Hi Ryan, This is probably going deeper than what I should be talking about with confidence as our router guys set it up. But, what we do is any device that requests an IP Address that does not have a DHCP reservation in the DHCP server gets assigned what we call a Penalty Box address. We set up a Penalty Box subnet for each tower router (have to do this for any router that gets DHCP requests) on our central DHCP server and any request coming from one of the downstream routers gets a Penalty Box address in the subnet we set up for the downstream router getting the DHCP request. So we have a bunch of Penalty Box subnets (100.64.x.x range) and since they aren’t routable, folks can’t get to the Internet with a Penalty Box address. They get a standard (Your account isn’t set up, call us) message. We know if we see assigned addresses in the Penalty Box space that something is attached that is set up wrong in Sonar, or shouldn’t be attached to our network.
Otherwise, every device is set up on Sonar with their correct MAC and a dynamically assigned IP in Sonar. This is written to the DHCP server on the Mikrotik, we just need to do this before plugging in the equipment at the customer or it will grab a Penalty Box address first. This happens quite often it isn’t in Sonar before being installed and gets a Penalty box assignment, we just delete that Penalty Box assignment after it is set up in Sonar and then reboot the device to force a new DHCP request and everything is good. It takes a little work to set up at first, but after that it has really been working well. The guys at Linktechs set it up for us. We like it because it definitively tells us that the IP in Sonar is accurately tied to the right piece of equipment and then we know all of our monitoring, etc is accurate. We also know that folks can’t be attaching their own equipment to our network this way, as they won’t have service. The security of it could probably be better with VLANs, but this is pretty simple and works well. If you want to dig deeper let me know and I can set up a screen share some time and show you the routers where this is set up. Thanks, David Coudron From: AF <af-boun...@af.afmug.com> On Behalf Of Ryan Ray Sent: Monday, September 21, 2020 1:41 AM To: AnimalFarm Microwave Users Group <af@af.afmug.com> Subject: Re: [AFMUG] EPMP and Nested DHCP Option82 Can you explain how you’re doing this? How can you assign a different ip in a dhcp space? On Sun, Sep 20, 2020 at 10:56 AM David Coudron <david.coud...@advantenon.com<mailto:david.coud...@advantenon.com>> wrote: I just saw a post in the Sonar forum that looks pretty similar to this one. We don't use Option 82, but otherwise have Sonar write the DHCP table to the Mikrotiks. If someone requests a DHCP that isn't in Sonar, we just assign them a Penalty Box IP address that doesn't have access to the Internet. This seems to work pretty well. David Coudron -----Original Message----- From: AF <af-boun...@af.afmug.com<mailto:af-boun...@af.afmug.com>> On Behalf Of Nate Burke Sent: Sunday, September 20, 2020 11:40 AM To: Animal Farm <af@af.afmug.com<mailto:af@af.afmug.com>> Subject: [AFMUG] EPMP and Nested DHCP Option82 I'm running into a strange issue that's being difficult to replicate. EPMP 3k AP W/option82 -> EPMP 300 SM -> Switch Local Customer and EPMP1000 radio plug into this switch EPMP1000 2.4 AP (nonGPS w/Option82) -> EPMP1000 2.4SM I'm using Option 82 so that Sonar can Tie the Public IP Address to the MAC of equipment on the customer account. The Local customer off the switch runs just fine, Option 82 records the EPMP300 SM MAC, it has had no problems. But the Customer behind the EPMP1000 radio randomly loses the ability to get a DHCP Lease. The Mikrotik DHCP Server Log just reports 'Offered DHCP Lease without success'. When it does work, Option82 shows the MAC of the EPMP1000 SM Like it's supposed to. DHCP Lease time is set to 3 hours. At some point between 3-24 hours, the customers router will lose its lease and won't be able to renew it. The only way to get it working again is to reboot the EPMP1000 AP. Rebooting the EPMP300 SM or the EPMP1000 SM does not fix it. And it doesn't happen at every lease renewal, yesterday it ran for 16 hours before suddenly losing it's lease. I have just disabled option 82 in the EPMP1000 AP and I'm guessing that will fix the customer, but I lose the ability to automatically track them in Sonar. I've tried Firmware 4.4.3 and 4.5.5 on the EPMP1000, it's had the issue on both of them. Anybody run into something like this before? -- AF mailing list AF@af.afmug.com<mailto:AF@af.afmug.com> http://af.afmug.com/mailman/listinfo/af_af.afmug.com -- AF mailing list AF@af.afmug.com<mailto:AF@af.afmug.com> http://af.afmug.com/mailman/listinfo/af_af.afmug.com
-- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com
