DHCP Configuration from source AP

From WiDirect
Jump to: navigation, search

The following DHCP configuration gives out different IP addresses based on which network the user is on. Two VLANs also give out different IP addresses based on which AP the user is on. In order to hand out IP addresses based on which SSID the user is on the AP needs to put the traffic on a certain VLAN or identifies it in some other way.

VLAN 1: 10.4.1.1/19

VLAN 2: 10.5.1.1/24

VLAN 3: 10.5.2.1/24

VLAN 4: 10.6.1.1/16

Any of these VLANs could be a separate network port. It would work the same.

VLAN 1 gives out users an IP address based on the IP address of the access point. If the access point is on the 10.4.1.0/24 subnet the user gets an address from that subnet, and the same with the 10.4.2.0/24 subnet.

VLAN 2 and 3 are just normal networks where everyone gets an IP on the same subnet.

VLAN 4 shows a different way of assigning IP addresses based on which access point they are on. In this case the DHCP server uses a unique identifier that is set in the access point.

Both 1 and 4 require that DHCP relay be enabled on the access point.

subnet 10.4.1.0 netmask 255.255.255.0 {
       range 10.4.1.20 10.4.1.254;
       option routers 10.4.1.1;
       option domain-name-servers 10.4.1.1;
       option ntp-servers 10.4.1.1;
       option subnet-mask 255.255.224.0;
}

subnet 10.4.2.0 netmask 255.255.255.0 {
       range 10.4.2.20 10.4.2.254;
       option routers 10.4.1.1;
       option domain-name-servers 10.4.1.1;
       option subnet-mask 255.255.224.0;
}

subnet 10.5.1.0 netmask 255.255.255.0 {
       range 10.5.1.20 10.5.1.254;
       option routers 10.5.1.1;
       option domain-name-servers 10.5.1.1;
       option subnet-mask 255.255.255.0;
}

subnet 10.5.2.0 netmask 255.255.255.0 {
       range 10.5.2.20 10.5.2.254;
       option routers 10.5.2.1;
       option domain-name-servers 10.5.2.1;
       option subnet-mask 255.255.255.0;
}

class "PROFILE1"
{
 match if option agent.circuit-id = "AP1";
}

class "PROFILE2"
{
 match if option agent.circuit-id = "AP2";
}


subnet 10.6.0.0 netmask 255.255.0.0
{
 pool # Assign users of PROFILE1 their own subnet
 {
   allow members of "PROFILE1";
   deny members of "PROFILE2";
   range 10.6.2.20 10.6.2.254;
 }
 pool # Assign users of PROFILE2 their own subnet
 {
   allow members of "PROFILE2";
   deny members of "PROFILE1";
   range 10.6.3.20 10.6.3.254;
 }
 pool # Everyone not matched to an access point in a class
 {
   deny members of "PROFILE1";
   deny members of "PROFILE2";
   range 10.6.5.20 10.6.31.254;
 }

 option routers 10.6.1.1;
 option domain-name-servers 10.6.1.1;
 option ntp-servers 10.6.1.1;
 option subnet-mask 255.255.0.0;
}

#The lines below are optional and can be used to determine the ID the AP is reporting
on commit
{
log(info, option agent.circuit-id);
}