Hey Everyone,

I've recently been running into trouble with rogue DHCP servers plugged into customer ports at several apartment buildings that we service. After some Google searching, I found the CRS switch manual here that details how to deal with this particularly the protocol level isolation mentioned here: https://wiki.mikrotik.com/wiki/Manual: ... solation. . I would like to implement this across our network, but it appears to be only for CRS. Most of our apartment buildings use powerboxes (RB750s) for customer edge connections. Is there another solution that I can implement that would be supported by an RB750?

Thanks!

From 6.43rc release notes:

*) bridge - added support for DHCP Snooping (CLI only);

There's also an "Alerts" section in DHCP Server which can monitor for rogue DHCP servers and alert you.
https://wiki.mikrotik.com/wiki/Manual:I ... ver#Alerts

It also allows for "On Alert" scripting which could be used to disable the offending ports or apply firewall rules.
There's a relevant post on blocking DHCP here (I haven't tested it myself): viewtopic.php?t=101249

Also you need to know that RB750 will turn off Bridge Hardware Offloading with Bridge DHCP Snooping enabled for ROS 6.41+.

Bridge filtering will drop performance too.