Mikrotik Dhcp Server Range

[Hyun Orth]

The DHCP (Dynamic Host Configuration Protocol) is used for the easy distribution of IP addresses in a network. The MikroTik RouterOS implementation includes both server and client parts and is compliant with RFC 2131.

The router supports an individual server for each Ethernet-like interface. The MikroTik RouterOS DHCP server supports the basic functions of giving each requesting client an IP address/netmask lease, default gateway, domain name, DNS-server(s) and WINS-server(s) (for Windows clients) information (set up in the DHCP networks submenu)

This sub-menu allows the configuration of how often the DHCP leases will be stored on disk. If they would be saved on disk on every lease change, a lot of disk writes would happen which is very bad for Compact Flash (especially, if lease times are very short). To minimize writes on disk, all changes are saved on disk every store-leases-disk seconds.Additionally leases are always stored on disk on graceful shutdown and reboot.

DHCP server lease submenu is used to monitor and manage server's leases. The issued leases are showed here as dynamic entries. You can also add static leases to issue a specific IP address to a particular client (identified by MAC address) .

A client may free the leased address. The dynamic lease is removed, and the allocated address is returned to the address pool. But the static lease becomes busy until the client reacquires the address.

It is possible to set a bandwidth to a specific IPv4 address by using DHCPv4 leases. This can be done by setting a rate limit on the DHCPv4 lease itself, by doing this a dynamic simple queue rule will be added for the IPv4 address that corresponds to the DHCPv4 lease. By using the rate-limit parameter you can conveniently limit a user's bandwidth.

Since RouterOS v6.43 it is possible to use RADIUS to assign a rate-limit per lease, to do so you need to pass the Mikrotik-Rate-Limit attribute from your RADIUS Server for your lease. To achieve this you first need to set your DHCPv4 Server to use RADIUS for assigning leases. Below is an example how to set it up:

After that you need to tell your RADIUS Server to pass the Mikrotik-Rate-Limit attribute. In case you are using FreeRADIUS with MySQL, then you need to add appropriate entries into radcheck and radreply tables for a MAC address, that is being used for your DHCPv4 Client. Below is an example for table entries:

To find any rogue DHCP servers as soon as they appear in your network, DHCP Alert tool can be used. It will monitor the ethernet interface for all DHCP replies and check if this reply comes from a valid DHCP server. If a reply from an unknown DHCP server is detected, alert gets triggered:

As DHCP replies can be unicast, the 'rogue dhcp detector' may not receive any offer to other dhcp clients at all. To deal with this, the rogue dhcp detector acts as a dhcp client as well - it sends out dhcp discover requests once a minute

According to the DHCP protocol, a parameter is returned to the DHCP client only if it requests this parameter, specifying the respective code in DHCP request Parameter-List (code 55) attribute. If the code is not included in Parameter-List attribute, the DHCP server will not send it to the DHCP client.

Every device that attaches to our network is going to need an IP address. There are two ways that we can go about assigning an IP address to a device. We can either assign them on the client-end, which means that we have to have the device in our possession, or we can tell our network to assign an address to a client once they join the network. If we assign an IP address to the device from the network side, we can either assign a device a specific IP address to use, or we can configure our network to assign the device the first available address from a pool, or group of addresses we designate.

Sometimes, configuring IP addresses from the client side is impractical. Think of, a college campus, for example where you might have hundreds or even thousands of devices attaching and detaching from a network. Imagine the headache and the logistics of having to physically touch every single device or having to devise some way of instructing the end-user how to configure the device and what if they happen to misconfigure the device? Or imaging having to keep track of assigned IP addresses and knowing which ones are used and which ones are available and making sure that you don't assign the same IP address to multiple devices or if someone misconfigures their end device and uses an IP address that belongs to another device. These two scenarios highlight issues that are mitigated with using DHCP services.

There are two types of DHCP IP assignments possible. If you assign a device the same IP address no matter how or when the device connects, this is called static IP address assignment, given that the address doesn't change. However, if you simply wish for a client to be assigned an address from a pool of addresses without regard to which specific address, and you do not care if that devices gets the same address every time the device connects, that is called dynamic IP address assignment.

When would you use static vs dynamic IP address assignment. When you have a device that needs to be reachable at the same IP address, you would want to assign that device a static IP address. For example, say you have a printer on the network with an IP address of 192.168.1.10. You would want to make sure that whenever data is sent to that IP address, that the printer is the the device on the receiving end that is responding. You wouldn't want another device on the network to accidentally grab this address, because then jobs sent to the printer might no longer be able to find the printer on the network because its address may have changed. A good rule of thumb is that if you have a device on the network that provides a service and needs to be reachable by other devices, assign it a static IP address. If the device does not need to be reachable by other devices, then a dynamic IP address should suffice.

Step 1: Before we can modify our network device, we need to remove the link between the cloud device and the router. We will put it back, but there currently exists a limitation that you cannot expand the device if there are any devices attached to it.

Right click on the link (the line between the cloud and the router device) and click delete. This will remove the link between the router and the cloud and allow us to expand the number of network ports the device can support. Right click on the router device and click Configure. Select the Network tab and change the number of adapters from 2 to 8 and click Ok. Click the Add a Link tab on the GNS3 left menu bar and re-establish the link between the cloud and the MikroTik Router. If you are successful, you should now notice that the MikroTik router has 8 available interfaces, ether1 to ether8.

Next, we are going to log into the router and create a bridge interface for ports 2-8. A bridge allows us to create a primary interface with one or more physical interfaces grouped within that allows us to treat the group as a single unit. We can then apply a configuration to the bridge interface that will then be shared by any device connected to any of the interfaces in the group. Instead of applying IP address(es) to ether2 to ether8, we are going to create a bridge interface (bridge1) and assign ether2 to ether8 to that bridge. We will then assign an IP address to bridge1, and then configure the bridge to use DHCP to assign IP addresses to connected devices.

Step 5: You will now notice that there is a bridge->port assignment. Interface ether2 is assigned to bridge bridge1. Repeat this process for ether3 to ether8. Do not assign ether1 to the bridge, otherwise you will lose network connectivity to the switch. We are only assigning ports to the interface that will be used for our intranet, or internal network. ether1 will be used as our gateway interface to the external network and/or internet. Once you are done, it should look like the following.

Step 7: The next step involves creating a DHCP server and instructing the new server to assign IP addresses on the bridge interface. To do so click IP -> DHCP Server. We are going to use the DHCP Setup wizard to create our new DHCP server for us, so click the DHCP Setup button shown here.

Step 8: Select the interface we want to create the DHCP server on, in this case bridge1. (by using the bridge instead of the individual ethernet interfaces, we can assign this DHCP server to serve all interfaces on the bridge) and click Next.

Step 10: Enter the gateway address for the network (here it is already entered and we should leave it as is, 192.168.51.1). The gateway address will be the same address that we assigned to the bridge interface.

Step 12: Select the DNS Servers to assign to this network. DNS, or domain name services, are used to map device names to their respective IP address. For example, when you look up this server mikrotikusers.com, DNS servers are responsible for mapping the name mikrotikusers.com to its IP address. In this case, we are going to enter 2 public DNS servers, 8.8.8.8 and 8.8.4.4 (these public DNS servers belong to google.com) and hit Next. Don't worry, we'll explain DNS in a future article.

Step 13: Assign a lease time to the DHCP Server. DHCP lease time is the amount of time in minutes or seconds a network device can use an IP Address in a network. The IP Address is reserved for that device until the reservation expires. What happens with a lease is when half the time expires, if the device is still connected to the network, it will request a renewal to continue using the same address, and if available, the request will be granted and the lease process starts all over again. If the DHCP server is unavailable or something prevents the device from being able to renew the lease, the device will continue trying until the lease time expires. If the device is removed from the network or is turned off, the lease will continue to exist until the time assigned to it expires. If the device rejoins the network and is able to request a valid lease before the time expires, it will be assigned the same address it had before. However, once the time expires, the IP address is returned back into the available pool of IP addresses and if the client then requests an address, it may or may not get the same address as assigned to it previously. In this example, the default lease time is 10 minutes, meaning at 5 minutes, the device will attempt to secure another 10 minute lease. This is fine for right now for this example (many networks set this to a much higher time, such as 4 hours, 8 hours, etc.. but it depends on the network. Higher times means that you have the likelihood to run out of available addresses quicker, shorter means more network traffic as devices are having to more frequently request addresses). Go ahead and click Next.

3a8082e126