Dynamic Host Configuration Protocol (DHCP) is a client/server protocol where a DHCP server automatically provides an Internet Protocol (IP) address and other related information such as subnet mask, default gateway and DNS to DHCP clients. DHCP server and client use UDP port 67 and 68 for communication.
In a network, a DHCP client (IP devices such as Desktop, Laptop, Smartphone etc.) requests for an IP lease sending broadcast message over 67/UDP port to any DHCP server and a DHCP server responses over 68/UDP allocating IP address and other related IP information for a certain period. So, a DHCP server reduces huge network administration tasks of a system administrator.
Every MikroTik RouterOS including RouterOS v7 has a built-in DHCP service. So, system admin can easily turn MikroTik RouterOS into a DHCP server and can easily reduce his network administration task.
DHCP Service is built-in in MikroTik RouterOS v7 but not enabled by default. So, if we want to use DHCP Server in our network with MikroTik RouterOS v7, we have to setup and configure it.
But before going to start DHCP Server configuration in MikroTik RouterOS v7, I will show a basic network diagram as an example where a MikroTik Router is working as a DHCP Server as well as it is working as a network gateway. I hope, your network will be almost similar like the following network diagram and you will be able to run a smooth DHCP Server in your network with MikroTik RouterOS v7.
MikroTik DHCP Server Enabled Network
In the above network diagram, the ether1 interface of MikroTik Router is connected to an ISP for accessing internet and this interface is known as WAN. All LAN users are connected to ether2 interface through a network switch.
We will now enable DHCP Server on the ether2 interface so that all LAN users will get network information (IP, Subnet mask, Gateway and DNS) dynamically from this DHCP Server. But before enabling DHCP server in MikroTik RouterOS 7, we have to complete MikroTik RouterOS basic configuration. MikroTik RouterOS 7 basic configuration using Winbox or command was discussed in the previous article. So, follow that article for basic RouterOS 7 configuration and then follow the following steps for DHCP Server configuration using Winbox.
Go to IP > DHCP Server menu item from Winbox. DHCP Server window will appear.
InDHCP Server window, click on DHCP Setup button and choose the interface (in this article: ether2) on which you want to setup DHCP server from DHCP Server Interface drop-down menu and then click on Next button.
Now put your LAN network block in DHCP Address Space input box and click Next button. DHCP client/LAN user will get IP from this network.
Choose gateway address for the given network in Gateway for DHCP Network input box and then click Next button.
Provide IP range from which DHCP client/LAN user will get IP in Address to Give Out input box and click Next button.
Provide preferred DNS server IP and click Next button.
Provide IP lease time and click Next button. Default lease time is 3 days.
DHCP setup is now complete and a successful message will be shown.
Now connect any IP device (Desktop, Laptop, Smartphone etc.) to your network. An IP will automatically be allocated for that device from MikroTik DHCP Server. Click Leases tab and observe IP lease status of that DHCP client.
DHCP Server configuration in MikroTik RouterOS7 has been explained step by step in this article. I hope, you will be able to configure DHCP Server in your network with MikroTik Router OS v7. However, if you face any confusion to configure a DHCP server in MikroTik Router OS7, feel free to discuss in comment or contact with me from Contact page. I will try my best stay with you.
MikroTik Router is one of the most popular routers because of having a lot of networking features. MikroTik DHCP Client is a special feature that is used to connect to any DHCP Server. So, if any uplink ISP provides DHCP connection, MikroTik Router is able to connect that DHCP Server using this DHCP Client. In my previous article, I discussed how to configure MikroTik Router with PPPoE WAN Connection. In this article, I will discuss how to configure MikroTik Router with DHCP WAN Connection.
Core Devices and IP Information
To configure MikroTik Router with DHCP WAN Connection, I am using a MikroTik RouterBoard 1100 AHX2 (RouterOSv6.38.1) and the LAN Gateway IP is 192.168.10.1/24. This information is just for my R&D purpose. Change this information according to your network requirements.
Network Diagram
To configure MikroTik Router with WAN DHCP Client, I am following a network diagram like the below diagram.
MikroTik Network with DHCP WAN Connection
In this network diagram, MikroTik Router’s ether1 interface is connected to ISP network where DHCP Server is enabled. So, we will create MikroTik DHCP Client in this interface so that MikroTik Router can connect with ISP DHCP Server and can access internet. Again, MikroTik Router’s ether2 interface is connected to a LAN switch having IP block 192.168.10.0/24. We are assigning static IP for LAN users but if we want, we can configure MikroTik PPPoE Server, MikroTik DHCP Server or MikroTik Hotspot Server on ether2 interface. We will also configure NATing in our MikroTik Router so that LAN users are able to get internet using this private IP block.
MikroTik Configuration with WAN DHCP Client
We will now start our MikroTik Router configuration with WAN DHCP client according to the above network diagram. Complete MikroTik configuration with DHCP WAN connection can be divided into the following three steps.
MikroTik DHCP Client Configuration on WAN Interface
Assigning LAN Gateway
NATing configuration
Step 1: MikroTik DHCP Client Configuration on WAN Interface
If your uplink ISP provides DHCP connection, you must configure MikroTik DHCP Client on your WAN interface. The following steps will show how to configure DHCP Client on MikroTik WAN interface.
Login to MikroTik Router using Winbox with admin privilege credential.
Click on IP > DHCP Client menu item. DHCP Client window will appear. Click on PLUS SIGN (+). New DHCP Client will appear.
Choose WAN interface (ether1) from Interface dropdown menu.
Make sure that Use Peer DNS and Use Peer NTP is selected if your ISP includes DNS and NTP Server Information with DHCP connection. Usually, DNS IP is provided with every DHCP connection.
Choose yes from Add Default Route dropdown menu otherwise you and your LAN user cannot communicate with the internet.
Click Apply and OK button.
MikroTik DHCP Client Configuration
If your WAN interface is connected to your uplink ISP network, your DHCP Client will be connected with the ISP DHCP Server and you will find connection status with assigned IP information from Status tab in respected DHCP Client window.
You will also find that a dynamic IP is added in IP > Address list window, Dynamic DNS Servers are added in IP > DNS window and a default route is automatically added in IP > Routes list by MikroTik DHCP client.
Step 2: Assigning LAN Gateway
After MikroTik DHCP Client configuration, we will now assign LAN Gateway IP so that LAN user can communicate through MikroTik Router. The following steps will show how to assign LAN Gateway IP in MikroTik Router.
Go to IP > Addresses menu item. Address List window will appear.
Click on PLUS SIGN (+) and put your LAN gateway IP (192.168.10.1/24) in Address input field.
Choose your LAN interface (ether2) from Interface dropdown menu.
Click Apply and OK button.
LAN Gateway IP has been assigned. Now we will configure NATing so that LAN user can get internet through MikroTik Router.
Step 3: NATing Configuration
We will now create a NAT rule in MikroTik Firewall for masquerading our LAN IP block. Otherwise, our LAN user cannot access internet through our MikroTik router. The following steps will show how to create the masquerade firewall rule in MikroTik router.
Go to IP > Firewallmenu and click on NAT tab and then click on PLUS SIGN (+). New NAT Rule window will appear now.
Choose srcnatfrom Chain dropdown menu and put LAN IP block (192.168.10.0/24) in Address input field.
Click on Action tab and choose masqueradefrom Action dropdown menu.
Click Applyand OK
NATing configuration in MikroTik router has been completed as well as all our necessary steps to configure MikroTik Router with WAN DHCP Client have been completed. Now connect your LAN users to MikroTik Router through a LAN switch. If everything is OK, your LAN users will able to get internet through MikroTik Router.
If you face any confusion to follow the above steps properly, watch the below video about MikroTik DHCP Client configuration. I hope it will reduce your any confusion about MikroTik DHCP client configuration on WAN interface.
MikroTik Router Configuration with WAN DHCP Client has been discussed in this article. I hope you are now able to configure MikroTik DHCP Client if your ISP uses DHCP Server for their connection. However, if you face any confusion to configure MikroTik DHCP WAN connection, feel free to discuss in comment or contact with me from Contact page. I will try my best to stay with you.
MikroTik VRRP (Virtual Router Redundancy Protocol) ensures high available internet network. If any organization requires uninterrupted internet connection, MikroTik VRRP implementation will be a vital solution for them. MikroTik VRRP creates a virtual router accumulating two or more physical routers and ensures uninterrupted internet connection keeping activate one physical router always. That means, if any physical router fails to operate due to any hardware failure, MikroTik VRRP uses another backup router for internet gateway until the running router comes back again. In my previous article, I discussed how to configure MikroTik VRRP to establish a high available internet network. But most of the office network as well as ISP network use DHCP Server to assign their device IP automatically. So, in this article I will show how to configure MikroTik VRRP with active and backup DHCP Server.
Network Diagram
To configure VRRP network with MikroTik DHCP Server, I am following a network diagram like the below image.
MikroTik VRRP Network with DHCP Server
In this network, two MikroTik RouterOS (Master_RouterOS and Backup_RouterOS) are the member of a MikroTik VRRP. So, when both routers are up and running, network traffic will pass through Master_RouterOS. If Master_RouterOS fails to operate due to hardware failure or any other cause, Backup_RouterOS will turn into Master Router and pass network traffic until the Master_RouterOS comes back again. When the Master_RouterOS recovers again, it turns into Master Router and Backup_RouterOS will turn into Back Router. So, a hardware redundancy network will be ensured using MikroTik VRRP. Also DHCP Server is configured in both RouterOS to provide IP address automatically to client devices. These DHCP Servers will be activated depending on their Router_OS state that means if Master_RouterOS is up and running, its DHCP Server will have up and running. Again, if Backup_RouterOS is activated due to Master_RouterOS hardware failure, its DHCP Server will work as active DHCP Server.
In the network diagram, Master_RouterOS is connected to ISP1 through ether1 interface having IP address 192.168.40.2/25 and ether2 port is connected to LAN network having IP address 10.10.200.1/24. VRRP will be configured on ether2 interface and a virtual interface will be created whose IP address will be 10.10.200.254. Similarly, Backup_RouterOS is connected to ISP2 through ether1 interface having IP address 172.30.30.2/25 and ether2 port is connected to LAN network having IP address 10.10.200.2/24. MikroTik VRRP will also be configured on ether2 interface and a virtual interface will be created whose IP address will be 10.10.200.254. Note that, both routers should always have the same type of configuration.
We have also two workstations (PC-1 and PC-2) that are connected to our virtual router (that will be created by MikroTik VRRP) through LAN_Switch and will get IP address automatically from active DHCP Server.
MikroTik VRRP Configuration with DHCP
MikroTik VRRP creates a virtual router accumulating two or more physical routers where one physical router works as a Master Router and others are Backup Router. If Master Router fails to operate due to hardware failure, one of the Backup Routers becomes Master Router based on priority setting. So, we have to configure both Master Router and Backup Routers and all routers should have the same type of configuration. Complete MikroTik VRRP configuration with DHCP can be divided into two parts according to the above network diagram.
MikroTik VRRP and DHCP configuration in Master_RouterOS and
MikroTik VRRP and DHCP configuration in Backup_RouterOS.
MikroTik VRRP and DHCP Configuration in Master_RouterOS
We will now configure MikroTik VRRP and DHCP Server in Master_RouterOS. In MikroTik VRRP, Master Router is identified by priority setting. The router whose priority is higher is identified as Master Router. The following steps will show how to configure Master_RouterOS so that it will act as a network gateway as well as a VRRP Master Router.
Login to Master_RouterOS using Winbox with full permission user credential.
Click on Interfaces menu item. Interface List window will appear.
Click on VRRP tab and then click on PLUS SIGN (+). New Interface window will appear.
Put VRRP interface name in Name input field or you can keep as default name (vrrp1).
Now click on VRRP tab and choose physical interface (ether2 for this article) on which you want to create VRRP.
Put Virtual Router ID (10 for this article) in VRID input filed. This VRID must be same in Master Router as well as all Backup Routers.
Put Master Router priority (100 for this article) in Priority input field. As this is a Master Router, its priority will be higher than any other Backup Router.
Make sure that Preemption Mode is enabled otherwise Master Router cannot be selected as master automatically if Master Router recovers due to any technical failure.
Click on Apply and OK button. You will find a new VRRP interface (vrrp1) has been created in VRRP interface list.
Go to IP > Addresses menu item. Address List window will appear. Click on PLUS SIGN (+). New Address window will appear.
Put Master_RouterOS WAN IP (192.168.40.2/25) in Address input field and choose WAN interface (ether1) from Interface dropdown menu and then click on Apply and OK button. Click on PLUS SIGN (+) again and Put a LAN IP (10.10.200.1/24) in Address input field and choose LAN interface (ether2) from Interface dropdown menu and then click on Apply and OK button. Click on PLUS SIGN (+) again and put VRRP gateway IP (10.10.200.254/24) in Address input field and choose VRRP interface (default interface name is vrrp1) from Interface dropdown menu and then click on Apply and OK button.
Now go to IP > DNS. DNS Settings window will appear. Put your DNS server IP (Public DNS IP: 8.8.8.8 or 8.8.4.4) in Servers input field and then click on Apply and OK button.
Go to IP > Routes. Route List window will appear. Click on PLUS SIGN (+). New Route window will appear. Click on Gateway input box and put your internet gateway IP (192.168.40.1) in this Gateway input field and then click on Apply and OK button.
Go to IP > Firewall menu and click on NAT tab. Now click on PLUS SIGN (+). New NAT Rule window will appear. Choose srcnatfrom Chain dropdown menu. Click on Action tab and choose masqueradefrom Action dropdown menu and then click on Applyand OK button.
Go to IP > DHCP Server menu from your Winbox. DHCP Server window will appear.
In DHCP Server window, click on DHCP Setup button and choose the created VRRP interface (in this article: vrrp1) from DHCP Server Interface drop-down menu and then click on Next
Now put your LAN IP block (10.10.200.0/24) in DHCP Address Spaceinput box and click Next DHCP client/LAN user will get IP address from this network block.
Choose gateway address for the given network (VRRP interface IP: 10.10.200.254) in Gateway for DHCP Networkinput box and then click Next
Put IP range (10.10.200.10-10.10.200.253) from which your DHCP client/LAN user will get IP in Address to Give Outinput box and click Next
Provide preferred DNS server IP and click Next
Now provide IP lease time and click Next Default lease time is 3 days.
DHCP setup is complete now and a successful message will be shown.
Now connect any IP device (Desktop, Laptop, Smartphone etc.) to your network. Automatically an IP will be allocated for that device from your MikroTik DHCP server. Click Leases tab and observe IP lease status of that DHCP client.
MikroTik VRRP DHCP Server
Master_RouterOS configuration with VRRP and DHCP Server has been completed. We will now perform similar configuration in Backup_RouterOS so that it can handle network traffic if Master Router goes down due to any unwanted cause.
MikroTik VRRP Configuration with DHCP in Backup_RouterOS
Backup Router does nothing in VRRP network but check whether Master Router is alive or not. If Master Router goes down, Backup Router handles all network traffics like Master Router. So, Backup Router should have the similar configuration like Master Router but only priority keeps less than Master Router. The following steps will show how to configure Backup_RouterOS so that it can handle network traffic if Master Router fails to operate due to any unwanted issue.
Login to Backup_RouterOS using Winbox with full permission user credential.
Click on Interfaces menu item. Interface List window will appear.
Click on VRRP tab and then click on PLUS SIGN (+). New Interface window will appear.
Put VRRP interface name in Name input field or you can keep as default name (vrrp1).
Now click on VRRP tab and choose physical interface (ether2 for this article) on which you want to create VRRP.
Put Virtual Router ID (10 for this article) in VRID input filed. This VRID must be same in Master Router and all Backup Routers.
Put Backup Router priority (50 for this article) in Priority input field. As this is a Back Router, its priority will be less than Master Router.
Make sure that Preemption Mode is enabled otherwise Master Router cannot be selected as master automatically if Master Router recovers due to any technical failure.
Click on Apply and OK button. You will find a new VRRP interface (vrrp1) has been created in VRRP interface list.
Go to IP > Addresses menu item. Address List window will appear. Click on PLUS SIGN (+). New Address window will appear.
Put Backup_RouterOS WAN IP (172.30.30.2/25) in Address input field and choose WAN interface (ether1) from Interface dropdown menu and then click Apply and OK button. Click on PLUS SIGN (+) again and Put a LAN IP (10.10.200.2/24) in Address input field and choose LAN interface (ether2) from Interface dropdown menu and then click on Apply and OK button. Click on PLUS SIGN (+) again and put VRRP gateway IP (10.10.200.254/24) in Address input field and choose VRRP interface (default interface name is vrrp1) from Interface dropdown menu and then click on Apply and OK button.
Now go to IP > DNS. DNS Settings window will appear. Put your DNS server IP (Public DNS IP: 8.8.8.8 or 8.8.4.4) in Servers input field and then click Apply and OK button.
Go to IP > Routes. Route List window will appear. Click on PLUS SIGN (+). New Route window will appear. Click on Gateway input box and put your internet gateway IP (172.30.30.1) in this Gateway input field and then click on Apply and OK.
Go to IP > Firewallmenu and click on NAT tab. Now click on PLUS SIGN (+). New NAT Rule window will appear. Choose srcnatfrom Chain dropdown menu. Click on Action tab and choose masqueradefrom Action dropdown menu and then click Applyand OK.
Go to IP > DHCP Server menu from your Winbox. DHCP Server window will appear.
In DHCP Server window, click on DHCP Setup button and choose the created VRRP interface (in this article: vrrp1) from DHCP Server Interface drop-down menu and then click on Next
Now put your LAN IP block (10.10.200.0/24) in DHCP Address Spaceinput box and click Next DHCP client/LAN user will get IP address from this network block.
Choose gateway address for the given network (VRRP interface IP: 10.10.200.254) in Gateway for DHCP Networkinput box and then click Next
Put IP range (10.10.200.10-10.10.200.253) from which your DHCP client/LAN user will get IP in Address to Give Outinput box and click Next
Provide preferred DNS server IP and click Next
Now provide IP lease time and click Next Default lease time is 3 days.
DHCP setup is complete now and a successful message will be shown.
Backup_RouterOS configuration with VRRP and DHCP has been completed. If you have more than one Backup Router, you have to apply similar configuration in all the Backup Routers except priority will be different from other VRRP router and must be less than Master Router. As a VRRP network administrator, it is also your responsibility to update Backup Router configuration whenever Master Router changes.
Now you can test your VRRP configuration by connecting any Desktop or Laptop with DHCP client. If everything is OK, your LAN PC will be able to get uninterrupted internet although your Master Router goes down.
If you face any confusion to follow above steps properly, watch the below video about MikroTik VRRP Configuration with DHCP Server. I hope, it will reduce you any confusion.
MikroTik VRRP configuration with DHCP Server has been discussed in this article. I hope, you will able to configure a VRRP network with MikroTik DHCP Server following the above steps properly. However, if you face any confusion to configure MikroTik VRRP network with DHCP, feel free to discuss in comment or contact with me from Contact page. I will try my best to stay with you.
The Dynamic Host Configuration Protocol (DHCP) is a client-server protocol that is used to assign an IP address and other network configuration parameters dynamically to each device on a network so that they can communicate with other IP networks. DHCP Server is popularly used in an Enterprise Office Network because in an office network various types of IP devices such as Laptop, Desktop, Tablet, Smartphone, IP Phone and so on are maintained and almost all IP devices support DHCP. An ISP Network can also be maintained with DHCP Server.
MikroTik Router has a built-in DHCP Service that can easily be used to manage DHCP enabled devices. Along with MikroTik DHCP Server, MikroTik User Manager Radius Server can also be used to manage DHCP clients and their bandwidth so efficiently. So, if you design your network with MikroTik DHCP Server and User Manager Radius Server, your network will be an easily manageable and smart network. In this article, I will discuss how to configure a static DHCP Server in MikroTik Router with User Manager Radius Server and manage DHCP clients/users so easily and efficiently.
Article Purpose
The purpose of this article is to design a smart and easily manageable network with
MikroTik DHCP Service and
MikroTik User Manager Radius Server.
Network Diagram
For the configuration of this article I am going to establish a network like below network diagram.
DHCP Network with Radius Server
This is a simple and basic network diagram. In real situation, your network might be larger than this network but the basic diagram will remain same. In this network, the WAN Distribution Switch is connected to internet gateway. MikroTik Router’s (NAS) WAN interface and MikroTik User Manager Radius Server are also connected to this WAN Distribution Switch. DHCP users will be connected to NAS Router through LAN Switch and will get internet access and MikroTik Router will communicate to Radius Server through WAN interface.
Core Devices and IP Information
To setup a Hotspot network according to above network diagram, I have installed and completed initial configuration of MikroTik User Manager Radius Server Package in a dedicated physical server where MikroTik RouterOS is running. I have also a physical MikroTik RouterOS (MikroTik RouterBOARD 1100AHX2) which is the NAS (Network Access Server) RouterOS of this network. IP information that I am using for this network configuration are given below.
Radius Server IP: 192.168.110.10/28
MikroTik RouterOS (NAS) WAN IP: 192.168.110.2/28
LAN IP Block: 192.168.10.0/24
LAN Gateway: 192.168.10.1/24
This IP information is just for my RND purpose. So, change this information according to your network requirements.
MikroTik static DHCP Server Configuration with User Manager Radius Server
We are now going to start our DHCP network configuration with User Manager Radius Server according to the above network diagram. The complete configuration can be divided into two parts.
Part 1: MikroTik RouterOS Configuration (NAS Router)
Part 2: MikroTik User Manager Radius Server Configuration
Part 1: MikroTik RouterOS Configuration (NAS Router)
In the first part, we will configure our MikroTik RouterOS (NAS) so that it can turn into a static DHCP Server and can communicate with Radius Server to authenticate DHCP clients. Complete RouterOS configuration can be divided into below topics.
Basic MikroTik RouterOS Configuration
DHCP Configuration in MikroTik RouterOS
Creating Firewall Rule to Block or Allow DHCP Clients
Radius Client Configuration in MikroTik RouterOS
Basic MikroTik RouterOS Configuration
MikroTik Router basic configuration includes WAN IP, LAN IP and DNS IP assigning and NAT and Default Gateway Configuration. The following steps will show how to perform these topics in your MikroTik RouterOS.
Login to your MikroTik Router using Winbox with full permission user such as admin user.
Go to IP > Addresses menu item. Address List window will appear. Click on PLUS SIGN (+). New Address window will appear.
Put RouterOS WAN IP (RouterOS WAN IP: 192.168.110.2/28) in Address input field and choose WAN interface from Interface dropdown menu and then click Apply and OK button.
Again click on PLUS SIGN and put LAN Gateway IP (LAN Gateway IP: 192.168.10.1/24 for this article) in Address input field and choose LAN interface (ether2 for this article) from Interface dropdown menu and click Apply and OK button.
Now go to IP > DNS. DNS Settings window will appear. Put your DNS server IP (Public DNS IP: 8.8.8.8 or 8.8.4.4) in Servers input field and then click Apply and OK button.
Go to IP > Routes. Route List window will appear. Click on PLUS SIGN (+). New Route window will appear. Click on Gateway input box and put your internet gateway IP (in this network: 192.168.110.1) in this input field. Click on Apply and OK button.
Go to IP > Firewall menu item and click on NAT tab and then click on PLUS SIGN. New NAT Rule window will appear.
In General tab, choose srcnat from Chain dropdown menu and click Action tab and then choose masquerade from Action dropdown menu.
Click on Apply and OK button.
MikroTik Router basic configuration has been completed. Now we will configure DHCP Server in our NAS RouterOS.
DHCP Configuration in MikroTik RouterOS
Now we will configure DHCP Server in our NAS RouterOS. The following steps will show you how to configure a DHCP Server in your MikroTik RouterOS.
Go to IP > DHCP Server menu item from your winbox. DHCP Server window will appear.
In DHCP Server window, click on DHCP Setup button and choose the interface (in this article: ether2) on which you want to setup DHCP server from DHCP Server Interface dropdown menu and then click on Next button.
Now put your LAN IP block (192.168.10.0/24 for this article) in DHCP Address Space input box and click Next button.
Put LAN gateway address (192.168.10.1 for this article) in Gateway for DHCP Network input box and then click Next button.
Provide IP range from which your DHCP client/LAN user will get IP in Address to Give Out input box and click Next button.
Provide preferred DNS server IP and click Next button.
Now provide IP lease time and click Next button. Default lease time is 3 days.
DHCP setup has been completed and a successful message will be shown. Your DHCP Server will be shown in DHCP Server List.
Click on your DHCP Server twice and you will find DHCP Server window. From Address Pool dropdown menu, choose static-only so that your DHCP Server turns into a static DHCP Server. In a static DHCP Server, IP address will not be provided until client MAC address is supplied and obviously an enterprise network will want it.
Go to IP > Pool and remove the automatic created pool from Pools list because in static DHCP server no need to have a pool. IP will be provided manually when any user will supply his device MAC address.
DHCP Server configuration has been completed. Now we will create two firewall rules so that only our permitted users can access internet via our MikroTik Router.
Creating Firewall Rule to Block or Allow DHCP Clients
We will now create two firewall rules so that only our permitted user can get internet access via our MikroTik Router. If any expert user wants to do any unfair connection, he will be rejected by these following rules.
Go to IP > Firewall and click on Filter Rules tab and then click on PLUS SIGN (+). New Firewall Rule window will appear.
In General tab, choose forward from Chain dropdown menu and choose your LAN interface from Interface dropdown menu.
Click on Action tab and choose drop from Action dropdown menu.
Click Apply and OK button.
Similarly, click on PLUS SIGN (+) and choose forward from Chain dropdown menu and choose LAN interface from Interface dropdown menu.
Click on Advanced tab and write permitted_users in Address List input box.
Click on Action tab and choose accept from Action dropdown menu.
Now click on Apply and OK button.
What we have done is that we have blocked all the users coming from LAN interface with the first firewall rule and then we have allowed all the users who have in permitted_users address list or group with the second firewall rule. Obviously, the second rule must place before the first rule otherwise permitted_users will not get internet access because they will go under first blocked rule. The permitted_users group will be supplied from Radius Server.
Radius Client Configuration in MikroTik RouterOS
The following steps will show you how to configure Radius client in MikroTik RouterOS.
Click on Radius menu item from left menu bar. Radius window will appear now.
Click on PLUS SIGN (+). New Radius Server window will appear now.
Click on dhcp checkbox from Service panel.
Put Radius Server IP address (in this article: 192.168.110.10) in Address input field.
Provide a password in Shared Secret input field. This password is important and has to provide when NAS router will be configured in User Manager Radius Server.
Click on Apply and OK button.
Now click on Incoming button and Radius Incoming window will appear.
Click on Accept checkbox and put 1700 in Port input box and then click on Apply and OK button.
Radius client configuration has been completed. Now MikroTik RouterOS is able to communicate with Radius Server to authenticate DHCP users.
Part 2: MikroTik User Manager Radius Server Configuration
MikroTik User Manager Radius Server installation and initial configuration has been discussed in my previous article. If you don’t have enough introduction with User Manager Radius Server installation and initial configuration, first spend some time to study that article and complete your Radius Server installation and initial configuration and then continue my below section. In this section, I will cover below topics in our Radius Server for DHCP user authentication, authorization and accounting.
Adding Client Router (NAS) in Radius Server
Profile Configuration for User Bandwidth Limitation and Permission
Adding User in Radius Server
Adding Client Router (NAS) in Radius Server
The following steps will show you how to add client router in User Manager Radius Server.
Click on Routers button from left button panel and then click on Add > New menu item from top menu bar. Router Details window will appear now.
In Main panel, put a meaningful name for your client router in Name input field. Also choose owner from Owner dropdown menu.
Put your client router IP address (RouterOS IP: 192.168.110.2) in IP address input field.
Now put shared secret password that you have provided at Radius client configuration in MikroTik RouterOS Shared secret input field.
In Radius incoming panel, click on CoA support check box and put 1700 in CoA port input box.
Click on Add button to add this router in Radius Server Router list.
MikroTik RouterOS has been added in User Manager Radius Server as a client router. Now User Manager will reply any query that will be asked by our MikroTik RouterOS.
Profile Configuration for User Bandwidth Limitation and Permission
Now we will create user profile so that we can manage our DHCP user’s bandwidth and permission. The following will show how to create user bandwidth limitation and maintain user permission with User Manager Radius Server.
Click on Profiles button and then click on Limitations
Now click on Add > New menu item. Limitation details window will appear.
Put your limitation package name in Name input box. I am providing Executive Package in Name field because I want to create a limitation package for Executives. Also choose owner from Owner dropdown menu.
In Rate limits panel, put your bandwidth limitation parameter. For a 512kbps bandwidth limitation, I am providing below information.
Parameter name
Rx
Tx
Rate limit
512k
512k
Burst rate
1M
1M
Burst threshold
512k
512k
Burst time
60
60
Min rate
32k
32k
Also choose priority from Priority dropdown menu. For my configuration I am choosing 8 that mean lowest priority.
In Constraints panel, put your permitted users address list name (in this article: permitted_users) in Address list input box.
Click Save button to save this limitation package.
Similarly, you can create as many limitation packages as you want.
Now click on Profiles tab and then click on PLUS SIGN (+). Create profile window will appear.
Put profile name what you want in Name input field. For my executive package, I am providing Executive as name. Click on Create Your created profile will be available in Profiles dropdown menu.
From Profiles dropdown menu, select your profile created profile. At the bottom of this profile, you will find Unlimited profile that mean there is no limitation for this profile. So, click on Add new limitationProfile part window will appear now.
You will find your limitation packages that you have created before in Limits Click on your desired Package’s checkbox and then click on Add button to add this limitation for this profile.
Similarly, you can create as many profiles as you want and can assign limitation for those profiles.
Profile configuration in User Manager Radius Server has been completed. Now we will create users who will be permitted to get internet access.
Adding User in Radius Server
Now we will add our DHCP clients in User Manager Radius Server. The following steps will show you how to add users/DHCP clients in your Radius Server.
Click on Users button and then click on Add > One menu item. User details window will appear.
In Main panel, put MAC address of your user’s device in Username input field.
In Constraints panel, put IP address that you want to assign for this user in IP address input field.
Now choose your desired profile for this user from Assign profile dropdown menu and then click on Add
First DHCP user has been created. Similarly, you can create as many users as you want following the above steps properly.
Our static DHCP server is ready. Now it is time to test our DHCP server. Connect the device that you added here in your network. If everything is OK, the device will be able to get internet access via your NAS Router.
Assigning IP Dynamically via Static DHCP Server
Normally, there is no option in MikroTik static DHCP Server to authenticate DHCP users by providing MAC address and then assign IP address dynamically. For example, a guest user comes to your office and provides his smartphone MAC address. Now you will add this MAC address and assign available IP address manually and then he will be connected to your network. But in this process, finding an available IP address may be a boring task. Using Radius Server, you can avoid this boring task if you want. The following steps will show how to provide IP dynamically via static DHCP Server using MikroTik User Manager Radius Server.
Login to MikroTik Router and go to IP > Addresses and then click on PLUS SIGN. Put a new IP block’s gateway IP (such as: 192.168.11.1/24) in Address input field and choose the interface where DHCP Server is enabled from Interface dropdown menu. Click on Apply and OK button.
Go to IP > Pool and click on PLUS SIGN. Put pool name (such as: guest_users_ip) in Name input field. In addresses input filed, put IP ranges from where IP will be assigned dynamically (such as: 192.168.11.2-192.168.11.254).
Go to IP > DHCP Server and click on Networks tab and then click on PLUS SIGN. Put your IP block (such as: 192.168.11.0/24) in Address input field and gateway IP (such as: 192.168.11.1) Gateway input field. You can also assign DNS server for this IP block from DNS Servers input field. Click Apply and OK button.
Now login to User Manager Web interface with customer credentials and click on Profiles button and then click on Limitation tab. Go to Add > New menu item and put name of this limitation package (such as: Guest Package) in Name input field and choose owner from Owner dropdown menu.
If you want to apply rate limit for this package, you can do that from Rate limit panel according to your requirements.
In Constraints panel, put IP Pool name (in this article: guest_users_ip) in IP pool input filed. Also put permitted user’s address list (in this article: permitted_users) in Address list window. Click Add button to add this new limitation package.
Click on Profiles tab and click on PLUS SIGN. Put profile name in Name input field and click on Create button. Your newly created profile will be available in Profiles dropdown menu. Select your newly created profile and from bottom click on Add new limitation You will find your newly created limitation package in Limits panel. Click on newly created package checkbox and then click on Add button.
Click on Users button from left button panel and click on Add > One menu item. Put MAC address of your user’s device in Username input field and then just select your newly created profile from Assign profile dropdown menu. Click add button to add this user. Similarly, you can create as many users for this profile as you want.
Now our static DHCP with Radius Server is ready to provide IP address dynamically to our desired users. Connect your desired device to your network. If everything is OK, your user will get IP address dynamically from your defined IP ranges.
I hope, it will be so easy to configure a static DHCP network with MikroTik User Manager Radius Server if follow the above steps properly. However, if you face any confusion to follow the above steps, feel free to watch my video tutorial about MikroTik static DHCP Server Configuration with User Manager Radius Server. I hope, it will reduce your any confusion.
MikroTik Static DHCP Server Configuration with User Manager Radius Server has been discussed in this article. I hope you will be able to configure your network with MikroTik DHCP Server and User Manager Radius Server so easily. However, if you face any confusion to design your DHCP network with User Manager Radius Server, feel free to contact with me from Contact page. I will try my best to stay with you.
DHCP server helps to assign IP address and other related IP information (Subnet mask, Gateway and DNS) automatically in a network. But automatic DHCP server has some disadvantages too. If any IP device is connected to any automatic DHCP enabled network, the device will get an IP address and related IP information automatically by the DHCP server and the device will start to use resources of this network. So, the network administrator cannot know who is being connected to the network and using network resources such internet bandwidth, network printer and server. This unauthorized access is obviously a security issue of any network. But network administrator can prevent this unauthorized access to his network by applying static DHCP server strategy in MikroTik Router.
Static DHCP Server Strategy
A network administrator can prevent unauthorized DHCP client access to his network by applying static DHCP server strategy in MikroTik router. Static DHCP server strategy is also known as MAC address binding in DHCP server. In a static DHCP enabled network, the user of any IP device must provide MAC address to the network administrator to get IP address and related IP information such as Subnet mask, Gateway and DNS. Any IP device will not get IP address and other related information without providing MAC address. For example, Say you have a office network like below network diagram where users are coming with their IP devices.
Static DHCP Enabled Network
As you have a DHCP enabled network, they can manage your AP SSID and Password and can be connected with your network through DHCP server. Obviously, this is a security issue in your network. So, should implement a strategy that no man can be connected with your network although you have a DHCP enabled network and public SSID and Password. You can easily build such a network where no user can be connected without your permission by applying static DHCP strategy which also known as DHCP MAC address binding.
Static DHCP Server Configuration
Obviously, static DHCP server is a beneficial feature in your network. Now I will show you how to configure a static DHCP server in your network with MikroTik router. Complete static DHCP server configuration can be divided into 3 steps.
MikroTik router basic configuration
DHCP Configuration in MikroTik router and
DHCP server to static DHCP server conversion.
MikroTik router basic configuration was explained in my first article. If you are a new MikroTik user, follow my article about MikroTik router basic configuration using winbox and complete your basic MikroTik configuration.
After completing MikroTik basic configuration, you have to configure DHCP server in your MikroTik router. How to configure a DHCP server configuration in MikroTik router was explained in my previous article. Follow all the steps from 1 to 8 described in that article and then follow below steps to turn your DHCP server into a static DHCP server.
Go to IP > Pool to open IP Pool window.
From IP Pool window, remove your dhcp server pool. So, no IP will be provided automatically by your DHCP server.
Now go to IP > DHCP Server and double click on active DHCP server and then check Address Pool of DHCP server and make it static-only.
Now click on Lease tab and click plus sign (+) button. New DHCP Lease will appear now. Provide IP address,MAC address of your user device and choose DHCP server from Server drop-down menu and then click Apply and OK button.
Now connect this IP device in your network. A static DHCP IP address and related IP information will be provided to this device. If the device gets IP information successfully, you will see DHCP lease status bound in DHCP lease window.
To turn your DHCP server into static DHCP server, you should follow the above steps carefully otherwise your will not get desired result. If you face any difficulty to do above steps, please watch carefully my below video about MikroTik Router Static DHCP Server Configuration. I hope, it will show you proper guide to configure a static DHCP server in your MikroTik router.
Static DHCP server configuration in MikroTik Router has been explained in this article. A video tutorial has also been uploaded so that you can configure static DHCP server in your MikroTik router without any confusion. However, if you face any problem to configure static DHCP server in your network with MikroTik router, feel free to contact with me from Contact page. I will try my best to stay with you.
Dynamic Host Configuration Protocol (DHCP) is a client/server protocol where a DHCP server automatically provides an Internet Protocol (IP) address and other related information such as subnet mask, default gateway and DNS to DHCP clients. DHCP server and client use UDP port 67 and 68 for communication. In a network, a DHCP client (IP devices such as Desktop, Laptop, Smartphone etc.) requests for an IP lease to DHCP servers and a DHCP server responses allocating IP address and other related IP information for a certain period. So, a DHCP server reduces huge network administration tasks of a system administrator. Every MikroTik Router has a built-in DHCP service. So, system admin can easily turn MikroTik Router into a DHCP server and can easily reduce his network administration task.
MikroTik DHCP Server configuration
Generally, every MikroTik router has a built-in DHCP service. So, if you have a MikroTik router and you want to enable a DHCP server in your network with MikroTik router to reduce your administrator task, keep reading the rest of this article where I will show you how to configure a DHCP server in your MikroTik router.
Before going to start configuring a DHCP server in MikroTik router, I will show you a basic network diagram where a MikroTik router is working as a DHCP server as well as it is working as a network gateway. I hope, your network is almost same like the below network diagram and you want to enable a DHCP server in your MikroTik router.
DHCP Enabled Network Diagram with MikroTik Router
In the above network diagram, the first interface (ether1 port) of MikroTik router is connected to an ISP for accessing internet and this interface is known as WAN port. All the LAN users are connected to second interface (ether2 port) of MikroTik router through a network switch. We will now enable DHCP server in this second interface so that all the LAN users will get network information (IP, Subnet mask, Gateway and DNS) dynamically from this DHCP server to access internet. But before enabling DHCP server in MikroTik router, you have to complete MikroTik router basic configuration. Basic configuration includes WAN and LAN IP assigning, Gateway IP assigning, DNS configuration and NAT rule creation. If you are a new MikroTik user, please spend some time to study my previous article about MikroTik Router Basic Configuration using Winbox and complete the basic configuration of your MikroTik router and then follow my below steps to enable DHCP server in your MikroTik router.
Go to IP > DHCP Server menu from your winbox. DHCP Server window will appear.
In DHCP Server window, click on DHCP Setup button and choose the interface (in this article: ether2) in which you want to setup DHCP server from DHCP Server Interface drop-down menu and then click on Next button.
Now put your LAN network block in DHCP Address Space input box and click Next button. DHCP client/LAN user will get IP from this network.
Choose gateway address for the given network in Gateway for DHCP Network input box and then click Next button.
Provide IP range from which your DHCP client/LAN user will get IP in Address to Give Out input box and click Next button.
Provide preferred DNS server IP and click Next button.
Now provide IP lease time and click Next button. Default lease time is 3 days.
DHCP setup is complete now and a successful message will be shown.
Now connect any IP device (Desktop, Laptop, Smartphone etc.) to your network. Automatically an IP will be allocated for that device from your MikroTik DHCP server. Click Leases tab and observe IP lease status of that DHCP client.
If you follow the above steps carefully, your MikroTik router will turn into a DHCP server and your LAN users will now be able to obtain IP information from your MikroTik DHCP server. However, if you face any problem to enable DHCP server in your MikroTik router, watch my below video about DHCP Server configuration in MikroTik Router. I hope, it will help you to configure your MikroTik DHCP server successfully.
DHCP server configuration in MikroTik Router has been explained step by step in this article. A video tutorial has also been uploaded so that you can configure DHCP server in MikroTik router without any confusion. However, if you face any problem to configure a DHCP server in your MikroTik router, feel free to discuss in comment or contact with me from Contact page. I will try my best stay with you.
