Community discussions

MikroTik App
 
slyz
just joined
Topic Author
Posts: 7
Joined: Tue Sep 06, 2016 5:51 pm

Bridge DHCP snooping detection/log/alert

Tue Aug 02, 2022 8:26 am

Mikrotiks provided DHCP snooping will drop rogue dhcp server packets coming from access ports, we would like to detect/record such events. How to do that?

Topology is basic: router--<trunk>--switch--<untagged>--pc

On switches (CRS354) we enable DHCP snooping, option 82 and only trunk ports(switch and router connections) are trusted.
https://help.mikrotik.com/docs/display/ ... CPOption82

On router(CCR2004) one can enable /ip dhcp-server alert, however the drop happens at the switch, thus router cannot detect it.
Also switches are not "/ip/dhcp-relays", because each VLAN has its own DHCP server on the router. Switches only have management vlan ip configured, all other vlans are kept at layer2 as far as the switch is concerned. Clients query the server directly, option 82 gets added and router leases table shows the switch name and port accordingly.

Who is online

Users browsing this forum: baragoon, fposavec, FranMercedesG, keithy, korg, Soleous75 and 93 guests