Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    DHCP Problem/Question

    DHCP and DNS
    3
    4
    1910
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      thafener last edited by

      Hi @ll

      I am using pfsense in a Hotel with some 200 rooms with big success, it works great. But :

      All the various Smartphones and Laptops have WLAN enabled per default and though they
      are not logged in to the captive portal they are using a IP Adress in case they connect to
      the Wireless LAN.

      Though there are often more than 2 people per room and many have a smartphone, a Tablet
      and a Laptop and all of them are on I am running out of IP Adresses during peak times.

      Of course I could change from a class C to a class B private network, but some of my access
      points are not capable of this.

      I think there is no way from preventing the machines from obtaining a IP adress as soon as
      they connect to the network, correct ?

      So does anyone of you have a Tip for me how to solve this issue in a convenient way ?

      Thank you in advance

      thafener

      1 Reply Last reply Reply Quote 0
      • T
        tommyboy180 last edited by

        As as network professional, I always base a public network using a private /8 network.
        The problem can be solved by changing over to /8 private address space.

        You mentioned that your APs will not working with 'class B' network ranges..why? Just move to a /8 private IP range.

        1 Reply Last reply Reply Quote 0
        • C
          cmb last edited by

          The way you address that in any network with a large number of devices that change frequently is to use a short lease length (equal to the length of your captive portal hard timeout if you're using CP, otherwise a couple hours is generally a fine choice), and make sure your pool is much larger than the number of devices that will connect within that period.

          I would never use a /8 under any circumstances, you don't need 16 million devices on the network (if you do, you seriously need to reconsider your network design as that's not going to work), and using 10./8 will break every VPN where the person is trying to get to any 10.x.x.x IP space over the VPN because they'll see that as local IP space. You're going to create problems for your users if you're using a /8.

          It shouldn't matter whether or not your APs can use a /16 mask, from the client's perspective they should be nothing more than a dumb bridge. For management purposes, you'll want an IP, but you'll want that on a separate VLAN and subnet from the client devices as you don't want them having access to the management interfaces of any devices along those lines. If you're stuck with no other option, then use a different static private IP subnet on the same broadcast domain, a /24 is fine, for management of APs.

          1 Reply Last reply Reply Quote 0
          • T
            tommyboy180 last edited by

            Good point. VPNs would be a huge issue with that ip range.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post

            Products

            • Platform Overview
            • TNSR
            • pfSense
            • Appliances

            Services

            • Training
            • Professional Services

            Support

            • Subscription Plans
            • Contact Support
            • Product Lifecycle
            • Documentation

            News

            • Media Coverage
            • Press
            • Events

            Resources

            • Blog
            • FAQ
            • Find a Partner
            • Resource Library
            • Security Information

            Company

            • About Us
            • Careers
            • Partners
            • Contact Us
            • Legal
            Our Mission

            We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

            Subscribe to our Newsletter

            Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

            © 2021 Rubicon Communications, LLC | Privacy Policy