Good day, community!

There is RB2011, a provider without DHCP on the first port, a server with ESXi on the second port. Objective: to provide virtualke with white IPs via DHCP, preferably with wire speed. Now we have a collective farm in the form of a bridge with these two ports and a DHCP server on this bridge. Prov I do not really like it, since DHCP serv prevents it.

Microtik config

How do you advise to do?

PS Well, of course, the router must also be accessible from the outside.

  • How can the ACL ban incoming packets from eth1 to 67 UDP port? For order, you can still ban outgoing to the provider on 67/68 UDP. Either agree with the prow that would give the subnet routing through some interface IP and then do the usual routing instead of the bridge - Mike

1 answer 1

You have an ISP gateway and ESX in the same broadcast domain, you can certainly try to disable DHCP on the first port, but this is a moveton.

Remove the bridge, do one-to-one Stasic NAT and distribute gray addresses to machines.

  • This is a big farm. I hate these three letters: NAT. - Vasiliy
  • I have already solved the problem, thanks to MUM 2016 Slovenia. Here's a predashka (slide 50) - Vasiliy
  • Yes, the solution is very elegant and better than nat. - Alexey Maksimenko