Skip to content
MikroTik RouterOS Docs

MikroTik RouterOS IPv6 DHCP Relay: Centralizing DHCPv6 Services

MikroTik RouterOS IPv6 DHCP Relay: Centralizing DHCPv6 Services

Section titled “MikroTik RouterOS IPv6 DHCP Relay: Centralizing DHCPv6 Services”

RouterOS Version: 7.18+ recommended (bindings and route installation added) Difficulty: Intermediate Estimated Time: 30 minutes

Overview

Section titled “Overview”

DHCPv6 relay forwards DHCPv6 requests from clients on one network segment to a DHCPv6 server on another segment. This enables centralized DHCPv6 management across multiple subnets without requiring a DHCPv6 server on each segment.

Important version note: DHCPv6 relay in RouterOS had significant limitations prior to version 7.18. Earlier versions did not install routes for delegated prefixes, making prefix delegation essentially non-functional. RouterOS 7.18 added bindings support and automatic route installation, making DHCPv6 relay practical for production use.

If you’re running RouterOS versions prior to 7.18, consider using the DHCPv6 client/server approach instead (see Alternatives section).

When to Use DHCPv6 Relay

Section titled “When to Use DHCPv6 Relay”
ScenarioDHCPv6 Relay Appropriate
Centralized DHCPv6 server serving multiple remote sitesYes (7.18+)
ISP providing prefix delegation to customer routersConsider local DHCPv6 server
Single router serving local networkNo - use DHCPv6 server directly
Multiple VLANs on same routerNo - use DHCPv6 server directly
RouterOS version < 7.18Not recommended

Prerequisites

Section titled “Prerequisites”
  • RouterOS 7.18 or later (strongly recommended)
  • IPv6 package enabled
  • Routing between relay and DHCPv6 server
  • DHCPv6 server configured on remote router

Configuration Steps

Section titled “Configuration Steps”

Step 1: Verify RouterOS Version

Section titled “Step 1: Verify RouterOS Version”

DHCPv6 relay requires version 7.18+ for full functionality:

/system resource print

Check the version field. If below 7.18, see the Alternatives section.

Step 2: Configure DHCPv6 Relay

Section titled “Step 2: Configure DHCPv6 Relay”

The basic DHCPv6 relay configuration:

/ipv6 dhcp-relay add name=relay1 interface=bridge-lan dhcp-server=2001:db8::1%ether1-wan

Key syntax note: The dhcp-server parameter uses the format address%interface where:

  • address is the DHCPv6 server’s IPv6 address
  • interface is the local interface used to reach the server

Step 3: Verify Relay Configuration

Section titled “Step 3: Verify Relay Configuration”
/ipv6 dhcp-relay print

Expected Output:

Flags: X - disabled, I - invalid
 #   NAME     INTERFACE     DHCP-SERVER
 0   relay1   bridge-lan    2001:db8::1%ether1-wan

Step 4: Verify Bindings (RouterOS 7.18+)

Section titled “Step 4: Verify Bindings (RouterOS 7.18+)”

After clients request prefixes, check the relay bindings:

/ipv6 dhcp-relay binding print

This shows delegated prefixes and associated routes.

Complete Configuration Example

Section titled “Complete Configuration Example”

Network Topology

Section titled “Network Topology”
[DHCPv6 Server]                    [DHCPv6 Relay]                [Client CPE]
  2001:db8::1   ───── WAN ─────   relay-router   ───── LAN ─────   customer
                                  ether1-wan        bridge-lan

DHCPv6 Server Configuration (Remote Router)

Section titled “DHCPv6 Server Configuration (Remote Router)”

On the central DHCPv6 server:

# Create prefix pool for delegation
/ipv6 pool add name=client-prefixes prefix=2001:db8:1000::/40 prefix-length=56


# Configure DHCPv6 server
/ipv6 dhcp-server add name=dhcp6-server interface=ether1 address-pool=client-prefixes

DHCPv6 Relay Configuration (Local Router)

Section titled “DHCPv6 Relay Configuration (Local Router)”

On the router with clients:

# Ensure interface has IPv6 address
/ipv6 address add address=2001:db8:2::1/64 interface=ether1-wan


# Configure DHCPv6 relay
/ipv6 dhcp-relay add name=client-relay interface=bridge-lan dhcp-server=2001:db8::1%ether1-wan

Client CPE Configuration

Section titled “Client CPE Configuration”

On the customer device requesting prefix delegation:

/ipv6 dhcp-client add interface=ether1 request=prefix pool-name=delegated add-default-route=yes

DHCPv6 Relay Properties

Section titled “DHCPv6 Relay Properties”
PropertyTypeDefaultDescription
namestring-Descriptive name for the relay
interfacestring-Interface listening for DHCPv6 client requests
dhcp-serverstring-DHCPv6 server address in address%interface format
disabledyes/nonoEnable/disable the relay

Verification

Section titled “Verification”

Check 1: Relay Status

Section titled “Check 1: Relay Status”
/ipv6 dhcp-relay print

Expected: No X (disabled) or I (invalid) flags.

Check 2: Connectivity to DHCPv6 Server

Section titled “Check 2: Connectivity to DHCPv6 Server”
/ping 2001:db8::1 count=3

Expected: Successful replies from DHCPv6 server.

Check 3: Relay Bindings (7.18+)

Section titled “Check 3: Relay Bindings (7.18+)”
/ipv6 dhcp-relay binding print

Expected: Entries showing delegated prefixes after clients request them.

Check 4: Routes Installed for Delegated Prefixes

Section titled “Check 4: Routes Installed for Delegated Prefixes”
/ipv6 route print where dhcp

Expected: Dynamic routes for delegated prefixes pointing to client interfaces.

Check 5: Client Prefix Assignment

Section titled “Check 5: Client Prefix Assignment”

On the client CPE:

/ipv6 dhcp-client print detail

Expected: status=bound and a delegated prefix shown.

Troubleshooting

Section titled “Troubleshooting”

Problem: “Relay shows invalid flag”

Section titled “Problem: “Relay shows invalid flag””

Cause: Interface doesn’t exist or DHCPv6 server unreachable.

Solution:

  1. Verify interface exists: /interface print where name=bridge-lan
  2. Verify connectivity to server: /ping 2001:db8::1
  3. Check the dhcp-server format includes %interface

Problem: “Clients not receiving prefixes”

Section titled “Problem: “Clients not receiving prefixes””

Cause: Routing issue between relay and server, or firewall blocking DHCPv6.

Solution:

  1. Ensure UDP ports 546/547 are not blocked:
/ipv6 firewall filter add chain=forward action=accept protocol=udp dst-port=546,547 comment="Allow DHCPv6"
/ipv6 firewall filter add chain=input action=accept protocol=udp dst-port=546,547 comment="Allow DHCPv6 to router"
  1. Verify bidirectional routing between relay and server
  2. Check DHCPv6 server logs on the remote router

Problem: “Prefixes delegated but routes not installed” (Pre-7.18)

Section titled “Problem: “Prefixes delegated but routes not installed” (Pre-7.18)”

Cause: RouterOS versions before 7.18 do not install routes for relayed prefixes.

Solution:

  1. Upgrade to RouterOS 7.18 or later
  2. Or use the DHCPv6 client/server approach instead of relay (see Alternatives)
  3. Or implement a script-based workaround that monitors DHCP logs and adds routes

Problem: “Return traffic not reaching clients”

Section titled “Problem: “Return traffic not reaching clients””

Cause: DHCPv6 server doesn’t have route to delegated prefix via relay router.

Solution: Ensure the DHCPv6 server has a route pointing delegated prefixes through the relay router:

# On DHCPv6 server
/ipv6 route add dst-address=2001:db8:1000::/40 gateway=2001:db8:2::1

Problem: “DHCPv6 relay worked in v6 but not in v7”

Section titled “Problem: “DHCPv6 relay worked in v6 but not in v7””

Cause: Implementation changes between major versions.

Solution:

  1. Verify configuration syntax is correct for v7
  2. Check that dhcp-server uses address%interface format
  3. Upgrade to 7.18+ for improved DHCPv6 relay support

Common Pitfalls

Section titled “Common Pitfalls”

1. Missing Interface in dhcp-server Parameter

Section titled “1. Missing Interface in dhcp-server Parameter”

Wrong:

/ipv6 dhcp-relay add interface=bridge-lan dhcp-server=2001:db8::1

Right:

/ipv6 dhcp-relay add interface=bridge-lan dhcp-server=2001:db8::1%ether1-wan

2. Using DHCPv6 Relay on Old RouterOS Versions

Section titled “2. Using DHCPv6 Relay on Old RouterOS Versions”

Problem: Routes for delegated prefixes not installed, breaking prefix delegation.

Solution: Upgrade to RouterOS 7.18+ or use DHCPv6 client/server approach.

3. Firewall Blocking DHCPv6 Traffic

Section titled “3. Firewall Blocking DHCPv6 Traffic”

Problem: DHCPv6 uses UDP ports 546 (client) and 547 (server), which may be blocked.

Solution: Add explicit firewall rules for DHCPv6:

/ipv6 firewall filter add chain=forward action=accept protocol=udp dst-port=546,547

4. Expecting Relay to Replace SLAAC

Section titled “4. Expecting Relay to Replace SLAAC”

Problem: DHCPv6 relay handles prefix delegation and stateful addresses, not SLAAC.

Solution: Configure Router Advertisements separately via /ipv6 nd for SLAAC. DHCPv6 and SLAAC serve different purposes and often work together.

Alternatives to DHCPv6 Relay

Section titled “Alternatives to DHCPv6 Relay”

For RouterOS versions before 7.18, or when relay proves unreliable, use this alternative approach:

DHCPv6 Client + Local DHCPv6 Server

Section titled “DHCPv6 Client + Local DHCPv6 Server”

Instead of relaying, obtain a prefix from upstream and serve it locally:

Step 1: Configure DHCPv6 Client on WAN

/ipv6 dhcp-client add interface=ether1-wan request=prefix pool-name=isp-prefix pool-prefix-length=64 add-default-route=yes

Step 2: Configure Local DHCPv6 Server for LAN

# Create pool from ISP-delegated prefix
/ipv6 pool add name=lan-pool prefix=::/48 prefix-length=64 depends-on=isp-prefix


# Configure DHCPv6 server
/ipv6 dhcp-server add name=lan-dhcp6 interface=bridge-lan address-pool=lan-pool

Step 3: Configure SLAAC for LAN Clients

/ipv6 address add address=::1/64 from-pool=isp-prefix interface=bridge-lan advertise=yes

This approach is more reliable and well-documented than DHCPv6 relay for older RouterOS versions.

Version History

Section titled “Version History”
VersionDHCPv6 Relay Status
6.xBasic functionality, routes not installed for PD
7.0-7.17Similar limitations to v6
7.18+Bindings support added, route installation working

References

Section titled “References”
Section titled “Related Topics”

Prerequisites

Section titled “Prerequisites”

Alternative Approaches

Section titled “Alternative Approaches”

LAN Configuration

Section titled “LAN Configuration”
  • IPv6 ND - Router Advertisements for SLAAC (separate from DHCPv6)
  • IPv6 Firewall - must allow UDP ports 546/547 for DHCPv6
Section titled “Related Topics”