The problem was this rule:I disabled this one and the DHCP deassigned/assigned log message disappears.
Digging deeper into the problem and enabling the rule logging, I found the following requests from the Mi Hub:
It was this last line that caused the problem, so I added this rule:
So, I think that the Xiaomi Mi Hub requires verify that the gateway is up and needs ICMP.
Code:
/ip firewall filteradd action=drop chain=input comment="input - Drop allDigging deeper into the problem and enabling the rule logging, I found the following requests from the Mi Hub:
Code:
2024-03-07 11:10:44Local7.Debug192.168.20.1firewall,info DROP-N: DROP-N input: in:vlan300-IOT-SW1 out:(unknown 0), connection-state:new src-mac MAC, proto UDP, 192.168.30.129:54326->255.255.255.255:54321, len 602024-03-07 11:10:44Local7.Debug192.168.20.1firewall,info DROP-N: DROP-N input: in:vlan300-IOT-SW2 out:(unknown 0), connection-state:new src-mac MAC, proto UDP, 192.168.30.129:54326->255.255.255.255:54321, len 602024-03-07 11:10:44Local7.Debug192.168.20.1firewall,info DROP-N: DROP-N input: in:vlan300-IOT-SW1 out:(unknown 0), connection-state:new src-mac MAC, proto UDP, 192.168.30.129:49565->255.255.255.255:54321, len 602024-03-07 11:10:44Local7.Debug192.168.20.1firewall,info DROP-N: DROP-N input: in:vlan300-IOT-SW2 out:(unknown 0), connection-state:new src-mac MAC, proto UDP, 192.168.30.129:49565->255.255.255.255:54321, len 602024-03-07 11:11:22Local7.Debug192.168.20.1firewall,info DROP-N: DROP-N input: in:vlan300-IOT-SW1 out:(unknown 0), connection-state:new src-mac MAC, proto ICMP (type 8, code 0), 192.168.30.129->192.168.30.1, len 84Code:
/ip firewall filteradd action=accept chain=input comment="ICMP from Mi Hub" \ protocol=icmp src-address=192.168.30.129Statistics: Posted by jjmuriel — Thu Mar 07, 2024 10:15 pm