Page 1 of 1
Invalid Arp Entries in 7.4 version
Posted: Thu Jul 21, 2022 5:31 pm
by mix359
Hi to All,
I've updated the main router in my school this week from the 6.x to last 7.x version (7.4) and I've started noticing some problem that I haven't noticed in my lab environment:
I'm using from many years the "reply-only" arp option on the interfaces of the laboratories of my school, to increase the security, assigning all the ips from the mikrotik's dhcp (static leases), and with the 6.x version, and previous versions, have ever worked perfectly.
Now the "reply-only" option seam still working, but I've some problem on the arp table: many of the record of the table from those interfaces are marked as invalid, like this one:
mikrotik_arp_problem_example.png
I've tried deleting one of those invalid records from the arp table and made the computer to do a new dhcp request. I can see the leases on the dhcp server that is bound, but nothing appear on the arp table for that device.
I've double checked in the dhcp server configuration and the "Add ARP for leases" option is flagged.
Here's are part of the configuration of one of the interfaces and the relative dhcp server:
/interface vlan
add arp=reply-only interface="LAN (sfp-sfpplus2)" name="lab_6 (24)" vlan-id=24
/ip dhcp-server
add add-arp=yes authoritative=after-2sec-delay interface="lab_6 (24)" \
lease-time=3d name=lab_6
/ip dhcp-server network
add address=10.1.24.0/23 dns-server=10.1.100.101,10.1.100.102,10.1.24.254 \
gateway=10.1.24.254 netmask=23 wins-server=10.1.100.102
/ip dhcp-server lease
add address=10.1.25.8 comment="igroove - L33-PC08" mac-address=\
xx:xx:xx:xx:xx:xx server=lab_6
Does something have changed on this arp/dhcp server part in the 7.x releases? Could be a bug?
Thanks to all
Best regards
Daniele
Re: Invalid Arp Entries in 7.4 version
Posted: Thu Jan 19, 2023 5:33 pm
by mrkacg
I have the same problem with version 7.7
Re: Invalid Arp Entries in 7.4 version
Posted: Tue Feb 21, 2023 3:03 pm
by grosnico
Same problem too. Searched a little after upgrading from 6.4 why hotspot was not working....
Is there a solution except set enable arp on interface?
Re: Invalid Arp Entries in 7.4 version
Posted: Thu Feb 23, 2023 8:02 am
by vasilii
hello
the same for me but it happens from time to time. all arp are invalid. devices are getting dhcp but have no internet access.
I was tryiung to make supout file but each time ccr is been rebooting after 32%.
I use hotspot on the bridge where bonding and vlans are setupped. and I had no such issue before upgrading from 6 ROS to 7
Re: Invalid Arp Entries in 7.4 version
Posted: Fri May 12, 2023 1:34 pm
by ThienVo
I also had the same problem on version 7.9 when I turned on Reply-only ARP, then the Hotspot login page didn't work, I checked the ARP table and it said Invalid
Re: Invalid Arp Entries in 7.4 version
Posted: Wed Jun 07, 2023 5:03 am
by antosusan
Hi to All,
I've updated the main router in my school this week from the 6.x to last 7.x version (7.4) and I've started noticing some problem that I haven't noticed in my lab environment:
I'm using from many years the "reply-only" arp option on the interfaces of the laboratories of my school, to increase the security, assigning all the ips from the mikrotik's dhcp (static leases), and with the 6.x version, and previous versions, have ever worked perfectly.
Now the "reply-only" option seam still working, but I've some problem on the arp table: many of the record of the table from those interfaces are marked as invalid, like this one:
mikrotik_arp_problem_example.png
I've tried deleting one of those invalid records from the arp table and made the computer to do a new dhcp request. I can see the leases on the dhcp server that is bound, but nothing appear on the arp table for that device.
I've double checked in the dhcp server configuration and the "Add ARP for leases" option is flagged.
Here's are part of the configuration of one of the interfaces and the relative dhcp server:
/interface vlan
add arp=reply-only interface="LAN (sfp-sfpplus2)" name="lab_6 (24)" vlan-id=24
/ip dhcp-server
add add-arp=yes authoritative=after-2sec-delay interface="lab_6 (24)" \
lease-time=3d name=lab_6
/ip dhcp-server network
add address=10.1.24.0/23 dns-server=10.1.100.101,10.1.100.102,10.1.24.254 \
gateway=10.1.24.254 netmask=23 wins-server=10.1.100.102
/ip dhcp-server lease
add address=10.1.25.8 comment="igroove - L33-PC08" mac-address=\
xx:xx:xx:xx:xx:xx server=lab_6
Does something have changed on this arp/dhcp server part in the 7.x releases? Could be a bug?
Thanks to all
Best regards
Daniele
do you have to try reboot your router? maybe will work for you
Re: Invalid Arp Entries in 7.4 version
Posted: Wed Aug 30, 2023 2:20 pm
by grosnico
Seem still the same in 7.11
Re: Invalid Arp Entries in 7.4 version
Posted: Wed Oct 18, 2023 2:29 pm
by miguelos
Issue still there in 7.11
Anyone have it running in 7.x ? Can't mikrotik fix this ?
Re: Invalid Arp Entries in 7.4 version
Posted: Wed Nov 01, 2023 11:13 pm
by grosnico
Didn't see anything related in 7.12RC changelog...so should still be there in 7.12
Re: Invalid Arp Entries in 7.4 version
Posted: Sat Dec 16, 2023 12:35 am
by Kentzo
Had the similar problem with 7.12.1 on RB952Ui (MIPSBE) but not C53UiG (arm64). The reboot fixed invalid static entries, as they became valid.
SUP-137777 (cool number)
Re: Invalid Arp Entries in 7.4 version
Posted: Thu Dec 21, 2023 9:37 am
by grosnico
Still the same with 7.13
Re: Invalid Arp Entries in 7.4 version
Posted: Wed Jan 10, 2024 9:10 am
by Kentzo
Same on 7.13.1
Except this time the ARP record remains invalid even after a reboot. To get this fixed I had to remove and re-add the entry. Rebooted after each action, for good measure.
Re: Invalid Arp Entries in 7.4 version
Posted: Tue Jan 16, 2024 10:44 pm
by Kentzo
Smooth upgrade from 7.13.1 to 7.13.2: the static ARP record was not marked as invalid. Fixed?
Re: Invalid Arp Entries in 7.4 version
Posted: Fri Jan 19, 2024 10:28 am
by networkadmin33
For me, the problem seems to occur immediately after the hotspot user appears in the active list. As a workaround, disabling the ARP entry and then enabling it using the following hotspot user-profiles On-Login script has solved the problem for now.
:local arplist [/ip arp find where disabled =no]
:foreach i in=$arplist do={
if ([/ip arp get $i address] = $address) do={
/ip arp disable $i
/ip arp enable $i
}
}
To add the script to all Hotspot users (removes current On-Login scripts):
Re: Invalid Arp Entries in 7.4 version
Posted: Sat Jan 20, 2024 1:10 pm
by networkadmin33
The above script works only for static ARP entries. A workaround for dynamic entries is to disable and enable add-arp-for-leases on the DHCP server.
Here is a script that works for both (removes current On-Login scripts):
/ip hotspot user profile set [find] on-login="Fix_arp_schedule"
/system script add dont-require-permissions=no name=Fix_arp owner=admin policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":lo\
cal darplist [/ip arp find where invalid=yes and dynamic=yes]\r\
\nif ( [:len \$darplist] > 0 ) do={ \r\
\n:log info [:len \$darplist]\r\
\n:local dlist [/ip dhcp-server find where add-arp=yes and disabled=no]; \r\
\n/ip dhcp-server set \$dlist add-arp=no; \r\
\n/ip dhcp-server set \$dlist add-arp=yes; }\r\
\n\r\
\n\r\
\n:local sarplist [/ip arp find where invalid=yes and dynamic=no and disable\
d=no]\r\
\nif ( [:len \$sarplist] > 0 ) do={ \r\
\n/ip arp disable \$sarplist;\r\
\n/ip arp enable \$sarplist;\r\
\n}"
/system script add dont-require-permissions=no name=Fix_arp_schedule owner=admin policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="/\
system scheduler add name=Fix_arp interval=00:00:01 on-event=\"/system sch\
eduler remove Fix_arp;/system script run Fix_arp;\""
/system scheduler add disabled=no interval=5s name=FixArp on-event=Fix_arp policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon
Re: Invalid Arp Entries in 7.4 version
Posted: Thu Jan 25, 2024 8:34 pm
by Kentzo
The 7.13.2 -> 7.13.3 upgrade broke the ARP record, it's "invalid" upon the first boot. Had to delete the record, reboot, and add then re-add it.
Re: Invalid Arp Entries in 7.4 version
Posted: Mon Feb 12, 2024 10:09 pm
by Kentzo
The 7.13.3 -> 7.13.4 upgrade broke the ARP record, it's "invalid" upon the first boot. Toggling the enabled status fixed the issue.
Re: Invalid Arp Entries in 7.4 version
Posted: Fri Jul 26, 2024 11:38 am
by nik247
What's new in 7.16beta7 (2024-Jul-25 12:55):
*) arp - fixed possible issue with invalid entries;
Re: Invalid Arp Entries in 7.4 version
Posted: Sun Sep 08, 2024 11:43 pm
by networkadmin33
What's new in 7.16beta7 (2024-Jul-25 12:55):
*) arp - fixed possible issue with invalid entries;
Still not working for me on 7.16rc4 when using Hotspot with interfaces that have reply-only ARP, I still get invalid entries.
Re: Invalid Arp Entries in 7.4 version
Posted: Fri Sep 27, 2024 10:43 am
by grosnico
Still not working on final 7.16.....frustating
Re: Invalid Arp Entries in 7.4 version
Posted: Tue Oct 08, 2024 3:37 pm
by sab1177
also on my hotspot system.
Still not working on final 7.16
Re: Invalid Arp Entries in 7.4 version
Posted: Tue Oct 08, 2024 5:42 pm
by holvoetn
Everyone reporting it doesn't work:
already created a ticket to support with all relevant info ?
Otherwise chances are high they will never see these messages.
Re: Invalid Arp Entries in 7.4 version
Posted: Mon Oct 28, 2024 11:53 am
by sab1177
yes my ticket is "Waiting for support" again.
Re: Invalid Arp Entries in 7.4 version
Posted: Mon Dec 16, 2024 6:53 am
by Hyunckel
It's crazy how this is still not fixed!
Re: Invalid Arp Entries in 7.4 version
Posted: Thu Jan 16, 2025 6:36 pm
by djxbass
The issue is still present in v7.17
Re: Invalid Arp Entries in 7.4 version
Posted: Mon Jan 27, 2025 7:23 pm
by indrafreaks71
same here, showing blank hotspot login pages on ros v7.17
