Force client get ip with /32 subnet in dhcp server



  • How can DHCP Server Force an IP with /32 to client like Mikrotik DHCP Server?
    its possible in PFsense or BSD?
    client get IP with /32 (255.255.255.255) like PPOE (block broadcast).


  • LAYER 8 Global Moderator

    Why would you want/need to do this?  Been in networking for going on 30 years.. Why would you want this?  A /32 is good for firewall rules.. Seems utterly pointless on a host that would be on a network..



  • like attachment.
    i have a vlan with /20 client. i want block broadcast on the wireless access points that no option for client isolation.




  • If your usecase is an AP which doesn't have the option for client isolation, then this will not help you.
    All the other clients will still be able to get the traffic you want to isolate.

    You're trying to implement an L3 solution for an L2 problem.
    The only solution is to get an AP which allows you to configure client isolation.


  • LAYER 8 Global Moderator

    What AP does not support client isolation?  Shoot even the cheapest soho wifi routers support this..

    So you have a wifi network with a /20 mask?  So you have like 4K clients on your wifi network and the AP your using do not support isolation?  What about your switching infrastructure?  With that many clients you must have many AP.. Put the switch ports that connect to the AP in protected or isolation mode so they don't see traffic from all the other AP, etc.

    There is an article about controlling broadcast traffic on unifi which might be helpful
    https://help.ubnt.com/hc/en-us/articles/115001529267-UniFi-Managing-Broadcast-Traffic



  • Thanks a lot.
    I have 100 AP (ubnt-unifi) that connected to ubnt us-24 switch and all us-24 connected to 2960x Cisco (via fiber).

    –----------------------------
    PFsense hardware:

    Intel(R) Xeon(R) CPU D-1587 @ 1.70GHz
    Current: 1700 MHz, Max: 1701 MHz
    32 CPUs: 1 package(s) x 16 core(s) x 2 hardware threads
    427GiB - zfs - enterprise ssd
    64G - DDR4 Memory



  • i want block broadcast on the wireless access points that no option for client isolation.

    I hope you realize blocking broadcasts will break things like DHCP.



  • this configuration with ubnt switch  block broadcast AP client?


  • Galactic Empire

    You’d be better off posting this question over in the Ubiquiti forum, I’m sure you can do client isolation on the AP.

    Not at home at the moment to check.


  • LAYER 8 Global Moderator

    The article I linked too is exactly in line with your question on controlling broadcast traffic..  And as mentioned such a question is way better suited for their forums since your using their hardware.

    As to client isolation on unifi - you have to enable guest policy on the ssid you want to use it, and if you do not want the captive portal just do not enable that in the policy section… Again that is best suited for their forums and documentation... But yes they do support it they just call it a bit different then your typical soho AP that calls it client isolation or wifi isolation..

    If you do not put networks or hosts in the access control portion of guest policy then no clients would not be able to talk to anything on these networks or other wireless clients, etc.

    edit:  Here I found the doc for you
    https://help.ubnt.com/hc/en-us/articles/115000166827-UniFi-Wireless-Guest-Network-Setup#lan client isolation


Log in to reply