I did a few quick tests.
My setup:
- CSS610 Port 1 Modem with PoE
- CSS610 Port 2 RB5009UG with PoE IN (1st 1Gb Port)
- CSS610 Port 6 Client
- CSS610 SFP+ 1 connected to RB5009 SFP+
Settings:
- Port 1 and 2 are Connected, but isolated from the rest via port isolation
- Port 1 and 2 are marked as "not allowed", and Mirotik discovery is disabled on port 1 and 2
- CSS610 gets it's IP via the SFP+ 1 port from RB5009
Test 1 DHCP snooping all port are trusted. Client gets IP, as expected.
Test 2 DHCP snooping: Port 6 marked as untrusted.
This test did not work before hand. I guess, it was because all ports were marked as untrusted.
Now with 2.16 the client gets its IP address as expected. I also confirmed it using wireshark.
Test 3 DHCP snooping: Only SFP+ 1 port is trusted.
This blocks the PPPoE from my modem on Port 1, as expected. I just wanted to try out if blocking works as well.
Test 4 DHCP snooping SFP+ 1 and Port 1 are trusted.
The RB5009 can connect to my ISP using PPPoE, as expected. And the client still works as well.
So for my use case this problem is fixed.
Well done!