DHCP hand out to different subnets?
-
Hello,
I have a customer that is requesting that the IP phones be on a different segment than the office computers. Just trying to figure out how to have the DHCP server hand out the correct IP addresses to the different devices. Any suggestions would be helpful.
Currently using pfsense 2.0.1
Computer systems on network- 192.168.1.x
Phones on 192.168.2.x
Mask: 255.255.240.0
Thank you
Kell -
Well, I think you have a couple of options. Use VLANs or use separate switch and NIC for phones than data. You could also do static leases for the phones in the 192.168.2.1-254 net. everything else get a dhcp address from 192.168.1.1-254 range. You just have to manually setup all phones with a static dhcp lease.
Technically those are in the same network segment according to your netmask. You network segment based on your mask is 192.168.0.0 - 192.168.15.255. -
Just a question… Would VLANS be the best route to go? If so, is that a fairly straight forward procedure with pfsense or should I use something else?
Just trying to keep the network traffic seperated due to congestion by everything on the same network.
Thank you
Kell -
If you just group the IP addresses of the phones, all inside the same LAN subnet 192.168.0.0/20 (255.255.240.0) like in your original post, then there will be no congestion-relieving benefit. And also no security benefit - the phones and ordinary LAN clients will all be able to interact with each within the subnet/broadcast domain.
Put the phones in a separate subnet - if you need lots of addresses in the existing LAN then leave it as 192.168.0.0/20. You could make the phones 192.168.16.0/20 (giving up to 192.168.31.255 for bucketloads of phone IPs).
If the physical wiring of the phones is easily separate from the LAN clients, then you can use a 2nd real NIC in pfSense, with a switch attached dedicated to phones, and all the phone cabling/network physically off that switch.
If phones and LAN clients are all mixed up around the building, then you need VLAN switches around the building that can make 2 VLANs and trunk them back to pfSense. -
Thank you for the clarification and I appreciate the insight. I think I will just seperate out the phones to their own switch, install a 3rd NIC for them in my pfsense box (1 for WAN, 1 for computers on their own network, and 1 for the phones on their own network.)
My thought would be that I may have to install a second pfsense router / firewall so I can DHCP the phones… I do not see how having only one pfsense DHCP box could hand out IP addresses to two different networks.... Or, is there a way to do that?
thank you
Kell -
When you enable DHCP on each interface, you get to specify the range of DHCP addresses (DHCP pool) to hand to on that interface. The DHCP server is smart enough to know which interface the request arrived on and reply back with a DHCP address… from the correct pool.
-
Thanks Phil!!
Appreciate your input.
Have a great day!
Kell