Hi,
I am quite new to Mikrotik. Having worked mostly with Cisco, Juniper, HP etc before.
I am trying to set up a Routerboard with two VRF’s (VRF lite) and I need to have the same DHCP server IP in the DHCP relay in both VRF’s. I have understood that DHCP relay can’t source from a VRF on a Mikrotik so I have setup a workaround using Firewall mangle and NAT thanks to this thread:
http://forum.mikrotik.com/t/dhcp-relay-in-mpls-vrf/52570/1
This works perfectly with one VRF. I have a vlan interface in the main table from which the IP relay packet is sourced from and it goes to the VRF with the help of the routing mark in the Firewall mangle.
But when adding the second VRF I somehow need to distiguish DHCP discovery packets from the different VLAN’s. The only way I can think of is to distinguish on the incoming VLAN interface on the LAN side. Anyone have any idea how to get this to work?
VRF1
vlan201ether3 (LAN)
vlan201ether1 (WAN)
VRF2
vlan202ether3 (LAN)
vlan202ether1 (WAN)
Interface in main table:
vlan4050ether1
This is my current configuration:
[admin@MikroTik] > /export
jan/02/1970 06:49:57 by RouterOS 6.44.4
software id = P14M-95TM
model = RB760iGS
serial number = A36A0AE0366E
/interface vlan
add interface=ether1 name=vlan201ether1 vlan-id=201
add interface=ether3 name=vlan201ether3 vlan-id=201
add interface=ether1 name=vlan202ether1 vlan-id=202
add interface=ether3 name=vlan202ether3 vlan-id=202
add interface=ether1 name=vlan4050ether1 vlan-id=4050
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/routing bgp instance
set default as=65519 client-to-client-reflection=no disabled=yes redistribute-connected=yes routing-table=mark201
add as=65519 client-to-client-reflection=no name=bgp1 redistribute-connected=yes router-id=192.168.1.1 routing-table=mark201
add as=65519 client-to-client-reflection=no name=bgp2 redistribute-connected=yes router-id=192.168.2.1 routing-table=mark202
/ip address
add address=169.254.128.2/30 interface=vlan201ether1 network=169.254.128.0
add address=169.254.129.2/30 interface=vlan202ether1 network=169.254.129.0
add address=192.168.1.1/24 interface=vlan201ether3 network=192.168.1.0
add address=192.168.2.1/24 interface=vlan202ether3 network=192.168.2.0
add address=10.24.124.20/23 interface=vlan4050ether1 network=10.24.124.0
/ip dhcp-relay
add dhcp-server=192.168.201.2,192.168.211.2 disabled=no interface=vlan201ether3 local-address=192.168.1.1 name=relay201
add dhcp-server=192.168.201.2,192.168.211.2 disabled=no interface=vlan202ether3 local-address=192.168.2.1 name=relay202
/ip firewall mangle
add action=mark-routing chain=output dst-address=192.168.201.2 dst-port=67 new-routing-mark=mark201 passthrough=yes protocol=udp
/ip firewall nat
add action=src-nat chain=srcnat dst-address=192.168.201.2 dst-port=67 protocol=udp routing-mark=mark201 src-address=10.24.124.20 to-addresses=192.168.1.1
/ip route
add distance=1 gateway=10.24.124.1
/ip route vrf
add interfaces=vlan201ether1,vlan201ether3 routing-mark=mark201
add interfaces=vlan202ether1,vlan202ether3 routing-mark=mark202
/routing bgp peer
add address-families=ip,vpnv4 instance=bgp1 name=peer1 remote-address=169.254.128.1 remote-as=64525 ttl=default
add address-families=ip,vpnv4 instance=bgp2 name=peer2 remote-address=169.254.129.1 remote-as=64525 ttl=default
[admin@MikroTik] >
Jack