Community discussions

MikroTik App
 
mseidler
just joined
Topic Author
Posts: 16
Joined: Fri Sep 05, 2014 10:27 am

DHCP offering lease without success to itself

Tue Jul 21, 2020 10:46 am

Hi all!

I have an issue with the DHCP-Server in an RB3011. In the log files I get the message: DHCP offing lease <IP Address> for <MAC of RB3011> without success.
On the router itself 4 internal networks are running with 2 DHCP-Server. But there is no DHCP client on the router.

Is there any idea whats wrong and how to get rid of these messages (solving the issue not hiding the entries).

Thanks for your support!

BR,

Michael

The entry in the log file:
mikrotik log.JPG
No entries in DHCP client:
mikrotik dhcp client.JPG
Here you see the internal interface it tries to provide the lease.
mikrotik interface.JPG
Here is the config:
# jul/21/2020 09:38:06 by RouterOS 6.47.1
# software id = QVCN-N3DT
#
# model = RouterBOARD 3011UiAS
# serial number = 783D08D4BABD
/caps-man datapath
add client-to-client-forwarding=yes local-forwarding=yes name=sukSEs
add client-to-client-forwarding=no local-forwarding=yes name="sukSEs Guest"
/interface ethernet
set [ find default-name=ether1 ] name="ether1 WAN" speed=100Mbps
set [ find default-name=ether2 ] name="ether2 Office Net" speed=100Mbps
set [ find default-name=ether3 ] name="ether3 VoIP Net" speed=100Mbps
set [ find default-name=ether4 ] name="ether4 Guest WLAN" rx-flow-control=\
auto speed=100Mbps tx-flow-control=auto
set [ find default-name=ether5 ] name="ether5 C5UAV" speed=100Mbps
set [ find default-name=ether6 ] disabled=yes name=ether6-master speed=\
100Mbps
set [ find default-name=ether7 ] disabled=yes speed=100Mbps
set [ find default-name=ether8 ] disabled=yes speed=100Mbps
set [ find default-name=ether9 ] disabled=yes speed=100Mbps
set [ find default-name=ether10 ] disabled=yes speed=100Mbps
set [ find default-name=sfp1 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full disabled=yes
/interface pppoe-client
add add-default-route=yes comment="Telekom DSL" disabled=no interface=\
"ether1 WAN" name="Telekom PPPoE" use-peer-dns=yes user=\
<DSL account>
/interface l2tp-client
add allow-fast-path=yes comment="VPN Verbindung zu sukSEs-Backup" connect-to=\
sukses-backup.synology.me disabled=no name=l2tp-out use-ipsec=yes user=\
admin
/caps-man security
add authentication-types=wpa2-psk encryption=aes-ccm name=sukSEs
add authentication-types=wpa2-psk encryption=aes-ccm name="sukSEs Guest"
/caps-man configuration
add country=germany datapath=sukSEs mode=ap name="2.4 GHz sukSEs" security=\
sukSEs ssid=sukSEs
add country=germany datapath="sukSEs Guest" mode=ap name=\
"2.4 GHz sukSEs Guest" security="sukSEs Guest" ssid="sukSEs Guest"
add country="germany 5.8 ap" datapath=sukSEs mode=ap name="5.8 GHz sukSEs" \
security=sukSEs ssid=sukSEs
add country="germany 5.8 ap" datapath="sukSEs Guest" mode=ap name=\
"5.8 GHz sukSEs Guest" security="sukSEs Guest" ssid="sukSEs Guest"
/caps-man interface
add comment="Capsman WLAN Besprechung" configuration="2.4 GHz sukSEs" \
disabled=no l2mtu=1600 mac-address=CC:2D:E0:C4:34:27 master-interface=\
none name="Besprechung 2.4 GHz sukSEs" radio-mac=CC:2D:E0:C4:34:27 \
radio-name=CC2DE0C43427
add configuration="2.4 GHz sukSEs Guest" disabled=no l2mtu=1600 mac-address=\
CE:2D:E0:C4:34:27 master-interface="Besprechung 2.4 GHz sukSEs" name=\
"Besprechung 2.4 GHz sukSEs Guest" radio-mac=00:00:00:00:00:00 \
radio-name=""
add configuration="5.8 GHz sukSEs" disabled=no l2mtu=1600 mac-address=\
CC:2D:E0:C4:34:26 master-interface=none name="Besprechung 5.8 GHz sukSEs" \
radio-mac=CC:2D:E0:C4:34:26 radio-name=CC2DE0C43426
add configuration="5.8 GHz sukSEs Guest" disabled=no l2mtu=1600 mac-address=\
CE:2D:E0:C4:34:26 master-interface="Besprechung 5.8 GHz sukSEs" name=\
"Besprechung 5.8 GHz sukSEs Guest" radio-mac=00:00:00:00:00:00 \
radio-name=""
add comment="Capsman WLAN B\FCro" configuration="2.4 GHz sukSEs" disabled=no \
l2mtu=1600 mac-address=CC:2D:E0:10:6A:13 master-interface=none name=\
"B\FCro 2.4 GHz sukSEs" radio-mac=CC:2D:E0:10:6A:13 radio-name=\
CC2DE0106A13
add configuration="2.4 GHz sukSEs Guest" disabled=no l2mtu=1600 mac-address=\
CE:2D:E0:10:6A:13 master-interface="B\FCro 2.4 GHz sukSEs" name=\
"B\FCro 2.4 GHz sukSEs Guest" radio-mac=00:00:00:00:00:00 radio-name=""
add configuration="5.8 GHz sukSEs" disabled=no l2mtu=1600 mac-address=\
CC:2D:E0:10:6A:12 master-interface=none name="B\FCro 5.8 GHz sukSEs" \
radio-mac=CC:2D:E0:10:6A:12 radio-name=CC2DE0106A12
add configuration="5.8 GHz sukSEs Guest" disabled=no l2mtu=1600 mac-address=\
CE:2D:E0:10:6A:12 master-interface="B\FCro 5.8 GHz sukSEs" name=\
"B\FCro 5.8 GHz sukSEs Guest" radio-mac=00:00:00:00:00:00 radio-name=""
/interface list
add exclude=dynamic name=discover
add name=mactel
add name=mac-winbox
add name=WAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=\
aes-256-cbc,aes-192-cbc,aes-128-cbc,3des
/ip pool
add name=dhcp ranges=192.168.100.2-192.168.100.99
add name="Guest WLAN DHCP Pool" ranges=192.168.200.2-192.168.200.200
add name="sukSEs VPN" ranges=10.10.0.1-10.10.0.100
add name="C5UAV VPN" ranges=10.10.1.1-10.10.1.100
/ip dhcp-server
add address-pool=dhcp disabled=no interface="ether2 Office Net" lease-time=3h \
name="Office DHCP"
add address-pool="Guest WLAN DHCP Pool" disabled=no interface=\
"ether4 Guest WLAN" lease-time=1h name="Guest WLAN DHCP"
/ppp profile
add change-tcp-mss=yes dns-server=8.8.8.8 name="sukSEs IPsec" use-encryption=\
yes
/queue simple
add dst="ether1 WAN" max-limit=1M/1M name="Guest WLAN" target=\
"ether4 Guest WLAN"
/snmp community
set [ find default=yes ] addresses=0.0.0.0/0
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
sword,web,sniff,sensitive,api,romon,dude,tikapp"
/caps-man manager
set ca-certificate=CAPsMAN-CA-CC2DE01C9590 certificate=CAPsMAN-CC2DE01C9590 \
enabled=yes require-peer-certificate=yes
/interface bridge port
add comment=defconf interface="ether2 Office Net"
add comment=defconf disabled=yes interface=sfp1
add disabled=yes interface="ether5 C5UAV"
add disabled=yes interface=ether7
add disabled=yes interface=ether8
add disabled=yes interface=ether9
add disabled=yes interface=ether10
/interface bridge settings
set use-ip-firewall=yes
/ip neighbor discovery-settings
set discover-interface-list=discover
/interface detect-internet
set detect-interface-list=all
/interface l2tp-server server
set authentication=mschap2 default-profile="sukSEs IPsec" enabled=yes \
use-ipsec=yes
/interface list member
add interface="ether2 Office Net" list=discover
add interface="ether3 VoIP Net" list=discover
add interface="ether4 Guest WLAN" list=discover
add interface="ether5 C5UAV" list=discover
add interface=sfp1 list=discover
add interface=ether6-master list=discover
add interface=ether7 list=discover
add interface=ether8 list=discover
add interface=ether9 list=discover
add interface=ether10 list=discover
add list=discover
add list=mactel
add list=mac-winbox
add interface="Telekom PPPoE" list=WAN
/ip address
add address=192.168.100.1/24 interface="ether2 Office Net" network=\
192.168.100.0
add address=192.168.99.1/24 interface="ether3 VoIP Net" network=192.168.99.0
add address=192.168.200.254/24 interface="ether4 Guest WLAN" network=\
192.168.200.0
add address=192.168.101.1/24 interface="ether5 C5UAV" network=192.168.101.0
/ip dhcp-server network
add address=192.168.100.0/24 comment=Office dns-server=\
192.168.100.200,8.8.8.8,8.8.4.4 gateway=192.168.100.1 netmask=24 \
ntp-server=192.168.100.1
add address=192.168.200.0/24 comment="Guest WLAN" dns-server=8.8.8.8,8.8.4.4 \
gateway=192.168.200.254 netmask=24 ntp-server=192.168.200.254
/ip dns
set allow-remote-requests=yes servers=192.168.100.200,8.8.8.8,8.8.4.4
/ip dns static
add address=192.168.100.110 name=sukses.synology.me type=A
/ip firewall address-list
add address=192.168.200.0-192.168.200.200 list=GuestWLAN
add address=192.168.100.1-192.168.100.254 list=allowed_to_router1
add address=192.168.100.0/24 list=DNS-access
add address=192.168.99.0/24 list=DNS-access
add address=192.168.200.0/24 list=DNS-access
add address=192.168.99.1-192.168.99.254 list=allowed_to_router2
/ip firewall filter
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related" \
connection-state=established,related
add action=accept chain=input comment="VPN Mikrotik" disabled=yes \
in-interface="Telekom PPPoE" protocol=udp src-port=1701,500,4500
add action=accept chain=input disabled=yes in-interface="Telekom PPPoE" \
protocol=ipsec-esp
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface="Telekom PPPoE"
add action=accept chain=forward comment=\
"Guest WLAN excluded from fasttrack for simple queue processing" \
connection-state=established,related src-address=192.168.200.0/24
add action=accept chain=forward comment=\
"Guest WLAN excluded from fasttrack for simple queue processing" \
connection-state=established,related dst-address=192.168.200.0/24
add action=drop chain=forward comment=\
"Drop Guest WLAN to Office, VoIP or C5UAV" in-interface=\
"ether4 Guest WLAN" out-interface="!Telekom PPPoE"
add action=accept chain=input comment=\
"Access to Router restricted auf 192.168.99.1 - 192.168.99.253" \
src-address-list=allowed_to_router2
add action=accept chain=input comment=\
"Access to Router restricted auf 192.168.100.1-192.168.100.253" \
src-address-list=allowed_to_router1
add action=accept chain=input comment=\
"Allow internal DNS requests, deny WAN DNS requests" dst-port=53 \
in-interface="ether2 Office Net" protocol=tcp
add action=accept chain=input dst-port=53 in-interface="ether2 Office Net" \
protocol=udp
add action=accept chain=input dst-port=53 in-interface="ether3 VoIP Net" \
protocol=tcp
add action=accept chain=input dst-port=53 in-interface="ether3 VoIP Net" \
protocol=udp
add action=drop chain=input dst-port=53 protocol=udp
add action=drop chain=input dst-port=53 protocol=tcp
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
"Allow connections established by router" connection-state=established
add action=drop chain=input comment="Drop access to Router"
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" dst-address=\
!192.168.178.131 out-interface="Telekom PPPoE"
add action=masquerade chain=srcnat comment="sukSEs-Backup for Backup" \
dst-address=192.168.178.131 out-interface=l2tp-out
add action=dst-nat chain=dstnat comment="L2TP/IPSec to Synology DS1517+" \
dst-address-type=local dst-port=1701 in-interface="Telekom PPPoE" \
protocol=udp to-addresses=192.168.100.110 to-ports=1701
add action=dst-nat chain=dstnat dst-address-type=local dst-port=500 \
in-interface="Telekom PPPoE" protocol=udp to-addresses=192.168.100.110 \
to-ports=500
add action=dst-nat chain=dstnat dst-address-type=local dst-port=4500 \
in-interface="Telekom PPPoE" protocol=udp to-addresses=192.168.100.110 \
to-ports=4500
add action=dst-nat chain=dstnat comment=\
"Active Backup for Business to Synology DS1517+" dst-address-type=local \
dst-port=5510 in-interface="Telekom PPPoE" protocol=tcp to-addresses=\
192.168.100.110 to-ports=5510
add action=dst-nat chain=dstnat comment="SIP to Mitel 104" dst-address-type=\
local dst-port=5070 in-interface="Telekom PPPoE" protocol=udp \
to-addresses=192.168.99.2 to-ports=5070
add action=dst-nat chain=dstnat dst-address-type=local dst-port=5080 \
in-interface="Telekom PPPoE" protocol=udp to-addresses=192.168.99.2 \
to-ports=5080
/ip firewall service-port
set sip disabled=yes
/ip route
add comment="sukSEs-Backup f\FCr Backup" distance=1 dst-address=\
192.168.178.0/24 gateway=l2tp-out
/ip service
set winbox address=192.168.100.0/24,192.168.99.0/24,10.0.0.0/24,10.2.0.0/24
/ip ssh
set allow-none-crypto=yes forwarding-enabled=remote
/ipv6 nd
set [ find default=yes ] advertise-dns=no
/lcd
set default-screen=stats-all
/ppp secret
add name=test1 profile=default-encryption service=l2tp
add name=test2 profile=default-encryption service=l2tp
/snmp
set enabled=yes trap-generators=temp-exception,interfaces,start-trap \
trap-version=2
/system clock
set time-zone-name=Europe/Berlin
/system identity
set name=RB3011
/system ntp client
set enabled=yes primary-ntp=129.70.132.37 secondary-ntp=87.118.124.35
/system ntp server
set enabled=yes
/system script
add dont-require-permissions=no name=RemoveSIP owner=admin policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="/\
ip firewall connection remove [/ip firewall connection find where connecti\
on-type=\"sip\" and src-address~\"192.168.99.2\"]"
/tool e-mail
set address=smtp.office365.com from=<email> port=587 start-tls=yes user=\
<email>
/tool mac-server
set allowed-interface-list=mactel
/tool mac-server mac-winbox
set allowed-interface-list=mac-winbox
You do not have the required permissions to view the files attached to this post.
 
User avatar
krafg
Forum Guru
Forum Guru
Posts: 1042
Joined: Sun Jun 28, 2015 7:36 pm

Re: DHCP offering lease without success to itself

Wed Jul 22, 2020 10:07 am

If you disconnect the office network and connect on these port a computer, the message still showing?

Regards.
 
mseidler
just joined
Topic Author
Posts: 16
Joined: Fri Sep 05, 2014 10:27 am

Re: DHCP offering lease without success to itself

Thu Jul 23, 2020 10:34 am

Hi,
problem stays.
I solved it now this way, which is not the optimum way. I made the DHCP lease static and blocked it. Since this the log message is gone.

BR,

Michael
 
nescafe2002
Forum Veteran
Forum Veteran
Posts: 914
Joined: Tue Aug 11, 2015 12:46 pm
Location: Netherlands

Re: DHCP offering lease without success to itself

Thu Jul 23, 2020 10:54 am

Try removing the invalid bridge port member "ether2 Office Net" (in fact they are all invalid since there is no bridge, but the others are disabled):

/interface bridge port
add comment=defconf interface="ether2 Office Net"
add comment=defconf disabled=yes interface=sfp1
add disabled=yes interface="ether5 C5UAV"
add disabled=yes interface=ether7
add disabled=yes interface=ether8
add disabled=yes interface=ether9
add disabled=yes interface=ether10
 
mseidler
just joined
Topic Author
Posts: 16
Joined: Fri Sep 05, 2014 10:27 am

Re: DHCP offering lease without success to itself

Fri Jul 24, 2020 12:42 pm

Hi,
removed the bridge ports, but no changes. I stay now with blocking the lease.

BR,

Michael
 
nescafe2002
Forum Veteran
Forum Veteran
Posts: 914
Joined: Tue Aug 11, 2015 12:46 pm
Location: Netherlands

Re: DHCP offering lease without success to itself  [SOLVED]

Fri Jul 24, 2020 2:50 pm

Also try disabling internet detection:
/interface detect-internet
set detect-interface-list=none
 
dad2312
Frequent Visitor
Frequent Visitor
Posts: 74
Joined: Sun Nov 17, 2019 12:55 pm

Re: DHCP offering lease without success to itself

Tue Dec 22, 2020 11:46 am

Also try disabling internet detection:
/interface detect-internet
set detect-interface-list=none
thanks, it works for me with same problem "DHCP offering lease without success to itself"

Who is online

Users browsing this forum: gkoleff and 44 guests