DHCP L;eases



  • Me again!

    I'm looking at moving a DHCP Server & firewall over from OpenBSD to pfSense.  This is a vLan situation.

    Now, there are currently about 200 DHCP leases in issue (accross about 8 vLans) and I do not want to have to refresh/readdress every single device.  If I can get a dump for each device of;
    Which vLan
    The current IP address
    The MAC address
    The leaseend time
    Can I import this into pfSense?

    Many thanks.



  • About importing don't know, but giving reserved addresses is capable and you can change dhcp server settings almost enough for any occasion



  • But reserving them wont prevent reissue and it won't allow them to be unreserved when the device is removed (they'll still be reserved for the old device).

    Or would it build a lease table over, say six weeks, after which I could remove the reservations?  By this time they'd all have been granted DHCP addresses on current leases and so they'd currently be issued the earlier issue?

    Am I making sense?!!



  • Static reversation is not able to use dhcp scope addresses without modification, which has been published on this forum.
    So if you reserve an ip to mac-address it's not going to be given someone else
    And what prevents you to remove old reservation?



  • I have another question - can I read in a file with the reservations?  Or do I have to enter each one at the GUI - there are about 200-250 devices on half a dozen vLans, so typing them in one at a time will take hours!!!

    Also, is pfSense able to handle a network this big?  I'll detail how it is set up below;

    There is a vLan (.64) that is used for VoIP which has about 130 phones on it.  The PBX sits on this vLan, so there won't be much actual traffic leaving it (the phones do each have a gateway to the internet, but this isn't used often).
    There are also another half a dozen vLans, each of which has its own 'dumb' switch.  That should mean that any traffic for the vLan doesn't leave the vLan's 'own' switch..
    There is a gateway facility so that if anyone on a vLan wants to access the internet, then they can (ADSL of less than 20Mb).

    I assume that will all be OK in pfSense - or am I missing the boat somewhat?



  • @Sensi:

    can I read in a file with the reservations?  Or do I have to enter each one at the GUI - there are about 200-250 devices on half a dozen vLans, so typing them in one at a time will take hours!!!

    You could save the pfSense configuration file, open it with a text editor, add the entries for your reservations in a format matching existing entries, restore the configuration to the pfSense box and reboot.



  • like i said earlier, pfsense is capable but it depends your hardware. Most important things on hardware sizing is wan speed and projected packages.
    Here in these forums is a guy who has almost 1gb throughput with it.



  • metu - not sure what you mean.

    I was looking at using a brand new HP ProLiant N36L 1P 1GB-U Int SATA 250GB MICROSERVER with a plug in giga network card on top of the on board giga port.  1Gb RAM - enough?



  • @Sensi:

    metu - not sure what you mean.

    I was looking at using a brand new HP ProLiant N36L 1P 1GB-U Int SATA 250GB MICROSERVER with a plug in giga network card on top of the on board giga port.  1Gb RAM - enough?

    1Gb throughput would normally mean 1G bits per sec data through the system.

    1GB ram should be ample if you are not running memory hungry packages,



  • 1Gb - I'm looking at putting it on a bonded ADSL, giving about 18Mb.  That's so much less than 1Gb that I think I'm getting my thoughts muddled!

    Also, all the LAN users will be connected via a separate switch on the vLan - so they won't use the pfSense (firewall).  Right?



  • how your vlan's is setup?
    is every vlan capable to go internet?
    can those vlan's access to each other?
    do you have L3 switch?

    if those are able to access internet, then the trafic goes via firewall(if you have introduced your pfsense with vlans)
    if those vlans are able to access each other, then the trafic goes either through firewall(L2 switches) or through swithces(L3, if you don't use L3 capabilities, then it goes through pfsense)



  • The master switch is vLan switch (either a 3Com 4200 or a ZyXEL 1528 - got both, not sure which to  use) and then each room has a basic (cheap, Linksys mainly) switch.



  • Do you want to access internet from all of those vlan's or do you want those vlan's to be capable to connect each other?



  • The vLans will not contact each other (it is vital that that's not allowed/possible) but they will access the internet (at a guess about 1,000Gb/month)



  • I had made (guess I was wrong) the assumption that for something to be called a switch rather than a hub it had to be layer 3.



  • 1. layer: hub
    2. layer: switch
    3. layer: router + some switches
    4. layer: firewall
    7. layer: L7 firewall + pc's



  • OK - so, some switches are 3 and some are 2.  That means I was partly right in my assumption!!!

    I did think that to be called a switch, rather than a hub, it had to be a 3, not a 1 (guess I forgot about 2!).

    In my situation, there is a vLan switch that runs in-room switches.  Thinking about it, as the firewall is sitting between the vLan switch and the internet, all internal traffic won't have to go through the firewall (so we are low use - I hope!).



  • All unmanaged swithces is automatically layer 2 devices.
    if you have managed switch it doesn't mean that it's L3 device, only if it's routing switch(can do inter-vlan operations without external router/firewall), then you can mention it to be L3 switch.

    1. All the trafic what goes in one vlan don't (usually, there is special occasions) go through firewall
    2. All the trafic what goes from vlan to vlan go through firewall, unless you have L3 switch doing that for you
    3. All the trafic what goes to internet goes through gateway device, that is usually firewall.(same applies to point 2)

    Is there anything what need clarification?


Log in to reply