Community discussions

 
User avatar
ohara
Member
Member
Topic Author
Posts: 371
Joined: Mon Jun 13, 2011 11:30 pm
Location: Warsaw

One network, two DHCP servers - looking for advice

Fri May 01, 2015 3:56 pm

Hi,

I have two sites connected with a wireless link. Both sites are bridged and are on the same subnet 192.168.88.0/24. There is a DHCP server in site A.

Problem description: when the wireless link is down, the devices in site B cannot reach the DHCP server in site A. Could you please recommend a setup in site A and site B so that in each site is a DHCP server and both sites remain in the same subnet?

Thanks in advance.
 
barkas
Member Candidate
Member Candidate
Posts: 260
Joined: Sun Sep 25, 2011 10:51 pm

AW: One network, two DHCP servers - looking for advice

Fri May 01, 2015 4:04 pm

Cluster the servers or use different pools.
 
User avatar
ohara
Member
Member
Topic Author
Posts: 371
Joined: Mon Jun 13, 2011 11:30 pm
Location: Warsaw

Re: One network, two DHCP servers - looking for advice

Fri May 01, 2015 4:18 pm

Site A (192.168.88.1) - DHCP server pool 192.168.88.10-192.168.88.20
Site B (192.168.88.2) - DHCP server pool 192.168.88.21-192.168.88.30

is this what you are suggesting?
 
User avatar
docmarius
Forum Guru
Forum Guru
Posts: 1219
Joined: Sat Nov 06, 2010 12:04 pm
Location: Timisoara, Romania
Contact:

Re: One network, two DHCP servers - looking for advice

Fri May 01, 2015 4:28 pm

That is a good start.
And if you also drop the forwarding of UDP port 67 and 68 from network A to B and from B to A, it will ensure that systems connected to A will always use DHCP server A, and those from B, only server B.
Torturing CCR1009-7G-1C-1S+, RB450G, RB750GL, RB951G-2HnD, RB960PGS, RB260GSP, OmniTIK 5HnD and NetMetal 922UAGS-5HPacD + R11e-5HnD in my home network.
 
User avatar
ohara
Member
Member
Topic Author
Posts: 371
Joined: Mon Jun 13, 2011 11:30 pm
Location: Warsaw

Re: One network, two DHCP servers - looking for advice

Fri May 01, 2015 4:56 pm

docmarius, that's what I was looking for, thank you.
could you please check if these rules will suffice?


on router in site A (192.168.88.1)
add action=drop chain=forward dst-address=192.168.88.2 protocol=udp src-address=192.168.88.1 src-port=67-68
on router in site B (192.168.88.2)
add action=drop chain=forward dst-address=192.168.88.1 protocol=udp src-address=192.168.88.2 src-port=67-68
 
User avatar
docmarius
Forum Guru
Forum Guru
Posts: 1219
Joined: Sat Nov 06, 2010 12:04 pm
Location: Timisoara, Romania
Contact:

Re: One network, two DHCP servers - looking for advice

Fri May 01, 2015 7:12 pm

I think those rules actually don't work, but it depends on your exact network topology.
First of all, DHCP uses anycast, not assigned addresses.
Let's analyze 2 use cases assuming the following topology:

clients A ---- Router A ----------Router B ---- clients B

1-st use case: You need all clients on the same broadcast domain. This is needed e.g. to be able to browse workgroups on windows networks, if you don't want to set up a wins server.
In that case, you will need to set up 2 bridges, so that broadcasts from clients A could reach clients B (which I unterstand you did).
But the bridge traffic is not affected by forward rules in the router, only by bridge filter rules, so blocking udp ports 67 and 68 from the local port of each bridge to the link port has to be done by bridge filter rules.
Actually you need to do this only on one router, but block the specific traffic in both directions.
For these please check http://wiki.mikrotik.com/wiki/Manual:In ... ket_Filter

2-nd use case: You are happy with just inter-networking between those segments, and then you sub-netting your internal network in 2 segments, each serviced by a DHCP server. In this case, you only need to route between those 2 LAN segments via the link (which can be part of a different network, or a third sub-net). Because anycasts and broadcasts can not traverse routers, there is no conflict between the 2 DHCP servers.

Now you need to decide what you need to do.
Torturing CCR1009-7G-1C-1S+, RB450G, RB750GL, RB951G-2HnD, RB960PGS, RB260GSP, OmniTIK 5HnD and NetMetal 922UAGS-5HPacD + R11e-5HnD in my home network.
 
CsXen
Frequent Visitor
Frequent Visitor
Posts: 92
Joined: Wed Sep 10, 2014 8:31 pm
Location: Budapest - Hungary

Re: One network, two DHCP servers - looking for advice

Sat May 02, 2015 1:30 am

Hi.
You need something like this:
/interface bridge filter
add action=drop chain=input comment="Deny DHCP over Bridge" src-port=68 dst-port=67 in-interface=Bridge1 ip-protocol=udp mac-protocol=ip
Regards: Xen
 
User avatar
ohara
Member
Member
Topic Author
Posts: 371
Joined: Mon Jun 13, 2011 11:30 pm
Location: Warsaw

Re: One network, two DHCP servers - looking for advice

Tue May 05, 2015 10:33 pm

barkas, docmarius, Xen - I got it working today. Many thanks for all your advice!

Who is online

Users browsing this forum: MSN [Bot] and 120 guests