Skip to content
MikroTik RouterOS Docs

DHCP

DHCP (Dynamic Host Configuration Protocol)

Section titled “DHCP (Dynamic Host Configuration Protocol)”

DHCP is a network management protocol used to automatically assign IP addresses and other network configuration parameters to devices on a network. MikroTik RouterOS provides comprehensive DHCP functionality including DHCP server, DHCP client, DHCP relay, and DHCPv6 support for IPv6 networks.

Prerequisites and Components Overview

Section titled “Prerequisites and Components Overview”

Understanding the relationship between DHCP components is essential for proper network configuration. The DHCP system in RouterOS consists of several interconnected components that work together to provide complete IP address management.

Core DHCP Components

Section titled “Core DHCP Components”

The DHCP implementation in RouterOS comprises four primary components:

1. DHCP Server (/ip dhcp-server)

  • Distributes IP addresses to clients from an address pool
  • Manages lease assignments and maintains lease database
  • Supports static leases for specific MAC addresses
  • Integrates with RADIUS for authentication and accounting
  • Can operate with or without relay agents

2. DHCP Client (/ip dhcp-client)

  • Requests IP configuration from a DHCP server
  • Typically used on WAN interfaces for ISP connectivity
  • Can request specific options like DNS, NTP, and routes
  • Supports both IPv4 (DHCP) and IPv6 (DHCPv6)

3. DHCP Relay (/ip dhcp-relay)

  • Forwards DHCP requests between clients and servers across different network segments
  • Essential for multi-subnet DHCP deployments
  • Uses the giaddr (Gateway IP Address) field to identify the relay agent
  • Allows centralized DHCP servers to serve multiple network segments

4. IP Pools (/ip pool)

  • Define ranges of IP addresses available for assignment
  • Can be shared between multiple DHCP servers
  • Support both IPv4 and IPv6 address pools
  • Used for DHCP, PPP, and other address assignment methods

Component Relationship Diagram

Section titled “Component Relationship Diagram”
┌─────────────────────────────────────────────────────────────┐
│                    DHCP Deployment                          │
├─────────────────────────────────────────────────────────────┤
│                                                             │
│  ┌──────────┐     ┌─────────────┐     ┌──────────────┐   │
│  │   DHCP   │────▶│   IP Pool   │◀────│  DHCP Server │   │
│  │  Client  │     │  (Ranges)   │     │              │   │
│  │ (WAN/ISP)│     └─────────────┘     └──────┬───────┘   │
│  └──────────┘                                │             │
│                                              │             │
│  ┌──────────┐     ┌─────────────┐            │             │
│  │   DHCP   │◀───▶│  DHCP Relay │◀───────────┘             │
│  │  Client  │     │  (giaddr)   │                          │
│  │(Internal)│     └─────────────┘                          │
│  └──────────┘                                               │
│                                                             │
└─────────────────────────────────────────────────────────────┘

Required Configuration Order

Section titled “Required Configuration Order”

For a typical DHCP server deployment, configure components in this order:

  1. Create IP Pool - Define the range of addresses to distribute
  2. Configure DHCP Server - Associate server with interface and pool
  3. Configure DHCP Network - Define network parameters (gateway, DNS, etc.)
  4. Add Static Leases (optional) - Reserve specific addresses for known clients

DHCP Client

Section titled “DHCP Client”

The DHCP client automatically obtains IP configuration from a DHCP server. This is commonly used for WAN connections to ISPs or any scenario where IP addresses are assigned dynamically.

Summary

Section titled “Summary”

RouterOS DHCP client requests the following options by default:

  • Option 1 - Subnet Mask
  • Option 3 - Gateway Addresses
  • Option 6 - DNS Server Addresses
  • Option 15 - Domain Name
  • Option 33 - Static Routes
  • Option 42 - NTP Server Addresses
  • Option 43 - Vendor Specific Information
  • Option 121 - Classless Static Routes
  • Option 138 - CAPWAP Access Controller Addresses
# View current DHCP client status
/ip dhcp-client print detail


# Monitor DHCP client in real-time
/ip dhcp-client monitor 0

Basic Configuration

Section titled “Basic Configuration”
# Add DHCP client to WAN interface
/ip dhcp-client add interface=ether1 disabled=no


# Verify status - should show "bound" with acquired address
/ip dhcp-client print detail

Expected output:

Flags: X - disabled, I - invalid
 0   interface=ether1 add-default-route=yes use-peer-dns=yes use-peer-ntp=yes
     status=bound address=192.168.0.65/24 gateway=192.168.0.1
     dhcp-server=192.168.0.1 primary-dns=192.168.0.1 primary-ntp=192.168.0.1
     expires-after=9m44s

Advanced Configuration

Section titled “Advanced Configuration”
# DHCP client with custom hostname and options
/ip dhcp-client add interface=ether1 host-name=router1 disabled=no


# DHCP client without default route (for multi-WAN scenarios)
/ip dhcp-client add interface=ether1 add-default-route=no disabled=no


# Use specific routing table for DHCP obtained routes
/ip dhcp-client add interface=ether1 default-route-tables=main:1 disabled=no

Lease Script Example

Section titled “Lease Script Example”

Execute scripts when leases are obtained or released:

/ip dhcp-client add interface=ether2 disabled=no script={
    :local rmark "WAN1"
    :local count [/ip route print count-only where comment="WAN1"]
    :if ($bound=1) do={
        :if ($count = 0) do={
            /ip route add gateway=$"gateway-address" comment="WAN1" routing-table=$rmark
        }
    } else={
        /ip route remove [find comment="WAN1"]
    }
}

DHCP Relay

Section titled “DHCP Relay”

The DHCP relay agent forwards DHCP requests between clients and servers that are on different network segments. This is essential when the DHCP server and clients are not on the same broadcast domain.

Summary

Section titled “Summary”
Sub-menu: /ip dhcp-relay

Understanding giaddr (Gateway IP Address)

Section titled “Understanding giaddr (Gateway IP Address)”

The giaddr field is critical for multi-subnet DHCP deployments. When a DHCP relay agent processes a client’s request, it inserts its own IP address into the giaddr field. This tells the DHCP server:

  1. Which subnet the client is on - The giaddr corresponds to the relay agent’s interface
  2. Which IP pool to use - The server uses giaddr to select the appropriate address pool
  3. Where to send the response - Replies are sent back to the relay agent
# Configure DHCP relay
/ip dhcp-relay add name=relay1 interface=ether2 dhcp-server=10.0.0.1 disabled=no

giaddr Configuration Details

Section titled “giaddr Configuration Details”

When the relay agent forwards a DHCP request:

  1. Client broadcasts DHCPDISCOVER to local network
  2. Relay agent receives the broadcast on the interface
  3. Relay agent inserts its own IP address in the giaddr field
  4. Relay agent forwards the unicast request to the configured DHCP server
  5. DHCP server uses giaddr to determine which address pool to use
  6. Server sends DHCPOFFER back to the giaddr IP
  7. Relay agent forwards the response to the client
# View relay agent status
/ip dhcp-relay print detail


# Example: Relay on interface vlan10, server at 10.1.1.100
/ip dhcp-relay add interface=vlan10 dhcp-server=10.1.1.100 \
    local-address=10.10.10.1 disabled=no

Multi-Server Configuration

Section titled “Multi-Server Configuration”
# Configure relay with multiple DHCP servers (failover)
/ip dhcp-relay add interface=bridge-local \
    dhcp-server=10.0.0.1,10.0.0.2 \
    disabled=no

Important: NAT and DHCP Relay

Section titled “Important: NAT and DHCP Relay”

CRITICAL WARNING: If NAT (masquerade) is applied to traffic between DHCP relay and DHCP server, DHCP will fail. This is because:

  1. The DHCP relay adds the giaddr field to identify the client subnet
  2. NAT masquerade rewrites the source IP to the router’s IP
  3. This strips the giaddr information from the packet
  4. The DHCP server cannot determine the correct subnet
  5. DHCP requests fail silently or receive incorrect addresses

Solution: Use src-nat policy routing or place DHCP relay traffic in a separate NAT chain:

# Create separate chain for DHCP relay traffic
/ip firewall nat add chain=srcnat action=accept \
    protocol=udp dst-port=67-68 src-address=192.168.0.0/16


# Then apply masquerade to other traffic
/ip firewall nat add chain=srcnat action=masquerade out-interface=wan

DHCP Server

Section titled “DHCP Server”

The DHCP server assigns IP addresses to clients from configured address pools.

Summary

Section titled “Summary”

For DHCP server to function properly:

  1. IP Pools must be configured (do not include the DHCP server’s own IP in the pool)
  2. DHCP Network must be defined (gateway, DNS, etc.)
  3. Server must be on a real interface (not a bridge without real ports)
# Quick setup - minimal configuration
/ip pool add name=dhcp-pool ranges=192.168.88.10-192.168.88.254
/ip dhcp-server network add address=192.168.88.0/24 gateway=192.168.88.1 dns-server=192.168.88.1
/ip dhcp-server add address-pool=dhcp-pool interface=bridge-local disabled=no

Server Properties

Section titled “Server Properties”

Key properties for /ip dhcp-server:

PropertyDescription
address-poolPool from which to assign addresses
interfaceInterface to listen on
lease-timeDefault lease duration (default: 30m)
authoritativeHow to handle unknown clients
use-radiusUse RADIUS for authentication
relayIP address of relay agent to accept requests from

Static Leases

Section titled “Static Leases”
# Add static lease for specific MAC address
/ip dhcp-server lease add address=192.168.88.50 mac-address=00:11:22:33:44:55 \
    server=dhcp1


# View all leases
/ip dhcp-server lease print

Lease Status Values

Section titled “Lease Status Values”
  • waiting - Waiting for static lease to bind
  • testing - Checking for ARP conflicts
  • declined - Client sent DHCPDecline
  • offered - Server offered but client not yet requested
  • bound - Lease is active
  • authorizing - Communicating with RADIUS
  • conflict - ARP conflict detected

DHCPv6 Client vs DHCPv4: Architectural Differences

Section titled “DHCPv6 Client vs DHCPv4: Architectural Differences”

DHCPv6 differs significantly from DHCPv4 in several key areas. Understanding these differences is essential for IPv6 deployments.

Client Identification: DUID vs MAC Address

Section titled “Client Identification: DUID vs MAC Address”

DHCPv4 uses MAC addresses to identify clients:

  • Client is identified by its MAC address
  • Client ID option (option 61) typically contains MAC address
  • Simple identification model

DHCPv6 uses DUID (DHCP Unique Identifier):

  • DUID is generated from router’s MAC address or custom value
  • Persists across interface changes
  • More flexible for virtualized environments
  • RFC 4361 compliant
# View DHCPv6 client DUID
/ipv6 dhcp-client print detail
# Shows: duid=00:03:00:05:6c:3b:6c:7c:41:3e


# Custom DUID (if needed)
/ipv6 dhcp-client set 0 custom-duid=00:03:00:ff:11:22:33:44:55:66

Address Assignment: Stateful vs Stateless

Section titled “Address Assignment: Stateful vs Stateless”

DHCPv4 - Stateful:

  • Server assigns specific IP addresses
  • Server maintains all address state
  • Client receives complete IP configuration

DHCPv6 - Two modes:

  • Stateful (address only): Server assigns specific IPv6 addresses
  • Stateless (SLAAC): Client auto-configures address, server provides other options
# Stateful: Request only address
/ipv6 dhcp-client add interface=ether1 request=address pool-name=ipv6-pool


# Stateful: Request only prefix (for prefix delegation)
/ipv6 dhcp-client add interface=ether1 request=prefix pool-name=pd-pool pool-prefix-length=64


# Both: Request address and prefix
/ipv6 dhcp-client add interface=ether1 request=prefix,address \
    pool-name=combined-pool

Prefix Delegation (DHCPv6-PD)

Section titled “Prefix Delegation (DHCPv6-PD)”

DHCPv6 introduces Prefix Delegation - the router receives a prefix from the ISP and can sub-delegate /64 prefixes to downstream networks.

ISP Router ──────> Customer Router (DHCPv6-PD) ──────> Internal Networks
2001:db8::/48                                    2001:db8:1::/64 (LAN1)
                                                  2001:db8:2::/64 (LAN2)
                                                  2001:db8:3::/64 (LAN3)
# Configure DHCPv6-PD client on WAN
/ipv6 dhcp-client add interface=ether1 request=prefix pool-name=wan-prefix \
    pool-prefix-length=64


# Configure local prefix pool
/ipv6 pool add name=lan-prefixes prefix=2001:db8::/48 prefix-length=64


# Add DHCPv6 server for downstream clients
/ipv6 dhcp-server add prefix-pool=lan-prefixes interface=bridge-local \
    lease-time=3d

Comparison Table

Section titled “Comparison Table”
FeatureDHCPv4DHCPv6
Client IDMAC Address or customDUID (DHCP Unique Identifier)
Address AssignmentStateful onlyStateful or Stateless (SLAAC)
Prefix DelegationNoYes (DHCPv6-PD)
Broadcast vs MulticastBroadcast (v4)Multicast (v6)
Options50+ standard optionsSimilar with IPv6-specific options
Lease TimeSeconds/minutesTypically longer (days/weeks)
Gateway DiscoveryOption 3 (router)Router Advertisement (separate protocol)

IAID (Identity Association Identifier)

Section titled “IAID (Identity Association Identifier)”

DHCPv6 uses IAID to identify client’s interface:

# Get IAID from interface ID (hex to decimal)
/interface> :put [find name="ether1"]
*1


# Convert hex 1 to decimal = 1 (IAID=1)

Troubleshooting

Section titled “Troubleshooting”

Common Issues

Section titled “Common Issues”

1. DHCP Server Not Assigning Addresses

# Check server status
/ip dhcp-server print


# Check for errors in logs
/log print where message~dhcp


# Verify interface has IP address
/ip address print


# Check firewall is not blocking DHCP
/ip firewall filter print where chain~"input|forward" && protocol=udp && dst-port~"67|68"

2. DHCP Relay Not Working

# Verify relay is enabled
/ip dhcp-relay print


# Check giaddr is being set (use packet capture)
/tool sniffer start filter-ip-protocol=udp filter-port=67,68


# Verify DHCP server can reach relay IP
/ping 192.168.88.1

3. Client Stuck in “Searching” State

# Check interface status
/interface ethernet monitor ether1


# Verify DHCP server is on same network
/ping 192.168.88.1


# Check for DHCP server on network
/tool sniffer start filter-ip-protocol=udp filter-port=67,68

4. NAT Breaking DHCP Relay

Problem: When masquerade is applied to DHCP relay traffic, the giaddr field gets rewritten, causing DHCP to fail.

Solution:

# Exclude DHCP relay traffic from NAT
/ip firewall nat add chain=srcnat src-address=192.168.0.0/16 \
    dst-address=10.0.0.0/8 action=accept


# Then apply masquerade to other traffic
/ip firewall nat add chain=srcnat out-interface=wan action=masquerade

Verification Commands

Section titled “Verification Commands”
# View all DHCP leases
/ip dhcp-server lease print


# View lease statistics
/ip dhcp-server lease print stats


# Monitor DHCP server in real-time
/ip dhcp-server monitor


# Check DHCP network configuration
/ip dhcp-server network print


# View IP pools and usage
/ip pool print
/ip pool used print

Configuration Examples

Section titled “Configuration Examples”

Complete Office Network DHCP Setup

Section titled “Complete Office Network DHCP Setup”
# 1. Create address pool
/ip pool add name=office-pool ranges=192.168.88.10-192.168.88.200


# 2. Define DHCP network (shared parameters)
/ip dhcp-server network add address=192.168.88.0/24 \
    gateway=192.168.88.1 \
    dns-server=192.168.88.1,8.8.8.8 \
    domain=office.local


# 3. Enable DHCP server
/ip dhcp-server add address-pool=office-pool interface=bridge-local \
    lease-time=8h name=dhcp1


# 4. Add static lease for printer
/ip dhcp-server lease add address=192.168.88.250 \
    mac-address=AA:BB:CC:DD:EE:FF \
    server=dhcp1


# 5. Configure DHCP options (if needed)
/ip dhcp-server option add code=6 name=dns value="192.168.88.1,8.8.8.8"

DHCP Relay for Multiple Subnets

Section titled “DHCP Relay for Multiple Subnets”
# Configure relay on VLAN10
/ip dhcp-relay add interface=vlan10 dhcp-server=10.0.0.1 disabled=no


# Configure relay on VLAN20
/ip dhcp-relay add interface=vlan20 dhcp-server=10.0.0.1 disabled=no


# Server side: Use giaddr to select correct pool
/ip pool add name=vlan10-pool ranges=10.10.10.10-10.10.10.200
/ip pool add name=vlan20-pool ranges=10.20.10.10-10.20.10.200

Dual Stack (IPv4 + IPv6) Network

Section titled “Dual Stack (IPv4 + IPv6) Network”
# IPv4: DHCP server
/ip pool add name=ipv4-pool ranges=192.168.88.10-192.168.88.200
/ip dhcp-server add address-pool=ipv4-pool interface=bridge-local


# IPv6: DHCPv6-PD client
/ipv6 dhcp-client add interface=ether1-wan request=prefix pool-name=wan-pd \
    pool-prefix-length=64


# IPv6: Local prefix pool
/ipv6 pool add name=lan-pd prefix=::/48 prefix-length=64


# IPv6: DHCPv6 server for clients
/ipv6 dhcp-server add prefix-pool=lan-pd interface=bridge-local lease-time=1d

See Also

Section titled “See Also”
  • DNS — DNS configuration and DNS over HTTPS (DoH)
  • IP Pools — IP address pool management for DHCP
  • Firewall — secure DHCP with firewall rules

Additional Resources

Section titled “Additional Resources”

For detailed property descriptions and advanced configurations, refer to: