Community discussions

MikroTik App
 
Kola
newbie
Topic Author
Posts: 49
Joined: Fri Aug 02, 2013 11:42 am

One question on BCP L2 tunnel

Thu Jun 08, 2023 5:17 pm

Hi all!

I'm horsing around a BCP L2 tunnel over L2TP connection. I have a simple configuration — two routers across the Internet with local networks to be combined. First router runs a DHCP server, and I have some DHCP clients on the other side.
But as I find out I cant use DHCP snooping on the second router bridge since where seems no way to set dynamic l2tp bridge-port as Trusted one. So DHCP replies from first router cant go through to the second router LAN.

Is there a way around this or should i use EoIP as everybody else does?
BCP L2 bridge problem.png
You do not have the required permissions to view the files attached to this post.
 
sindy
Forum Guru
Forum Guru
Posts: 10206
Joined: Mon Dec 04, 2017 9:19 pm

Re: One question on BCP L2 tunnel  [SOLVED]

Sat Jun 10, 2023 10:45 am

Consider using bridge filter rules to implement DHCP snooping manually - you can drop DHCP server responses coming in via ports that are members of an interface list, or reverse, drop them all except those coming in via ports on an access list. The ppp profile permits to make the dynamically created interface a member of a pre-defined interface list.
 
akakua
Frequent Visitor
Frequent Visitor
Posts: 50
Joined: Mon Apr 06, 2020 4:52 pm

Re: One question on BCP L2 tunnel

Sat Jun 10, 2023 3:23 pm

You can use l2tpv3.
 
Kola
newbie
Topic Author
Posts: 49
Joined: Fri Aug 02, 2013 11:42 am

Re: One question on BCP L2 tunnel

Tue Jun 13, 2023 9:25 am

Consider using bridge filter rules to implement DHCP snooping manually - you can drop DHCP server responses coming in via ports that are members of an interface list, or reverse, drop them all except those coming in via ports on an access list. The ppp profile permits to make the dynamically created interface a member of a pre-defined interface list.
Smart move, i didn't think about it. Thanks!
You can use l2tpv3.
Got it, i'll try. I didn't use ROSv7 yet at all. Thanks!
 
User avatar
nichky
Forum Guru
Forum Guru
Posts: 1275
Joined: Tue Jun 23, 2015 2:35 pm

Re: One question on BCP L2 tunnel

Tue Jun 13, 2023 10:07 am

@sindy

can u give us conf. for that?
 
User avatar
nichky
Forum Guru
Forum Guru
Posts: 1275
Joined: Tue Jun 23, 2015 2:35 pm

Re: One question on BCP L2 tunnel

Wed Jun 14, 2023 4:18 am

i thign that i got that going
/interface bridge filter
add action=drop chain=forward dst-port=68 in-bridge-list=lan ip-protocol=udp mac-protocol=ip
 
sindy
Forum Guru
Forum Guru
Posts: 10206
Joined: Mon Dec 04, 2017 9:19 pm

Re: One question on BCP L2 tunnel

Wed Jun 14, 2023 9:06 am

i thign that i got that going
Maybe it is correct, maybe it is not - the documentation only mentions in-interface-list so I use that one. I never needed to use the same bridge filter rule on multiple bridges so far, so I haven't even noticed the existence of in-bridge-list and out-bridge-list match conditions until now.

Also the name of the list, lan, sounds a bit confusing to me, as if you wanted to block DHCP server responses coming in via any port of the bridge, not just via the BCP tunnel from the remote site. If that's indeed the case, because the DHCP server is the router itself and you want to prevent any external device from acting as a DHCP server, the fact that the rule is in chain forward is sufficient and you don't need to match on any in-interface(-list).

Who is online

Users browsing this forum: 4l4R1, Amazon [Bot], DimoSK, erlinden, migod, mtkvvv, sinisa and 104 guests