath=DP_10 name=CONF_GAME_2G security=SEC_GAME ssid=SuperGame2 country=Switzerland channel.band=2ghz-n
add datapath=DP_Guest name=CONF_GUEST_2G security=SEC_GUEST ssid="Supergut Guest" country=Switzerland channel.band=2ghz-n
add datapath=DP_10 name=CONF_GAME_5G security=SEC_GAME ssid=SuperGame5 country=Switzerland channel.band=5ghz-ax
add datapath=DP_Guest name=CONF_GUEST_5G security=SEC_GUEST ssid="Supergut Guest" country=Switzerland channel.band=5ghz-ax

/interface/wifi/capsman
set enabled=yes interfaces=vlanBase certificate=auto ca-certificate=auto

# Creating separate channel configurations for each band
#/interface wifi channel
#add name=ch-2ghz frequency=2412,2432,2472 width=20mhz
#add name=ch-5ghz frequency=5180,5260,5500 width=20/40/80mhz

# Assigning to each interface the common profile as well as band-specific channel profile
/interface wifi provisioning
add action=create-dynamic-enabled master-configuration=CONF_GAME_5G slave-configuration=CONF_GUEST_5G supported-bands=5ghz-ax
add action=create-dynamic-enabled master-configuration=CONF_GAME_2G slave-configuration=CONF_GUEST_2G supported-bands=2ghz-n

/interface/bridge
set vlan-filtering=yes [ find where name=bridge ]
ax³ configuration:
Code: Select all
# Adapted from https://github.com/maxslug/mikrotik_maxslug/blob/master/wap1.rsc
# --------
# Initial setup: Router, defconf
# Target setup:
# ether1 = trunk
# ether2 = local conn
# ether3 = VLAN 10
# ether4 = trunk
# ether5 = trunk
# wlan1 = CAP
# wlan2 = CAP (if wlan2 available)

## Connect to ether2 for setup. ##

## EG ##
#:global myIp 10.10.99.20/24; :global myLocalIp 192.168.99.20/24; :global myName ax3-super-eg;

## UG ##
#:global myIp 10.10.99.21/24; :global myLocalIp 192.168.99.21/24; :global myName ax3-super-ug;

/system identity
set name=$myName

/system/clock set time-zone-name=Europe/Zurich

/ip/address
add interface=ether2 address=$myLocalIp

## Now, connect to new address ##
## Also, define variables again (lost after logout) ##

# First, drop unused routing defconf
/ip/firewall/filter/remove [ find where dynamic=no ]
/ip/firewall/nat/remove [ find where dynamic=no ]
/ipv6/firewall/filter/remove [ find where dynamic=no ]
/ipv6/firewall/address-list/remove [ find ]
/ip/dhcp-client/remove [ find where comment=defconf ]
/ip/dhcp-server/remove [ find where name=defconf ]
/ip/dhcp-server/network/remove [ find where comment=defconf ]
/ip/pool/remove [ find name=default-dhcp ]
/ip/dns/static/remove [ find where comment=defconf ]
/interface/list/member/remove [ find where interface=ether1 ]
/interface/list/remove [ find where name=WAN ]

/interface wifi
set [ find default-name=wifi1 ] configuration.manager=capsman .mode=ap disabled=no
set [ find default-name=wifi2 ] configuration.manager=capsman .mode=ap disabled=no
add master-interface=wifi1 name=wifi1_guest disabled=no
add master-interface=wifi2 name=wifi2_guest disabled=no

/interface/bridge
set bridge protocol-mode=none

/interface/bridge/port
remove [ find where interface=ether2 ]
remove [ find where interface=ether3 ]
remove [ find where interface=ether4 ]
remove [ find where interface=ether5 ]
remove [ find where interface=wifi1 ]
remove [ find where interface=wifi2 ]
add bridge=bridge interface=ether1 trusted=yes frame-types=admit-only-vlan-tagged
add bridge=bridge interface=ether3 frame-types=admit-only-untagged-and-priority-tagged pvid=10
add bridge=bridge interface=ether4 frame-types=admit-only-vlan-tagged
add bridge=bridge interface=ether5 frame-types=admit-only-vlan-tagged
add bridge=bridge interface=wifi1       pvid=10 frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes comment="2G Game"
add bridge=bridge interface=wifi1_guest pvid=20 frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes comment="2G Guest"
add bridge=bridge interface=wifi2       pvid=10 frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes comment="5G Game"
add bridge=bridge interface=wifi2_guest pvid=20 frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes comment="5G Guest"


/interface/bridge/vlan
add bridge=bridge tagged=bridge,ether1,ether4,ether5 untagged=ether2,wifi1,wifi2      vlan-ids=10
add bridge=bridge tagged=bridge,ether1,ether4,ether5 untagged=wifi1_guest,wifi2_guest vlan-ids=20
# TODO Add ether2 as untagged for management VLAN?
add bridge=bridge tagged=bridge,ether1,ether4,ether5                                  vlan-ids=99

# No need to define VLAN 10 because no L3 needed there
/interface vlan
add interface=bridge name=vlanBase vlan-id=99

/ip/address
remove [ find where comment=defconf ]
add interface=vlanBase address=$myIp

/ipv6 settings set disable-ipv6=yes max-neighbor-entries=8192

/ip/route
add distance=1 gateway=10.10.99.1

# DNS through trusted subnet gateway
/ip dns
set allow-remote-requests=yes servers=10.10.99.1

/ip/route
add disabled=no dst-address=0.0.0.0/0 gateway=10.10.99.1 comment="ensures route avail through trusted subnet gateway"


# Enable CAPsMAN
/interface wifi cap
set enabled=yes discovery-interfaces=vlanBase caps-man-addresses=10.10.99.1 slaves-static=yes


#########################
### Config + WAP Security
#########################

/interface/list
add name=MANAGE

/interface/list/member
add interface=vlanBase list=MANAGE

/ip neighbor discovery-settings
set discover-interface-list=MANAGE

# Disable because insecure
/tool mac-server
set allowed-interface-list=none

# Only allow WinBox access from management VLAN
/tool mac-server mac-winbox
set allowed-interface-list=MANAGE


##################
# Enable VLAN mode
##################

/interface/bridge
set vlan-filtering=yes [ find where name=bridge ]
What is wrong here?

Thanks,
Simon
Top
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 12592
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:
Contact rextended

Re: No DHCP address over Wifi: Lease expired

Thu Jul 04, 2024 1:12 pm

So far I have followed mikrotik_maxslug configuration.

What is wrong here?

If you follow a "third party" configuration, why don't you ask for help there instead of asking for help here,
since first of all one should study where the problems are in the other configuration, not made on this forum for be a guide?
Top
 
granjow
newbie
Topic Author
Posts: 33
Joined: Sat Jul 24, 2021 11:27 pm

Re: No DHCP address over Wifi: Lease expired

Thu Jul 04, 2024 2:06 pm

I did not copy the configuration 1:1 because my setup is slightly different. I'm pretty sure that the original configuration works without issues, but its setup is not identical to mine. So it does not make sense to ask on that thread.

So I'm asking here because the forum members here know a lot more about networking than I do, and I do not know how to continue now.
Top
 
granjow
newbie
Topic Author
Posts: 33
Joined: Sat Jul 24, 2021 11:27 pm

Re: No DHCP address over Wifi: Lease expired

Mon Jul 08, 2024 10:40 am

So, any ways I can debug this?
It does not make sense to me that my laptop is offered a DHCP address, but then it does not react. I would expect it to either not have DHCP server connection at all, or to complete DHCP.
Top
 
granjow
newbie
Topic Author
Posts: 33
Joined: Sat Jul 24, 2021 11:27 pm

Re: No DHCP address over Wifi: Lease expired  [SOLVED]

Wed Jul 17, 2024 3:37 pm

With the help of @kehrlein I could get the configuration fixed.

The working configuration for 3 VLANs, 2 of them served via wifi, is now:

rb5009
Code: Select all
# 2024-07-15 17:50:48 by RouterOS 7.14.3
# software id = 7QJM-VGM3
#
# model = RB5009UPr+S+
# serial number = HEX0927ZA0V
/interface bridge add admin-mac=78:9A:18:39:34:22 auto-mac=no comment=defconf name=bridge protocol-mode=none vlan-filtering=yes
/interface vlan add interface=bridge name=vlan10 vlan-id=10
/interface vlan add interface=bridge name=vlanBase vlan-id=99
/interface vlan add interface=bridge name=vlanGuest vlan-id=20
/interface list add comment=defconf name=WAN
/interface list add comment=defconf name=LAN
/interface list add name=BASE
/interface wifi datapath add client-isolation=no name=DP_10 vlan-id=10
/interface wifi datapath add client-isolation=yes name=DP_Guest vlan-id=20
/interface wifi security add authentication-types=wpa2-psk,wpa3-psk ft=yes ft-over-ds=yes name=SEC_GAME
/interface wifi security add authentication-types=wpa2-psk,wpa3-psk ft=yes ft-over-ds=yes name=SEC_GUEST
/interface wifi configuration add channel.band=2ghz-n country=Switzerland datapath=DP_10 mode=ap name=CONF_GAME_2G security=SEC_GAME ssid=SuperGame2
/interface wifi configuration add channel.band=2ghz-n country=Switzerland datapath=DP_Guest mode=ap name=CONF_GUEST_2G security=SEC_GUEST ssid="Supergut Guest 2.4 GHz"
/interface wifi configuration add channel.band=5ghz-ax country=Switzerland datapath=DP_Guest mode=ap name=CONF_GUEST_5G security=SEC_GUEST ssid="Supergut Guest 5 GHz"
/interface wifi configuration add channel.band=5ghz-ax country=Switzerland datapath=DP_10 mode=ap name=CONF_GAME_5G security=SEC_GAME ssid=SuperGame5
/interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik
/ip pool add name=pool_home ranges=192.168.99.160-192.168.99.254
/ip pool add name=pool_vlan10 ranges=10.94.94.200-10.94.94.254
/ip pool add name=pool_vlanGuest ranges=10.10.20.100-10.10.20.254
/ip pool add name=pool_base ranges=10.10.99.160-10.10.99.199
/ip dhcp-server add address-pool=pool_vlan10 interface=vlan10 name=dhcp_vlan10
/ip dhcp-server add address-pool=pool_vlanGuest interface=vlanGuest name=dhcp_vlanGuest
/ip dhcp-server add address-pool=pool_base interface=vlanBase name=dhcp_base
/interface bridge port add bridge=bridge comment=defconf interface=sfp-sfpplus1
/interface bridge port add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged interface=ether3 pvid=10
/interface bridge port add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged interface=ether4 pvid=10
/interface bridge port add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged interface=ether5 pvid=10
/interface bridge port add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged interface=ether6 pvid=10
/interface bridge port add bridge=bridge frame-types=admit-only-vlan-tagged interface=ether7
/interface bridge port add bridge=bridge frame-types=admit-only-vlan-tagged interface=ether8
/ip neighbor discovery-settings set discover-interface-list=BASE
/ipv6 settings set disable-ipv6=yes max-neighbor-entries=8192
/interface bridge vlan add bridge=bridge tagged=bridge,ether7,ether8 vlan-ids=10
/interface bridge vlan add bridge=bridge tagged=bridge,ether7,ether8 vlan-ids=20
/interface bridge vlan add bridge=bridge tagged=bridge,ether7,ether8 vlan-ids=99
/interface list member add comment=defconf interface=ether1 list=WAN
/interface list member add interface=vlan10 list=LAN
/interface list member add interface=vlanBase list=LAN
/interface list member add interface=vlanGuest list=LAN
/interface list member add interface=vlanBase list=BASE
/interface wifi capsman set ca-certificate=auto certificate=auto enabled=yes interfaces=vlanBase
/interface wifi provisioning add action=create-dynamic-enabled master-configuration=CONF_GAME_2G slave-configurations=CONF_GUEST_2G supported-bands=2ghz-n
/interface wifi provisioning add action=create-dynamic-enabled master-configuration=CONF_GAME_5G slave-configurations=CONF_GUEST_5G supported-bands=5ghz-ax
/ip address add address=192.168.99.1/24 interface=ether2 network=192.168.99.0
/ip address add address=10.10.99.1/24 interface=vlanBase network=10.10.99.0
/ip address add address=10.10.20.1/24 interface=vlanGuest network=10.10.20.0
/ip address add address=10.94.94.1/24 interface=vlan10 network=10.94.94.0
/ip dhcp-client add comment=defconf interface=ether1
/ip dhcp-server network add address=10.10.20.0/24 gateway=10.10.20.1
/ip dhcp-server network add address=10.10.99.0/24 gateway=10.10.99.1
/ip dhcp-server network add address=10.94.94.0/24 gateway=10.94.94.1
/ip dhcp-server network add address=192.168.88.0/24 comment=defconf dns-server=192.168.88.1 gateway=192.168.88.1
/ip dhcp-server network add address=192.168.99.0/24 gateway=192.168.99.1
/ip dns set allow-remote-requests=yes
/ip dns static add address=192.168.99.1 name=router.lan
/ip firewall filter add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
/ip firewall filter add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
/ip firewall filter add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
/ip firewall filter add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
/ip firewall filter add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
/ip firewall filter add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
/ip firewall filter add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related hw-offload=yes
/ip firewall filter add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
/ip firewall filter add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
/ip firewall filter add action=accept chain=input comment="Allow management access" in-interface-list=BASE
/ip firewall filter add action=accept chain=input comment="Allow emergency port access" in-interface=ether2
/ip firewall filter add action=accept chain=input comment="Users: Services access" dst-port=53 in-interface-list=LAN protocol=tcp
/ip firewall filter add action=accept chain=input comment="Users: Services access" dst-port=53 in-interface-list=LAN protocol=udp
/ip firewall filter add action=accept chain=input dst-port=53 in-interface-list=LAN protocol=udp
/ip firewall filter add action=accept chain=input dst-port=53 in-interface-list=LAN protocol=tcp
/ip firewall filter add action=drop chain=input comment="Drop all other traffic"
/ip firewall filter add action=accept chain=forward comment="internet traffic" in-interface-list=LAN out-interface-list=WAN
/ip firewall filter add action=accept chain=forward comment="port forwarding" connection-nat-state=dstnat disabled=yes
/ip firewall filter add action=accept chain=input comment="Allow DHCP" dst-port=67-68 in-interface-list=LAN protocol=udp
/ip firewall filter add action=accept chain=forward comment="Allow DHCP" dst-port=67-68 in-interface-list=LAN protocol=udp
/ip firewall filter add action=drop chain=forward comment="drop all else"
/ip firewall nat add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
/ipv6 firewall address-list add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
/ipv6 firewall address-list add address=::1/128 comment="defconf: lo" list=bad_ipv6
/ipv6 firewall address-list add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
/ipv6 firewall address-list add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
/ipv6 firewall address-list add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
/ipv6 firewall address-list add address=100::/64 comment="defconf: discard only " list=bad_ipv6
/ipv6 firewall address-list add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
/ipv6 firewall address-list add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
/ipv6 firewall address-list add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
/ipv6 firewall filter add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
/ipv6 firewall filter add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
/ipv6 firewall filter add action=accept chain=input comment="defconf: accept ICMPv6" protocol=icmpv6
/ipv6 firewall filter add action=accept chain=input comment="defconf: accept UDP traceroute" dst-port=33434-33534 protocol=udp
/ipv6 firewall filter add action=accept chain=input comment="defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=udp src-address=fe80::/10
/ipv6 firewall filter add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
/ipv6 firewall filter add action=accept chain=input comment="defconf: accept ipsec AH" protocol=ipsec-ah
/ipv6 firewall filter add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=ipsec-esp
/ipv6 firewall filter add action=accept chain=input comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
/ipv6 firewall filter add action=drop chain=input comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN
/ipv6 firewall filter add action=accept chain=forward comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
/ipv6 firewall filter add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
/ipv6 firewall filter add action=drop chain=forward comment="defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
/ipv6 firewall filter add action=drop chain=forward comment="defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
/ipv6 firewall filter add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" hop-limit=equal:1 protocol=icmpv6
/ipv6 firewall filter add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=icmpv6
/ipv6 firewall filter add action=accept chain=forward comment="defconf: accept HIP" protocol=139
/ipv6 firewall filter add action=accept chain=forward comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
/ipv6 firewall filter add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=ipsec-ah
/ipv6 firewall filter add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=ipsec-esp
/ipv6 firewall filter add action=accept chain=forward comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
/ipv6 firewall filter add action=drop chain=forward comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN
/system clock set time-zone-name=Europe/Zurich
/system identity set name=router-eg
/system note set show-at-login=no
/tool mac-server set allowed-interface-list=none
/tool mac-server mac-winbox set allowed-interface-list=BASE
ax³
Code: Select all
# 2024-07-15 17:50:31 by RouterOS 7.14.3
# software id = YY14-3XUW
#
# model = C53UiG+5HPaxD2HPaxD
# serial number = HF3098E5D7X
/interface bridge add admin-mac=78:9A:18:62:F1:08 auto-mac=no comment=defconf name=bridge protocol-mode=none vlan-filtering=yes
/interface vlan add interface=bridge name=vlanBase vlan-id=99
/interface vlan add interface=bridge name=vlanGuest vlan-id=20
/interface list add comment=defconf name=LAN
/interface list add name=MANAGE
/interface wifi datapath add bridge=bridge client-isolation=no name=DP_10 vlan-id=10
/interface wifi datapath add bridge=bridge client-isolation=yes name=DP_Guest vlan-id=20
/interface wifi
# managed by CAPsMAN
# mode: AP, SSID: SuperGame5, channel: 5500/ax/Ceee
set [ find default-name=wifi1 ] channel.band=5ghz-ax .skip-dfs-channels=10min-cac .width=20/40/80mhz configuration.manager=capsman .mode=ap .ssid=MikroTik-62F10C datapath=DP_10 disabled=no security.authentication-types=wpa2-psk,wpa3-psk .ft=yes .ft-over-ds=yes
/interface wifi
# managed by CAPsMAN
# mode: AP, SSID: Supergut Guest 5 GHz
add datapath=DP_Guest disabled=no mac-address=7A:9A:18:62:F1:0C master-interface=wifi1 name=wifi1_guest
/interface wifi
# managed by CAPsMAN
# mode: AP, SSID: SuperGame2, channel: 2412/n/Ce
set [ find default-name=wifi2 ] channel.band=2ghz-ax .skip-dfs-channels=10min-cac .width=20/40mhz configuration.manager=capsman .mode=ap .ssid=MikroTik-62F10C datapath=DP_10 disabled=no security.authentication-types=wpa2-psk,wpa3-psk .ft=yes .ft-over-ds=yes
/interface wifi
# managed by CAPsMAN
# mode: AP, SSID: Supergut Guest 2.4 GHz
add datapath=DP_Guest disabled=no mac-address=7A:9A:18:62:F1:0D master-interface=wifi2 name=wifi2_guest
/interface bridge port add bridge=bridge frame-types=admit-only-vlan-tagged interface=ether1 trusted=yes
/interface bridge port add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged interface=ether3 pvid=10
/interface bridge port add bridge=bridge frame-types=admit-only-vlan-tagged interface=ether4
/interface bridge port add bridge=bridge frame-types=admit-only-vlan-tagged interface=ether5
/ip neighbor discovery-settings set discover-interface-list=MANAGE
/ipv6 settings set disable-ipv6=yes max-neighbor-entries=8192
/interface bridge vlan add bridge=bridge tagged=bridge,ether1,ether4,ether5 vlan-ids=10
/interface bridge vlan add bridge=bridge tagged=bridge,ether1,ether4,ether5 vlan-ids=20
/interface bridge vlan add bridge=bridge tagged=bridge,ether1,ether4,ether5 vlan-ids=99
/interface list member add comment=defconf interface=bridge list=LAN
/interface list member add interface=vlanBase list=MANAGE
/interface wifi cap set caps-man-addresses=10.10.99.1 discovery-interfaces=vlanBase enabled=yes slaves-static=yes
/ip address add address=192.168.99.21/24 interface=ether2 network=192.168.99.0
/ip address add address=10.10.99.21/24 interface=vlanBase network=10.10.99.0
/ip dhcp-client add add-default-route=no interface=vlanGuest
/ip dns set allow-remote-requests=yes servers=10.10.99.1
/ip route add distance=1 gateway=10.10.99.1
/ip route add comment="ensures route avail through trusted subnet gateway" disabled=no dst-address=0.0.0.0/0 gateway=10.10.99.1
/system clock set time-zone-name=Europe/Zurich
/system identity set name=ax3-super-ug
/system note set show-at-login=no
/tool mac-server set allowed-interface-list=none
/tool mac-server mac-winbox set allowed-interface-list=MANAGE
Top
Post Reply

Who is online

Users browsing this forum: No registered users and 15 guests
  4. RouterOS
  5. Wireless Networking