I did a few quick tests.
- CSS610 Port 1 Modem with PoE
- CSS610 Port 2 RB5009UG with PoE IN (1st 1Gb Port)
- CSS610 Port 6 Client
- CSS610 SFP+ 1 connected to RB5009 SFP+
- Port 1 and 2 are Connected, but isolated from the rest via port isolation
- Port 1 and 2 are marked as "not allowed", and Mirotik discovery is disabled on port 1 and 2
- CSS610 gets it's IP via the SFP+ 1 port from RB5009
DHCP snooping all port are trusted. Client gets IP, as expected.
DHCP snooping: Port 6 marked as untrusted.
This test did not work before hand. I guess, it was because all ports were marked as untrusted.
Now with 2.16 the client gets its IP address as expected. I also confirmed it using wireshark.
DHCP snooping: Only SFP+ 1 port is trusted.
This blocks the PPPoE from my modem on Port 1, as expected. I just wanted to try out if blocking works as well.
DHCP snooping SFP+ 1 and Port 1 are trusted.
The RB5009 can connect to my ISP using PPPoE, as expected. And the client still works as well.
So for my use case this problem is fixed.