I hope one of you is able to help me or at least give an answer to my question if it possible.
What I want to do is the following. We are setting up an Wireless network. On this network we will be servicing “known” devices and “BYOD”. The known devices will get MAC address exception/reservation on the DHCP server and the BYOD will get a random IP address. Now the (for me) difficult part. I want the DHCP server to assign a VLAN-ID (VLAN-X for known devices & VLAN-Y for BYOD devices). Is this possible?
We really need a generic solutions since we service all kind of devices on the WiFi. Their will be Android, Apple, Windows devices and not only phones but PC/Mac as well.
I don’t care if it has to be opensuse or Enterprise if that’s what it takes.
You configure that on the DHCP server of course. Your started this question under LEAP 42.1. Does that mean you hav a DHCP server running under openSUSE Leap 42.1?
When that is a is a misunderstanding, it depends of course on your DHCP server (your router) how to confure that. I could imagine that I reserve a range of IP addresses for the “BYOD” systems where the server decides. And further define fixed MAC/IP addresses combinations outside that range. For every change in the range of “fix” systems, you have of course to go to your router and change there.
In my personal situation, I have restricted the range of “BYOD” addresses and do not use the server at al for the “fix” devices. I configure the “fix” devices with fix IP addresses on the systems themselves.
Currently someone configured a Windows DHCP Fail-over setup. But I want to make a solution where management (specially with MAC Address assignment and reservation) is simply done by maintaining a file with MAC Addresses. I don’t know yet how I’ll create this but that’s a next step. For now I just want to Assign a VLANID via DHCP so we can route traffic to different VLANS.
Configuring all devices by hand is just a no-go. There are to many devices. We are talking about a school environment were students will be able to reset there devices and we don’t want to trouble end-users with setting IP addresses.
We want to make the back-end solid so all students can log in to the wireless network with radius and then put the devices in the proper vlan so their school devices can get to the cources etc. and the BYOD devices can only access the internet.
Hopes this clears out our goals.
Any way Thanks for your reply and for reaching out and your help.
I am not sure I understand all the details of your explanation (in any case thanks for it, it might clarify things for others), but I basicaly still have the idea that this must be done in the DHCP server. Thus when you want help, you should explain what software is exactly used as DHCP server and when that is running on a Microsoft system, another forum might be better to get into contact with fellow users.
No. DHCP is on the wrong level in protocol stack here. DHCP works over existing interface and you need VLAN to create interface.
But that is moot in case of wireless because you do not run VLAN over the air. You let clients connect to different SSIDs and assign those SSIDs to different VLANs on access point. How to do it obviously depends on access point. Cisco solutions support this (including secure central authentication for assigning clients to VLANs).
It still does not explain how your question is related to openSUSE. Do you want use openSUSE on clients? Do you want to implement server part (access point and everything that is needed) on openSUSE?
The DHCP server will be running whatever version of SUSE can do the trick. Currently the DHCP is running on Windows but are about the be decommissioned. So the first thing that comes to my mind is to run the DHCP server on LEAP.
I was hoping you didn’t say “its not going to work” but I expected it. But I had/have some hope that someone told me to use vendor specific options. That seems to do the trick for VOIP phones and I was hoping for a generic option the set a VLAN ID.
But that is moot in case of wireless because you do not run VLAN over the air. You let clients connect to different SSIDs and assign those SSIDs to different VLANs on access point. How to do it obviously depends on access point. Cisco solutions support this (including secure central authentication for assigning clients to VLANs).
That is one possibility but preferably we want to create one SSID. Just like the edu-roam. But if no other alternatives this may be a way to go.
It still does not explain how your question is related to openSUSE. Do you want use openSUSE on clients? Do you want to implement server part (access point and everything that is needed) on openSUSE?
The server will be running SUSE. The clients will be whatever the students bring with a 100% possibility of devices running Windows, Windows Phone, Android, IOS And Mac OSX.
It’s not the question of providing this information by DHCP server. The problem is what clients are going to do with it. What IP phones do is restarting DHCP on new VLAN. If we are speaking about Windows or Linux this translates into creating new interface on the fly. I really have not heard about support for it (although it is of course possible). But I am very skeptical it is going to work across all of
devices running Windows, Windows Phone, Android, IOS And Mac OSX.
at least out of the box.
The server will be running SUSE.
What server? Is it going to be access point? DHCP server? RADIUS server? Or any other of hundreds possible servers?
That’s a very good point. I was hoping this would be possible with a generic IP stack without vendor specific hardware/software. But thanks. Didn’t look it that way. Makes all things a bit more clearer for me.
The wireless infrastructure is handled by HP Hardware including Radio’s, Wireless Controllers and the vlan’s are all configured on HP Procurves.
Radius is handled by SLES+OES
Behind all this is a complete SLES/OES environment containing user data and e-mail.
Bu I think I’m pushing it in an other direction. I´ll create a new interface in one of the firewalls in the same subnet as the wireless device and make that the default gateway for the Known Devices and route them via the Firewall
At the very least, it enables you to deeply dive into monitoring the hardware and can also support various higher level management. Might even enable you to do your VLAN tagging and management if you’re using HP switches.