Mikrotiks provided DHCP snooping will drop rogue dhcp server packets coming from access ports, we would like to detect/record such events. How to do that?
Topology is basic: router--<trunk>--switch--<untagged>--pc
On switches (CRS354) we enable DHCP snooping, option 82 and only trunk ports(switch and router connections) are trusted.
https://help.mikrotik.com/docs/display/ ... CPOption82
On router(CCR2004) one can enable /ip dhcp-server alert, however the drop happens at the switch, thus router cannot detect it.
Also switches are not "/ip/dhcp-relays", because each VLAN has its own DHCP server on the router. Switches only have management vlan ip configured, all other vlans are kept at layer2 as far as the switch is concerned. Clients query the server directly, option 82 gets added and router leases table shows the switch name and port accordingly.