Pool Priority

Scott Lambert lambert at lambertfam.org
Tue Mar 21 09:22:00 CET 2017


On Tue, Mar 21, 2017 at 05:33:31AM +0000, Fabricio Viana wrote:
> I have 350 clients (about 300 online all the time), but I have only 256 public IP addresses (/24).
> 
> So I created a unique pool (named pool_clients) with the 256 IPs and another 128 private IPs. All in the same pool.
> 
> The problem: sometimes clients gets an private IP address but there are public IPs addresses available.
> 
> I want that clients gets private IPs only when there are no public IPs for distribution.
> 
> I have two ideas how to do that:
> 
> #1 - make two different pools and only if first pool have no addresses go to second pool.
> 
> #2 - make just one pool with public IPs first, private IPs last and change the allocate_find select to order by id.
> 
> I dont know if #1 is possible and, if it is, how to do that. I would need some help.
> 
> #2 ideia seems to be the best solution.
> 
> Is there another way to solve this?

I'm not an expert but have some experience with this situation.

A) Depending on the NAS, you might be able to setup a "Framed-Pool" on
the NAS from which the NAS will assign IPs from the public range and
when it runs out assign from the private subnet.  That depends on the
features of the NAS.  I do this, a lot.

B, your 2) Using an SQL IP pool in FreeRADIUS could work.  Just setup
the query for the next IP to return the lowest numbered IP from the
public pool then return IPs from the private range when that runs out.
That may be what you meant by changing the allocate_find select.  I've
not used SQL IP pool features so the exact details I can't help with.

With either of those methods, sometimes user will get a private and stay
online after other users have dropped off.  So, there will be users on
private IPs while public IPs are available, depending on how long the
session-timeout is.

C) Assign all of your clients from a RFC1918 /23.  Setup a NAT pool
mapping the private space to the public IPs.  You may end up with a
couple of users NATing to the same public.  It may or may not meet your
requirements.


-- 
Scott Lambert                    KC5MLE                       Unix SysAdmin
lambert at lambertfam.org


More information about the Freeradius-Users mailing list