DHCP server multiple gateways

Alan DeKok aland at deployingradius.com
Fri Oct 23 17:10:52 CEST 2020


On Oct 22, 2020, at 4:33 PM, Ulisses Buonanni <ulisses.b at gmail.com> wrote:
> 
> I think I explained myself poorly.
> All houses are in the same broadcast domain:
> 10.0.0.0 mask 255.255.240.0

  Ah, that helps.

> Every house has a subset (not subnet) of this range of ips. Just because of the simplicity in using ACL rules

  Sure.

> So house1 is only allowed to assign ips from 10.0.2.1 to 10.0.2.200 but it is using mask 255.255.240.0
> In this example a person from house 1 cannot use a static ip address outside this range because there is a ACL rule saying that specific port can only has a sender from "10.0.2.x"
> 
> But it is allowed (and common) to a person in house1 to find a printer/sharedfolder in house2 and use it. This is very easy as they are in the same broadcast domain (they are just using different gateways to Internet access)

  OK.  That makes sense.

> In my scenario it is necessary that printers from different houses can be seeing and used from other houses

  OK.

  It's possible to have multiple gateways on one network.  It's a little weird, but it's OK.

  I think in the end it's not too difficult.  Just get each user to do 802.1X.  Then assign IPs through DHCP.

  The only magic is the following:

* use SQL to track IPs in DHCP.

* when assigning IPs through DHCP, check if the MAC / IP already exists in DHCP.  If so, use that IP.  And then assign default gateway based on the IP

* otherwise, assign the IP based on a pool per "home" network.  i.e. Choose a pool based on the local router / AP IP address.

  That gets you 99% of what you want, with minimal work.

  The simplest thing is to grab v3.0.x from GitHub, as it's separated out the queries.  Use one query for "alloc_existing" which doesn't use the gateway to find IPs.  And use a different query for "allocate_find" which does use the gateway to find IPs.

  I hope that makes sense.  It's a very unusual setup.  But interesting.  :)

  Alan DeKok.




More information about the Freeradius-Users mailing list