I have configured Eoip tunnel from Head Office to remote site… I want to each site to have its own dependent DHCP server on both routers…
How can I achieve this setup without any issues?
Use DHCP snooping on both bridges! I use xx.xxx.xxx.1 ip address for R1 with dhcp pool 10-130, and xx.xxx.xxx.254 ip address for R2 and dhcp pool 131-240.
Thanks will explore this option… Another question…
I have 3 sites… Main Head office Network Server: 10.10.20.0/24
Site 2: 10.10.30.0/24 and Site 3: 10.10.40/24
both sites 2 and 3 to connect to my Server site 10.10.20.0/24… I cannot acheive this when i create 2 seperate bridges for the tunnel on Head OFfice router..
Can I use ONE bridge for the 2 tunnels?
DHCP snooping support very limited number of HW…
I’m using bridge filter for this.
/interface bridge filter
add action=drop chain=forward comment=dhcp dst-port=67-68 ip-protocol=udp mac-protocol=ip out-interface=eoip-siteA
add action=drop chain=forward comment=dhcp dst-port=67-68 ip-protocol=udp mac-protocol=ip in-interface=eoip-siteA
You must use routing, not bridging in this case !
The first question is: WHY?
This is not the proper way to link sites! Use GRE or IPIP tunnels, use routing, maybe even automatic routing.
EoIP tunnels are only to be used as a last resort or e.g. during a move/migration.
Could this be a stable solution to have same L2 domain but two DHCP Servers one in site R1 and one in site R2?
No. It is not good to use EoIP for this. Use an IP tunnel (GRE, IPIP) and use routing instead of bridging.
.
Drop forwarding of UDP packets to ports 67-68 in the Bridge Filters
.
PS This rule can also protect network from other DHCP, its work will be limited to one port Mikrotik to network segments connected to other ports will not spread.