Hello,
In a bridge config with a DHCP server I would like to offer DHCP service only to clients trying to connect through WIFI nuit not to clients on ether ?
How to do this?
Thanks
Paul
Generally you don’t. DHCP handshake partly works over broadcasts and those pass throughout L2 broadcast domain (and bridge does transparrently join parts of network into same L2 broadcast domain).
There are some tricks on how to block DHCP handshake with certain clients or via certain parts of network, but that’s custom setup. If you want to get some concrete advice, start by giving us a very detailed description of your network. Then we’ll ask you to provide config details of certain network devices (to be identified based on network description).
There is only one main network in my lab with dozens of attached devices, one of these devices is a CaP. For a couple of reasons (mainly access to lab printers transparently) the devices connecting to the CaP received adresses on the same network form a small restricted pool. I want these adresses to be only offered on the WIFI (with authentication of course). The problem is that the DHCP server offers these adresses on ether and the small pool is exhausted rapidly preventing devices to join through wifi. I want the few people with the correct credentials to be able to connect without having to destroy the useless leases offered to other machines present on the network.
Hope this clarifies it.
It may clarify the motive … but doesn’t make it any more doable.
And when I was asking about network description, I had technical details in mind, not sociological description. 
I would simply create another vlan just for the cap and it would provide wifi.
Depending on settings on the wifi device, one could isolate wifi users from each other.
If wifi users need any access to wired users or vice versa use forward chain firewall rules.
Zero control on the tables of the main server of the network, There are no VLAN and I can only change the CaP parameters
Suggest you dont do anything then that might interfere with the main router since its not your network.
Assume some has said you can attach your device to the network and if so, make it like a router so the IP address you get from the router lan subnet will be the wanip on the cap.
That way you can run any subnet behind the cap for your own wifi purposes with access to internet.
In this way you will not interfere with the main router etc.
You could maybe get away with proxy-arp and separate interfaces/bridges, something similar to:
https://gregsowell.com/?p=5236
http://forum.mikrotik.com/t/force-dhcp-ip-on-port/162887/1
but YMMGV.
is every wifi connecting client known? if so, create static leases and set the dhcp server pool to “static only”
so only known wifi clients (MAC addresses of the wifi cards) will be handed a lease.
…or try to work wiith dhcp matcher options
this maybe could help
https://help.mikrotik.com/docs/spaces/ROS/pages/24805500/DHCP#DHCP-VendorClasses