I’m horsing around a BCP L2 tunnel over L2TP connection. I have a simple configuration — two routers across the Internet with local networks to be combined. First router runs a DHCP server, and I have some DHCP clients on the other side.
But as I find out I cant use DHCP snooping on the second router bridge since where seems no way to set dynamic l2tp bridge-port as Trusted one. So DHCP replies from first router cant go through to the second router LAN.
Is there a way around this or should i use EoIP as everybody else does?
Consider using bridge filter rules to implement DHCP snooping manually - you can drop DHCP server responses coming in via ports that are members of an interface list, or reverse, drop them all except those coming in via ports on an access list. The ppp profile permits to make the dynamically created interface a member of a pre-defined interface list.
Maybe it is correct, maybe it is not - the documentation only mentions in-interface-list so I use that one. I never needed to use the same bridge filter rule on multiple bridges so far, so I haven’t even noticed the existence of in-bridge-list and out-bridge-list match conditions until now.
Also the name of the list, lan, sounds a bit confusing to me, as if you wanted to block DHCP server responses coming in via any port of the bridge, not just via the BCP tunnel from the remote site. If that’s indeed the case, because the DHCP server is the router itself and you want to prevent any external device from acting as a DHCP server, the fact that the rule is in chain forward is sufficient and you don’t need to match on any in-interface(-list).
