DHCP Client

Summary

The DHCP (Dynamic Host Configuration Protocol) is used for the easy distribution of IP addresses in a network. The MikroTik RouterOS implementation includes both server and client parts and is compliant with RFC 2131.

The MikroTik RouterOS DHCP client may be enabled on any Ethernet-like interface at a time. The client will accept an address, netmask, default gateway, and two DNS server addresses. The received IP address will be added to the interface with the respective netmask. The default gateway will be added to the routing table as a dynamic entry. Should the DHCP client be disabled or not renew an address, the dynamic default route will be removed. If there is already a default route installed prior to the DHCP client obtains one, the route obtained by the DHCP client would be shown as invalid.

RouterOS DHCP client asks for the following options:

• option 1 - SUBNET_MASK,
• option 3 - GATEWAY_LIST,
• option 6 - TAG_DNS_LIST,
• option 33 - STATIC_ROUTE,
• option 42 - NTP_LIST,
• option 121 - CLASSLESS_ROUTE,

Option

DHCP client has a possibility to set up options that are sent to the DHCP server. For example, hostname and MAC address. The syntax is the same as for DHCP server options.

Currently, there are three variables that can be used in options:

• HOSTNAME;
• CLIENT_MAC - client interface MAC address;
• CLIENT_DUID - client DIUD of the router, same as used for the DHCPv6 client. In conformance with RFC4361

DHCP client default options include these default Options:

IPv6

DHCP Client can receive delegated prefixes from DHCPv6 server. Currently received prefix is added to IPv6 pool, which later can be used for example in PPPoE server configuration. DHCPv6 client configuration can be found in /ipv6 sub-menu

Setup example

Add a DHCP client on ether1 interface:

/ip dhcp-client add interface=ether1 disabled=no

After the interface is added, you can use "print" or "print detail" command to see what parameters DHCP client acquired:

[admin@MikroTik] ip dhcp-client> print detail
Flags: X - disabled, I - invalid 
 0   interface=ether1 add-default-route=yes use-peer-dns=yes use-peer-ntp=yes
     status=bound address=192.168.0.65/24 gateway=192.168.0.1
     dhcp-server=192.168.0.1 primary-dns=192.168.0.1 primary-ntp=192.168.0.1
     expires-after=9m44s 
[admin@MikroTik] ip dhcp-client>

DHCP client status can be checked with:

/ip dhcp-client print detail 

Examples

Lease script example

It is possible to execute a script when DHCP client obtains new lease or loses existing one. This is an example script that automatically adds a default route with routing-mark=WAN1 and removes it when the lease expires or is removed.

/ip dhcp-client
add add-default-route=no dhcp-options=hostname,clientid disabled=no interface=ether2 script="{\r\
    \n    :local rmark \"WAN1\"\r\
    \n    :local count [/ip route print count-only where comment=\"WAN1\"]\r\
    \n    :if (\$bound=1) do={\r\
    \n        :if (\$count = 0) do={\r\
    \n            /ip route add gateway=\$\"gateway-address\" comment=\"WAN1\" routing-mark=\$rmark\r\
    \n        } else={\r\
    \n            :if (\$count = 1) do={\r\
    \n                :local test [/ip route find where comment=\"WAN1\"]\r\
    \n                :if ([/ip route get \$test gateway] != \$\"gateway-address\") do={\r\
    \n                    /ip route set \$test gateway=\$\"gateway-address\"\r\
    \n                }\r\
    \n            } else={\r\
    \n                :error \"Multiple routes found\"\r\
    \n            }\r\
    \n        }\r\
    \n    } else={\r\
    \n        /ip route remove [find comment=\"WAN1\"]\r\
    \n    }\r\
    \n}\r\
    \n"

Resolve default gateway when 'router' (option3) is from a different subnet

In some cases, administrators tend to set the 'router' option which cannot be resolved with offered IP's subnet. For example, the DHCP server offers 192.168.88.100/24 to the client, and option 3 is set to 172.16.1.1. This will result in unresolved default route:

 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0  DS  0.0.0.0/0                          172.16.1.1              1
 1 ADC  192.168.88.0/24    192.168.88.100  ether1 

To fix this we need to add /32 route to resolve the gateway over ether1, which can be done by running script below each time DHCP client gets an address

/system script add name="dhcpL" source={ /ip address add address=($"lease-address" . "/32") network=$"gateway-address" interface=$interface }

Now we can further extend the script, to check if address already exist, and remove the old one if changes are needed

/system script add name="dhcpL" source={ 
  /ip address {
    :local ipId [find where comment="dhcpL address"]
    :if ($ipId != "") do={
      :if (!([get $ipId address] = ($"lease-address" . "/32") && [get $ipId network]=$"gateway-address" )) do={
        remove $ipId;
        add address=($"lease-address" . "/32") network=$"gateway-address" \
          interface=$interface comment="dhcpL address"
      }
    } else={
      add address=($"lease-address" . "/32") network=$"gateway-address" \
        interface=$interface comment="dhcpL address"
    }
  }
}

DHCP Server

The DHCP (Dynamic Host Configuration Protocol) is used for the easy distribution of IP addresses in a network. The MikroTik RouterOS implementation includes both server and client parts and is compliant with RFC 2131.

The router supports an individual server for each Ethernet-like interface. The MikroTik RouterOS DHCP server supports the basic functions of giving each requesting client an IP address/netmask lease, default gateway, domain name, DNS-server(s) and WINS-server(s) (for Windows clients) information (set up in the DHCP networks submenu)

In order for the DHCP server to work, IP pools must also be configured (do not include the DHCP server's own IP address into the pool range) and the DHCP networks.

It is also possible to hand out leases for DHCP clients using the RADIUS server; the supported parameters for a RADIUS server is as follows:

Access-Request:

• NAS-Identifier - router identity
• NAS-IP-Address - IP address of the router itself
• NAS-Port - unique session ID
• NAS-Port-Type - Ethernet
• Calling-Station-Id - client identifier (active-client-id)
• Framed-IP-Address - IP address of the client (active-address)
• Called-Station-Id - name of DHCP server
• User-Name - MAC address of the client (active-mac-address)
• Password - ""

Access-Accept:

• Framed-IP-Address - IP address that will be assigned to a client
• Framed-Pool - ip pool from which to assign ip address to a client
• Rate-Limit - Datarate limitation for DHCP clients. Format is: rx-rate[/tx-rate] [rx-burst-rate[/tx-burst-rate] [rx-burst-threshold[/tx-burst-threshold] [rx-burst-time[/tx-burst-time][priority] [rx-rate-min[/tx-rate-min]]]]. All rates should be numbers with optional 'k' (1,000s) or 'M' (1,000,000s). If tx-rate is not specified, rx-rate is as tx-rate too. Same goes for tx-burst-rate and tx-burst-threshold and tx-burst-time. If both rx-burst-threshold and tx-burst-threshold are not specified (but burst-rate is specified), rx-rate and tx-rate are used as burst thresholds. If both rx-burst-time and tx-burst-time are not specified, 1s is used as default. Priority takes values 1..8, where 1 implies the highest priority, but 8 - the lowest. If rx-rate-min and tx-rate-min are not specified rx-rate and tx-rate values are used. The rx-rate-min and tx-rate-min values can not exceed rx-rate and tx-rate values.
• Ascend-Data-Rate - tx/rx data rate limitation if multiple attributes are provided, first limits tx data rate, second - rx data rate. If used together with Ascend-Xmit-Rate, specifies rx rate. 0 if unlimited
• Ascend-Xmit-Rate - tx data rate limitation. It may be used to specify tx limit only instead of sending two sequential Ascend-Data-Rate attributes (in that case Ascend-Data-Rate will specify the receive rate). 0 if unlimited
• Session-Timeout - max lease time (lease-time)

DHCP Relay