why does this happen with me so often... dhcp users getting wan ips and screaming no connectivity even unable to open hotspot login page...



this happened sometimes after 1 or 2 days or sometimes running 1w.


I am using metarouter for LB ... a virtual port for WAN.

[admin@MikroTik] /ip address> export
/ip address
add address=192.168.11.1/24 interface=LAN1 network=192.168.11.0
add address=192.168.0.3/32 interface=vif1 network=192.168.0.1

[admin@MikroTik] /ip dhcp-server> export
/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=LAN1 name=dhcp1
/ip dhcp-server network
add address=192.168.11.0/24 gateway=192.168.11.1

I see that a bit on my wireless system. If the client radio has been connected to another AP and got a dhcp lease recently, the radio won't try to renew the ip for a day or two. In the interim, it attempts to use the ip it was assigned and the hotspot will translate it to an ip within the subnet. This is the hotspot's 1:1 NAT.

If you do not want this feature, you can disable it. I'm not sure this will correct the problem tho. The devices with the out-of-subnet ips would need to repair the connection to get a valid ip.

this is also happened with my laptop's LAN which is connect directly to RB. port is using master post LAN not directly configd as LAN.


(Currently I am asking to users for manual IP but I want exact solution)

Are you certain there is not another dhcp server on your network?

edit: Maybe someone who has in the past enabled Internet Connection Sharing on his/her computer?

I agree about the other DHCP server on the network. The other issue is you might have accidentally added your WAN port to your bridge.

-Mac

DSL modem (DHCP OFF) >>>> RB450G >>> Netinstall 5.23

Config like that>>>>>

ether1 = lan
ether2 = wan
.
.
ip address
.
nat
.
.
dhcp setup
.
hotspot setup
.
.
route
.
.
dns
.
nothing else.

>>>>> Switch >>>> 1. Lan User 2. Bullet M2HP (DHCP OFF) users.

now plz tell me where is issue.


/interface ethernet
set 0 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited disabled=no full-duplex=yes l2mtu=1520 mac-address=00:0C:42:AF:6D:E2 master-port=none mtu=\
1500 name=LAN speed=100Mbps
set 1 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited disabled=no full-duplex=yes l2mtu=1520 mac-address=00:0C:42:AF:6D:E3 master-port=none mtu=\
1500 name=ether2 speed=100Mbps
set 2 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited disabled=no full-duplex=yes l2mtu=1520 mac-address=00:0C:42:AF:6D:E4 master-port=none mtu=\
1500 name=ether3 speed=100Mbps
set 3 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited disabled=no full-duplex=yes l2mtu=1520 mac-address=00:0C:42:AF:6D:E5 master-port=none mtu=\
1500 name=ether4 speed=100Mbps
set 4 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited disabled=no full-duplex=yes l2mtu=1520 mac-address=00:0C:42:AF:6D:E6 master-port=none mtu=\
1500 name=ether5 speed=100Mbps
/interface ethernet switch
set 0 mirror-source=none mirror-target=none name=switch1 switch-all-ports=yes
/interface ethernet switch port
set 0 vlan-header=leave-as-is vlan-mode=fallback
set 1 vlan-header=leave-as-is vlan-mode=fallback
set 2 vlan-header=leave-as-is vlan-mode=fallback
set 3 vlan-header=leave-as-is vlan-mode=fallback
set 4 vlan-header=leave-as-is vlan-mode=fallback
set 5 vlan-header=leave-as-is vlan-mode=fallback
=======================================================
[admin@MikroTik] /ip address> export
/ip address
add address=192.168.11.1/24 disabled=no interface=LAN network=192.168.11.0
add address=192.168.0.3/24 disabled=no interface=ether2 network=192.168.0.0
[admin@MikroTik] /ip address>
==========================================================
[admin@MikroTik] /ip firewall nat> export

/ip firewall nat
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes to-addresses=0.0.0.0
add action=masquerade chain=srcnat comment="masquerade hotspot network" disabled=no src-address=192.168.11.0/24 to-addresses=0.0.0.0
===========================================================
[admin@MikroTik] /ip route> export
# jan/02/1970 03:50:54 by RouterOS 5.23
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.0.1 scope=30 target-scope=10
===========================================================
[admin@MikroTik] /ip dns> export
# jan/02/1970 03:51:46 by RouterOS 5.23
/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=5000KiB max-udp-packet-size=4096 servers=8.8.8.8,8.8.4.4
=============================================================
/ip dhcp-server
add address-pool=dhcp_pool1 authoritative=after-2sec-delay bootp-support=static disabled=no interface=LAN lease-time=3d name=dhcp1
/ip dhcp-server config
set store-leases-disk=5m
/ip dhcp-server network
add address=192.168.11.0/24 dhcp-option="" dns-server="" gateway=192.168.11.1 ntp-server="" wins-server=""
==============================================================

[admin@MikroTik] /ip hotspot> export
# jan/02/1970 03:54:16 by RouterOS 5.23

/ip hotspot profile
set [ find default=yes ] dns-name="" hotspot-address=0.0.0.0 html-directory=hotspot http-cookie-lifetime=10m http-proxy=0.0.0.0:0 login-by=cookie,http-chap \
name=default rate-limit="" smtp-server=0.0.0.0 split-user-domain=no use-radius=no
add dns-name=www.nasir.gm hotspot-address=192.168.11.1 html-directory=Hotspo http-cookie-lifetime=10m http-proxy=0.0.0.0:0 login-by=cookie,http-chap name=\
hsprof1 rate-limit="" smtp-server=0.0.0.0 split-user-domain=no use-radius=no
/ip hotspot
add disabled=no idle-timeout=5m interface=LAN keepalive-timeout=none name=hotspot1 profile=hsprof1
/ip hotspot user profile
set [ find default=yes ] advertise=no idle-timeout=none keepalive-timeout=2m name=default open-status-page=always shared-users=1 status-autorefresh=1m \
transparent-proxy=yes
add advertise=no idle-timeout=none keepalive-timeout=2m name=1MB open-status-page=always rate-limit=512K/2000K shared-users=1 status-autorefresh=1m \
transparent-proxy=yes
/ip hotspot ip-binding
add comment="Faiz SB" disabled=no mac-address=A0:F3:C1:08:8C:39 type=bypassed

/ip hotspot service-port
set ftp disabled=no ports=21
/ip hotspot user
add disabled=no name=KHAN password=123 profile=default
add disabled=no name=wifi password=ali profile=default
.
.
.
[admin@MikroTik] /ip hotspot>
==============================================================

That is YOUR setup. That may not be the problem. There may be a rogue dhcp server on the localnet. I would disable the hotspot and the dhcp server temporarily, and try to get an ip via dhcp with a computer on the localnet. You shouldn't get one. If you do, and it is a 192.168.0.x ip, then you have another dhcp server on the localnet. (edit: Not your router, but another router or computer.)

Add: There is also "/ip dhcp-server alert".

I know all this because it has already happened to one of my localnets. My problem was another router a customer tried to set up as a repeater, but forgot to disable the dhcp server on the wireless network.

k got it.... I really appreciate your help..

so now whats the solution how to kick them...

I use hotspots for auth, so I did not know who it was at first. I blocked the mac address from connecting to the wireless using the access list, then waited for a complaint.