Community discussions

MikroTik App
 
Laci1988
just joined
Topic Author
Posts: 1
Joined: Tue Jan 24, 2023 8:55 pm
Location: Budapest

Central DHCP over VXLAN with DHCP Relay ( SOLVED )

Tue Jan 24, 2023 9:39 pm

]Hello everybody! I am new to VXLAN, i am experimenting with it. We have several 4G Mikrotik sites, and we have central Windows DHCP servers.
I use dhcp relay towards our 10.2.10.1 Microsoft AD server where reside our DHCP servers. I got and IP address, but i have got a general firewall drop rule:

/ip firewall filter
add action=accept chain=input connection-state=established,related
add action=accept chain=input dst-port=2250,8291 protocol=tcp src-address-list=MANAGEMENT
add action=accept chain=input dst-port=14557 protocol=udp src-address=91.XXX.XXX.XXX
add action=accept chain=input protocol=icmp
add action=drop chain=input connection-state=invalid
add action=drop chain=input
add action=drop chain=forward connection-state=invalid
add action=accept chain=forward connection-state=established,related,new

/ip firewall mangle
add action=change-mss chain=forward new-mss=1300 out-interface=lte1 protocol=tcp tcp-flags=syn

If i disable general drop rule that is drop everything else then i got IP from the other side.

Ok i found the solution:

/ip firewall filter
add action=accept chain=input dst-port=67 in-interface=VXLAN_BRIDGE protocol=udp src-port=68
add action=accept chain=input dst-address=10.2.187.254 dst-port=67 in-interface=VXLAN_TEST_WG protocol=udp src-address=10.2.10.1 src-port=67

I need this 2 rules before the general drop rule to accept the DHCP packets.

Who is online

Users browsing this forum: adimihaix, Ahrefs [Bot], Google [Bot] and 72 guests