MikroTik

Hello,

With regard to preventing any rogue DHCP servers, I have set up a bridge as well as enabled the DHCP Snooping on it. After that I have enabled the trusted feature on the port that connects to the DHCP server. It works.

What I noticed is that after enabling the DHCP Snooping on the bridge, the Add DHCP option 82 feature appears automatically. I have tested the function of preventing a rogue DHCP server with regard to the Add DHCP option 82 feature. As a result, it works in both scenarios (i.e. with and without the Add DHCP option 82 feature). This means that the Add DHCP option 82 feature is not needed in the function of preventing a rogue DHCP server. It should be left to be disabled. However all information that I found in the Internet show to have that feature enabled.

My question is what is the benefit to use the Add DHCP option 82 feature in the function of preventing a rogue DHCP server?

Many Thanks.

if you don't know like trainer how you expecting from us

Just a joke. I did discovery about that. i found:
viewtopic.php?t=120951

Also i got presentation regarding DHCP Server and Option 82.
As soon as i find that i send on this forum.

Hi nicky,

Sorry. I thought you expect so high from the trainers. They are also human like us. Just kidding Some features are vendor-specific and proprietary, with little information. It would be better to get clear and correct answers in this forum, especially MikroTik supporting teams or other trainers (with MTCSE) or security-experienced people, or maybe from you if you have experienced on that.

I have ever searched on the Internet and already found that information you shared before. The DHCP option 82 typically use in presence of DHCP relays to place the information about agent-remote-id and agent-circuit-id in that option. https://tools.ietf.org/html/rfc3046

In my case, DHCP relays are not included. I did a simple experiment by using only a DHCP server communicating with clients via a switch based on RouterOS. What I found is that the DHCP option 82 feature seems to be not necessary in preventing a rogue DHCP server in a network without DHCP relays because it works no matter the DHCP option 82 disabled or enabled. Anyone who experience this, please share your idea or knowledge.

Regards,

have a look , you can find something about DHCP Option 82

I found that the information about DHCP Option 82 in the following MikroTik website is clear.
https://wiki.mikrotik.com/wiki/Manual:Interface/Bridge

have a look , you can find something about DHCP Option 82

Hello,

Not sure I find anything about option 82 in this PDF

Ed

if you enable dhcp snooping on your router it can detect and prevent rogue dhcp server.

dhcp option 86 is an extra feature. if a host supports and uses the option, it will be informed about which network dhcp server is legitmate that it should utilze.