Configuring DHCP Snooping on MikroTik

I will give an example of setting up DHCP Snooping on MikroTik (RouterOS) to block third-party DHCP servers:

Since the old versions of RouterOS do not support DHCP Snooping, we first update the firmware of the device, to do this, open the “System” – “Packages” menu and click “Download&Install”.

To activate “DHCP Snooping”, open the “Bridge” menu, in the “Bridge” tab, select the required bridge, tick the “DHCP Snooping” box and click “OK”.

To allow packets from a DHCP server on a specific port, open the “Bridge” menu, select the port in the “Ports” tab, tick the “Trusted” checkbox and click “OK”.

I note that DHCP Snooping does not work on all devices, for example, it works on CRS3xx series devices, you can see the list of devices on the official website:
https://wiki.mikrotik.com/wiki/Manual:Interface/Bridge

That is, you can configure DHCP Snooping on a device that does not support it, but there is no sense in it, packets from DHCP servers on ports without “Trusted” will still pass, for example, I checked it on RB2011L-IN.

See my other articles in the MikroTik category.

Leave a comment

Leave a Reply