'Re: DHCP server multiple gateways'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    Re: DHCP server multiple gateways
From:       Alan DeKok <aland () deployingradius ! com>
Date:       2020-10-23 15:10:52
Message-ID: 5E6BEFD7-4A56-48F0-B082-04519AD2E3CE () deployingradius ! com
[Download RAW message or body]

On Oct 22, 2020, at 4:33 PM, Ulisses Buonanni <ulisses.b@gmail.com> wrote:
> 
> I think I explained myself poorly.
> All houses are in the same broadcast domain:
> 10.0.0.0 mask 255.255.240.0

  Ah, that helps.

> Every house has a subset (not subnet) of this range of ips. Just because of the \
> simplicity in using ACL rules

  Sure.

> So house1 is only allowed to assign ips from 10.0.2.1 to 10.0.2.200 but it is using \
> mask 255.255.240.0 In this example a person from house 1 cannot use a static ip \
> address outside this range because there is a ACL rule saying that specific port \
> can only has a sender from "10.0.2.x" 
> But it is allowed (and common) to a person in house1 to find a printer/sharedfolder \
> in house2 and use it. This is very easy as they are in the same broadcast domain \
> (they are just using different gateways to Internet access)

  OK.  That makes sense.

> In my scenario it is necessary that printers from different houses can be seeing \
> and used from other houses

  OK.

  It's possible to have multiple gateways on one network.  It's a little weird, but \
it's OK.

  I think in the end it's not too difficult.  Just get each user to do 802.1X.  Then \
assign IPs through DHCP.

  The only magic is the following:

* use SQL to track IPs in DHCP.

* when assigning IPs through DHCP, check if the MAC / IP already exists in DHCP.  If \
so, use that IP.  And then assign default gateway based on the IP

* otherwise, assign the IP based on a pool per "home" network.  i.e. Choose a pool \
based on the local router / AP IP address.

  That gets you 99% of what you want, with minimal work.

  The simplest thing is to grab v3.0.x from GitHub, as it's separated out the \
queries.  Use one query for "alloc_existing" which doesn't use the gateway to find \
IPs.  And use a different query for "allocate_find" which does use the gateway to \
find IPs.

  I hope that makes sense.  It's a very unusual setup.  But interesting.  :)

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic