Community discussions

MikroTik App
  4. RouterOS
  5. Beginner Basics

How to set primary DHCP Server whene there're two over VPN?

Locked
 
amt779
just joined
Topic Author
Posts: 3
Joined: Tue Feb 25, 2014 8:35 am

How to set primary DHCP Server whene there're two over VPN?

Tue Feb 25, 2014 8:52 am

Hello,

My company has 4 remoted departements. Each departement is equiped with MikroTik Routerboard-2011uas-2hnd-in. I've joined 2 local networks of remoted departements with VPN. Here is the issue: each MikroTik Routerboard-2011uas-2hnd-in serves DHCP for its own local network. After I joined 2 local networks with VPN channel some workstations have recognised as primary DHCP Server not the local one Routerboard-2011uas-2hnd-in, but the remoted one. Which is a problem.

When I've two DHCP Servers joined over VPN how can I set to make shure that none of local workstation will recognise remoted Routerboard-2011uas-2hnd-in as DHCP Server, but will recognise local Routerboard-2011uas-2hnd-in as DHCP Server?

Yet current version RouterOS is use is 6.10 for all Routerboard-2011uas-2hnd-in
Top
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 12658
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:
Contact rextended

Re: How to set primary DHCP Server whene there're two over V

Tue Feb 25, 2014 4:54 pm

1) Check if one of the DHCP server assign IP not overlapped over 4 departements

2) Check fixed IP overlapping over 4 departements

3) In each of 4 departements IN FIREWALL WE TRUST :shock: : DROP all packet from/to other departements on UPD ports 67,68 (also block bootp, another similar dhcp)

4) Repeats point 1 and 2, the most importants.

5) Done 8)
Top
 
amt779
just joined
Topic Author
Posts: 3
Joined: Tue Feb 25, 2014 8:35 am

Re: How to set primary DHCP Server whene there're two over V

Tue Feb 25, 2014 8:54 pm

1) Check if one of the DHCP server assign IP not overlapped over 4 departements

2) Check fixed IP overlapping over 4 departements

3) In each of 4 departements IN FIREWALL WE TRUST :shock: : DROP all packet from/to other departements on UPD ports 67,68 (also block bootp, another similar dhcp)

4) Repeats point 1 and 2, the most importants.

5) Done 8)
Sorry for my dummynes. Would u be pleased to to explain more detailed how to exactly can I perform 1) & 2) ?

How to check IP overlapping? How to "DROP all packet from/to other departements on UPD ports 67,68" ?
Top
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 12658
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:
Contact rextended

Re: How to set primary DHCP Server whene there're two over V

Wed Feb 26, 2014 1:47 pm

... how to exactly can I perform 1) & 2) ? ...
You must know how is configured the LAN of each department.

How to check IP overlapping?
The same as above, you must know the IP on each machine on each department.
Two or more (V)LAN are not joinable freely if one or more devices have same IP address.
You must discover yourself all the IP on the various LAN.
Also the pool of IP the DHCP Servers are using.
How to "DROP all packet from/to other departements on UPD ports 67,68" ?
Create a new rule in "IP/Firewall/Filter Rules"
Drop all forwarding traffic from UDP port 67 and 68 going to other departments
Drop all forwarding traffic from UDP port 67 and 68 coming from other departments

I not write rule for you because you must know some basic settings and functionality before you proceed,
otherwise you risk to block everything
Top
Locked
  4. RouterOS
  5. Beginner Basics