I have many wireless clients connected to one ap mikrotik and a Mtik server after few Backbones with dhcp but if some client pluggs his eth cable coming from the AP on his roof in the Lan port of some router configured to broadcast DHCP he will give DHCP leases for other clients because he is closer to them from the server.
i tried to put authoritative=yes in the mikrotik server but same result
i tried to stop dhcp port in the firewall on the main AP it worked but stopped all DHCP , what can i do to enable DHCP only from My server??
this rule stopped all dhcp on the network
[user@wirelessAP] ip firewall filter> print
0 chain=forward action=drop dst-port=67-68 protocol=udp
I don’t know about everyone else, but it is not the system as much as that unruly client. Why should all suffer when it is that one customer. Cut HIM OFF! Tell him he can have his connection back when he quits doing that!
ADD: If the local wireless network is the only one affected, try setting the wireless setting “default-forwarding=no”.
i cannot just turn off the client who is forwarding dhcp, however if “forwarding=no Client cannot send frames to other station that are connected to same access point” but what if i had 5 or 6 or even more AP’s connected to each other by wireless link or by ethernet, then the client will send dhcp to others connected to other AP’s am i right???
turning off default forward is an option that i should test very soon.
by the we have been running a wisp with more than 2000 client with mikrotik AP’s and servers from 2 years ago and till now mikrotik is the best solution for a wisp
Add two more rules above the ‘drop all DHCP’ rule that accepts DHCP traffic going to or coming from your legitimate DHCP server so that those packets don’t get dropped.
i have a server with private range : 172.x.x.x/24
and 3 wireless AP nodes to arrive to the distribution AP
first node is apbridge 2nd station wds 2nd toward 3rd apbridge 3rd station wds 3rd card toward clients apbridge
all nodes has a bridge configured with the settings use-ip-firewall = yes
i use another range on the access points which is also private it starts by 125.x.x.x/24 this range has nothing to do with internet, it’s only for the AP’s Access.
if i put as you said in the firewall a rule that allows dhcp from the server ip (172.x.x.1/24) only and put this rule before the drop all rule for port 67-68 it doesn’t work as expected.
i even tried to put the server eth-toward wireless link MAC address in the advanced tab - src mac address
nothing worked
is it possible that i should have an ip in the same range of the server configured on every AP with gateway and dns just like end users???
