DHCP Services

RansNet mbox appliances (CMG/HSG/HSA) support standard Dynamic Host Configuration Protocol (DHCP) to issue end-user devices IP addresses. mbox offers a complete solution for implementing DHCP services for small networks to large distributed enterprise networks.

  • DHCP server (dhcp-server), receives clients’ requests from locally connected networks, and issues IP addresses to clients. It also supports various DHCP options for assigning vendor-specific parameters,
    • eg. controller IP for light-weight APs
  • DHCP pools (dhcp-pool), enables mbox as a DHCP server to centrally manage and issue IP addresses to external/remote networks.
  • DHCP relay agent (or dhcp-helper), relays DHCP requests from local LAN devices to another upstream DHCP server.

In this document, we will use the below topology to elaborate on how to configure dhcp-server, dhcp-pool, and dhcp-helper.

  • HSG-1 will be configured as a dhcp-server to issue an IP address to local network devices (VLAN10 & 20)
  • HSG-1 will also function as a central DHCP server (dhcp-pool) to manage and issue DHCP IP addresses to non-attached networks (VLAN30 & 40)
  • HSG-2 will act as a DHCP relay (dhcp-helper) to relay user DHCP requests to HSG-1 so that users from VLAN30 & 40 can receive DHCP IP assignment from HSG-1 address pools.

When configured with “dhcp-server” on the target interfaces, mbox accepts client DHCP requests from users/clients coming from interface local network (the network connected to this interface), and issues DHCP address from the configured range to clients.

CONFIGURATION NOTES

*You can run multiple “dhcp-server” instances. Each instance is attached to a local interface (physical or VLAN). It will automatically generate DHCP range based on Interface IP address setting (you can still optionally change DHCP options/range parameters later).

NOTE: One interface can have multiple IP addresses. But only the primary IP address can be used as the DHCP range. So if you need to configure multiple IP addresses for the same interface, please make sure the primary IP address (where DHCP scope will be based) is configured first/ahead of other IP addresses.

*dhcp-server must be explicitly enabled and each config change requires restarting of the DHCP service (disable and enable).

NOTE: When running HA (two boxes running VRRP), both mbox will be actively issuing DHCP (even for the standby unit), so each box needs to cover half of the available range in order to avoid address duplicates, and you need to explicitly configure “router” command to specify VRRP virtual IP as the client’s default gateway.

CONFIGURATION STEPS

  • Configure network interfaces with IP address and mask
  • Configure dhcp-server to start listening and issuing DHCP IP addresses

Procedure – Configure dhcp-server for physical/VLAN interfaces

Physical Interface configuration (Dhcp-server)

  1. User can login to on-premises Hotspot Gateway (HSG) UI with the management ip (10.10.10.1/24).
  2. Navigate to ‘NETWORK SETTINGS> Interfaces‘, click on the ‘Ethernet‘ tab
  3. Select the ‘eth1’ and change the setting of ‘Interface Eth‘ as per Table 1 and ‘Save Changes
    • This port will be connected to the switch trunkport.
Image 2 : Physical Interface Eth fields

The fields of Interface eth setting below

S/NFIELDSVALUE
01.IP Address192.168.8.1/24
02.Descriptiontrunk to switch1
Table 1 : Interface eth settings

  1. On the same page select the DHCP server section and configure as per Table 2 and save.
Image 3 : Physical Interface Eth DHCP server settings

The fields of Interface eth DHCP Server setting below

S/NFIELDSVALUE
01.DHCP DescriptionDHCP pool for management VLAN-1
02.Client Default Gateway192.168.8.1
03.Client DHCP Pool Range192.168.8.10 – 192.168.11.254
Table 2 : Interface eth dhcp server settings

VLAN Interface configuration (Dhcp-server)

  1. Navigate to ‘NETWORK SETTINGS> Interfaces‘, click on the ‘VLAN‘ tab and click on
  2. Configure the ‘NEW Interface VLAN‘ page as per Table 3 and save.
Image 4 : VLAN Interface Eth fields

The fields of VLAN Interface eth are explained below for VLAN10 and VLAN20.

S/NFIELDSVALUE (vlan10)VALUE (vlan20)
01.VLAN Namevlan10vlan20
02.Admin Status
Enable
ticktick
03.Physical Interfaceeth1eth1
04.IP/Netmask (IP Address)10.10.10.1/2410.20.20.1/24
Table 3 :

  1. On the same page configure the DHCP server section as per Table 4 and save.

S/NFIELDSVALUE
01.DHCP DescriptionDHCP pool for management VLAN-10
02.Client Default Gateway192.168.8.1
03.Client DHCP Pool Range192.168.8.10 – 192.168.11.254
Table 4 : Interface eth dhcp server settings
!
interface eth1
 description "trunk to switch1"
 enable
 ip address 192.168.8.1/24
 dhcp-server
  description "DHCP-DHCP pool for management VLAN-1"
  lease-time 86400 86400
  router 192.168.8.1
  dns 8.8.8.8 8.8.4.4
  range 192.168.8.10 192.168.11.254
  enable
!
interface vlan 1 10
 enable
 ip address 10.10.10.1/24
 dhcp-server
  description "DHCP-DHCP pool for VLAN-10"
  router 10.10.10.1
  dns 8.8.8.8 8.8.4.4
  range 10.10.10.2 10.10.10.254
  enable
!
interface vlan 1 20
 enable
 ip address 10.20.20.1/24
 dhcp-server
  description "DHCP-DHCP pool for VLAN-20"
  router 10.20.20.1
  dns 8.8.8.8 8.8.4.4
  range 10.20.20.2 10.20.20.254
  enable
!

When configured with “dhcp-pool”, mbox can manage and issue DHCP IP addresses to non-attached or external networks. The remote/external network router will relay client DHCP requests to mbox, and as long as the relay agent IP belongs to a valid address pool, mbox will issue client IP from the respective address pool. In this case, mbox acts as a DHCP server for both local and remote networks so that it’s easier to centrally administer IP address pools, without the need of 3rd-party dedicated DHCP server.

CONFIGURATION NOTES

*You can configure multiple “dhcp-pool”. Each pool refers to a remote network range. The remote address pools (dhcp-pool) do not bind to any local mbox interfaces. However, the incoming interface where remote DHCP relay agent will come in, MUST enable with “dhcp-server” so that this interface will listen for DHCP requests (from both local and remote). If you do not want to issue any IP address to the interface local network, you can set “range x.x.x.x y.y.y.y” to be really small, so that it limits giving out local addresses but will listen and respond to requests from external relay agent (therefore able to assign respective IP from dhcp-pools to remote clients).

*dhcp-pool must be explicitly enabled and each config change requires restarting of the DHCP service (disable and enable).

*It’s very important to ensure communication channel between DHCP server and relay agents are in place:
1. The external DHCP relay agent IP must be able to reach the DHCP server IP address, with correct routing and firewall rules to permit accesses (UDP/67/68).
2. The DHCP server (where dhcp-pool is configured) must have a route back to the external DHCP agent IP address, so that it knows where to route back the DHCP responses.

CONFIGURATION STEPS

  • Enable “dhcp-server” on the interface for incoming DHCP relay agent requests
  • Configure “dhcp-pool” for each remote/non-attached network

Procedure – Configure dhcp-pool for non-attached/external network

interface eth1
 description "trunk to switch1"
 enable
 ip address 192.168.8.1/24
 dhcp-server
  description "DHCP pool for management VLAN-1"
  router 192.168.8.1
  dns 8.8.8.8 8.8.4.4
  range 192.168.8.10 192.168.8.254
  enable
!
 dhcp-pool 10.30.30.0/24
 description "DHCP pool for VLAN-30 on HSG-2"
 router 10.30.30.1
 dns 8.8.8.8 8.8.4.4
 range 10.30.30.2 10.30.30.254
 enable
!
 dhcp-pool 10.40.40.0/24
 description "DHCP pool for VLAN-40 on HSG-2"
 router 10.40.40.1
 dns 8.8.8.8 8.8.4.4
 range 10.40.40.2 10.40.40.254
 enable
!
ip route 10.30.30.1/32 nexthop 192.168.8.9 remark "route back to VLAN-30 DHCP relay"
ip route 10.40.40.1/32 nexthop 192.168.8.9 remark "route back to VLAN-40 DHCP relay"
!

For large distributed networks, with many local/remote networks and routers, we don’t want to configure each router to issue DHCP addresses to their local networks. Instead, we will configure a central DHCP server to centrally manage the address pools for users of all networks ???(as in section #2)???, and configure each remote router to relay their local device DHCP requests to the central DHCP server.

In this case, each remote router acts as a dhcp-relay, and each relay will forward local client DHCP request to the DHCP server through the “dhcp-helper” command.

CONFIGURATION NOTES

*You can run multiple “dhcp-helper” instances. Each instance is attached to a local interface (physical or VLAN), and the local interface must have an IP address configured and able to reach to dhcp-helper (DHCP server) IP address.

*You can not run the “dhcp-helper” and “dhcp-server” commands under the same interface.

CONFIGURATION STEPS

  • Configure IP address under the local interface using UI
  • Configure dhcp-helper to relay client requests to the upstream DHCP server using Console Interface

Procedure – Configure dhcp-helper for external dhcp server

Physical Interface configuration

  1. User can login to on-premises Hotspot Gateway (HSG) UI with the management ip (10.10.10.1/24).
  2. Navigate to ‘NETWORK SETTINGS> Interfaces‘, click on the ‘Ethernet‘ tab
  3. Select the ‘eth1’ and change the setting of ‘Interface Eth‘ as per Table 1 and ‘Save Changes
    • This port will be connected to the switch trunkport.
Image 2 : Physical Interface Eth fields

The fields of Interface eth setting below:

S/NFIELDSVALUE (eth0)
01.IP Address192.168.8.9/24
02.Descriptionconnect to the core switch
Table 1 : Interface eth settings

VLAN Interface configuration

  1. Navigate to ‘NETWORK SETTINGS> Interfaces‘, click on the ‘VLAN‘ tab and click on
  2. Configure the ‘NEW Interface VLAN‘ page as per Table 3 and save.
Image 4 : VLAN Interface Eth fields

The fields of VLAN Interface eth are explained below for VLAN10 and VLAN20.

S/NFIELDSVALUE (vlan30)VALUE (vlan30)
01.VLAN Namevlan30vlan40
02.Admin Status
Enable
ticktick
03.Physical Interfaceeth1eth1
04.IP/Netmask (IP Address)10.30.30.1/2410.40.40.1/24
Table 3 :

  1. Configure hotspot for the above two VLANs. Refer Hotspot Instance link
  2. Configure Dhcp-helper in Hotspot instance
    • syntax – [client-dhcp-helper <Dhcp Server IP address>]
!
interface eth0
 description "connect to core switch"
 enable
 ip address 192.168.8.9/24
!
interface vlan 0 30
 enable
 ip address 10.30.30.1/24
 ip dhcp-helper 192.168.8.1
!
interface vlan 0 40
 enable
 ip address 10.40.40.1/24
 ip dhcp-helper 192.168.8.1
!
ip route 0.0.0.0/0 nexthop 192.168.8.1 remark "default route through HSG-1"
!

If we enable hotspot service for VLAN30 and VLAN40, the dhcp-helper is configured under hotspot instance (which is attached to interface VLAN30 and VLAN40).

interface eth0
 description "connect to core switch"
 enable
 ip address 192.168.8.9/24
!
!
interface vlan 0 30
 enable
 ip address 10.30.30.1/24
!
interface vlan 0 40
 enable
 ip address 10.40.40.1/24
!
ip route 0.0.0.0/0 nexthop 192.168.8.1 remark "default route through HSG-1"
!
security hotspot vlan30
 hotspot-server 10.30.30.1 ports 5415 5849
 client-network 10.30.30.0 255.255.255.0
 client-dhcp-helper 192.168.8.1
 radius-server splash.ransnet.com testing123
 hotspot-portal https://splash.ransnet.com/pid/vlan30/login.php
 start
!
security hotspot vlan40
 hotspot-server 10.40.40.1 ports 4421 5467
 client-network 10.40.40.0 255.255.255.0
 client-dhcp-helper 192.168.8.1
 radius-server splash.ransnet.com testing123
 hotspot-portal https://splash.ransnet.com/pid/vlan40/login.php
 start
!