I have some trouble with DHCP on a wireless network.
The DHCP Server sits on the Interface VLAN200, which is attached to a bridge.
Wireless is configured via Capsman
Code: Select all
/caps-man datapath
add arp=enabled bridge=bridge-VNET client-to-client-forwarding=yes name=VLAN200 vlan-id=200 vlan-mode=use-tag
add arp=enabled channel.band=5ghz-a/n/ac channel.control-channel-width=20mhz channel.extension-channel=disabled channel.frequency=5200 configuration.mode=ap configuration.ssid=test-5g \
datapath=VLAN200 disabled=no l2mtu=1600 mac-address=CE:2D:E0:5D:89:17 master-interface=cap2-5G name=test radio-mac=CC:2D:E0:5D:89:17 rates=basic_default security.authentication-types=\
wpa2-psk security.encryption=aes-ccm security.group-encryption=aes-ccm security.group-key-update=1h security.passphrase=supersecret
Also the DHCP seems to register and answer to the DHCP Request but the answer never reaches the client.
The Output from logging seems fine for me (Prefix DHCP-Fail):
21:43:33 system,info log rule changed by admin
Code: Select all
21:43:47 caps,info E4:RE:DA:CT:ED:XX@test connected, signal strength -55
21:43:52 dhcp,debug,packet DHCP-FAIL: Guest-DHCP-Server received discover with id 1470733553 from 0.0.0.0
21:43:52 dhcp,debug,packet DHCP-FAIL: secs = 5
21:43:52 dhcp,debug,packet DHCP-FAIL: ciaddr = 0.0.0.0
21:43:52 dhcp,debug,packet DHCP-FAIL: chaddr = E4:RE:DA:CT:ED:XX
21:43:52 dhcp,debug,packet DHCP-FAIL: Msg-Type = discover
21:43:52 dhcp,debug,packet DHCP-FAIL: Host-Name = "Client-Hostname"
21:43:52 dhcp,debug,packet DHCP-FAIL: Parameter-List = Subnet-Mask,Broadcast-Address,Unknown(2),Classless-Route,Domain-Name,Domain-Server,Host-Name,Unknown(40),Unknown(41),NTP-Server,Interface-MTU,Domain-Search,Router,Classless-Route,MS-Classless-Route,Static-Route,Auto-Proxy-Config,NTP-Se
21:43:52 dhcp,debug,packet DHCP-FAIL: rver
21:43:52 dhcp,debug,packet DHCP-FAIL: Client-Id = SO-ME-RA-ND-OM-WI-RE-LE-SS-CL-IE-NT-ID-US-ED-BY-TH-ED-HC-PS-ER-VE-R3
21:43:52 firewall,info DHCP input: in:vlan200 out:(unknown 0), src-mac E4:RE:DA:CT:ED:XX, proto UDP, 0.0.0.0:68->255.255.255.255:67, len 333
21:43:53 dhcp,debug,packet DHCP-FAIL: Guest-DHCP-Server sending offer with id 1470733553 to 172.22.15.183
21:43:53 dhcp,debug,packet DHCP-FAIL: ciaddr = 0.0.0.0
21:43:53 dhcp,debug,packet DHCP-FAIL: yiaddr = 172.22.15.183
21:43:53 dhcp,debug,packet DHCP-FAIL: siaddr = 172.22.15.1
21:43:53 dhcp,debug,packet DHCP-FAIL: chaddr = E4:RE:DA:CT:ED:XX
21:43:53 dhcp,debug,packet DHCP-FAIL: Msg-Type = offer
21:43:53 dhcp,debug,packet DHCP-FAIL: Server-Id = 172.22.15.1
21:43:53 dhcp,debug,packet DHCP-FAIL: Address-Time = 3600
21:43:53 dhcp,debug,packet DHCP-FAIL: Subnet-Mask = 255.255.255.0
21:43:53 dhcp,debug,packet DHCP-FAIL: Domain-Server = 172.22.15.253
21:43:53 dhcp,debug,packet DHCP-FAIL: NTP-Server = 0.0.0.0
21:43:53 dhcp,debug,packet DHCP-FAIL: Router = 172.22.15.253
21:44:05 dhcp,debug,packet DHCP-FAIL: Guest-DHCP-Server received discover with id 1470733553 from 0.0.0.0
21:44:05 dhcp,debug,packet DHCP-FAIL: secs = 18
21:44:05 dhcp,debug,packet DHCP-FAIL: ciaddr = 0.0.0.0
21:44:05 dhcp,debug,packet DHCP-FAIL: chaddr = E4:RE:DA:CT:ED:XX
21:44:05 dhcp,debug,packet DHCP-FAIL: Msg-Type = discover
21:44:05 dhcp,debug,packet DHCP-FAIL: Host-Name = "Client-Hostname"
21:44:05 dhcp,debug,packet DHCP-FAIL: Parameter-List = Subnet-Mask,Broadcast-Address,Unknown(2),Classless-Route,Domain-Name,Domain-Server,Host-Name,Unknown(40),Unknown(41),NTP-Server,Interface-MTU,Domain-Search,Router,Classless-Route,MS-Classless-Route,Static-Route,Auto-Proxy-Config,NTP-Se
21:44:05 dhcp,debug,packet DHCP-FAIL: rver
21:44:05 dhcp,debug,packet DHCP-FAIL: Client-Id = SO-ME-RA-ND-OM-WI-RE-LE-SS-CL-IE-NT-ID-US-ED-BY-TH-ED-HC-PS-ER-VE-R3
21:44:05 dhcp,debug,packet DHCP-FAIL: Guest-DHCP-Server sending offer with id 1470733553 to 172.22.15.183
21:44:05 dhcp,debug,packet DHCP-FAIL: ciaddr = 0.0.0.0
21:44:05 dhcp,debug,packet DHCP-FAIL: yiaddr = 172.22.15.183
21:44:05 dhcp,debug,packet DHCP-FAIL: siaddr = 172.22.15.1
21:44:05 dhcp,debug,packet DHCP-FAIL: chaddr = E4:RE:DA:CT:ED:XX
21:44:05 dhcp,debug,packet DHCP-FAIL: Msg-Type = offer
21:44:05 dhcp,debug,packet DHCP-FAIL: Server-Id = 172.22.15.1
21:44:05 dhcp,debug,packet DHCP-FAIL: Address-Time = 3600
21:44:05 dhcp,debug,packet DHCP-FAIL: Subnet-Mask = 255.255.255.0
21:44:05 dhcp,debug,packet DHCP-FAIL: Domain-Server = 172.22.15.253
21:44:05 dhcp,debug,packet DHCP-FAIL: NTP-Server = 0.0.0.0
21:44:05 dhcp,debug,packet DHCP-FAIL: Router = 172.22.15.253
21:44:05 firewall,info DHCP input: in:vlan200 out:(unknown 0), src-mac E4:RE:DA:CT:ED:XX, proto UDP, 0.0.0.0:68->255.255.255.255:67, len 333
Code: Select all
/ip firewall filter
add action=accept chain=input comment="allow est. related" connection-state=established,related
add action=accept chain=input log-prefix=allow-vnet src-address-list=allowed_to_router
add action=accept chain=input protocol=icmp
add action=accept chain=input comment="Allow DHCP on VLAN200" dst-port=67 in-interface=vlan200 log=yes log-prefix=DHCP protocol=udp src-port=68
add action=drop chain=input comment="DROP everything else" disabled=yes log=yes log-prefix=DROP
Any ideas on this?
Second question, maybe not related:
If I set "client-to-client-forwarding" to "no" the client is not able to reach the gateway (DHCP-Option: Router = 172.22.15.253). Seems like it can not resolve the MAC via ARP and therefore can not connect to the Gateway. So I had to set "client-to-client-forwarding=yes". Which is not so good for an guest network. Can this behaviour been changed or do I need some firewall rules here to prevent clients from seeing each other?
Kind Regards and thanks a lot.