Force DHCP IP on port

RouterOS General
1

I’m currently trying to accomplish the following:

Hardware: hAP lite (or anything with 2+ LAN ports)
Configuration:

  • DHCP server with 192.168.0.10-192.168.0.254 on ports 1-3
  • DHCP server with only 192.168.0.2 on port 4
  • Clients on ports 1-4 can see each other

The idea behind this is integrating an interchangeable DHCP-only device (so no static entry for MAC) on a specific port and making sure that it has a fixed address which then can be used for a static DNS entry.

I tried a config with a separate bridge for port 4 and a dedicated DHCP server which works. But the devices are not able to see each other yet. Is a configuration like this possible without VLANs and/or ip rewriting with different subnets?

How to offer DHCP only on WIFI but not on ether
2

Problem solved! The only thing missing was setting arp to “proxy-arp” on the bridge for ports 1-3.

3

This sounds interesting, because I didn’t see a solution to the problem you posted.

Can you explain exactly what you did, so I can reproduce it in my lab on a hEX S (RB760iGS).

Are you saying that you were able to make any device with any MAC address get a fixed dhcp lease (for 192.168.0.2) when it was plugged into ether4 but when the same device is plugged into (ethe1-ether3) it gets an ip address from the 192.168.0.10-192.168.0.254 pool?

Do you use short lease times?

Mind sharing your config export?

4

The following is the minimal configuration that I’ve tested. It actually has the problem, that the device on 192.168.88.2 cannot see the other devices because of the IP subnets. But in a minimal setup and connections being initiated by the external bridge e.g. using a printer works this way. I might try to accomplish a better solution with another subnet and maybe a firewall mangle setup.

/interface list add name=LAN
/interface list member add list=LAN interface=ether1
/interface list member add list=LAN interface=ether2
/interface list member add list=LAN interface=ether3
/interface list member add list=LAN interface=ether4
/interface list add name=LAN-DHCP-Dynamic
/interface list member add list=LAN-DHCP-Dynamic interface=ether1
/interface list member add list=LAN-DHCP-Dynamic interface=ether2
/interface list member add list=LAN-DHCP-Dynamic interface=ether3
/interface list add name=LAN-DHCP-Printer
/interface list member add list=LAN-DHCP-Printer interface=ether4

/interface bridge add name=bridge arp=proxy-arp
/interface bridge port add bridge=bridge interface=LAN-DHCP-Dynamic
/interface bridge add name=bridge-printer
/interface bridge port add bridge=bridge-printer interface=LAN-DHCP-Printer

/ip dhcp-server config set store-leases-disk=never
/ip pool add name=dhcp ranges=192.168.88.9-192.168.88.254
/ip dhcp-server add name=dhcp address-pool=dhcp interface=bridge
/ip pool add name=dhcp-printer ranges=192.168.88.2
/ip dhcp-server add name=dhcp-printer address-pool=dhcp-printer interface=bridge-printer lease-time=15s

/ip dhcp-server network add address=192.168.88.0/24 dns-server=192.168.88.1 gateway=192.168.88.1

/ip dns set allow-remote-requests=yes
/ip dns static add address=192.168.88.1 name=router.lan
/ip dns static add address=192.168.88.2 name=printer.lan

/ip neighbor discovery-settings set discover-interface-list=LAN
/tool mac-server set allowed-interface-list=LAN
/tool mac-server mac-winbox set allowed-interface-list=LAN

/ip address add address=192.168.88.1/24 interface=bridge network=192.168.88.0
/ip address add address=192.168.88.1/29 interface=bridge-printer network=192.168.88.0
5

I actually found two other solutions (one with using another subnet and using netmap) but since both needed specific IP routes, I would like to document the simple solution for others to use in case something similar is necessary for them:

/interface bridge add arp=proxy-arp name=bridge-88.2
/interface bridge add arp=proxy-arp name=bridge-88
/interface bridge port add bridge=bridge-88.2 interface=ether1
/interface bridge port add bridge=bridge-88 interface=ether2
/interface bridge port add bridge=bridge-88 interface=ether3
/interface bridge port add bridge=bridge-88 interface=ether4

/ip address add address=192.168.88.1 interface=bridge-88 network=192.168.88.0
/ip pool add name=dhcp-88 ranges=192.168.88.10-192.168.88.254
/ip dhcp-server add address-pool=dhcp-88 interface=bridge-88 name=dhcp-88

/ip pool add name=dhcp-88.2 ranges=192.168.88.2
/ip dhcp-server add address-pool=dhcp-88.2 interface=bridge-88.2 name=dhcp-88.2 lease-time=15s
/ip address add address=192.168.88.1 interface=bridge-88.2 network=192.168.88.0

/ip dhcp-server network add address=192.168.88.0/24 dns-server=192.168.88.1 gateway=192.168.88.1 netmask=24

/ip route add disabled=no distance=2 dst-address=192.168.88.0/24 gateway=bridge-88 
/ip route add disabled=no distance=1 dst-address=192.168.88.2/32 gateway=bridge-88.2

When you add an IP address for the router itself under /ip address for an interface, a corresponding IP route is added. So when you add a /24 IP you get a /24 route. Because the default route has distance=0 and cannot be overridden, I needed to add a /32 address which adds a /32 route which is not problematic.
Afterwards, by adding two routes:

  • a /32 route to the fixed DHCP IP on the corresponding bridge/port with a lower distance than
  • a /24 route to the normal bridge for the rest of the network

the 192.168.88.2 device can be connected from the other bridge when proxy-arp is enabled.

I will further try to deploy this setup and looking forward if there are still any kinks that have to be ironed out.