well, Cambium SM’s don’t have a router mode without NAT so not sure how DHCP relay will help.
In our Cambium, we just run in bridge mode and set AP for client isolation and any switch ports the cluster is plugged into also has port isolation and DHCP snooping enabled. This keeps garbage layer 2 traffic (like a customer connecting his router wrong and introducing a DHCP server, or gratuitous ARPs, etc from polluting everything).
Then we have Sonar just put the DHCP reservation in the MT. But we do have to know the customer MAC. Back to your original problem.
You can put the SM in NAT mode and let it use DHCP or PPPoE on the WAN side, and Sonar can put in a reserved lease as you know the MAC of the SM.
We just dont like to do NAT on the CPE because that generally causes a double NAT (one on CPE and one on customer router).