MikroTik

I need to provide a dhcp service that can serve up addresses from two different address pools depending on which bridge port, call them ports A and B, the request originates.

I need to have physical networks A and B bridged, rather than routed, because the two physical networks are sharing multicast traffic between them and so need to be on a single subnet.

With a single dhcp server, attached to the bridge, I give out IP addresses from a single pool and all works as expected.

The new requirement is to give out addresses from pool A to devices on physical network A, while devices on physical network B get their IP addresses from pool B.

I tried to make this happen by creating two dhcp servers, server-A with address pool A and server-B with address pool-B.

To do this I tried the following:

1) DHCP Server-A is configured on network A's interface.
2) DHCP Server-B is configured on the bridge.
3) Use Bridge filter action=drop on ports 67-68 on input chain for network A.

Step 3 does effectively keep dhcp requests from the devices on network A from reaching dhcp server-B. However, the requests originating on network A don't get any responses from dhcp server-A.

I suspect that it might not be 'legal' to configure a dhcp server on an interface which is a port on a bridge.

I've been using ROS since version 2 and this is the first time I've been unable to come up with a way to solve a problem.

If anyone can suggest a solution to this I would greatly appreciate it.
I'm using ROS 6.6 on a RB433.

I need to provide a dhcp service that can serve up addresses from two different address pools depending on which bridge port, call them ports A and B, the request originates.

I need to have physical networks A and B bridged, rather than routed, because the two physical networks are sharing multicast traffic between them and so need to be on a single subnet.

With a single dhcp server, attached to the bridge, I give out IP addresses from a single pool and all works as expected.

The new requirement is to give out addresses from pool A to devices on physical network A, while devices on physical network B get their IP addresses from pool B.

I tried to make this happen by creating two dhcp servers, server-A with address pool A and server-B with address pool-B.

To do this I tried the following:

1) DHCP Server-A is configured on network A's interface.
2) DHCP Server-B is configured on the bridge.
3) Use Bridge filter action=drop on ports 67-68 on input chain for network A.

Step 3 does effectively keep dhcp requests from the devices on network A from reaching dhcp server-B. However, the requests originating on network A don't get any responses from dhcp server-A.

I suspect that it might not be 'legal' to configure a dhcp server on an interface which is a port on a bridge.

I've been using ROS since version 2 and this is the first time I've been unable to come up with a way to solve a problem.

If anyone can suggest a solution to this I would greatly appreciate it.
I'm using ROS 6.6 on a RB433.

I'm not sure you can do that.... I'll have to think if there is a way around it. But generally you can't run things on interfaces that are members of a bridge... likewise with assigning IPs.... I assume that you don't want to make separate networks and route them....

I'm not sure you can do that.... I'll have to think if there is a way around it. But generally you can't run things on interfaces that are members of a bridge... likewise with assigning IPs.... I assume that you don't want to make separate networks and route them....

Thanks for the quick reply. Routing instead of bridging would make the problem disappear, but I need both physical networks bridged and sharing the same address space to allow the multicast to work.

I know that once a network is bridged, one is not supposed to use the bridge port for anything else. Everything needs to reference the bridge, rather than the ports, except for bridge filters.

I wasn't surprised my approach failed.

Please keep thinking!

Thanks again for the response.

I'm not sure you can do that.... I'll have to think if there is a way around it. But generally you can't run things on interfaces that are members of a bridge... likewise with assigning IPs.... I assume that you don't want to make separate networks and route them....

Thanks for the quick reply. Routing instead of bridging would make the problem disappear, but I need both physical networks bridged and sharing the same address space to allow the multicast to work.

I know that once a network is bridged, one is not supposed to use the bridge port for anything else. Everything needs to reference the bridge, rather than the ports, except for bridge filters.

I wasn't surprised my approach failed.

Please keep thinking!

Thanks again for the response.

Came up with two random ideas...

1) Use Metarouter and run DD-WRT or something as your second DHCP server... then use the bridge filter to isolate them.... Or if possible (not sure, my knowledge of metarouter is limited) run routeros inside of metarouter... (makes my head hurt... but could work).

2) Use a second mikrotik to run the second DHCP... then use the bridge filter to isolate them...

I realize neither is ideal... but its what I came up with so far...

-Eric

Yes, any solution that creates a "real" second dhcp server will work. My application is part of an existing hardware/software package so I can't add "real" hardware.

Metarouter could be made to work, but my RB433 is max'd out performance-wise handling the multicast traffic. I can't add a metarouter and take a performance hit.

Good thoughts! Keep thinking! Thanks for trying!

Yes, any solution that creates a "real" second dhcp server will work. My application is part of an existing hardware/software package so I can't add "real" hardware.

Metarouter could be made to work, but my RB433 is max'd out performance-wise handling the multicast traffic. I can't add a metarouter and take a performance hit.

Good thoughts! Keep thinking! Thanks for trying!

My other thought.... not sure "if" it would work... but make a vlan and put a DHCP server on it... NAT the DHCP ports to the VLAN ONLY when it comes from the interface you want in the bridge (you have the use the bridge port for this)...

I haven't tried it, nor do I have any extra hardware right now to test it with....

Does what I am proposing make sense?...

Yes, any solution that creates a "real" second dhcp server will work. My application is part of an existing hardware/software package so I can't add "real" hardware.

Metarouter could be made to work, but my RB433 is max'd out performance-wise handling the multicast traffic. I can't add a metarouter and take a performance hit.

Good thoughts! Keep thinking! Thanks for trying!

My other thought.... not sure "if" it would work... but make a vlan and put a DHCP server on it... NAT the DHCP ports to the VLAN ONLY when it comes from the interface you want in the bridge (you have the use the bridge port for this)...

I haven't tried it, nor do I have any extra hardware right now to test it with....

Does what I am proposing make sense?...

Also just thought about using bridge nat...

Yes, any solution that creates a "real" second dhcp server will work. My application is part of an existing hardware/software package so I can't add "real" hardware.

Metarouter could be made to work, but my RB433 is max'd out performance-wise handling the multicast traffic. I can't add a metarouter and take a performance hit.

Good thoughts! Keep thinking! Thanks for trying!

My other thought.... not sure "if" it would work... but make a vlan and put a DHCP server on it... NAT the DHCP ports to the VLAN ONLY when it comes from the interface you want in the bridge (you have the use the bridge port for this)...

I haven't tried it, nor do I have any extra hardware right now to test it with....

Does what I am proposing make sense?...

Also just thought about using bridge nat...

Either way... There is really no great solution to this... if you had extra ports you could take an unbridged port and a bridged port and actually hardwire them together and then run another dHCP server on the unbridged port. ... it uses 2 extra ports though. About all I came up with ... good luck