Scribd
Upload
194 views15 pages

Manual - IP - DHCP Server - MikroTik Wiki

The DHCP server provides IP addresses, subnet masks, gateways, DNS servers and other network configuration options to clients. It supports both IPv4 and IPv6. The quick setup guide walks through configuring DHCP for an Ethernet interface to hand out addresses from a specified pool and set the gateway and DNS server. Properties control behaviors like address pools, ARP handling and response authoritativeness.

Uploaded by

mona_mi8202
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
194 views15 pages

Manual - IP - DHCP Server - MikroTik Wiki

The DHCP server provides IP addresses, subnet masks, gateways, DNS servers and other network configuration options to clients. It supports both IPv4 and IPv6. The quick setup guide walks through configuring DHCP for an Ethernet interface to hand out addresses from a specified pool and set the gateway and DNS server. Properties control behaviors like address pools, ARP handling and response authoritativeness.

Uploaded by

mona_mi8202
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 15

30/04/2020 Manual:IP/DHCP Server - MikroTik Wiki

Manual:IP/DHCP Server
From MikroTik Wiki
< Manual:IP

Applies
to

Contents RouterOS: v3, v4,


v5+

1 Summary
2 Quick Setup Guide
3 IPv6
4 General
4.1 Menu specific commands
5 Lease Store Configuration
6 Networks
7 Leases
7.1 Properties
7.2 Read only properties
7.3 Menu specific commands
7.4 Rate limiting
7.4.1 RADIUS Support
8 Alerts
8.1 Properties
8.2 Read only properties
8.3 Menu specific commands
9 DHCP Options
9.1 Properties
9.2 Example
10 DHCP Option Sets
11 Vendor Classes
11.1 Example
12 Configuration Examples

Summary
Standards: RFC 2131, RFC 3315, RFC 3633
Package: dhcp

The DHCP (Dynamic Host Configuration Protocol) is used for the easy distribution of IP addresses in a
network. The MikroTik RouterOS implementation includes both server and client parts and is compliant with
RFC 2131.

The router supports an individual server for each Ethernet-like interface. The MikroTik RouterOS DHCP server
supports the basic functions of giving each requesting client an IP address/netmask lease, default gateway,
domain name, DNS-server(s) and WINS-server(s) (for Windows clients) information (set up in the DHCP
networks submenu)

https://wiki.mikrotik.com/wiki/Manual:IP/DHCP_Server 1/15
30/04/2020 Manual:IP/DHCP Server - MikroTik Wiki

In order for the DHCP server to work, IP pools must also be configured (do not include the DHCP server's own
IP address into the pool range) and the DHCP networks.

It is also possible to hand out leases for DHCP clients using the RADIUS server; the supported parameters for a
RADIUS server is as follows:

Access-Request:

NAS-Identifier - router identity


NAS-IP-Address - IP address of the router itself
NAS-Port - unique session ID
NAS-Port-Type - Ethernet
Calling-Station-Id - client identifier (active-client-id)
Framed-IP-Address - IP address of the client (active-address)
Called-Station-Id - name of DHCP server
User-Name - MAC address of the client (active-mac-address)
Password - ""

Access-Accept:

Framed-IP-Address - IP address that will be assigned to client


Framed-Pool - ip pool from which to assign ip address to client
Rate-Limit - Datarate limitation for DHCP clients. Format is: rx-rate[/tx-rate] [rx-burst-rate[/tx-burst-
rate] [rx-burst-threshold[/tx-burst-threshold] [rx-burst-time[/tx-burst-time][priority] [rx-rate-min[/tx-
rate-min]]]]. All rates should be numbers with optional 'k' (1,000s) or 'M' (1,000,000s). If tx-rate is not
specified, rx-rate is as tx-rate too. Same goes for tx-burst-rate and tx-burst-threshold and tx-burst-time.
If both rx-burst-threshold and tx-burst-threshold are not specified (but burst-rate is specified), rx-rate
and tx-rate are used as burst thresholds. If both rx-burst-time and tx-burst-time are not specified, 1s is
used as default. Priority takes values 1..8, where 1 implies the highest priority, but 8 - the lowest. If rx-
rate-min and tx-rate-min are not specified rx-rate and tx-rate values are used. The rx-rate-min and tx-
rate-min values can not exceed rx-rate and tx-rate values.
Ascend-Data-Rate - tx/rx data rate limitation if multiple attributes are provided, first limits tx data rate,
second - rx data rate. If used together with Ascend-Xmit-Rate, specifies rx rate. 0 if unlimited
Ascend-Xmit-Rate - tx data rate limitation. It may be used to specify tx limit only instead of sending
two sequential Ascend-Data-Rate attributes (in that case Ascend-Data-Rate will specify the receive
rate). 0 if unlimited
Session-Timeout - max lease time (lease-time)

Note: DHCP server requires a real interface to receive raw ethernet packets. If the interface is a Bridge
interface, then the Bridge must have a real interface attached as a port to that bridge which will receive the
raw ethernet packets. It cannot function correctly on a dummy (empty bridge) interface.

Quick Setup Guide


RouterOS has a built in command that lets you easily set up a DHCP server. Let's say we want to configure
DHCP server on ether1 interface to lease addresses from 192.168.0.2 to 192.168.0.254 which belong to the
192.168.0.0/24 network. The gateway and DNS server is 192.168.0.1.

https://wiki.mikrotik.com/wiki/Manual:IP/DHCP_Server 2/15
30/04/2020 Manual:IP/DHCP Server - MikroTik Wiki

From /ip dhcp-server menu run setup command and follow instructions:

[admin@MikroTik] ip dhcp-server> setup


Select interface to run DHCP server on

dhcp server interface: ether1


Select network for DHCP addresses

dhcp address space: 192.168.0.0/24


Select gateway for given network

gateway for dhcp network: 192.168.0.1


Select pool of ip addresses given out by DHCP server

addresses to give out: 192.168.0.2-192.168.0.254


Select DNS servers

dns servers: 192.168.0.1


Select lease time

lease time: 3d
[admin@MikroTik] ip dhcp-server>

The wizard has made the following configuration based on the answers above:

[admin@MikroTik] ip dhcp-server> print


Flags: X - disabled, I - invalid
# NAME INTERFACE RELAY ADDRESS-POOL LEASE-TIME ADD-ARP
0 dhcp1 ether1 0.0.0.0 dhcp_pool1 3d no

[admin@MikroTik] ip dhcp-server> network print


# ADDRESS GATEWAY DNS-SERVER WINS-SERVER DOMAIN
0 192.168.0.0/24 192.168.0.1 192.168.0.1

[admin@MikroTik] ip dhcp-server> /ip pool print


# NAME RANGES
0 dhcp_pool1 192.168.0.2-192.168.0.254

[admin@MikroTik] ip dhcp-server>

IPv6
Starting from v5.8 RouterOS supports IPv6 prefix delegation according to RFC 3315 and RFC 3633.

Starting from v5.9, DHCPv6 server configuration was moved to /ipv6 sub-menu. Read-more >>

General
Sub-menu: /ip dhcp-server

Property Description
add-arp (yes | no; Default: no) Whether to add dynamic ARP entry. If set to no either ARP
mode should be enabled on that interface or static ARP entries
should be administratively defined in /ip arp submenu.
address-pool (string | static-only; IP pool, from which to take IP addresses for the clients. If set to
Default: static-only) static-only, then only the clients that have a static lease (added
in lease submenu) will be allowed.

https://wiki.mikrotik.com/wiki/Manual:IP/DHCP_Server 3/15
30/04/2020 Manual:IP/DHCP Server - MikroTik Wiki

allow-dual-stack-queue (yes | no; Creates a single simple queue entry for both IPv4 and IPv6
Default: yes) addresses, uses the MAC address and DUID for identification.
Requires IPv6 DHCP Server to have this option enabled as well
to work properly.
always-broadcast (yes | no; Default: no) Always send replies as broadcasts even if destination IP is
known. Will add additional load on L2 network.
authoritative (after-10sec-delay | after- Option changes the way how server responds to DHCP requests:
2sec-delay | yes | no; Default: yes)
yes - replies to clients request for an address that is not
available from this server, dhcp server will send negative
acknowledgment (DHCPNAK)
no - dhcp server ignores clients requests for addresses that
are not available from this server

after-10sec-delay - requests with "secs < 10" will be


processed as in "no" setting case and requests with "secs
>= 10" will be processed as in "yes" case.

after-2sec-delay - requests with "secs < 2" will be


processed as in "no" setting case and requests with "secs
>= 2" will be processed as in "yes" case.

If all requests with "secs < x" should be ignored, then delay-
threshold=x setting should be used.
bootp-lease-time (forever | lease-time | Accepts two predefined options or time value:
time; Default: )
forever - lease never expires
lease-time - use time from lease-time parameter

bootp-support (none | static | dynamic; Support for BOOTP clients:


Default: static)
none - do not respond to BOOTP requests
static - offer only static leases to BOOTP clients
dynamic - offer static and dynamic leases for BOOTP
clients

client-mac-limit (integer | unlimited; Specifies whether to limit specific number of clients per single
Default: unlimited) MAC address or leave unlimited. Note that this setting should
not be used in relay setups.
conflict-detection (yes | no; Default: ) Allows to disable/enable conflict detection. If option is enabled,
then whenever server tries to assign a lease it will send ICMP
and ARP messages to detect whether such address in the
network already exist. If any of above get reply address is
considered already used. Conflict detection must be disabled
when any kind of DHCP client limitation per port or per mac is
used.
delay-threshold (time | none; Default: If secs field in DHCP packet is smaller than delay-threshold,
none) then this packet is ignored. If set to none - there is no threshold
(all DHCP packets are processed)
dhcp-option-set (name | none; Default: Use custom set of DHCP options defined in option sets menu.
)

https://wiki.mikrotik.com/wiki/Manual:IP/DHCP_Server 4/15
30/04/2020 Manual:IP/DHCP Server - MikroTik Wiki

insert-queue-before (bottom | first | Specify where to place dynamic simple queue entries for static
name; Default: ) DCHP leases with rate-limit parameter set.
interface (string; Default: ) Interface on which server will be running.
lease-script (string; Default: "") Script that will be executed after lease is assigned or de-
assigned. Internal "global" variables that can be used in the
script:

leaseBound - set to "1" if bound, otherwise set to "0"


leaseServerName - dhcp server name
leaseActMAC - active mac address
leaseActIP - active IP address
lease-hostname - client hostname
lease-options - array of received options

lease-time (time; Default: 10m) The time that a client may use the assigned address. The client
will try to renew this address after a half of this time and will
request a new address after time limit expires.
name (string; Default: ) Reference name
parent-queue (string | none; Default:
none)
relay (IP; Default: 0.0.0.0) The IP address of the relay this DHCP server should process
requests from:

0.0.0.0 - the DHCP server will be used only for direct


requests from clients (no DHCP relay allowed)
255.255.255.255 - the DHCP server should be used for
any incoming request from a DHCP relay except for those,
which are processed by another DHCP server that exists in
the /ip dhcp-server submenu.

src-address (IP; Default: 0.0.0.0) The address which the DHCP client must send requests to in
order to renew an IP address lease. If there is only one static
address on the DHCP server interface and the source-address is
left as 0.0.0.0, then the static address will be used. If there are
multiple addresses on the interface, an address in the same
subnet as the range of given addresses should be used.
use-framed-as-classless (yes | no; Forward RADIUS Framed-Route as a DHCP Classless-Static-
Default: yes) Route to DHCP-client. Whenever both Framed-Route and
Classless-Static-Route is received Classless-Static-Route is
preferred.
use-radius (yes | no | accounting; Whether to use RADIUS server:
Default: no)
no - do not use RADIUS;
yes - use RADIUS for accounting and lease;
accounting - use RADIUS for accounting only.

Menu specific commands

Property Description
https://wiki.mikrotik.com/wiki/Manual:IP/DHCP_Server 5/15
30/04/2020 Manual:IP/DHCP Server - MikroTik Wiki

setup () Start DHCP server setup wizard, which guides you through the
steps to easily create all necessary configuration. Read more>>

Lease Store Configuration


Sub-menu: /ip dhcp-server config

This sub-menu allows the configuration of how often the DHCP leases will be stored on disk. If they would be
saved on disk on every lease change, a lot of disk writes would happen which is very bad for Compact Flash
(especially, if lease times are very short). To minimize writes on disk, all changes are saved on disk every
store-leases-disk seconds. Additionally leases are always stored on disk on graceful shutdown and reboot.

Note: Manual changes to leases - addition/removal of static lease, removal of dynamic lease will cause
changes to be pushed for this lease to storage.

This sub-menu has only one configurable property:

Property Description
store-leases-disk (time | immediately | How frequently lease changes should be stored on disk
never; Default: 5m)

Networks
Sub-menu: /ip dhcp-server network

Property Description
address (IP/netmask; Default: ) the network DHCP server(s) will lease addresses from
boot-file-name (string; Default: ) Boot file name
caps-manager (string; Default: ) Comma-separated list of IP addresses for one or more
CAPsMAN system managers. DHCP Option 138 (capwap) will
be used.
dhcp-option (string; Default: ) Add additional DHCP options from option list.
dhcp-option-set (string; Default: ) Add additional set of DHCP options.
dns-none (yes | no; Default: no) If set, then DHCP Server will not pass dynamic DNS servers
configured on the router to the DHCP clients if no DNS Server
in dns-server is set. By default if there are no DNS Servers
configured, then the dynamic DNS Servers will be passed to
DHCP clients.
dns-server (string; Default: ) the DHCP client will use these as the default DNS servers. Two
comma-separated DNS servers can be specified to be used by the
DHCP client as primary and secondary DNS servers
domain (string; Default: ) The DHCP client will use this as the 'DNS domain' setting for
the network adapter.

https://wiki.mikrotik.com/wiki/Manual:IP/DHCP_Server 6/15
30/04/2020 Manual:IP/DHCP Server - MikroTik Wiki

gateway (IP; Default: 0.0.0.0) The default gateway to be used by DHCP Client.
netmask (integer: 0..32; Default: 0) The actual network mask to be used by DHCP client. If set to '0'
- netmask from network address will be used.
next-server (IP; Default: ) IP address of next server to use in bootstrap.
ntp-server (IP; Default: ) the DHCP client will use these as the default NTP servers. Two
comma-separated NTP servers can be specified to be used by the
DHCP client as primary and secondary NTP servers
wins-server (IP; Default: ) The Windows DHCP client will use these as the default WINS
servers. Two comma-separated WINS servers can be specified to
be used by the DHCP client as primary and secondary WINS
servers

Leases
Sub-menu: /ip dhcp-server lease

DHCP server lease submenu is used to monitor and manage server's leases. The issued leases are showed here
as dynamic entries. You can also add static leases to issue a specific IP address to a particular client (identified
by MAC address) .

Generally, the DHCP lease it allocated as follows:

an unused lease is in waiting state


if a client asks for an IP address, the server chooses one
if the client receives a statically assigned address, the lease becomes offered, and then bound with the
respective lease time
if the client receives a dynamic address (taken from an IP address pool), the router sends a ping packet
and waits for answer for 0.5 seconds. During this time, the lease is marked testing
in the case where the address does not respond, the lease becomes offered and then bound with the
respective lease time
in other case, the lease becomes busy for the lease time (there is a command to retest all busy
addresses), and the client's request remains unanswered (the client will try again shortly)

A client may free the leased address. The dynamic lease is removed, and the allocated address is returned to the
address pool. But the static lease becomes busy until the client reacquires the address.

Note: IP addresses assigned statically are not probed!

Properties

Property Description
address (IP; Default: ) Specify IP address (or ip pool) for static lease. If set to 0.0.0.0 -
pool from server will be used
https://wiki.mikrotik.com/wiki/Manual:IP/DHCP_Server 7/15
30/04/2020 Manual:IP/DHCP Server - MikroTik Wiki

address-list (string; Default: ) Address list to which address will be added if lease is bound.
allow-dual-stack-queue (yes | no; Creates a single simple queue entry for both IPv4 and IPv6
Default: yes) addresses, uses the MAC address and DUID for identification.
Requires IPv6 DHCP Server to have this option enabled as well
to work properly.
always-broadcast (yes | no; Default: ) Send all replies as broadcasts
block-access (yes | no; Default: no) Block access for this client
client-id (string; Default: ) If specified, must match DHCP 'client identifier' option of the
request
dhcp-option (string; Default: ) Add additional DHCP options from option list.
dhcp-option-set (string; Default: ) Add additional set of DHCP options.
insert-queue-before (bottom | first | Specify where to place dynamic simple queue entries for static
name;; Default: ) DCHP leases with rate-limit parameter set.
lease-time (time; Default: 0s) Time that the client may use the address. If set to 0s lease will
never expire.
mac-address (MAC; Default: If specified, must match the MAC address of the client
00:00:00:00:00:00)
rate-limit (integer[/integer] Adds a dynamic simple queue to limit IP's bandwidth to a
[integer[/integer] [integer[/integer] specified rate. Requires the lease to be static. Format is: rx-
[integer[/integer]]]];; Default: ) rate[/tx-rate] [rx-burst-rate[/tx-burst-rate] [rx-burst-threshold[/tx-
burst-threshold] [rx-burst-time[/tx-burst-time]]]]. All rates
should be numbers with optional 'k' (1,000s) or 'M' (1,000,000s).
If tx-rate is not specified, rx-rate is as tx-rate too. Same goes for
tx-burst-rate and tx-burst-threshold and tx-burst-time. If both rx-
burst-threshold and tx-burst-threshold are not specified (but
burst-rate is specified), rx-rate and tx-rate is used as burst
thresholds. If both rx-burst-time and tx-burst-time are not
specified, 1s is used as default.
server (string) Server name which serves this client
use-src-mac (yes | no; Default: no) When this option is set server uses source MAC address instead
of received CHADDR to assign address.

Warning: The always-broadcast parameter will dynamically change. For the initial DHCP
discover/offer/request/ack cycle a broadcast MAC address is going to be used, for lease renewal (request
and ack) an unicast MAC address will be used. In case the DHCP Server keeps receiving DHCP requests
while DHCP offer has been sent, then the always-broadcast parameter will be turned on dynamically until
the DHCP lease has been renewed successfully.

Read only properties

Property Description
active-address (IP) Actual IP address for this lease

https://wiki.mikrotik.com/wiki/Manual:IP/DHCP_Server 8/15
30/04/2020 Manual:IP/DHCP Server - MikroTik Wiki

active-client-id (string) Actual client-id of the client


active-mac-address (MAC) Actual MAC address of the client
active-server (list) Actual dhcp server, which serves this client
agent-circuit-id (string) Circuit ID of DHCP relay agent. If each character should be
valid ASCII text symbol or else this value is displayed as hex
dump.
agent-remote-id (string) Remote ID, set by DHCP relay agent
blocked ( flag ) Whether the lease is blocked
expires-after (time) Time until lease expires
host-name (text) Shows host name option from last received DHCP request
radius (yes | no) Shows if this dynamic lease is authenticated by RADIUS or not
status (waiting | testing | authorizing | Lease status:
busy | offered | bound)
waiting - un-used static lease
testing - testing whether this address is used or not (only
for dynamic leases) by pinging it with timeout of 0.5s
authorizing - waiting for response from radius server
busy - this address is assigned statically to a client or
already exists in the network, so it can not be leased
offered - server has offered this lease to a client, but did
not receive confirmation from the client
bound - server has received client's confirmation that it
accepts offered address, it is using it now and will free
the address no later than the lease time

src-mac-address (MAC; Default: ) Source MAC address

Menu specific commands

Property Description
check-status (id) Check status of a given busy dynamic lease, and free it in case of
no response
make-static (id) Convert a dynamic lease to a static one

Rate limiting

It is possible to set a bandwidth to a specific IPv4 address by using DHCPv4 leases. This can be done by setting
a rate limit on the DHCPv4 lease itself, by doing this a dynamic simple queue rule will be added for the IPv4
address that corresponds to the DHCPv4 lease. By using the rate-limit parameter you can conveniently limit
a user's bandwidth.

Note: For any queues to work properly, the traffic must not be FastTracked, make sure your Firewall does
not FastTrack traffic that you want to limit.

https://wiki.mikrotik.com/wiki/Manual:IP/DHCP_Server 9/15
30/04/2020 Manual:IP/DHCP Server - MikroTik Wiki

First, make the DHCPv4 lease static, otherwise it will not be possible to set a rate limit to a DHCPv4 lease:

[admin@MikroTik] > /ip dhcp-server lease print


Flags: X - disabled, R - radius, D - dynamic, B - blocked
# ADDRESS MAC-ADDRESS HOST-NAME SERVER RATE-LIMIT
0 D 192.168.88.254 6C:3B:6B:7C:41:3E MikroTik DHCPv4_Server

[admin@MikroTik] > /ip dhcp-server lease make-static 0

[admin@MikroTik] > /ip dhcp-server lease print


Flags: X - disabled, R - radius, D - dynamic, B - blocked
# ADDRESS MAC-ADDRESS HOST-NAME SERVER RATE-LIMIT
0 192.168.88.254 6C:3B:6B:7C:41:3E MikroTik DHCPv4_Server

Then you can set a rate to a DHCPv4 lease that will create a new dynamic simple queue entry:

[admin@MikroTik] > /ip dhcp-server lease set 0 rate-limit=10M/10M

[admin@MikroTik] > /queue simple print


Flags: X - disabled, I - invalid, D - dynamic
0 D name="dhcp-ds<6C:3B:6B:7C:41:3E>" target=192.168.88.254/32 parent=none packet-marks="" priority=8/
bucket-size=0.1/0.1

Note: By default allow-dual-stack-queue is enabled, this will add a single dynamic simple queue entry
for both DCHPv6 binding and DHCPv4 lease, without this option enabled separate dynamic simple queue
entries will be added for IPv6 and IPv4.

If allow-dual-stack-queue is enabled, then a single dynamic simple queue entry will be created containing
both IPv4 and IPv6 addresses:

[admin@MikroTik] > /queue simple print


Flags: X - disabled, I - invalid, D - dynamic
0 D name="dhcp-ds<6C:3B:6B:7C:41:3E>" target=192.168.88.254/32,fdb4:4de7:a3f8:418c::/66 parent=none pa
burst-time=0s/0s bucket-size=0.1/0.1

RADIUS Support

Since RouterOS v6.43 it is possible to use RADIUS to assign a rate-limit per lease, to do so you need to pass
the Mikrotik-Rate-Limit attribute from your RADIUS Server for your lease. To achieve this you first need to
set your DHCPv4 Server to use RADIUS for assigning leases. Below is an example how to set it up:

/radius
add address=10.0.0.1 secret=VERYsecret123 service=dhcp
/ip dhcp-server
set dhcp1 use-radius=yes

After that you need to tell your RADIUS Server to pass the Mikrotik-Rate-Limit attribute. In case you are
using FreeRADIUS with MySQL, then you need to add appropriate entries into radcheck and radreply tables
for a MAC address, that is being used for your DHCPv4 Client. Below is an example for table entries:

INSERT INTO `radcheck` (`username`, `attribute`, `op`, `value`) VALUES


('00:0C:42:00:D4:64', 'Auth-Type', ':=', 'Accept'),

INSERT INTO `radreply` (`username`, `attribute`, `op`, `value`) VALUES

https://wiki.mikrotik.com/wiki/Manual:IP/DHCP_Server 10/15
30/04/2020 Manual:IP/DHCP Server - MikroTik Wiki
('00:0C:42:00:D4:64', 'Framed-IP-Address', '=', '192.168.88.254'),
('00:0C:42:00:D4:64', 'Mikrotik-Rate-Limit', '=', '10M'),

Alerts
Sub-menu: /ip dhcp-server alert

To find any rogue DHCP servers as soon as they appear in your network, DHCP Alert tool can be used. It will
monitor the ethernet interface for all DHCP replies and check if this reply comes from a valid DHCP server. If a
reply from an unknown DHCP server is detected, alert gets triggered:

[admin@MikroTik] ip dhcp-server alert>/log print


00:34:23 dhcp,critical,error,warning,info,debug dhcp alert on Public:
discovered unknown dhcp server, mac 00:02:29:60:36:E7, ip 10.5.8.236
[admin@MikroTik] ip dhcp-server alert>

When the system alerts about a rogue DHCP server, it can execute a custom script.

As DHCP replies can be unicast, the 'rogue dhcp detector' may not receive any offer to other dhcp clients at all.
To deal with this, the rogue dhcp detector acts as a dhcp client as well - it sends out dhcp discover requests once
a minute

Properties

Property Description
alert-timeout (none | time; Default: Time after which alert will be forgotten. If after that time the
none) same server is detected, new alert will be generated. If set to
none timeout will never expire.
interface (string; Default: ) Interface, on which to run rogue DHCP server finder.
on-alert (string; Default: ) Script to run, when an unknown DHCP server is detected.
valid-server (string; Default: ) List of MAC addresses of valid DHCP servers.

Read only properties

Property Description
unknown-server (string) List of MAC addresses of detected unknown DHCP servers.
Server is removed from this list after alert-timeout

Menu specific commands

Property Description
reset-alert (id) Clear all alerts on an interface

DHCP Options
https://wiki.mikrotik.com/wiki/Manual:IP/DHCP_Server 11/15
30/04/2020 Manual:IP/DHCP Server - MikroTik Wiki

Sub-menu: /ip dhcp-server option

With the help of DHCP Option list, it is possible to define additional custom options for DHCP Server to
advertise. Option precedence is as follows:

radius,
lease,
server,
network.

This is the order in which client option request will be filled in.

According to the DHCP protocol, a parameter is returned to the DHCP client only if it requests this parameter,
specifying the respective code in DHCP request Parameter-List (code 55) attribute. If the code is not included in
Parameter-List attribute, the DHCP server will not send it to the DHCP client.

Properties

Property Description
code (integer:1..254; Default: ) dhcp option code. All codes are available at
http://www.iana.org/assignments/bootp-dhcp-parameters
name (string; Default: ) Descriptive name of the option
value (string; Default: ) Parameter's value.

Starting from v6.8 available data types for options are:

0xXXXX - hex string (works also in v5)


'XXXXX' - string (works also in v5 but without ' ' around
the text)
$(XXXXX) - variable (currently there are no variables for
server)
'10.10.10.10' - IP address
s'10.10.10.10' - IP address converted to string
'10' - decimal number
s'10' - decimal number converted to string

RouterOS has predefined variables that can be used:

HOSTNAME - client hostname


RADIUS_MT_STR1 - from radius MT attr nr. 24
RADIUS_MT_STR2 - from radius MT attr nr. 25
REMOTE_ID - agent remote id
NETWORK_GATEWAY - first gateway from '/ip dhcp-
server network', note that this option won't work if used
from lease

Now it is also possible to combine data types into one, for


example: "0x01'vards'$(HOSTNAME)"

For example if HOSTNAME is 'kvm', then raw value will be


0x0176617264736b766d.

https://wiki.mikrotik.com/wiki/Manual:IP/DHCP_Server 12/15
30/04/2020 Manual:IP/DHCP Server - MikroTik Wiki

raw-value (HEX string ) Read only field which shows raw dhcp option value (the format
actually sent out)

Example

Classless Route

A classless route adds specified route in clients routing table. In our example, it will add

dst-address=160.0.0.0/24 gateway=10.1.101.1
dst-address=0.0.0.0/0 gateway=10.1.101.1

According to RFC 3442: The first part is the netmask ("18" = netmask /24). Second part is significant part of
destination network ("A00000" = 160.0.0). Third part is IP address of gateway ("0A016501" = 10.1.101.1).
Then There are parts of the default route, destination netmask (0x00 = 0.0.0.0/0) followed by default route
(0x0A016501 = 10.1.101.1)

/ip dhcp-server option


add code=121 name=classless value=0x18A000000A016501000A016501
/ip dhcp-server network
set 0 dhcp-option=classless

Result:

[admin@MikroTik] /ip route> print


Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf,
m - mme, B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 ADS 0.0.0.0/0 10.1.101.1 0
1 ADS 160.0.0.0/24 10.1.101.1 0

Much more robust way would be to use built in variables, previous example can be rewritten as:

/ip dhcp-server option


add name=classless code=121 value="0x18A00000\$(NETWORK_GATEWAY)0x00\$(NETWORK_GATEWAY)"

Auto Proxy Config

/ip dhcp-server option


add code=252 name=auto-proxy-config value="'http://autoconfig.something.lv/wpad.dat'"

DHCP Option Sets


Sub-menu: /ip dhcp-server option sets

This menu allows combining multiple options in option sets, which later can be used to override default DHCP
server option set.

https://wiki.mikrotik.com/wiki/Manual:IP/DHCP_Server 13/15
30/04/2020 Manual:IP/DHCP Server - MikroTik Wiki

Property Description
name (string; Default: ) Name of the option set.
options (list; Default: ) List of options defined in options menu.

Vendor Classes

Since 6.45beta6 version RouterOS support vendor class id matcher. The vendor class is used by DHCP clients
to optionally identify the vendor and configuration.

Property Description
name (string; Default: ) Self explained
sever (string; Default: all) Specific DHCP server to match
address-pool (string; Default: ) Address pool for a particular Vendor ID (VID)
vid (string; Default: ) Vendor Class ID matcher

Example

In the following configuration example, we will give an IP address from a particular pool for an Android based
mobile phone. We will use the RouterBOARD with a default configuration

/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
add name=pool-for-VID ranges=172.16.16.10-172.16.16.120

Configure vendor-class-id matcher. DHCP servers configuration remains default

/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=bridge name=defconf
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dhcp-server vendor-class-id
add address-pool=pool-for-VID name=samsung server=defconf vid=android-dhcp-9

Connect your mobile phone to the device to receive an IP address from 172.16.16.0 network

[admin@mikrotik] > /ip dhcp-server lease print detail


Flags: X - disabled, R - radius, D - dynamic, B - blocked
0 D address=172.16.16.120 mac-address=30:07:4D:F5:07:49 client-id="1:30:7:4d:f5:7:49" address-lists=""
status=bound expires-after=8m55s last-seen=1m5s active-address=172.16.16.120 active-mac-address=30:
active-client-id="1:30:7:4d:f5:7:49" active-server=defconf host-name="Galaxy-S8"

If you do not know your devices Vendor Class ID, you can turn on DHCP debug logs with /system logging
add topics=dhcp. Then in the logging entries, you will see Class-ID

10:30:31 dhcp,debug,packet defconf received request with id 4238230732 from 0.0.0.0


10:30:31 dhcp,debug,packet secs = 3
10:30:31 dhcp,debug,packet ciaddr = 0.0.0.0
10:30:31 dhcp,debug,packet chaddr = 30:07:4D:F5:07:49
10:30:31 dhcp,debug,packet Msg-Type = request
10:30:31 dhcp,debug,packet Client-Id = 01-30-07-4D-F5-07-49
10:30:31 dhcp,debug,packet Address-Request = 172.16.16.120

https://wiki.mikrotik.com/wiki/Manual:IP/DHCP_Server 14/15
30/04/2020 Manual:IP/DHCP Server - MikroTik Wiki
10:30:31 dhcp,debug,packet Server-Id = 192.168.88.1
10:30:31 dhcp,debug,packet Max-DHCP-Message-Size = 1500
10:30:31 dhcp,debug,packet Class-Id = "android-dhcp-9"
10:30:31 dhcp,debug,packet Host-Name = "Galaxy-S8"
10:30:31 dhcp,debug,packet Parameter-List = Subnet-Mask,Router,Domain-Server,Domain-Name,Interface-M
ewal-Time,Rebinding-Time,Vendor-Specific
10:30:31 dhcp,info defconf assigned 172.16.16.120 to 30:07:4D:F5:07:49
10:30:31 dhcp,debug,packet defconf sending ack with id 4238230732 to 172.16.16.120
10:30:31 dhcp,debug,packet ciaddr = 0.0.0.0
10:30:31 dhcp,debug,packet yiaddr = 172.16.16.120
10:30:31 dhcp,debug,packet siaddr = 192.168.88.1
10:30:31 dhcp,debug,packet chaddr = 30:07:4D:F5:07:49
10:30:31 dhcp,debug,packet Msg-Type = ack
10:30:31 dhcp,debug,packet Server-Id = 192.168.88.1
10:30:31 dhcp,debug,packet Address-Time = 600
10:30:31 dhcp,debug,packet Domain-Server = 192.168.88.1,10.155.0.1,10.155.0.126

Configuration Examples

To simply configure DHCP server you can use a setup command.

First, you configure IP address on the interface:

[admin@MikroTik] > /ip address add address=192.168.88.1/24 interface=ether3 disabled=no

Then you use setup command which will automatically ask necessary parameters:

[admin@MikroTik] > /ip dhcp-server setup


Select interface to run DHCP server on

dhcp server interface: ether3


Select network for DHCP addresses

dhcp address space: 192.168.88.0/24


Select gateway for given network

gateway for dhcp network: 192.168.88.1


Select pool of ip addresses given out by DHCP server

addresses to give out: 192.168.88.2-192.168.88.254


Select DNS servers

dns servers: 10.155.126.1,10.155.0.1,


Select lease time

lease time: 10m

That is all. You have configured an active DHCP server.

[ Top | Back to Content ]

Retrieved from "https://wiki.mikrotik.com/index.php?title=Manual:IP/DHCP_Server&oldid=33755"

Categories: Manual DHCP IP

This page was last edited on 21 January 2020, at 15:24.

https://wiki.mikrotik.com/wiki/Manual:IP/DHCP_Server 15/15

You might also like