Hello!

I need DHCP relay with RouterOS. No matter - real dhcp or radius. The question is only one: may I send to DHCP/RADIUS server the NAME of user's interface from which discover is received? Docs say the mac is sending, but in my case, where user's are in vlans from one real interface mac will always be the same for all requests.

Regards,
Boris

The IP address of the DHCP Relay is also included, so when you make sure that every VLAN has a unique
IP address (different subnets) the DHCP Server can always assign an address in the correct subnet.

I will use ip unnumbered analog ☺ so, I need interface name or vlan id to properly identify the user.

Regards,
Boris

I think you need to use the client's MAC address as the identifier in this case.
This isn't uncommon for even huge ISPs like Comcast/Cox/TWC who need to know your modem's MAC address in order to allow you onto the network.... so registering your customers' devices by MAC address shouldn't be a terrible burden.

Yes, I may use MAC, but the client's equipment may change, and it is better to not use MAC. So by your answers there is no possibility to get Option82 with VLANID in it. Only the relay-info-remote-id in dhcp relay? May be I may use some variables in relay-info-remote-id?

P.S. I know that I also may use unique MAC for each VLAN subif, but that means more handwork.

Honestly, there are benefits to using the client's MAC as well.
Suppose you have two access routers - a primary and a secondary for redundancy.
If the client's MAC address is used, then you don't need to touch anything whenever a customer's connection gets switched to the backup router.
You won't need to maintain 1:1 tracking for a particular VLAN and any customer. Vlans would just be there to keep traffic separated, and one would be just as good as another.

I've done a little poking around because this made me curious (I've never personally had a need for option 82 stuff).
It doesn't really look like Mikrotik inserts any option 82 information when it's a DHCP relay.

Dear ZeroByte!

I respect your opinion but I need support of option 82 as it done in many L2 devices. I need opt82 with vlan id encoded, or I need ROS to just passthrough and relay opt82 from my L2 switches. Is this possible?

Regards,
Boris

Does it not relay the option 82 from your switch? I would expect a simplistic DHCP relay to just pass all the options it receives...
My only experience with the DHCP relay is in its classical usage, a number of routed subnets with a DHCP server at one location, and that works fine.

Really.... thanks!

I respect your opinion but I need support of option 82 as it done in many L2 devices. I need opt82 with vlan id encoded, or I need ROS to just passthrough and relay opt82 from my L2 switches. Is this possible?

I understand. I was just trying to offer an alternative for you since you cannot directly configure anything about option 82 using ROS.
As for pass-through information from a switch doing dhcp snooping, you'd have to try it and see if it works or not.
Note that I'm not associated with Mikrotik - I'm just a communitity member who's also a moderator on the forums, so don't take my responses to be the final word of Mikrotik or anything like that.

ZeroByte, I know! But mac authorization isn't suitable for me. I checked, ROS passthrough option 82, so my problem is solved. Thanks to all!

Regards, Boris.

ZeroByte, I know! But mac authorization isn't suitable for me. I checked, ROS passthrough option 82, so my problem is solved. Thanks to all!

Regards, Boris.

Of course when you put a DHCP relay function (including option 82 insertion) on your switches, you don't need the DHCP relay in the MikroTik at all.
You just configure the address of the DHCP server in the switches, and the MikroTik will just see UDP port 68/67 traffic that it will not touch at all.
(at most you need to allow it in the firewall)

No, dhcp relay in switches is bad idea too from a view of security. Switches are placed in internal secured vlan without access to public internet. They only insert option 82, and relaying is done by Mikrotik. This is exactly I want and it works.

Regards,
Boris