With regard to preventing any rogue DHCP servers, I have set up a bridge as well as enabled the DHCP Snooping on it. After that I have enabled the trusted feature on the port that connects to the DHCP server. It works.
What I noticed is that after enabling the DHCP Snooping on the bridge, the Add DHCP option 82 feature appears automatically. I have tested the function of preventing a rogue DHCP server with regard to the Add DHCP option 82 feature. As a result, it works in both scenarios (i.e. with and without the Add DHCP option 82 feature). This means that the Add DHCP option 82 feature is not needed in the function of preventing a rogue DHCP server. It should be left to be disabled. However all information that I found in the Internet show to have that feature enabled.
My question is what is the benefit to use the Add DHCP option 82 feature in the function of preventing a rogue DHCP server?
Sorry. I thought you expect so high from the trainers. They are also human like us. Just kidding Some features are vendor-specific and proprietary, with little information. It would be better to get clear and correct answers in this forum, especially MikroTik supporting teams or other trainers (with MTCSE) or security-experienced people, or maybe from you if you have experienced on that.
I have ever searched on the Internet and already found that information you shared before. The DHCP option 82 typically use in presence of DHCP relays to place the information about agent-remote-id and agent-circuit-id in that option. https://tools.ietf.org/html/rfc3046
In my case, DHCP relays are not included. I did a simple experiment by using only a DHCP server communicating with clients via a switch based on RouterOS. What I found is that the DHCP option 82 feature seems to be not necessary in preventing a rogue DHCP server in a network without DHCP relays because it works no matter the DHCP option 82 disabled or enabled. Anyone who experience this, please share your idea or knowledge.
if you enable dhcp snooping on your router it can detect and prevent rogue dhcp server.
dhcp option 86 is an extra feature. if a host supports and uses the option, it will be informed about which network dhcp server is legitmate that it should utilze.
