I have been experimenting with DHCP Snooping and option 82 processing.
However, https://help.mikrotik.com/docs/display/ ... CPOption82 states that:
After configuring trusted ports, DHCP snooping and Option 82 processing on 3 switches (2 with 802.3ad LACP bonding links, one without any) this is what I see:For CRS3xx, CRS5xx series switches and CCR2116, CR2216 routers DHCP snooping will not work when hardware offloading bonding interfaces are created.
- The switch that has no 802.3ad LACP LAGs has DHCP option 82 working properly: devices on access ports attached to that device have the DHCP option 82 added and stripped properly.
I also see that the switch has automatically added a new dynamic switch rule:Code: Select all/interface/ethernet/switch/rule/print 0 D switch=switch1 ports=sfpplus1,ether1,sfpplus4 mac-protocol=ip protocol=udp src-port=67-68 dst-port=67-68 copy-to-cpu=no redirect-to-cpu=yes mirror=no
- For the two switches that have 802.3ad LACP LAGs, the DHCP option 82 is not added for any devices attached to them, whether they are attached to a bonded port or not.
No dynamic switch rule is added.
Now this is where it gets interesting:
If I manually add a switch rule to redirect DHCP packets to the CPU, DHCP Snooping and option 82 processing start working!
Code: Select all
/interface/ethernet/switch/rule/add switch=switch1 ports=[/interface/ethernet/find] mac-protocol=ip protocol=udp src-port=68 dst-port=67 redirect-to-cpu=yes
/interface/ethernet/switch/rule/add switch=switch1 ports=[/interface/ethernet/find] mac-protocol=ip protocol=udp src-port=67 dst-port=68 redirect-to-cpu=yes
/interface/ethernet/switch/rule/add switch=switch1 ports=[/interface/ethernet/find] mac-protocol=ip protocol=udp src-port=67 dst-port=67 redirect-to-cpu=yes
I wanted to share that interesting result.
Would there be any downsides to such a setup?